Warning: Permanently added '10.128.1.163' (ED25519) to the list of known hosts.
executing program
[   43.867513][ T3501] loop0: detected capacity change from 0 to 2048
[   43.882425][ T3501] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[   44.005162][ T3500] UDF-fs: error (device loop0): udf_read_inode: (ino 1440) failed !bh
[   44.016345][ T3500] UDF-fs: error (device loop0): udf_read_inode: (ino 1440) failed !bh
[   44.034429][ T3500] ==================================================================
[   44.042661][ T3500] BUG: KASAN: use-after-free in crc_itu_t+0x218/0x2a0
[   44.049439][ T3500] Read of size 1 at addr ffff888012ddd000 by task syz-executor197/3500
[   44.057653][ T3500] 
[   44.059956][ T3500] CPU: 0 PID: 3500 Comm: syz-executor197 Not tainted 5.15.156-syzkaller #0
[   44.068519][ T3500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   44.078554][ T3500] Call Trace:
[   44.081817][ T3500]  <TASK>
[   44.084744][ T3500]  dump_stack_lvl+0x1e3/0x2d0
[   44.089404][ T3500]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[   44.095018][ T3500]  ? _printk+0xd1/0x120
[   44.099158][ T3500]  ? __wake_up_klogd+0xcc/0x100
[   44.103988][ T3500]  ? panic+0x860/0x860
[   44.108035][ T3500]  ? _raw_spin_lock_irqsave+0xdd/0x120
[   44.113477][ T3500]  print_address_description+0x63/0x3b0
[   44.119002][ T3500]  ? crc_itu_t+0x218/0x2a0
[   44.123395][ T3500]  kasan_report+0x16b/0x1c0
[   44.127875][ T3500]  ? crc_itu_t+0x218/0x2a0
[   44.132266][ T3500]  ? pvclock_gtod_unregister_notifier+0x50/0x50
[   44.138487][ T3500]  crc_itu_t+0x218/0x2a0
[   44.142711][ T3500]  udf_sync_fs+0x1ce/0x380
[   44.147111][ T3500]  ? udf_put_super+0x160/0x160
[   44.151854][ T3500]  ? get_nr_dirty_inodes+0x25f/0x2e0
[   44.157155][ T3500]  sync_filesystem+0xe8/0x220
[   44.161829][ T3500]  generic_shutdown_super+0x6e/0x2c0
[   44.167097][ T3500]  kill_block_super+0x7a/0xe0
[   44.171753][ T3500]  deactivate_locked_super+0xa0/0x110
[   44.177106][ T3500]  cleanup_mnt+0x44e/0x500
[   44.181500][ T3500]  ? lockdep_hardirqs_on+0x94/0x130
[   44.186691][ T3500]  task_work_run+0x129/0x1a0
[   44.191267][ T3500]  do_exit+0x6a3/0x2480
[   44.195408][ T3500]  ? put_task_struct+0x80/0x80
[   44.200153][ T3500]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[   44.206113][ T3500]  ? vtime_user_exit+0x2d1/0x400
[   44.211034][ T3500]  do_group_exit+0x144/0x310
[   44.215609][ T3500]  __x64_sys_exit_group+0x3b/0x40
[   44.220618][ T3500]  do_syscall_64+0x3b/0xb0
[   44.225019][ T3500]  ? clear_bhb_loop+0x15/0x70
[   44.229686][ T3500]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   44.235563][ T3500] RIP: 0033:0x7fda8d5eb709
[   44.239961][ T3500] Code: Unable to access opcode bytes at RIP 0x7fda8d5eb6df.
