Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) ================================================================== BUG: KASAN: slab-out-of-bounds in crc_itu_t+0xb3/0xe0 lib/crc-itu-t.c:62 Read of size 1 at addr ffff8880ac3dc0a8 by task syz-executor.0/2710 CPU: 0 PID: 2710 Comm: syz-executor.0 Not tainted 5.0.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x62/0x9a lib/dump_stack.c:113 print_address_description.cold.3+0x9/0x244 mm/kasan/report.c:187 kasan_report.cold.4+0x1b/0x35 mm/kasan/report.c:317 __asan_report_load1_noabort+0x14/0x20 mm/kasan/generic_report.c:132 crc_itu_t+0xb3/0xe0 lib/crc-itu-t.c:62 udf_finalize_lvid+0xd7/0x1e0 fs/udf/super.c:1952 udf_sync_fs+0xc2/0x140 fs/udf/super.c:2327 __sync_filesystem fs/sync.c:39 [inline] sync_filesystem+0xcb/0x1f0 fs/sync.c:64 generic_shutdown_super+0x69/0x330 fs/super.c:443 kill_block_super+0x96/0xd0 fs/super.c:1186 deactivate_locked_super+0x77/0xd0 fs/super.c:330 deactivate_super fs/super.c:361 [inline] deactivate_super+0x13f/0x160 fs/super.c:357 cleanup_mnt+0x97/0x120 fs/namespace.c:1096 __cleanup_mnt+0xd/0x10 fs/namespace.c:1103 task_work_run+0x108/0x170 kernel/task_work.c:113 tracehook_notify_resume include/linux/tracehook.h:188 [inline] exit_to_usermode_loop+0x10e/0x140 arch/x86/entry/common.c:166 prepare_exit_to_usermode arch/x86/entry/common.c:197 [inline] syscall_return_slowpath arch/x86/entry/common.c:268 [inline] do_syscall_64+0x254/0x2c0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7f7d1dafce17 Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 RSP: 002b:00007ffcb91906b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f7d1dafce17 RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffcb9190770 RBP: 00007ffcb9190770 R08: 0000000000000000 R09: 0000000000000000 R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffcb9191830 R13: 00007f7d1db463b9 R14: 000000000000b1c6 R15: 0000000000000007 Allocated by task 2053: save_stack mm/kasan/common.c:73 [inline] set_track mm/kasan/common.c:85 [inline] __kasan_kmalloc.part.0+0x66/0x100 mm/kasan/common.c:496 __kasan_kmalloc.constprop.1+0xb5/0xc0 mm/kasan/common.c:477 kasan_kmalloc+0x9/0x10 mm/kasan/common.c:504 kmem_cache_alloc_trace+0x12c/0x240 mm/slub.c:2766 kmalloc include/linux/slab.h:545 [inline] kzalloc include/linux/slab.h:740 [inline] kernfs_iattrs.isra.1+0x8f/0x340 fs/kernfs/inode.c:45 kernfs_xattr_get+0x57/0x90 fs/kernfs/inode.c:316 __vfs_getxattr+0xbe/0x120 fs/xattr.c:310 smk_fetch.part.6+0x70/0xb0 security/smack/smack_lsm.c:294 smk_fetch security/smack/smack_lsm.c:3346 [inline] smack_d_instantiate+0x77e/0xf40 security/smack/smack_lsm.c:3425 security_d_instantiate+0x47/0xc0 security/security.c:1318 d_splice_alias+0x69/0xb50 fs/dcache.c:2911 kernfs_iop_lookup+0x199/0x250 fs/kernfs/dir.c:1103 lookup_open+0x5bd/0x1d10 fs/namei.c:3213 do_last fs/namei.c:3324 [inline] path_openat+0x157e/0x2860 fs/namei.c:3534 do_filp_open+0x177/0x250 fs/namei.c:3564 do_sys_open+0x1dc/0x3b0 fs/open.c:1063 __do_sys_openat fs/open.c:1090 [inline] __se_sys_openat fs/open.c:1084 [inline] __x64_sys_openat+0x98/0xf0 fs/open.c:1084 do_syscall_64+0x94/0x2c0 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Freed by task 0: (stack is not available) The buggy address belongs to the object at ffff8880ac3dc000 which belongs to the cache kmalloc-192 of size 192 The buggy address is located 168 bytes inside of 192-byte region [ffff8880ac3dc000, ffff8880ac3dc0c0) The buggy address belongs to the page: page:ffffea0002b0f700 count:1 mapcount:0 mapping:ffff88813ff35000 index:0x0 flags: 0xfff00000000200(slab) raw: 00fff00000000200 dead000000000100 dead000000000200 ffff88813ff35000 raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected page allocated via order 0, migratetype Unmovable, gfp_mask 0x6012c0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY) set_page_owner include/linux/page_owner.h:31 [inline] post_alloc_hook mm/page_alloc.c:1950 [inline] prep_new_page mm/page_alloc.c:1958 [inline] get_page_from_freelist.part.23+0x2dc6/0x42f0 mm/page_alloc.c:3500 get_page_from_freelist mm/page_alloc.c:3390 [inline] __alloc_pages_nodemask+0x284/0x2340 mm/page_alloc.c:4535 alloc_pages_current+0xfd/0x290 mm/mempolicy.c:2106 alloc_pages include/linux/gfp.h:509 [inline] alloc_slab_page mm/slub.c:1477 [inline] allocate_slab mm/slub.c:1622 [inline] new_slab+0x40e/0x750 mm/slub.c:1696 new_slab_objects mm/slub.c:2450 [inline] ___slab_alloc+0x5ce/0x870 mm/slub.c:2602 __slab_alloc.isra.22+0x49/0x60 mm/slub.c:2642 slab_alloc_node mm/slub.c:2705 [inline] slab_alloc mm/slub.c:2747 [inline] kmem_cache_alloc_trace+0x1f6/0x240 mm/slub.c:2764 kmalloc include/linux/slab.h:545 [inline] kzalloc include/linux/slab.h:740 [inline] kernfs_iattrs.isra.1+0x8f/0x340 fs/kernfs/inode.c:45 kernfs_xattr_get+0x57/0x90 fs/kernfs/inode.c:316 __vfs_getxattr+0xbe/0x120 fs/xattr.c:310 smk_fetch.part.6+0x70/0xb0 security/smack/smack_lsm.c:294 smk_fetch security/smack/smack_lsm.c:3346 [inline] smack_d_instantiate+0x77e/0xf40 security/smack/smack_lsm.c:3425 security_d_instantiate+0x47/0xc0 security/security.c:1318 d_splice_alias+0x69/0xb50 fs/dcache.c:2911 kernfs_iop_lookup+0x199/0x250 fs/kernfs/dir.c:1103 lookup_open+0x5bd/0x1d10 fs/namei.c:3213 Memory state around the buggy address: ffff8880ac3dbf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff8880ac3dc000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff8880ac3dc080: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc ^ ffff8880ac3dc100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff8880ac3dc180: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc ==================================================================