Warning: Permanently added '10.128.0.100' (ED25519) to the list of known hosts. [ 167.351472][ T27] audit: type=1400 audit(1703499174.365:83): avc: denied { execmem } for pid=5071 comm="syz-executor265" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 167.377480][ T27] audit: type=1400 audit(1703499174.385:84): avc: denied { read write } for pid=5071 comm="syz-executor265" name="loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 167.401984][ T27] audit: type=1400 audit(1703499174.385:85): avc: denied { open } for pid=5071 comm="syz-executor265" path="/dev/loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 executing program [ 167.427219][ T27] audit: type=1400 audit(1703499174.385:86): avc: denied { ioctl } for pid=5071 comm="syz-executor265" path="/dev/loop0" dev="devtmpfs" ino=648 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 167.477437][ T5072] loop0: detected capacity change from 0 to 2048 [ 167.486250][ T27] audit: type=1400 audit(1703499174.505:87): avc: denied { mounton } for pid=5072 comm="syz-executor265" path="/root/syzkaller.bh1QTm/0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 167.494192][ T5072] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 167.544107][ T27] audit: type=1400 audit(1703499174.555:88): avc: denied { mount } for pid=5072 comm="syz-executor265" name="/" dev="loop0" ino=1376 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=filesystem permissive=1 [ 167.649570][ T27] audit: type=1400 audit(1703499174.655:89): avc: denied { mounton } for pid=5072 comm="syz-executor265" path="/root/syzkaller.bh1QTm/0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bus" dev="loop0" ino=1367 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=file permissive=1 [ 167.798786][ T27] audit: type=1400 audit(1703499174.805:90): avc: denied { unmount } for pid=5071 comm="syz-executor265" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=filesystem permissive=1 [ 167.823533][ T5071] ================================================================== [ 167.831624][ T5071] BUG: KASAN: use-after-free in udf_close_lvid+0x508/0x5c0 [ 167.839050][ T5071] Write of size 1 at addr ffff8880affa2598 by task syz-executor265/5071 [ 167.847431][ T5071] [ 167.849834][ T5071] CPU: 0 PID: 5071 Comm: syz-executor265 Not tainted 6.7.0-rc7-syzkaller #0 [ 167.858499][ T5071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 167.868923][ T5071] Call Trace: [ 167.872303][ T5071] [ 167.875320][ T5071] dump_stack_lvl+0xd9/0x1b0 [ 167.879929][ T5071] print_report+0xc4/0x620 [ 167.884336][ T5071] ? __virt_addr_valid+0x5e/0x2d0 [ 167.889350][ T5071] ? __phys_addr+0xc6/0x140 [ 167.893856][ T5071] kasan_report+0xda/0x110 [ 167.898257][ T5071] ? udf_close_lvid+0x508/0x5c0 [ 167.903099][ T5071] ? udf_close_lvid+0x508/0x5c0 [ 167.907934][ T5071] udf_close_lvid+0x508/0x5c0 [ 167.912599][ T5071] ? fscrypt_destroy_keyring+0x1e/0x3d0 [ 167.918316][ T5071] udf_put_super+0x19c/0x200 [ 167.922913][ T5071] ? udf_close_lvid+0x5c0/0x5c0 [ 167.927839][ T5071] generic_shutdown_super+0x161/0x3d0 [ 167.933212][ T5071] kill_block_super+0x3b/0x90 [ 167.938076][ T5071] deactivate_locked_super+0xbc/0x1a0 [ 167.943469][ T5071] deactivate_super+0xde/0x100 [ 167.948226][ T5071] cleanup_mnt+0x222/0x450 [ 167.952634][ T5071] task_work_run+0x14d/0x240 [ 167.957237][ T5071] ? task_work_cancel+0x30/0x30 [ 167.962098][ T5071] ? __x64_sys_umount+0x128/0x1a0 [ 167.967300][ T5071] exit_to_user_mode_prepare+0x217/0x240 [ 167.972940][ T5071] syscall_exit_to_user_mode+0x1e/0x60 [ 167.978406][ T5071] do_syscall_64+0x4d/0x110 [ 167.983002][ T5071] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 167.988892][ T5071] RIP: 0033:0x7fe3709ab547 [ 167.993383][ T5071] Code: 09 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 [ 168.013074][ T5071] RSP: 002b:00007ffee0b84158 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 168.021480][ T5071] RAX: 0000000000000000 RBX: 0000000000028dd4 RCX: 00007fe3709ab547 [ 168.029648][ T5071] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffee0b84210 [ 