Warning: Permanently added '10.128.1.61' (ED25519) to the list of known hosts.
[ 544.123627][ T27] audit: type=1400 audit(1701771949.841:86): avc: denied { execmem } for pid=5094 comm="syz-executor948" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
executing program
[ 544.157702][ T27] audit: type=1400 audit(1701771949.871:87): avc: denied { read write } for pid=5094 comm="syz-executor948" name="loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 544.183591][ T27] audit: type=1400 audit(1701771949.871:88): avc: denied { open } for pid=5094 comm="syz-executor948" path="/dev/loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 544.208367][ T27] audit: type=1400 audit(1701771949.871:89): avc: denied { ioctl } for pid=5094 comm="syz-executor948" path="/dev/loop0" dev="devtmpfs" ino=648 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 544.234821][ T5095] loop0: detected capacity change from 0 to 2048
[ 544.245357][ T27] audit: type=1400 audit(1701771949.961:90): avc: denied { mounton } for pid=5095 comm="syz-executor948" path="/root/syzkaller.MjRJmg/0/file0" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[ 544.258870][ T5095] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 544.282881][ T27] audit: type=1400 audit(1701771950.001:91): avc: denied { mount } for pid=5095 comm="syz-executor948" name="/" dev="loop0" ino=1376 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=filesystem permissive=1
[ 544.313118][ T27] audit: type=1400 audit(1701771950.001:92): avc: denied { mounton } for pid=5095 comm="syz-executor948" path="/root/syzkaller.MjRJmg/0/bus" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=file permissive=1
[ 544.793319][ T27] audit: type=1400 audit(1701771950.511:93): avc: denied { unmount } for pid=5094 comm="syz-executor948" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[ 544.817629][ T27] audit: type=1400 audit(1701771950.531:94): avc: denied { unmount } for pid=5094 comm="syz-executor948" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=filesystem permissive=1
[ 544.840311][ T5094] ==================================================================
[ 544.848371][ T5094] BUG: KASAN: slab-use-after-free in crc_itu_t+0xd7/0xe0
[ 544.855466][ T5094] Read of size 1 at addr ffff88807b634000 by task syz-executor948/5094
[ 544.863684][ T5094]
[ 544.865992][ T5094] CPU: 1 PID: 5094 Comm: syz-executor948 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0
[ 544.876411][ T5094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 544.886453][ T5094] Call Trace:
[ 544.889724][ T5094]
[ 544.892647][ T5094] dump_stack_lvl+0xd9/0x1b0
[ 544.897316][ T5094] print_report+0xc4/0x620
[ 544.901749][ T5094] ? __virt_addr_valid+0x5e/0x2d0
[ 544.906779][ T5094] ? __phys_addr+0xc6/0x140
[ 544.911283][ T5094] kasan_report+0xda/0x110
[ 544.915690][ T5094] ? crc_itu_t+0xd7/0xe0
[ 544.919939][ T5094] ? crc_itu_t+0xd7/0xe0
[ 544.924181][ T5094] crc_itu_t+0xd7/0xe0
[ 544.928249][ T5094] udf_finalize_lvid+0xf2/0x1f0
[ 544.933123][ T5094] ? udf_mount+0x40/0x40
[ 544.937359][ T5094] ? collect_domain_accesses+0x290/0x290
[ 544.943031][ T5094] udf_close_lvid+0x462/0x5c0
[ 544.947703][ T5094] udf_put_super+0x19c/0x200
[ 544.952292][ T5094] ? udf_close_lvid+0x5c0/0x5c0
[ 544.957139][ T5094] generic_shutdown_super+0x161/0x3d0
