Warning: Permanently added '10.128.1.6' (ED25519) to the list of known hosts.
executing program
[   50.747708][ T3542] loop0: detected capacity change from 0 to 2048
[   50.763751][ T3542] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[   51.003910][ T3542] ==================================================================
[   51.012017][ T3542] BUG: KASAN: use-after-free in crc_itu_t+0x218/0x2a0
[   51.018824][ T3542] Read of size 1 at addr ffff8880735a4000 by task syz-executor224/3542
[   51.027065][ T3542] 
[   51.029378][ T3542] CPU: 0 PID: 3542 Comm: syz-executor224 Not tainted 6.1.87-syzkaller #0
[   51.037770][ T3542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   51.047801][ T3542] Call Trace:
[   51.051062][ T3542]  <TASK>
[   51.053975][ T3542]  dump_stack_lvl+0x1e3/0x2cb
[   51.058654][ T3542]  ? nf_tcp_handle_invalid+0x642/0x642
[   51.064094][ T3542]  ? panic+0x764/0x764
[   51.068141][ T3542]  ? _printk+0xd1/0x111
[   51.072274][ T3542]  ? __virt_addr_valid+0x17f/0x520
[   51.077390][ T3542]  ? __virt_addr_valid+0x17f/0x520
[   51.082480][ T3542]  print_report+0x15f/0x4f0
[   51.086964][ T3542]  ? __virt_addr_valid+0x17f/0x520
[   51.092062][ T3542]  ? __virt_addr_valid+0x17f/0x520
[   51.097153][ T3542]  ? __virt_addr_valid+0x44a/0x520
[   51.102241][ T3542]  ? __phys_addr+0xb6/0x170
[   51.106728][ T3542]  ? crc_itu_t+0x218/0x2a0
[   51.111135][ T3542]  kasan_report+0x136/0x160
[   51.115637][ T3542]  ? crc_itu_t+0x218/0x2a0
[   51.120065][ T3542]  crc_itu_t+0x218/0x2a0
[   51.124321][ T3542]  udf_sync_fs+0x1ce/0x380
[   51.128740][ T3542]  ? udf_put_super+0x160/0x160
[   51.133501][ T3542]  ? get_nr_dirty_inodes+0x2ab/0x2e0
[   51.138781][ T3542]  sync_filesystem+0xe8/0x220
[   51.143447][ T3542]  generic_shutdown_super+0x6b/0x340
[   51.148724][ T3542]  kill_block_super+0x7a/0xe0
[   51.153391][ T3542]  deactivate_locked_super+0xa0/0x110
[   51.158759][ T3542]  cleanup_mnt+0x490/0x520
[   51.163165][ T3542]  ? lockdep_hardirqs_on+0x94/0x130
[   51.168349][ T3542]  task_work_run+0x246/0x300
[   51.172948][ T3542]  ? kasan_quarantine_put+0xd4/0x220
[   51.178239][ T3542]  ? task_work_cancel+0x2b0/0x2b0
[   51.183262][ T3542]  ? kmem_cache_free+0x292/0x510
[   51.188192][ T3542]  ? do_exit+0xa6e/0x26a0
[   51.192512][ T3542]  do_exit+0xa73/0x26a0
[   51.196661][ T3542]  ? put_task_struct+0x80/0x80
[   51.201414][ T3542]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[   51.207386][ T3542]  ? print_irqtrace_events+0x210/0x210
[   51.212837][ T3542]  ? _raw_spin_unlock_irq+0x1f/0x40
[   51.218027][ T3542]  ? lockdep_hardirqs_on+0x94/0x130
[   51.223215][ T3542]  do_group_exit+0x202/0x2b0
[   51.227798][ T3542]  __x64_sys_exit_group+0x3b/0x40
[   51.232812][ T3542]  do_syscall_64+0x3b/0xb0
[   51.237221][ T3542]  ? clear_bhb_loop+0x45/0xa0
[   51.241892][ T3542]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   51.247794][ T3542] RIP: 0033:0x7fe58ce02e09
[   51.252209][ T3542] Code: Unable to access opcode bytes at 0x7fe58ce02ddf.
