Warning: Permanently added '10.128.0.189' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program syzkaller login: [ 47.972296][ T3609] loop1: detected capacity change from 0 to 2816 [ 47.981392][ T3611] loop5: detected capacity change from 0 to 2816 [ 47.987693][ T3615] loop0: detected capacity change from 0 to 2816 [ 47.988940][ T3612] loop2: detected capacity change from 0 to 2816 [ 48.006201][ T3617] loop4: detected capacity change from 0 to 2816 [ 48.014519][ T3618] loop3: detected capacity change from 0 to 2816 [ 48.017572][ T3609] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2020/09/19 18:44 (1000) [ 48.032233][ T3609] UDF-fs: error (device loop1): udf_read_inode: (ino 1408) failed !bh [ 48.042330][ T3609] UDF-fs: error (device loop1): udf_fill_super: Error in udf_iget, block=96, partition=0 [ 48.053307][ T3611] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2020/09/19 18:44 (1000) [ 48.063142][ T3615] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2020/09/19 18:44 (1000) [ 48.071211][ T3617] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2020/09/19 18:44 (1000) [ 48.075849][ T3618] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2020/09/19 18:44 (1000) [ 48.080761][ T3612] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2020/09/19 18:44 (1000) [ 48.081556][ T3612] UDF-fs: error (device loop2): udf_read_inode: (ino 1408) failed !bh [ 48.113698][ T3611] UDF-fs: error (device loop5): udf_read_inode: (ino 1408) failed !bh [ 48.118084][ T3618] UDF-fs: error (device loop3): udf_read_inode: (ino 1408) failed !bh [ 48.130335][ T3615] UDF-fs: error (device loop0): udf_read_inode: (ino 1408) failed !bh [ 48.135264][ T3617] UDF-fs: error (device loop4): udf_read_inode: (ino 1408) failed !bh [ 48.144761][ T3615] UDF-fs: error (device loop0): udf_fill_super: Error in udf_iget, block=96, partition=0 [ 48.159774][ T3617] UDF-fs: error (device loop4): udf_fill_super: Error in udf_iget, block=96, partition=0 [ 48.162998][ T3618] UDF-fs: error (device loop3): udf_fill_super: Error in udf_iget, block=96, partition=0 [ 48.175588][ T3611] UDF-fs: error (device loop5): udf_fill_super: Error in udf_iget, block=96, partition=0 [ 48.190591][ T3612] UDF-fs: error (device loop2): udf_fill_super: Error in udf_iget, block=96, partition=0 [ 48.191550][ T3615] ================================================================== [ 48.208459][ T3615] BUG: KASAN: use-after-free in udf_close_lvid+0x68a/0x980 [ 48.215675][ T3615] Write of size 1 at addr ffff8880839e0190 by task syz-executor234/3615 [ 48.223998][ T3615] [ 48.226320][ T3615] CPU: 1 PID: 3615 Comm: syz-executor234 Not tainted 5.18.0-syzkaller #0 [ 48.234731][ T3615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.244790][ T3615] Call Trace: [ 48.248067][ T3615] <TASK> [ 48.250996][ T3615] dump_stack_lvl+0x1e3/0x2cb [ 48.255682][ T3615] ? bfq_pos_tree_add_move+0x436/0x436 [ 48.261147][ T3615] ? _printk+0xcf/0x10f [ 48.265311][ T3615] ? wake_up_klogd+0xb2/0xf0 [ 48.269907][ T3615] ? panic+0x76e/0x76e [ 48.273979][ T3615] ? _printk+0xcf/0x10f [ 48.278122][ T3615] print_address_description+0x65/0x4b0 [ 48.283663][ T3615] print_report+0xf4/0x210 [ 48.288069][ T3615] ? mutex_lock_io_nested+0x60/0x60 [ 