[ 544.962524][ T5094] kill_block_super+0x3b/0x90
[ 544.967201][ T5094] deactivate_locked_super+0xbc/0x1a0
[ 544.972577][ T5094] deactivate_super+0xde/0x100
[ 544.977339][ T5094] cleanup_mnt+0x222/0x450
[ 544.981753][ T5094] task_work_run+0x14d/0x240
[ 544.986354][ T5094] ? task_work_cancel+0x30/0x30
[ 544.991210][ T5094] ? __x64_sys_umount+0x128/0x1a0
[ 544.996244][ T5094] exit_to_user_mode_prepare+0x217/0x240
[ 545.001901][ T5094] syscall_exit_to_user_mode+0x1e/0x60
[ 545.007388][ T5094] do_syscall_64+0x4d/0x110
[ 545.011889][ T5094] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 545.017844][ T5094] RIP: 0033:0x7f3aa0f336c7
[ 545.022249][ T5094] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[ 545.041849][ T5094] RSP: 002b:00007ffd48e7e208 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 545.050255][ T5094] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f3aa0f336c7
[ 545.058217][ T5094] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffd48e7e2c0
[ 545.066180][ T5094] RBP: 00007ffd48e7e2c0 R08: 0000000000000000 R09: 0000000000000000
[ 545.074147][ T5094] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007ffd48e7f330
[ 545.082120][ T5094] R13: 00005555561846c0 R14: 431bde82d7b634db R15: 00007ffd48e7f350
[ 545.090088][ T5094]
[ 545.093098][ T5094]
[ 545.095407][ T5094] Allocated by task 4720:
[ 545.099723][ T5094] kasan_save_stack+0x33/0x50
[ 545.104396][ T5094] kasan_set_track+0x25/0x30
[ 545.108974][ T5094] __kasan_slab_alloc+0x81/0x90
[ 545.113814][ T5094] kmem_cache_alloc_bulk+0x32e/0x3f0
[ 545.119096][ T5094] mas_alloc_nodes+0x39c/0x830
[ 545.123880][ T5094] mas_node_count_gfp+0x105/0x130
[ 545.128901][ T5094] mas_preallocate+0x2d7/0xda0
[ 545.133654][ T5094] __split_vma+0x431/0x1070
[ 545.138168][ T5094] do_vmi_align_munmap+0x2c3/0x1600
[ 545.143382][ T5094] do_vmi_munmap+0x20e/0x450
[ 545.147968][ T5094] mmap_region+0x18c/0x2830
[ 545.152460][ T5094] do_mmap+0x893/0xef0
[ 545.156514][ T5094] vm_mmap_pgoff+0x1a8/0x3c0
[ 545.161107][ T5094] ksys_mmap_pgoff+0x422/0x5b0
[ 545.165870][ T5094] __x64_sys_mmap+0x125/0x190
[ 545.170545][ T5094] do_syscall_64+0x40/0x110
[ 545.175041][ T5094] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 545.180936][ T5094]
[ 545.183247][ T5094] Last potentially related work creation:
[ 545.188943][ T5094] kasan_save_stack+0x33/0x50
[ 545.193609][ T5094] __kasan_record_aux_stack+0x78/0x80
[ 545.198970][ T5094] __call_rcu_common.constprop.0+0x9a/0x7a0
[ 545.204859][ T5094] mas_wr_node_store+0xdfb/0x1890
[ 545.209871][ T5094] mas_wr_store_entry.isra.0+0x548/0xe40
[ 545.215495][ T5094] mas_store_gfp+0xba/0x190
[ 545.219989][ T5094] do_brk_flags+0x714/0x1860
[ 545.224567][ T5094] __do_sys_brk+0x6d8/0xb20
[ 545.229058][ T5094] do_syscall_64+0x40/0x110
[ 545.233553][ T5094] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 545.239443][ T5094]
[ 545.241754][ T5094] Second to last potentially related work creation:
[ 545.248327][ T5094] kasan_save_stack+0x33/0x50
[ 545.253032][ T5094] __kasan_record_aux_stack+0x78/0x80
[ 545.258395][ T5094] __call_rcu_common.constprop.0+0x9a/0x7a0
[ 545.264283][ T5094] mas_wr_node_store+0xdfb/0x1890
[ 545.269295][ T5094] mas_wr_store_entry.isra.0+0x548/0xe40
[ 545.274918][ T5094] mas_store_prealloc+0xb3/0x270
