================================================================== BUG: KASAN: use-after-free in udf_close_lvid.isra.0+0x4a7/0x550 fs/udf/super.c:2039 Write of size 1 at addr ffff88816dae30c0 by task syz-executor168/5004 CPU: 0 PID: 5004 Comm: syz-executor168 Not tainted 6.4.0-syzkaller-01406-ge8f75c0270d9 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106 print_address_description.constprop.0+0x2c/0x3c0 mm/kasan/report.c:351 print_report mm/kasan/report.c:462 [inline] kasan_report+0x11c/0x130 mm/kasan/report.c:572 udf_close_lvid.isra.0+0x4a7/0x550 fs/udf/super.c:2039 udf_put_super+0x1bb/0x230 fs/udf/super.c:2326 generic_shutdown_super+0x158/0x480 fs/super.c:500 kill_block_super+0x64/0xb0 fs/super.c:1418 deactivate_locked_super+0x98/0x160 fs/super.c:331 deactivate_super+0xb1/0xd0 fs/super.c:362 cleanup_mnt+0x2ae/0x3d0 fs/namespace.c:1254 task_work_run+0x16f/0x270 kernel/task_work.c:179 ptrace_notify+0x118/0x140 kernel/signal.c:2371 ptrace_report_syscall include/linux/ptrace.h:411 [inline] ptrace_report_syscall_exit include/linux/ptrace.h:473 [inline] syscall_exit_work kernel/entry/common.c:252 [inline] syscall_exit_to_user_mode_prepare+0x129/0x220 kernel/entry/common.c:279 __syscall_exit_to_user_mode_work kernel/entry/common.c:284 [inline] syscall_exit_to_user_mode+0xd/0x50 kernel/entry/common.c:297 do_syscall_64+0x46/0xb0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fc8929e2fb7 Code: 09 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffefea92908 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 RAX: 0000000000000000 RBX: 0000000000009a4f RCX: 00007fc8929e2fb7 RDX: 00007ffefea929c7 RSI: 000000000000000a RDI: 00007ffefea929c0 RBP: 00007ffefea929c0 R08: 00000000ffffffff R09: 00007ffefea927a0 R10: 0000555555613633 R11: 0000000000000202 R12: 00007ffefea93a30 R13: 00005555556135f0 R14: 00007ffefea92930 R15: 0000000000000001 The buggy address belongs to the physical page: page:ffffea0005b6b8c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x16dae3 flags: 0x57ff00000000000(node=1|zone=2|lastcpupid=0x7ff) page_type: 0xffffffff() raw: 057ff00000000000 ffffea0005b6b8c8 ffffea0005b6b8c8 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner info is not present (never set?) Memory state around the buggy address: ffff88816dae2f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff88816dae3000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >ffff88816dae3080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff88816dae3100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff88816dae3180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ==================================================================