[   51.259219][ T3542] RSP: 002b:00007ffdeca67828 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   51.267622][ T3542] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fe58ce02e09
[   51.275580][ T3542] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   51.283538][ T3542] RBP: 00007fe58ce85390 R08: ffffffffffffffb8 R09: 0000000000000003
[   51.291496][ T3542] R10: 0000000000007a00 R11: 0000000000000246 R12: 00007fe58ce85390
[   51.299458][ T3542] R13: 0000000000000000 R14: 00007fe58ce86100 R15: 00007fe58cdd10e0
[   51.307480][ T3542]  </TASK>
[   51.310489][ T3542] 
[   51.312802][ T3542] The buggy address belongs to the physical page:
[   51.319193][ T3542] page:ffffea0001cd6900 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x735a4
[   51.329327][ T3542] flags: 0xfff80000000000(node=0|zone=1|lastcpupid=0xfff)
[   51.336427][ T3542] raw: 00fff80000000000 ffffea0001318048 ffffea0001cd4a08 0000000000000000
[   51.344994][ T3542] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[   51.353556][ T3542] page dumped because: kasan: bad access detected
[   51.359947][ T3542] page_owner tracks the page as freed
[   51.365291][ T3542] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 3542, tgid 3542 (syz-executor224), ts 50830331692, free_ts 50904555895
[   51.383247][ T3542]  post_alloc_hook+0x18d/0x1b0
[   51.388001][ T3542]  get_page_from_freelist+0x31a1/0x3320
[   51.393537][ T3542]  __alloc_pages+0x28d/0x770
[   51.398110][ T3542]  __folio_alloc+0xf/0x30
[   51.402425][ T3542]  vma_alloc_folio+0x486/0x990
[   51.407178][ T3542]  shmem_alloc_and_acct_folio+0x5a8/0xd50
[   51.412879][ T3542]  shmem_get_folio_gfp+0x13f0/0x3470
[   51.418153][ T3542]  shmem_write_begin+0x16e/0x4e0
[   51.423075][ T3542]  generic_perform_write+0x2fc/0x5e0
[   51.428343][ T3542]  __generic_file_write_iter+0x176/0x400
[   51.433957][ T3542]  generic_file_write_iter+0xab/0x310
[   51.439312][ T3542]  vfs_write+0x7ae/0xba0
[   51.443536][ T3542]  ksys_write+0x19c/0x2c0
[   51.447848][ T3542]  do_syscall_64+0x3b/0xb0
[   51.452253][ T3542]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   51.458135][ T3542] page last free stack trace:
[   51.462788][ T3542]  free_unref_page_prepare+0xf63/0x1120
[   51.468321][ T3542]  free_unref_page_list+0x663/0x900
[   51.473501][ T3542]  release_pages+0x2836/0x2b40
[   51.478247][ T3542]  __pagevec_release+0x80/0xf0
[   51.482992][ T3542]  shmem_undo_range+0x865/0x2390
[   51.487917][ T3542]  shmem_evict_inode+0x265/0xa60
[   51.492838][ T3542]  evict+0x2a4/0x620
[   51.496723][ T3542]  __dentry_kill+0x436/0x650
[   51.501294][ T3542]  dentry_kill+0xbb/0x290
[   51.505606][ T3542]  dput+0xfb/0x1d0
[   51.509312][ T3542]  __fput+0x5e4/0x890
[   51.513278][ T3542]  task_work_run+0x246/0x300
[   51.517853][ T3542]  exit_to_user_mode_loop+0xde/0x100
[   51.523124][ T3542]  exit_to_user_mode_prepare+0xb1/0x140
[   51.528650][ T3542]  syscall_exit_to_user_mode+0x60/0x270
[   51.534179][ T3542]  do_syscall_64+0x47/0xb0
[   51.538585][ T3542] 
[   51.540889][ T3542] Memory state around the buggy address:
[   51.546507][ T3542]  ffff8880735a3f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   51.554553][ T3542]  ffff8880735a3f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   51.562595][ T3542] >ffff8880735a4000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   51.570634][ T3542]                    ^
