[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.32' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 34.086162] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 34.093105] UDF-fs: Scanning with blocksize 512 failed [ 34.100091] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 34.106889] UDF-fs: Scanning with blocksize 1024 failed [ 34.113542] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 34.120922] UDF-fs: Scanning with blocksize 2048 failed [ 34.127166] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 34.138030] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 34.165421] ================================================================== [ 34.172900] BUG: KASAN: use-after-free in crc_itu_t+0xce/0xe0 [ 34.178913] Read of size 1 at addr ffff88808b9ea000 by task syz-executor275/8096 [ 34.186441] [ 34.188058] CPU: 0 PID: 8096 Comm: syz-executor275 Not tainted 4.19.211-syzkaller #0 [ 34.195917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 34.205250] Call Trace: [ 34.207826] dump_stack+0x1fc/0x2ef [ 34.211442] print_address_description.cold+0x54/0x219 [ 34.216704] kasan_report_error.cold+0x8a/0x1b9 [ 34.221367] ? crc_itu_t+0xce/0xe0 [ 34.224894] __asan_report_load1_noabort+0x88/0x90 [ 34.229828] ? kvm_register_clock+0x70/0xc0 [ 34.234131] ? crc_itu_t+0xce/0xe0 [ 34.237650] crc_itu_t+0xce/0xe0 [ 34.240998] udf_close_lvid+0x47a/0x770 [ 34.244957] ? udf_open_lvid+0x4f0/0x4f0 [ 34.248999] ? dispose_list+0x1f0/0x1f0 [ 34.252954] ? iput+0x16/0x860 [ 34.256132] udf_put_super+0x217/0x290 [ 34.260005] ? udf_sb_free_partitions.isra.0+0xba0/0xba0 [ 34.265438] generic_shutdown_super+0x144/0x370 [ 34.270094] kill_block_super+0x97/0xf0 [ 34.274051] deactivate_locked_super+0x94/0x160 [ 34.278707] deactivate_super+0x174/0x1a0 [ 34.282841] ? deactivate_locked_super+0x160/0x160 [ 34.287754] ? dput+0x31/0x640 [ 34.290929] cleanup_mnt+0x1a8/0x290 [ 34.294630] task_work_run+0x148/0x1c0 [ 34.298525] exit_to_usermode_loop+0x251/0x2a0 [ 34.303091] do_syscall_64+0x538/0x620 [ 34.306963] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.312136] RIP: 0033:0x7f10e61dbda7 [ 34.315855] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 34.334766] RSP: 002b:00007ffda2bb8f48 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 34.342455] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f10e61dbda7 [ 34.349725] RDX: 00007ffda2bb9007 RSI: 000000000000000a RDI: 00007ffda2bb9000 [ 34.356979] RBP: 00007ffda2bb9000 R08: 00000000ffffffff R09: 00007ffda2bb8de0 [ 34.364231] R10: 000055555646d683 R11: 0000000000000206 R12: 00007ffda2bba070 [ 34.371483] R13: 000055555646d5f0 R14: 00007ffda2bb8f70 R15: 0000000000000001 [ 34.378739] [ 34.380352] The buggy address belongs to the page: [ 34.385260] page:ffffea00022e7a80 count:0 mapcount:0 mapping:0000000000000000 index:0x1 [ 34.393379] flags: 0xfff00000000000() [ 34.397162] raw: 00fff00000000000 ffffea00022e7ac8 ffffea00022e79c8 0000000000000000 [ 34.405029] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 34.412886] page dumped because: kasan: bad access detected [ 34.418573] [ 34.420178] Memory state around the buggy address: [ 34.425085] ffff88808b9e9f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.432424] ffff88808b9e9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.439766] >ffff88808b9ea000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.447103] ^ [ 34.450455] ffff88808b9ea080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.457794] ffff88808b9ea100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.465132] ================================================================== [ 34.472468] Disabling lock debugging due to kernel taint [ 34.494636] Kernel panic - not syncing: panic_on_warn set ... [ 34.494636] [ 34.502028] CPU: 0 PID: 8096 Comm: syz-executor275 Tainted: G B 4.19.211-syzkaller #0 [ 34.511293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 34.520625] Call Trace: [ 34.523198] dump_stack+0x1fc/0x2ef [ 34.526805] panic+0x26a/0x50e [ 34.529977] ? __warn_printk+0xf3/0xf3 [ 34.533845] ? preempt_schedule_common+0x45/0xc0 [ 34.538582] ? ___preempt_schedule+0x16/0x18 [ 34.542970] ? trace_hardirqs_on+0x55/0x210 [ 34.547273] kasan_end_report+0x43/0x49 [ 34.551252] kasan_report_error.cold+0xa7/0x1b9 [ 34.555900] ? crc_itu_t+0xce/0xe0 [ 34.559418] __asan_report_load1_noabort+0x88/0x90 [ 34.564326] ? kvm_register_clock+0x70/0xc0 [ 34.568628] ? crc_itu_t+0xce/0xe0 [ 34.572146] crc_itu_t+0xce/0xe0 [ 34.575494] udf_close_lvid+0x47a/0x770 [ 34.579449] ? udf_open_lvid+0x4f0/0x4f0 [ 34.583492] ? dispose_list+0x1f0/0x1f0 [ 34.587447] ? iput+0x16/0x860 [ 34.590618] udf_put_super+0x217/0x290 [ 34.594488] ? udf_sb_free_partitions.isra.0+0xba0/0xba0 [ 34.599926] generic_shutdown_super+0x144/0x370 [ 34.604578] kill_block_super+0x97/0xf0 [ 34.608633] deactivate_locked_super+0x94/0x160 [ 34.613560] deactivate_super+0x174/0x1a0 [ 34.617713] ? deactivate_locked_super+0x160/0x160 [ 34.622623] ? dput+0x31/0x640 [ 34.625797] cleanup_mnt+0x1a8/0x290 [ 34.629495] task_work_run+0x148/0x1c0 [ 34.633364] exit_to_usermode_loop+0x251/0x2a0 [ 34.637958] do_syscall_64+0x538/0x620 [ 34.641831] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.647002] RIP: 0033:0x7f10e61dbda7 [ 34.650696] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 34.669579] RSP: 002b:00007ffda2bb8f48 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 34.677348] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f10e61dbda7 [ 34.684608] RDX: 00007ffda2bb9007 RSI: 000000000000000a RDI: 00007ffda2bb9000 [ 34.691862] RBP: 00007ffda2bb9000 R08: 00000000ffffffff R09: 00007ffda2bb8de0 [ 34.699111] R10: 000055555646d683 R11: 0000000000000206 R12: 00007ffda2bba070 [ 34.706358] R13: 000055555646d5f0 R14: 00007ffda2bb8f70 R15: 0000000000000001 [ 34.713795] Kernel Offset: disabled [ 34.717405] Rebooting in 86400 seconds..