[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.97' (ECDSA) to the list of known hosts. syzkaller login: [ 45.732747] IPVS: ftp: loaded support on port[0] = 21 [ 45.800038] chnl_net:caif_netlink_parms(): no params data found [ 45.918568] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.925267] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.933078] device bridge_slave_0 entered promiscuous mode [ 45.939899] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.947642] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.954846] device bridge_slave_1 entered promiscuous mode [ 45.972656] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 45.981456] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 45.998624] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 46.005809] team0: Port device team_slave_0 added [ 46.012130] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 46.019175] team0: Port device team_slave_1 added [ 46.033975] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.040220] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.065937] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.077223] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.083509] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.108789] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.123430] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 46.130668] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 46.148998] device hsr_slave_0 entered promiscuous mode [ 46.154890] device hsr_slave_1 entered promiscuous mode [ 46.160758] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 46.168838] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 46.228030] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.234501] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.241512] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.247959] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.275593] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 46.282439] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.289984] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 46.299006] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 46.307522] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.325358] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.335482] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 46.342403] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.350641] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 46.358590] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.364985] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.374373] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 46.382439] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.388765] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.406745] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 46.416656] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 46.427331] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 46.435010] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 46.442748] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 46.450293] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 46.458311] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 46.466951] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 46.473874] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 46.485714] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 46.493363] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 46.500017] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 46.509989] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 46.563106] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 46.573208] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 46.605755] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 46.613661] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 46.620081] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 46.629355] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 46.637363] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 46.644555] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 46.653630] device veth0_vlan entered promiscuous mode [ 46.662792] device veth1_vlan entered promiscuous mode [ 46.668557] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 46.677292] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 46.688205] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 46.697999] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 46.705418] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 46.712684] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 46.722464] device veth0_macvtap entered promiscuous mode [ 46.728455] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 46.737606] device veth1_macvtap entered promiscuous mode [ 46.746285] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 46.755276] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 46.764861] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 46.772067] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 46.780126] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 46.788258] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 46.797904] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 46.805194] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 46.811868] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 46.819478] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 46.902166] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 46.909255] UDF-fs: Scanning with blocksize 512 failed [ 