48.293281][ T3615] ? udf_close_lvid+0x68a/0x980 [ 48.298122][ T3615] kasan_report+0xfb/0x130 [ 48.302530][ T3615] ? udf_close_lvid+0x68a/0x980 [ 48.307366][ T3615] udf_close_lvid+0x68a/0x980 [ 48.312041][ T3615] ? lvid_get_unique_id+0x330/0x330 [ 48.317223][ T3615] ? udf_open_lvid+0x5a0/0x5a0 [ 48.321969][ T3615] ? iput+0x18e/0x760 [ 48.325939][ T3615] ? __udf_iget+0x14d/0x1e0 [ 48.330426][ T3615] udf_fill_super+0xde8/0x1b20 [ 48.335179][ T3615] ? udf_mount+0x40/0x40 [ 48.339407][ T3615] ? set_blocksize+0x1d5/0x360 [ 48.344159][ T3615] mount_bdev+0x26c/0x3a0 [ 48.348481][ T3615] ? udf_mount+0x40/0x40 [ 48.352705][ T3615] legacy_get_tree+0xea/0x180 [ 48.357372][ T3615] ? _udf_err+0x1a0/0x1a0 [ 48.361687][ T3615] vfs_get_tree+0x88/0x270 [ 48.366101][ T3615] do_new_mount+0x289/0xad0 [ 48.370606][ T3615] ? ns_capable+0x81/0xe0 [ 48.374933][ T3615] ? do_move_mount_old+0x160/0x160 [ 48.380038][ T3615] ? user_path_at_empty+0x149/0x1a0 [ 48.385230][ T3615] __se_sys_mount+0x2e3/0x3d0 [ 48.389921][ T3615] ? __x64_sys_mount+0xc0/0xc0 [ 48.394696][ T3615] ? syscall_enter_from_user_mode+0x2e/0x1a0 [ 48.400687][ T3615] ? __x64_sys_mount+0x1c/0xc0 [ 48.405486][ T3615] do_syscall_64+0x2b/0x70 [ 48.409904][ T3615] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 48.415787][ T3615] RIP: 0033:0x7fd64e59b08a [ 48.420193][ T3615] Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 48.439783][ T3615] RSP: 002b:00007fd64e546168 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 48.448354][ T3615] RAX: ffffffffffffffda RBX: 00007fd64e5461c0 RCX: 00007fd64e59b08a [ 48.456314][ T3615] RDX: 0000000020000000 RSI: 0000000020000700 RDI: 00007fd64e546180 [ 48.464270][ T3615] RBP: 000000000000000e R08: 00007fd64e5461c0 R09: 00007fd64e5466b8 [ 48.472228][ T3615] R10: 0000000000000810 R11: 0000000000000286 R12: 00007fd64e546180 [ 48.480183][ T3615] R13: 0000000020000350 R14: 0000000000000003 R15: 0000000000000004 [ 48.488143][ T3615] </TASK> [ 48.491152][ T3615] [ 48.493458][ T3615] The buggy address belongs to the physical page: [ 48.499847][ T3615] page:ffffea00020e7800 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x839e0 [ 48.509978][ T3615] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 48.517073][ T3615] raw: 00fff00000000000 ffffea00020e7808 ffffea00020e7808 0000000000000000 [ 48.525640][ T3615] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 48.534198][ T3615] page dumped because: kasan: bad access detected [ 48.540607][ T3615] page_owner info is not present (never set?) [ 48.546644][ T3615] [ 48.548948][ T3615] Memory state around the buggy address: [ 48.554557][ T3615] ffff8880839e0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 48.562598][ T3615] ffff8880839e0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 48.570638][ T3615] >ffff8880839e0180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 48.578676][ T3615] ^ [ 48.583244][ T3615] ffff8880839e0200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 48.591283][ T3615] ffff8880839e0280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 48.599329][ T3615] ================================================================== executing program executing program executing program [ 48.671142][ T3633] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 48.674741][ T3631] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 48.683338][ T3635] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 48.699859][ T3634] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 48.731119][ T3644] loop2: detected capacity change from 0 to 2816 [ 48.733223][ T3640] loop1: detected capacity change from 0 to 2816 [ 48.738463][ T3615] Kernel panic - not syncing: panic_on_warn set ... [ 48.738474][ T3615] CPU: 0 PID: 3615 Comm: syz-executor234 Not tainted 5.18.0-syzkaller #0 [ 48.738492][ T3615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.738501][ T3615] Call Trace: [ 48.738506][ T3615] <TASK> [ 48.738512][ T3615] dump_stack_lvl+0x1e3/0x2cb [ 48.738537][ T3615] ? bfq_pos_tree_add_move+0x436/0x436 [ 48.738555][ T3615] ? panic+0x76e/0x76e [ 48.738569][ T3615] ? preempt_schedule_common+0xb7/0xe0 [ 48.738588][ T3615] ? preempt_schedule+0xd9/0xe0 [ 48.738605][ T3615] ? vscnprintf+0x59/0x80 [ 48.738624][ T3615] panic+0x312/0x76e [ 48.738641][ T3615] ? fb_is_primary_device+0xcc/0xcc [ 48.738658][ T3615] ? _raw_spin_unlock_irqrestore+0x128/0x130 [ 48.738678][ T3615] ? udf_close_lvid+0x68a/0x980 [ 48.738693][ T3615] end_report+0x91/0xa0 [ 48.738707][ T3615] kasan_report+0x108/0x130 [ 48.738722][ T3615] ? udf_close_lvid+0x68a/0x980 [ 48.738738][ T3615] udf_close_lvid+0x68a/0x980 [ 48.738754][ T3615] ? lvid_get_unique_id+0x330/0x330 [ 48.738770][ T3615] ? udf_open_lvid+0x5a0/0x5a0 [ 48.738790][ T3615] ? iput+0x18e/0x760 [ 48.738808][ T3615] ? __udf_iget+0x14d/0x1e0 [ 48.738826][ T3615] udf_fill_super+0xde8/0x1b20 [ 48.738848][ T3615] ? udf_mount+0x40/0x40 [ 48.738867][ T3615] ? set_blocksize+0x1d5/0x360 [ 48.738889][ T3615] mount_bdev+0x26c/0x3a0 [ 48.738907][ T3615] ? udf_mount+0x40/0x40 [ 48.738921][ T3615] legacy_get_tree+0xea/0x180 [ 48.738936][ T3615] ? _udf_err+0x1a0/0x1a0 [ 48.738951][ T3615] vfs_get_tree+0x88/0x270 [ 48.738968][ T3615] do_new_mount+0x289/0xad0 [ 48.738985][ T3615] ? ns_capable+0x81/0xe0 [ 48.739003][ T3615] ? do_move_mount_old+0x160/0x160 [ 48.739022][ T3615] ? user_path_at_empty+0x149/0x1a0 [ 48.739039][ T3615] __se_sys_mount+0x2e3/0x3d0 [ 48.739060][ T3615] ? __x64_sys_mount+0xc0/0xc0 [ 48.739077][ T3615] ? syscall_enter_from_user_mode+0x2e/0x1a0 [ 48.739095][ T3615] ? __x64_sys_mount+0x1c/0xc0 [ 48.739112][ T3615] do_syscall_64+0x2b/0x70 [ 48.739126][ T3615] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 48.739142][ T3615] RIP: 0033:0x7fd64e59b08a [ 48.739156][ T3615] Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 48.739168][ T3615] RSP: 002b:00007fd64e546168 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 48.739186][ T3615] RAX: ffffffffffffffda RBX: 00007fd64e5461c0 RCX: 00007fd64e59b08a [ 48.739198][ T3615] RDX: 0000000020000000 RSI: 0000000020000700 RDI: 00007fd64e546180 [ 48.739209][ T3615] RBP: 000000000000000e R08: 00007fd64e5461c0 R09: 00007fd64e5466b8 [ 48.739220][ T3615] R10: 0000000000000810 R11: 0000000000000286 R12: 00007fd64e546180 [ 48.739230][ T3615] R13: 0000000020000350 R14: 0000000000000003 R15: 0000000000000004 [ 48.739246][ T3615] </TASK> [ 48.743880][ T3615] Kernel Offset: disabled [ 49.023935][ T3615] Rebooting in 86400 seconds..