[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.131' (ECDSA) to the list of known hosts. syzkaller login: [ 27.993015] IPVS: ftp: loaded support on port[0] = 21 executing program [ 28.051441] UDF-fs: error (device loop0): udf_process_sequence: Block 100 of volume descriptor sequence is corrupted or we could not read it [ 28.066407] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 28.081949] audit: type=1800 audit(1670448487.603:2): pid=7973 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor369" name="bus" dev="loop0" ino=1367 res=0 [ 28.142392] ================================================================== [ 28.149848] BUG: KASAN: use-after-free in udf_close_lvid.isra.0+0x5a1/0x630 [ 28.156936] Write of size 1 at addr ffff8881ae741f08 by task syz-executor369/7973 [ 28.164532] [ 28.166151] CPU: 1 PID: 7973 Comm: syz-executor369 Not tainted 4.14.300-syzkaller #0 [ 28.174003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 28.183334] Call Trace: [ 28.185901] dump_stack+0x1b2/0x281 [ 28.189511] print_address_description.cold+0x54/0x1d3 [ 28.194766] kasan_report_error.cold+0x8a/0x191 [ 28.199412] ? udf_close_lvid.isra.0+0x5a1/0x630 [ 28.204144] __asan_report_store1_noabort+0x68/0x70 [ 28.209138] ? udf_close_lvid.isra.0+0x5a1/0x630 [ 28.213872] udf_close_lvid.isra.0+0x5a1/0x630 [ 28.218432] ? init_once+0x40/0x40 [ 28.221949] ? iput+0x16/0x7e0 [ 28.225118] ? dispose_list+0x1e0/0x1e0 [ 28.229070] udf_put_super+0x211/0x2a0 [ 28.232936] ? udf_sb_free_partitions.isra.0+0xaf0/0xaf0 [ 28.238361] generic_shutdown_super+0x144/0x370 [ 28.243005] kill_block_super+0x95/0xe0 [ 28.246954] deactivate_locked_super+0x6c/0xd0 [ 28.251514] deactivate_super+0x7f/0xa0 [ 28.255469] cleanup_mnt+0x186/0x2c0 [ 28.259167] task_work_run+0x11f/0x190 [ 28.263042] do_exit+0xa44/0x2850 [ 28.266488] ? __do_page_fault+0x571/0xad0 [ 28.270698] ? mm_update_next_owner+0x5b0/0x5b0 [ 28.275347] ? lock_downgrade+0x740/0x740 [ 28.279473] do_group_exit+0x100/0x2e0 [ 28.283337] SyS_exit_group+0x19/0x20 [ 28.287111] ? do_group_exit+0x2e0/0x2e0 [ 28.291151] do_syscall_64+0x1d5/0x640 [ 28.295022] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 28.300284] [ 28.301885] The buggy address belongs to the page: [ 28.306792] page:ffffea0006b9d040 count:0 mapcount:0 mapping: (null) index:0x0 [ 28.314914] flags: 0x57ff00000000000() [ 28.318778] raw: 057ff00000000000 0000000000000000 0000000000000000 00000000ffffffff [ 28.326638] raw: ffffea0006b9d060 ffffea0006b9d060 0000000000000000 0000000000000000 [ 28.334492] page dumped because: kasan: bad access detected [ 28.340172] [ 28.341774] Memory state around the buggy address: [ 28.346677] ffff8881ae741e00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.354014] ffff8881ae741e80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.361352] >ffff8881ae741f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.368702] ^ [ 28.372307] ffff8881ae741f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.379643] ffff8881ae742000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.386975] ================================================================== [ 28.394307] Disabling lock debugging due to kernel taint [ 28.402785] Kernel panic - not syncing: panic_on_warn set ... [ 28.402785] [ 28.410152] CPU: 0 PID: 7973 Comm: syz-executor369 Tainted: G B 4.14.300-syzkaller #0 [ 28.419232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 28.428576] Call Trace: [ 28.431147] dump_stack+0x1b2/0x281 [ 28.434752] panic+0x1f9/0x42d [ 28.437923] ? add_taint.cold+0x16/0x16 [ 28.441893] ? ___preempt_schedule+0x16/0x18 [ 28.446286] kasan_end_report+0x43/0x49 [ 28.450250] kasan_report_error.cold+0xa7/0x191 [ 28.454913] ? udf_close_lvid.isra.0+0x5a1/0x630 [ 28.459649] __asan_report_store1_noabort+0x68/0x70 [ 28.464763] ? udf_close_lvid.isra.0+0x5a1/0x630 [ 28.469492] udf_close_lvid.isra.0+0x5a1/0x630 [ 28.474051] ? init_once+0x40/0x40 [ 28.477568] ? iput+0x16/0x7e0 [ 28.480733] ? dispose_list+0x1e0/0x1e0 [ 28.484681] udf_put_super+0x211/0x2a0 [ 28.488544] ? udf_sb_free_partitions.isra.0+0xaf0/0xaf0 [ 28.493983] generic_shutdown_super+0x144/0x370 [ 28.498645] kill_block_super+0x95/0xe0 [ 28.502606] deactivate_locked_super+0x6c/0xd0 [ 28.507175] deactivate_super+0x7f/0xa0 [ 28.511127] cleanup_mnt+0x186/0x2c0 [ 28.514819] task_work_run+0x11f/0x190 [ 28.518684] do_exit+0xa44/0x2850 [ 28.522114] ? __do_page_fault+0x571/0xad0 [ 28.526326] ? mm_update_next_owner+0x5b0/0x5b0 [ 28.530968] ? lock_downgrade+0x740/0x740 [ 28.535088] do_group_exit+0x100/0x2e0 [ 28.538949] SyS_exit_group+0x19/0x20 [ 28.542718] ? do_group_exit+0x2e0/0x2e0 [ 28.546774] do_syscall_64+0x1d5/0x640 [ 28.550635] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 28.556008] Kernel Offset: disabled [ 28.559613] Rebooting in 86400 seconds..