168.037721][ T5071] RBP: 00007ffee0b84210 R08: 0000000000000000 R09: 0000000000000000 [ 168.045768][ T5071] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007ffee0b85280 [ 168.053728][ T5071] R13: 0000555556fd76c0 R14: 431bde82d7b634db R15: 00007ffee0b852a0 [ 168.062212][ T5071] [ 168.065230][ T5071] [ 168.067543][ T5071] The buggy address belongs to the physical page: [ 168.073938][ T5071] page:ffffea0002bfe880 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xaffa2 [ 168.084080][ T5071] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 168.091172][ T5071] page_type: 0xffffffff() [ 168.095514][ T5071] raw: 00fff00000000000 ffffea0002bfe888 ffffea0002bfe888 0000000000000000 [ 168.104094][ T5071] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 168.112669][ T5071] page dumped because: kasan: bad access detected [ 168.119074][ T5071] page_owner info is not present (never set?) [ 168.125144][ T5071] [ 168.127460][ T5071] Memory state around the buggy address: [ 168.133078][ T5071] ffff8880affa2480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 168.141130][ T5071] ffff8880affa2500: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 168.149193][ T5071] >ffff8880affa2580: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 168.157270][ T5071] ^ [ 168.162102][ T5071] ffff8880affa2600: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 168.170241][ T5071] ffff8880affa2680: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 168.178280][ T5071] ================================================================== [ 168.187072][ T5071] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 168.194539][ T5071] CPU: 0 PID: 5071 Comm: syz-executor265 Not tainted 6.7.0-rc7-syzkaller #0 [ 168.203209][ T5071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 168.213287][ T5071] Call Trace: [ 168.216569][ T5071] [ 168.219491][ T5071] dump_stack_lvl+0xd9/0x1b0 [ 168.224093][ T5071] panic+0x6dc/0x790 [ 168.227995][ T5071] ? panic_smp_self_stop+0xa0/0xa0 [ 168.233105][ T5071] ? preempt_schedule_thunk+0x1a/0x30 [ 168.238481][ T5071] ? preempt_schedule_common+0x45/0xc0 [ 168.243944][ T5071] ? check_panic_on_warn+0x1f/0xb0 [ 168.249228][ T5071] check_panic_on_warn+0xab/0xb0 [ 168.254166][ T5071] end_report+0x108/0x150 [ 168.258492][ T5071] kasan_report+0xea/0x110 [ 168.262903][ T5071] ? udf_close_lvid+0x508/0x5c0 [ 168.267855][ T5071] ? udf_close_lvid+0x508/0x5c0 [ 168.272727][ T5071] udf_close_lvid+0x508/0x5c0 [ 168.277415][ T5071] ? fscrypt_destroy_keyring+0x1e/0x3d0 [ 168.282991][ T5071] udf_put_super+0x19c/0x200 [ 168.287609][ T5071] ? udf_close_lvid+0x5c0/0x5c0 [ 168.292472][ T5071] generic_shutdown_super+0x161/0x3d0 [ 168.297856][ T5071] kill_block_super+0x3b/0x90 [ 168.302642][ T5071] deactivate_locked_super+0xbc/0x1a0 [ 168.308210][ T5071] deactivate_super+0xde/0x100 [ 168.312994][ T5071] cleanup_mnt+0x222/0x450 [ 168.317433][ T5071] task_work_run+0x14d/0x240 [ 168.322118][ T5071] ? task_work_cancel+0x30/0x30 [ 168.327101][ T5071] ? __x64_sys_umount+0x128/0x1a0 [ 168.332142][ T5071] exit_to_user_mode_prepare+0x217/0x240 [ 168.337866][ T5071] syscall_exit_to_user_mode+0x1e/0x60 [ 168.343336][ T5071] do_syscall_64+0x4d/0x110 [ 168.347840][ T5071] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 168.353744][ T5071] RIP: 0033:0x7fe3709ab547 [ 168.358152][ T5071] Code: 09 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 [ 168.377962][ T5071] RSP: 002b:00007ffee0b84158 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 168.386376][ T5071] RAX: 0000000000000000 RBX: 0000000000028dd4 RCX: 00007fe3709ab547 [ 168.394354][ T5071] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffee0b84210 [ 168.402407][ T5071] RBP: 00007ffee0b84210 R08: 0000000000000000 R09: 0000000000000000 [ 168.410560][ T5071] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007ffee0b85280 [ 168.418719][ T5071] R13: 0000555556fd76c0 R14: 431bde82d7b634db R15: 00007ffee0b852a0 [ 168.426835][ T5071] [ 168.430123][ T5071] Kernel Offset: disabled [ 168.434445][ T5071] Rebooting in 86400 seconds..