46.916850] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 46.924436] UDF-fs: Scanning with blocksize 1024 failed [ 46.930318] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 46.937347] UDF-fs: Scanning with blocksize 2048 failed [ 46.943511] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 46.953746] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 46.982250] ================================================================== [ 46.989744] BUG: KASAN: use-after-free in udf_close_lvid.isra.0+0x5a1/0x630 [ 46.996833] Write of size 1 at addr ffff88818daba060 by task syz-executor175/7996 [ 47.004435] [ 47.006057] CPU: 0 PID: 7996 Comm: syz-executor175 Not tainted 4.14.302-syzkaller #0 [ 47.013952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 47.023294] Call Trace: [ 47.025869] dump_stack+0x1b2/0x281 [ 47.029564] print_address_description.cold+0x54/0x1d3 [ 47.034830] kasan_report_error.cold+0x8a/0x191 [ 47.039486] ? udf_close_lvid.isra.0+0x5a1/0x630 [ 47.044219] __asan_report_store1_noabort+0x68/0x70 [ 47.049213] ? udf_close_lvid.isra.0+0x5a1/0x630 [ 47.053945] udf_close_lvid.isra.0+0x5a1/0x630 [ 47.058866] ? init_once+0x40/0x40 [ 47.062384] ? iput+0x16/0x7e0 [ 47.065555] ? dispose_list+0x1e0/0x1e0 [ 47.069510] udf_put_super+0x211/0x2a0 [ 47.073375] ? udf_sb_free_partitions.isra.0+0xaf0/0xaf0 [ 47.078801] generic_shutdown_super+0x144/0x370 [ 47.083447] kill_block_super+0x95/0xe0 [ 47.087401] deactivate_locked_super+0x6c/0xd0 [ 47.091958] deactivate_super+0x7f/0xa0 [ 47.095916] cleanup_mnt+0x186/0x2c0 [ 47.099608] task_work_run+0x11f/0x190 [ 47.103477] do_exit+0xa44/0x2850 [ 47.106912] ? __do_page_fault+0x571/0xad0 [ 47.111138] ? mm_update_next_owner+0x5b0/0x5b0 [ 47.115784] ? lock_downgrade+0x740/0x740 [ 47.119914] do_group_exit+0x100/0x2e0 [ 47.123798] SyS_exit_group+0x19/0x20 [ 47.127574] ? do_group_exit+0x2e0/0x2e0 [ 47.131630] do_syscall_64+0x1d5/0x640 [ 47.135525] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 47.140798] RIP: 0033:0x7f4595f468c9 [ 47.144589] RSP: 002b:00007ffd78cba6f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 47.152281] RAX: ffffffffffffffda RBX: 00007f4595fcd470 RCX: 00007f4595f468c9 [ 47.159532] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001 [ 47.166781] RBP: 0000000000000001 R08: ffffffffffffffb8 R09: 00007f4595fc7e90 [ 47.174027] R10: 000080001d00c0d0 R11: 0000000000000246 R12: 00007f4595fcd470 [ 47.181273] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 47.188526] [ 47.190131] The buggy address belongs to the page: [ 47.195039] page:ffffea000636ae80 count:0 mapcount:0 mapping: (null) index:0x0 [ 47.203162] flags: 0x57ff00000000000() [ 47.207029] raw: 057ff00000000000 0000000000000000 0000000000000000 00000000ffffffff [ 47.214977] raw: ffffea000636aea0 ffffea000636aea0 0000000000000000 0000000000000000 [ 47.222829] page dumped because: kasan: bad access detected [ 47.228509] [ 47.230115] Memory state around the buggy address: [ 47.235046] ffff88818dab9f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 47.242389] ffff88818dab9f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 47.249726] >ffff88818daba000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 47.257059] ^ [ 47.263527] ffff88818daba080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 47.270859] ffff88818daba100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 47.278193] ================================================================== [ 47.285526] Disabling lock debugging due to kernel taint [ 47.308688] Kernel panic - not syncing: panic_on_warn set ... [ 47.308688] [ 47.316052] CPU: 0 PID: 7996 Comm: syz-executor175 Tainted: G B 4.14.302-syzkaller #0 [ 47.325127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 47.334456] Call Trace: [ 47.337020] dump_stack+0x1b2/0x281 [ 47.340622] panic+0x1f9/0x42d [ 47.343787] ? add_taint.cold+0x16/0x16 [ 47.347741] ? ___preempt_schedule+0x16/0x18 [ 47.352124] kasan_end_report+0x43/0x49 [ 47.356069] kasan_report_error.cold+0xa7/0x191 [ 47.360718] ? udf_close_lvid.isra.0+0x5a1/0x630 [ 47.365455] __asan_report_store1_noabort+0x68/0x70 [ 47.370447] ? udf_close_lvid.isra.0+0x5a1/0x630 [ 47.375183] udf_close_lvid.isra.0+0x5a1/0x630 [ 47.379913] ? init_once+0x40/0x40 [ 47.383425] ? iput+0x16/0x7e0 [ 47.386590] ? dispose_list+0x1e0/0x1e0 [ 47.390536] udf_put_super+0x211/0x2a0 [ 47.394398] ? udf_sb_free_partitions.isra.0+0xaf0/0xaf0 [ 47.399824] generic_shutdown_super+0x144/0x370 [ 47.404472] kill_block_super+0x95/0xe0 [ 47.408419] deactivate_locked_super+0x6c/0xd0 [ 47.412973] deactivate_super+0x7f/0xa0 [ 47.416969] cleanup_mnt+0x186/0x2c0 [ 47.420655] task_work_run+0x11f/0x190 [ 47.424516] do_exit+0xa44/0x2850 [ 47.427972] ? __do_page_fault+0x571/0xad0 [ 47.432179] ? mm_update_next_owner+0x5b0/0x5b0 [ 47.436825] ? lock_downgrade+0x740/0x740 [ 47.440948] do_group_exit+0x100/0x2e0 [ 47.444817] SyS_exit_group+0x19/0x20 [ 47.448593] ? do_group_exit+0x2e0/0x2e0 [ 47.452636] do_syscall_64+0x1d5/0x640 [ 47.456503] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 47.462098] RIP: 0033:0x7f4595f468c9 [ 47.465782] RSP: 002b:00007ffd78cba6f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 47.473461] RAX: ffffffffffffffda RBX: 00007f4595fcd470 RCX: 00007f4595f468c9 [ 47.480714] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001 [ 47.487966] RBP: 0000000000000001 R08: ffffffffffffffb8 R09: 00007f4595fc7e90 [ 47.495217] R10: 000080001d00c0d0 R11: 0000000000000246 R12: 00007f4595fcd470 [ 47.502461] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 47.509974] Kernel Offset: disabled [ 47.513580] Rebooting in 86400 seconds..