[   44.247301][ T3500] RSP: 002b:00007ffdd70f7b98 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   44.255694][ T3500] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fda8d5eb709
[   44.263660][ T3500] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   44.271614][ T3500] RBP: 00007fda8d688390 R08: ffffffffffffffb8 R09: 0000000000000000
[   44.279562][ T3500] R10: 0000000000000100 R11: 0000000000000246 R12: 00007fda8d688390
[   44.287524][ T3500] R13: 0000000000000000 R14: 00007fda8d689100 R15: 00007fda8d5b96b0
[   44.295483][ T3500]  </TASK>
[   44.298480][ T3500] 
[   44.300869][ T3500] Allocated by task 3376:
[   44.305167][ T3500]  __kasan_slab_alloc+0x8e/0xc0
[   44.309993][ T3500]  slab_post_alloc_hook+0x53/0x380
[   44.315083][ T3500]  kmem_cache_alloc+0xf3/0x280
[   44.319824][ T3500]  prepare_creds+0x3c/0x610
[   44.324304][ T3500]  do_faccessat+0xee/0x890
[   44.328704][ T3500]  do_syscall_64+0x3b/0xb0
[   44.333101][ T3500]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   44.338976][ T3500] 
[   44.341364][ T3500] Freed by task 3376:
[   44.345316][ T3500]  kasan_set_track+0x4b/0x80
[   44.349883][ T3500]  kasan_set_free_info+0x1f/0x40
[   44.354799][ T3500]  ____kasan_slab_free+0xd8/0x120
[   44.359798][ T3500]  slab_free_freelist_hook+0xdd/0x160
[   44.365148][ T3500]  kmem_cache_free+0x91/0x1f0
[   44.369808][ T3500]  do_faccessat+0x702/0x890
[   44.374293][ T3500]  do_syscall_64+0x3b/0xb0
[   44.378698][ T3500]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   44.384679][ T3500] 
[   44.386994][ T3500] The buggy address belongs to the object at ffff888012ddd000
[   44.386994][ T3500]  which belongs to the cache cred_jar of size 200
[   44.400762][ T3500] The buggy address is located 0 bytes inside of
[   44.400762][ T3500]  200-byte region [ffff888012ddd000, ffff888012ddd0c8)
[   44.413838][ T3500] The buggy address belongs to the page:
[   44.419440][ T3500] page:ffffea00004b7740 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12ddd
[   44.429567][ T3500] flags: 0xfff80000000200(slab|node=0|zone=1|lastcpupid=0xfff)
[   44.437112][ T3500] raw: 00fff80000000200 0000000000000000 dead000000000122 ffff888011deb280
[   44.445681][ T3500] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[   44.454238][ T3500] page dumped because: kasan: bad access detected
[   44.460622][ T3500] page_owner tracks the page as allocated
[   44.466315][ T3500] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 3376, ts 35302257480, free_ts 35159441599
[   44.482363][ T3500]  get_page_from_freelist+0x322a/0x33c0
[   44.487891][ T3500]  __alloc_pages+0x272/0x700
[   44.492456][ T3500]  new_slab+0xbb/0x4b0
[   44.496506][ T3500]  ___slab_alloc+0x6f6/0xe10
[   44.501072][ T3500]  kmem_cache_alloc+0x18e/0x280
[   44.505914][ T3500]  prepare_creds+0x3c/0x610
[   44.510393][ T3500]  do_faccessat+0xee/0x890
[   44.514786][ T3500]  do_syscall_64+0x3b/0xb0
[   44.519302][ T3500]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   44.525174][ T3500] page last free stack trace:
[   44.529819][ T3500]  free_unref_page_prepare+0xc34/0xcf0
[   44.535266][ T3500]  free_unref_page+0x95/0x2d0
[   44.539918][ T3500]  __vunmap+0x8d4/0xa20
[   44.544052][ T3500]  free_work+0x57/0x80
[   44.548101][ T3500]  process_one_work+0x8a1/0x10c0
[   44.553025][ T3500]  worker_thread+0xaca/0x1280
[   44.557693][ T3500]  kthread+0x3f6/0x4f0
[   44.561739][ T3500]  ret_from_fork+0x1f/0x30
[   44.566133][ T3500] 
[   44.568433][ T3500] Memory state around the buggy address:
[   44.574034][ T3500]  ffff888012ddcf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   44.582073][ T3500]  ffff888012ddcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   44.590109][ T3500] >ffff888012ddd000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   44.598145][ T3500]                    ^
[   44.602185][ T3500]  ffff888012ddd080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc
[   44.610224][ T3500]  ffff888012ddd100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[   44.618280][ T3500] ==================================================================
[   44.626313][ T3500] Disabling lock debugging due to kernel taint
[   44.633487][ T3500] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   44.640696][ T3500] CPU: 1 PID: 3500 Comm: syz-executor197 Tainted: G    B             5.15.156-syzkaller #0
[   44.650676][ T3500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   44.660733][ T3500] Call Trace:
[   44.663998][ T3500]  <TASK>
[   44.666915][ T3500]  dump_stack_lvl+0x1e3/0x2d0
[   44.671582][ T3500]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[   44.677214][ T3500]  ? panic+0x860/0x860
[   44.681275][ T3500]  ? preempt_schedule_common+0xa6/0xd0
[   44.686733][ T3500]  ? preempt_schedule+0xd9/0xe0
[   44.691573][ T3500]  panic+0x318/0x860
[   44.695460][ T3500]  ? check_panic_on_warn+0x1d/0xa0
[   44.700579][ T3500]  ? fb_is_primary_device+0xd0/0xd0
[   44.705768][ T3500]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[   44.711737][ T3500]  ? _raw_spin_unlock+0x40/0x40
[   44.716575][ T3500]  ? print_memory_metadata+0xe2/0x140
[   44.721932][ T3500]  check_panic_on_warn+0x7e/0xa0
[   44.726866][ T3500]  ? crc_itu_t+0x218/0x2a0
[   44.731265][ T3500]  end_report+0x6d/0xf0
[   44.735399][ T3500]  kasan_report+0x18e/0x1c0
[   44.739885][ T3500]  ? crc_itu_t+0x218/0x2a0
[   44.744281][ T3500]  ? pvclock_gtod_unregister_notifier+0x50/0x50
[   44.750522][ T3500]  crc_itu_t+0x218/0x2a0
[   44.754764][ T3500]  udf_sync_fs+0x1ce/0x380
[   44.759167][ T3500]  ? udf_put_super+0x160/0x160
[   44.763915][ T3500]  ? get_nr_dirty_inodes+0x25f/0x2e0
[   44.769183][ T3500]  sync_filesystem+0xe8/0x220
[   44.773844][ T3500]  generic_shutdown_super+0x6e/0x2c0
[   44.779117][ T3500]  kill_block_super+0x7a/0xe0
[   44.783783][ T3500]  deactivate_locked_super+0xa0/0x110
[   44.789139][ T3500]  cleanup_mnt+0x44e/0x500
[   44.793532][ T3500]  ? lockdep_hardirqs_on+0x94/0x130
[   44.798709][ T3500]  task_work_run+0x129/0x1a0
[   44.803277][ T3500]  do_exit+0x6a3/0x2480
[   44.807427][ T3500]  ? put_task_struct+0x80/0x80
[   44.812168][ T3500]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[   44.818128][ T3500]  ? vtime_user_exit+0x2d1/0x400
[   44.823058][ T3500]  do_group_exit+0x144/0x310
[   44.827627][ T3500]  __x64_sys_exit_group+0x3b/0x40
[   44.832638][ T3500]  do_syscall_64+0x3b/0xb0
[   44.837130][ T3500]  ? clear_bhb_loop+0x15/0x70
[   44.841820][ T3500]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   44.847695][ T3500] RIP: 0033:0x7fda8d5eb709
[   44.852098][ T3500] Code: Unable to access opcode bytes at RIP 0x7fda8d5eb6df.
[   44.859435][ T3500] RSP: 002b:00007ffdd70f7b98 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   44.867823][ T3500] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fda8d5eb709
[   44.875769][ T3500] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   44.883716][ T3500] RBP: 00007fda8d688390 R08: ffffffffffffffb8 R09: 0000000000000000
[   44.891667][ T3500] R10: 0000000000000100 R11: 0000000000000246 R12: 00007fda8d688390
[   44.899614][ T3500] R13: 0000000000000000 R14: 00007fda8d689100 R15: 00007fda8d5b96b0
[   44.907569][ T3500]  </TASK>
[   44.910832][ T3500] Kernel Offset: disabled
[   44.915143][ T3500] Rebooting in 86400 seconds..