Warning: Permanently added '10.128.1.14' (ED25519) to the list of known hosts. 2024/04/07 04:47:00 ignoring optional flag "sandboxArg"="0" 2024/04/07 04:47:00 parsed 1 programs 2024/04/07 04:47:00 executed programs: 0 [ 46.747113][ T2010] loop0: detected capacity change from 0 to 2048 [ 46.755250][ T2010] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 46.766534][ T2010] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 46.777849][ T2010] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 46.788480][ T2010] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 46.796382][ T2010] UDF-fs: Scanning with blocksize 512 failed [ 46.803596][ T2010] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 46.844483][ T1592] ================================================================== [ 46.852666][ T1592] BUG: KASAN: use-after-free in crc_itu_t+0x9c/0xc0 [ 46.859690][ T1592] Read of size 1 at addr ffff88806bc86000 by task syz-executor.0/1592 [ 46.868365][ T1592] [ 46.870683][ T1592] CPU: 1 PID: 1592 Comm: syz-executor.0 Not tainted 5.15.153-syzkaller #0 [ 46.879495][ T1592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 46.889632][ T1592] Call Trace: [ 46.893131][ T1592] [ 46.896137][ T1592] dump_stack_lvl+0x41/0x5e [ 46.901058][ T1592] print_address_description.constprop.0.cold+0x6c/0x309 [ 46.908236][ T1592] ? crc_itu_t+0x9c/0xc0 [ 46.912451][ T1592] ? crc_itu_t+0x9c/0xc0 [ 46.916750][ T1592] kasan_report.cold+0x83/0xdf [ 46.921519][ T1592] ? crc_itu_t+0x9c/0xc0 [ 46.925870][ T1592] crc_itu_t+0x9c/0xc0 [ 46.930452][ T1592] udf_finalize_lvid+0xdb/0x1d0 [ 46.935403][ T1592] ? udf_mount+0x10/0x10 [ 46.939638][ T1592] ? __dentry_kill+0x3d5/0x5e0 [ 46.944614][ T1592] udf_sync_fs+0xc9/0x130 [ 46.948961][ T1592] sync_filesystem.part.0+0x63/0x170 [ 46.954255][ T1592] generic_shutdown_super+0x64/0x320 [ 46.959582][ T1592] kill_block_super+0x93/0xd0 [ 46.964848][ T1592] deactivate_locked_super+0x7b/0x130 [ 46.970305][ T1592] cleanup_mnt+0x2b8/0x3e0 [ 46.974897][ T1592] task_work_run+0xb8/0x140 [ 46.979465][ T1592] exit_to_user_mode_prepare+0x15a/0x160 [ 46.985195][ T1592] syscall_exit_to_user_mode+0x12/0x30 [ 46.990735][ T1592] do_syscall_64+0x42/0x80 [ 46.995224][ T1592] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 47.001255][ T1592] RIP: 0033:0x7f8558f0dc87 [ 47.005657][ T1592] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 [ 47.025742][ T1592] RSP: 002b:00007ffdf347f8a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 47.034291][ T1592] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f8558f0dc87 [ 47.042275][ T1592] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffdf347f960 [ 47.050498][ T1592] RBP: 00007ffdf347f960 R08: 0000000000000000 R09: 0000000000000000 [ 47.058812][ T1592] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffdf3480a20 [ 47.066912][ T1592] R13: 00007f8558f67c5a R14: 000000000000b672 R15: 0000000000000006 [ 47.074969][ T1592] [ 47.078145][ T1592] [ 47.080465][ T1592] The buggy address belongs to the page: [ 47.086155][ T1592] page:ffffea0001af2180 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x6bc86 [ 47.097137][ T1592] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 47.104436][ T1592] raw: 00fff00000000000 ffffea0001af0ec8 ffffea0001af11c8 0000000000000000 [ 47.113247][ T1592] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 47.121972][ T1592] page dumped because: kasan: bad access detected [ 47.128367][ T1592] page_owner tracks the page as freed [ 47.133729][ T1592] page last allocated via order 0, migratetype Movable, gfp_mask 0x1100cca(GFP_HIGHUSER_MOVABLE), pid 2009, ts 46736915996, free_ts 46841300345 [ 47.149442][ T1592] get_page_from_freelist+0x12d1/0x2d40 [ 47.155284][ T1592] __alloc_pages+0x1b2/0x440 [ 47.159854][ T1592] alloc_pages_vma+0xe0/0x650 [ 47.164759][ T1592] wp_page_copy+0x18c/0x1890 [ 47.169505][ T1592] __handle_mm_fault+0x15ac/0x33c0 [ 47.174773][ T1592] handle_mm_fault+0x1c5/0x5b0 [ 47.179634][ T1592] do_user_addr_fault+0x298/0xcb0 [ 47.184630][ T1592] exc_page_fault+0x5a/0xb0 [ 47.189125][ T1592] asm_exc_page_fault+0x22/0x30 [ 47.194162][ T1592] page last free stack trace: [ 47.198901][ T1592] free_pcp_prepare+0x379/0x850 [ 47.203994][ T1592] free_unref_page_list+0x16f/0xbd0 [ 47.209252][ T1592] release_pages+0xb3a/0x1480 [ 47.213997][ T1592] tlb_finish_mmu+0x127/0x790 [ 47.218649][ T1592] exit_mmap+0x1b7/0x530 [ 47.222879][ T1592] mmput+0xd6/0x400 [ 47.226793][ T1592] do_exit+0x884/0x2200 [ 47.230954][ T1592] do_group_exit+0xe7/0x290 [ 47.235437][ T1592] __x64_sys_exit_group+0x35/0x40 [ 47.240440][ T1592] do_syscall_64+0x35/0x80 [ 47.245698][ T1592] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 47.251572][ T1592] [ 47.254082][ T1592] Memory state around the buggy address: [ 47.259817][ T1592] ffff88806bc85f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 47.267875][ T1592] ffff88806bc85f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 47.276331][ T1592] >ffff88806bc86000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 47.284957][ T1592] ^ [ 47.289125][ T1592] ffff88806bc86080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 47.297580][ T1592] ffff88806bc86100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 47.305858][ T1592] ================================================================== [ 47.314910][ T1592] Disabling lock debugging due to kernel taint [ 47.321531][ T1592] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 47.329075][ T1592] Kernel Offset: disabled [ 47.333506][ T1592] Rebooting in 86400 seconds..