[ 545.279842][ T5094] vma_complete+0x8ff/0xdf0
[ 545.284342][ T5094] __split_vma+0xd35/0x1070
[ 545.288844][ T5094] do_vmi_align_munmap+0x360/0x1600
[ 545.294041][ T5094] do_vmi_munmap+0x20e/0x450
[ 545.298620][ T5094] mmap_region+0x18c/0x2830
[ 545.303110][ T5094] do_mmap+0x893/0xef0
[ 545.307171][ T5094] vm_mmap_pgoff+0x1a8/0x3c0
[ 545.311753][ T5094] ksys_mmap_pgoff+0x422/0x5b0
[ 545.316529][ T5094] __x64_sys_mmap+0x125/0x190
[ 545.321209][ T5094] do_syscall_64+0x40/0x110
[ 545.325708][ T5094] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 545.331602][ T5094]
[ 545.333914][ T5094] The buggy address belongs to the object at ffff88807b634000
[ 545.333914][ T5094] which belongs to the cache maple_node of size 256
[ 545.347873][ T5094] The buggy address is located 0 bytes inside of
[ 545.347873][ T5094] freed 256-byte region [ffff88807b634000, ffff88807b634100)
[ 545.361487][ T5094]
[ 545.363800][ T5094] The buggy address belongs to the physical page:
[ 545.370195][ T5094] page:ffffea0001ed8d00 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88807b634800 pfn:0x7b634
[ 545.381635][ T5094] flags: 0xfff00000000800(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 545.389170][ T5094] page_type: 0x6()
[ 545.392879][ T5094] raw: 00fff00000000800 ffff888013074200 ffffea0001e514d0 ffffea0001e9ff10
[ 545.401453][ T5094] raw: ffff88807b634800 ffff88807b634000 0000000100000006 0000000000000000
[ 545.410018][ T5094] page dumped because: kasan: bad access detected
[ 545.416412][ T5094] page_owner tracks the page as allocated
[ 545.422109][ T5094] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x242000(__GFP_NOWARN|__GFP_COMP|__GFP_THISNODE), pid 4570, tgid 4570 (v4l_id), ts 34462777700, free_ts 34456480106
[ 545.440072][ T5094] post_alloc_hook+0x2d0/0x350
[ 545.444837][ T5094] get_page_from_freelist+0xa25/0x36d0
[ 545.450287][ T5094] __alloc_pages+0x22e/0x2420
[ 545.454957][ T5094] cache_grow_begin+0x99/0x3a0
[ 545.459716][ T5094] cache_alloc_refill+0x295/0x3b0
[ 545.464741][ T5094] kmem_cache_alloc_bulk+0x263/0x3f0
[ 545.470024][ T5094] mas_alloc_nodes+0x39c/0x830
[ 545.474786][ T5094] mas_node_count_gfp+0x105/0x130
[ 545.479805][ T5094] mas_wr_spanning_store.isra.0+0x293/0x1010
[ 545.485774][ T5094] mas_wr_store_entry.isra.0+0x904/0xe40
[ 545.491395][ T5094] mas_store_gfp+0xba/0x190
[ 545.495888][ T5094] do_vmi_align_munmap+0xca1/0x1600
[ 545.501088][ T5094] do_vmi_munmap+0x20e/0x450
[ 545.505665][ T5094] mmap_region+0x18c/0x2830
[ 545.510157][ T5094] do_mmap+0x893/0xef0
[ 545.514212][ T5094] vm_mmap_pgoff+0x1a8/0x3c0
[ 545.518789][ T5094] page last free stack trace:
[ 545.523446][ T5094] free_unref_page_prepare+0x4fa/0xaa0
[ 545.528897][ T5094] free_unref_page+0x33/0x3b0
[ 545.533567][ T5094] slabs_destroy+0x85/0xc0
[ 545.537981][ T5094] ___cache_free+0x2b7/0x420
[ 545.542570][ T5094] qlist_free_all+0x4c/0x1b0
[ 545.547151][ T5094] kasan_quarantine_reduce+0x18e/0x1d0
[ 545.552603][ T5094] __kasan_slab_alloc+0x65/0x90
[ 545.557440][ T5094] kmem_cache_alloc+0x159/0x360
[ 545.562288][ T5094] vm_area_alloc+0x1f/0x220
[ 545.566783][ T5094] mmap_region+0x3a5/0x2830
[ 545.571273][ T5094] do_mmap+0x893/0xef0
[ 545.575329][ T5094] vm_mmap_pgoff+0x1a8/0x3c0
[ 545.579907][ T5094] ksys_mmap_pgoff+0x422/0x5b0
[ 545.584667][ T5094] __x64_sys_mmap+0x125/0x190