[   51.574681][ T3542]  ffff8880735a4080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   51.582723][ T3542]  ffff8880735a4100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   51.590763][ T3542] ==================================================================
[   51.599420][ T3542] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   51.606620][ T3542] CPU: 1 PID: 3542 Comm: syz-executor224 Not tainted 6.1.87-syzkaller #0
[   51.615038][ T3542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   51.625084][ T3542] Call Trace:
[   51.628352][ T3542]  <TASK>
[   51.631278][ T3542]  dump_stack_lvl+0x1e3/0x2cb
[   51.635950][ T3542]  ? nf_tcp_handle_invalid+0x642/0x642
[   51.641409][ T3542]  ? panic+0x764/0x764
[   51.645461][ T3542]  ? preempt_schedule_common+0xa6/0xd0
[   51.650912][ T3542]  ? vscnprintf+0x59/0x80
[   51.655226][ T3542]  panic+0x318/0x764
[   51.659107][ T3542]  ? check_panic_on_warn+0x1d/0xa0
[   51.664203][ T3542]  ? memcpy_page_flushcache+0xfc/0xfc
[   51.669574][ T3542]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[   51.675540][ T3542]  ? _raw_spin_unlock+0x40/0x40
[   51.680374][ T3542]  ? print_report+0x4a3/0x4f0
[   51.685035][ T3542]  check_panic_on_warn+0x7e/0xa0
[   51.689963][ T3542]  ? crc_itu_t+0x218/0x2a0
[   51.694370][ T3542]  end_report+0x66/0x110
[   51.698596][ T3542]  kasan_report+0x143/0x160
[   51.703086][ T3542]  ? crc_itu_t+0x218/0x2a0
[   51.707491][ T3542]  crc_itu_t+0x218/0x2a0
[   51.711741][ T3542]  udf_sync_fs+0x1ce/0x380
[   51.716148][ T3542]  ? udf_put_super+0x160/0x160
[   51.720900][ T3542]  ? get_nr_dirty_inodes+0x2ab/0x2e0
[   51.726174][ T3542]  sync_filesystem+0xe8/0x220
[   51.730837][ T3542]  generic_shutdown_super+0x6b/0x340
[   51.736109][ T3542]  kill_block_super+0x7a/0xe0
[   51.740771][ T3542]  deactivate_locked_super+0xa0/0x110
[   51.746130][ T3542]  cleanup_mnt+0x490/0x520
[   51.750536][ T3542]  ? lockdep_hardirqs_on+0x94/0x130
[   51.755725][ T3542]  task_work_run+0x246/0x300
[   51.760305][ T3542]  ? kasan_quarantine_put+0xd4/0x220
[   51.765576][ T3542]  ? task_work_cancel+0x2b0/0x2b0
[   51.770591][ T3542]  ? kmem_cache_free+0x292/0x510
[   51.775515][ T3542]  ? do_exit+0xa6e/0x26a0
[   51.779833][ T3542]  do_exit+0xa73/0x26a0
[   51.783975][ T3542]  ? put_task_struct+0x80/0x80
[   51.788726][ T3542]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[   51.794694][ T3542]  ? print_irqtrace_events+0x210/0x210
[   51.800143][ T3542]  ? _raw_spin_unlock_irq+0x1f/0x40
[   51.805328][ T3542]  ? lockdep_hardirqs_on+0x94/0x130
[   51.810511][ T3542]  do_group_exit+0x202/0x2b0
[   51.815093][ T3542]  __x64_sys_exit_group+0x3b/0x40
[   51.820106][ T3542]  do_syscall_64+0x3b/0xb0
[   51.824514][ T3542]  ? clear_bhb_loop+0x45/0xa0
[   51.829183][ T3542]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   51.835065][ T3542] RIP: 0033:0x7fe58ce02e09
[   51.839462][ T3542] Code: Unable to access opcode bytes at 0x7fe58ce02ddf.
[   51.846462][ T3542] RSP: 002b:00007ffdeca67828 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   51.854865][ T3542] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fe58ce02e09
[   51.862828][ T3542] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   51.870785][ T3542] RBP: 00007fe58ce85390 R08: ffffffffffffffb8 R09: 0000000000000003
[   51.878743][ T3542] R10: 0000000000007a00 R11: 0000000000000246 R12: 00007fe58ce85390
[   51.886700][ T3542] R13: 0000000000000000 R14: 00007fe58ce86100 R15: 00007fe58cdd10e0
[   51.894664][ T3542]  </TASK>
[   51.898019][ T3542] Kernel Offset: disabled
[   51.902327][ T3542] Rebooting in 86400 seconds..