[ 545.589340][ T5094] do_syscall_64+0x40/0x110
[ 545.593836][ T5094] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 545.599729][ T5094]
[ 545.602040][ T5094] Memory state around the buggy address:
[ 545.607660][ T5094] ffff88807b633f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 545.615706][ T5094] ffff88807b633f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 545.623752][ T5094] >ffff88807b634000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 545.631795][ T5094] ^
[ 545.635848][ T5094] ffff88807b634080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 545.643910][ T5094] ffff88807b634100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 545.651955][ T5094] ==================================================================
[ 545.660475][ T5094] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 545.667675][ T5094] CPU: 1 PID: 5094 Comm: syz-executor948 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0
[ 545.678105][ T5094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 545.688164][ T5094] Call Trace:
[ 545.691435][ T5094]
[ 545.694355][ T5094] dump_stack_lvl+0xd9/0x1b0
[ 545.698946][ T5094] panic+0x6dc/0x790
[ 545.702839][ T5094] ? panic_smp_self_stop+0xa0/0xa0
[ 545.707949][ T5094] ? check_panic_on_warn+0x1f/0xb0
[ 545.713058][ T5094] check_panic_on_warn+0xab/0xb0
[ 545.717990][ T5094] end_report+0x108/0x150
[ 545.722312][ T5094] kasan_report+0xea/0x110
[ 545.726720][ T5094] ? crc_itu_t+0xd7/0xe0
[ 545.730963][ T5094] ? crc_itu_t+0xd7/0xe0
[ 545.735202][ T5094] crc_itu_t+0xd7/0xe0
[ 545.739270][ T5094] udf_finalize_lvid+0xf2/0x1f0
[ 545.744120][ T5094] ? udf_mount+0x40/0x40
[ 545.748358][ T5094] ? collect_domain_accesses+0x290/0x290
[ 545.753990][ T5094] udf_close_lvid+0x462/0x5c0
[ 545.758663][ T5094] udf_put_super+0x19c/0x200
[ 545.763247][ T5094] ? udf_close_lvid+0x5c0/0x5c0
[ 545.768092][ T5094] generic_shutdown_super+0x161/0x3d0
[ 545.773463][ T5094] kill_block_super+0x3b/0x90
[ 545.778137][ T5094] deactivate_locked_super+0xbc/0x1a0
[ 545.783508][ T5094] deactivate_super+0xde/0x100
[ 545.788273][ T5094] cleanup_mnt+0x222/0x450
[ 545.792687][ T5094] task_work_run+0x14d/0x240
[ 545.797277][ T5094] ? task_work_cancel+0x30/0x30
[ 545.802129][ T5094] ? __x64_sys_umount+0x128/0x1a0
[ 545.807150][ T5094] exit_to_user_mode_prepare+0x217/0x240
[ 545.812778][ T5094] syscall_exit_to_user_mode+0x1e/0x60
[ 545.818242][ T5094] do_syscall_64+0x4d/0x110
[ 545.822738][ T5094] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 545.828645][ T5094] RIP: 0033:0x7f3aa0f336c7
[ 545.833051][ T5094] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[ 545.852647][ T5094] RSP: 002b:00007ffd48e7e208 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 545.861056][ T5094] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f3aa0f336c7
[ 545.869016][ T5094] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffd48e7e2c0
[ 545.876980][ T5094] RBP: 00007ffd48e7e2c0 R08: 0000000000000000 R09: 0000000000000000
[ 545.884942][ T5094] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007ffd48e7f330
[ 545.892906][ T5094] R13: 00005555561846c0 R14: 431bde82d7b634db R15: 00007ffd48e7f350
[ 545.900872][ T5094]
[ 545.903959][ T5094] Kernel Offset: disabled
[ 545.908262][ T5094] Rebooting in 86400 seconds..