Warning: Permanently added '10.128.0.56' (ED25519) to the list of known hosts. 2024/07/01 23:50:42 ignoring optional flag "sandboxArg"="0" 2024/07/01 23:50:42 parsed 1 programs 2024/07/01 23:50:42 executed programs: 0 [ 53.663295][ T1500] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k 2024/07/01 23:50:49 executed programs: 1 [ 60.053061][ T1918] loop0: detected capacity change from 0 to 2048 [ 60.064134][ T1918] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 60.122442][ T1921] loop0: detected capacity change from 0 to 2048 [ 60.133831][ T1921] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 60.153573][ T1507] ================================================================== [ 60.161979][ T1507] BUG: KASAN: use-after-free in crc_itu_t+0x178/0x240 [ 60.168962][ T1507] Read of size 1 at addr ffff888071167000 by task syz-executor.0/1507 [ 60.177387][ T1507] [ 60.179803][ T1507] CPU: 1 PID: 1507 Comm: syz-executor.0 Not tainted 6.1.96-syzkaller #0 [ 60.188294][ T1507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 60.198925][ T1507] Call Trace: [ 60.202541][ T1507] [ 60.205489][ T1507] dump_stack_lvl+0xf4/0x251 [ 60.210082][ T1507] ? nf_tcp_handle_invalid+0x2f3/0x2f3 [ 60.216077][ T1507] ? panic+0x3fe/0x3fe [ 60.220460][ T1507] ? lock_acquire+0xbe/0x390 [ 60.225392][ T1507] ? read_lock_is_recursive+0x10/0x10 [ 60.230907][ T1507] ? __virt_addr_valid+0x139/0x260 [ 60.236032][ T1507] ? __virt_addr_valid+0x211/0x260 [ 60.242324][ T1507] print_report+0x15f/0x4f0 [ 60.247003][ T1507] ? __virt_addr_valid+0x139/0x260 [ 60.252393][ T1507] ? __virt_addr_valid+0x211/0x260 [ 60.257907][ T1507] ? crc_itu_t+0x178/0x240 [ 60.262790][ T1507] kasan_report+0x136/0x160 [ 60.268020][ T1507] ? crc_itu_t+0x178/0x240 [ 60.272799][ T1507] crc_itu_t+0x178/0x240 [ 60.277319][ T1507] udf_sync_fs+0x1bd/0x370 [ 60.281940][ T1507] ? udf_put_super+0x130/0x130 [ 60.287311][ T1507] ? dentry_kill+0xbb/0x1e0 [ 60.291814][ T1507] sync_filesystem+0xbf/0x180 [ 60.296608][ T1507] generic_shutdown_super+0x65/0x2c0 [ 60.302271][ T1507] kill_block_super+0x75/0xb0 [ 60.307144][ T1507] deactivate_locked_super+0x71/0xd0 [ 60.312520][ T1507] cleanup_mnt+0x2bd/0x330 [ 60.317214][ T1507] task_work_run+0x206/0x280 [ 60.321825][ T1507] ? task_work_cancel+0x2a0/0x2a0 [ 60.327108][ T1507] ? __x64_sys_umount+0xe4/0x120 [ 60.332154][ T1507] ? path_umount+0xc70/0xc70 [ 60.337249][ T1507] exit_to_user_mode_loop+0xa9/0xc0 [ 60.342620][ T1507] exit_to_user_mode_prepare+0x64/0xb0 [ 60.348194][ T1507] syscall_exit_to_user_mode+0x27/0x1b0 [ 60.353726][ T1507] do_syscall_64+0x47/0x80 [ 60.358149][ T1507] ? clear_bhb_loop+0x45/0xa0 [ 60.363425][ T1507] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 60.369411][ T1507] RIP: 0033:0x7f88dcc7de17 [ 60.374001][ T1507] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 [ 60.394922][ T1507] RSP: 002b:00007ffc600bd228 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 60.403506][ T1507] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f88dcc7de17 [ 60.411701][ T1507] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffc600bd2e0 [ 60.419854][ T1507] RBP: 00007ffc600bd2e0 R08: 0000000000000000 R09: 0000000000000000 [ 60.428229][ T1507] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc600be3a0 [ 60.436698][ T1507] R13: 00007f88dccc73b9 R14: 000000000000eab1 R15: 0000000000000006 [ 60.444876][ T1507] [ 60.447887][ T1507] [ 60.450297][ T1507] Allocated by task 1664: [ 60.454776][ T1507] kasan_set_track+0x4b/0x70 [ 60.459362][ T1507] __kasan_slab_alloc+0x65/0x70 [ 60.464400][ T1507] slab_post_alloc_hook+0x54/0x3e0 [ 60.469595][ T1507] kmem_cache_alloc+0x10c/0x290 [ 60.474714][ T1507] vm_area_dup+0x1b/0x90 [ 60.478977][ T1507] __split_vma+0x95/0x4a0 [ 60.483318][ T1507] do_mas_align_munmap+0x3fe/0x11e0 [ 60.488680][ T1507] do_mas_munmap+0x195/0x1f0 [ 60.493408][ T1507] __vm_munmap+0x236/0x300 [ 60.497903][ T1507] elf_map+0x1a6/0x250 [ 60.502001][ T1507] load_elf_binary+0xd5e/0x23a0 [ 60.506928][ T1507] bprm_execve+0x7e7/0x1220 [ 60.511419][ T1507] kernel_execve+0x53b/0x610 [ 60.516269][ T1507] call_usermodehelper_exec_async+0x1fc/0x310 [ 60.522436][ T1507] ret_from_fork+0x1f/0x30 [ 60.526933][ T1507] [ 60.529242][ T1507] Freed by task 1664: [ 60.533398][ T1507] kasan_set_track+0x4b/0x70 [ 60.537980][ T1507] kasan_save_free_info+0x27/0x40 [ 60.543174][ T1507] ____kasan_slab_free+0x122/0x1e0 [ 60.548689][ T1507] kmem_cache_free+0x2e8/0x510 [ 60.553457][ T1507] do_mas_align_munmap+0xbb6/0x11e0 [ 60.558657][ T1507] do_mas_munmap+0x195/0x1f0 [ 60.563329][ T1507] __vm_munmap+0x236/0x300 [ 60.567740][ T1507] elf_map+0x1a6/0x250 [ 60.572073][ T1507] load_elf_binary+0xd5e/0x23a0 [ 60.576987][ T1507] bprm_execve+0x7e7/0x1220 [ 60.581483][ T1507] kernel_execve+0x53b/0x610 [ 60.586054][ T1507] call_usermodehelper_exec_async+0x1fc/0x310 [ 60.592097][ T1507] ret_from_fork+0x1f/0x30 [ 60.596584][ T1507] [ 60.598989][ T1507] The buggy address belongs to the object at ffff888071167000 [ 60.598989][ T1507] which belongs to the cache vm_area_struct of size 144 [ 60.613749][ T1507] The buggy address is located 0 bytes inside of [ 60.613749][ T1507] 144-byte region [ffff888071167000, ffff888071167090) [ 60.627006][ T1507] [ 60.629347][ T1507] The buggy address belongs to the physical page: [ 60.635832][ T1507] page:ffffea0001c459c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x71167 [ 60.645984][ T1507] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff) [ 60.653707][ T1507] raw: 00fff00000000200 ffffea0001c11f80 dead000000000002 ffff888140008b40 [ 60.662635][ T1507] raw: 0000000000000000 0000000000130013 00000001ffffffff 0000000000000000 [ 60.671227][ T1507] page dumped because: kasan: bad access detected [ 60.678018][ T1507] page_owner tracks the page as allocated [ 60.683841][ T1507] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1111, tgid 1111 (modprobe), ts 29029799485, free_ts 29022740375 [ 60.702318][ T1507] post_alloc_hook+0x286/0x2b0 [ 60.707084][ T1507] get_page_from_freelist+0x2fdd/0x3170 [ 60.712795][ T1507] __alloc_pages+0x251/0x640 [ 60.717452][ T1507] alloc_slab_page+0x6a/0x150 [ 60.722384][ T1507] new_slab+0x70/0x250 [ 60.726448][ T1507] ___slab_alloc+0x9df/0xe70 [ 60.731033][ T1507] kmem_cache_alloc+0x18b/0x290 [ 60.735875][ T1507] vm_area_dup+0x1b/0x90 [ 60.740188][ T1507] __split_vma+0x95/0x4a0 [ 60.744678][ T1507] do_mas_align_munmap+0x3fe/0x11e0 [ 60.749852][ T1507] do_mas_munmap+0x195/0x1f0 [ 60.754445][ T1507] mmap_region+0x708/0x17c0 [ 60.759037][ T1507] do_mmap+0x69e/0xb60 [ 60.763188][ T1507] vm_mmap_pgoff+0x1b7/0x280 [ 60.768028][ T1507] ksys_mmap_pgoff+0x2cf/0x3b0 [ 60.772791][ T1507] do_syscall_64+0x3b/0x80 [ 60.777292][ T1507] page last free stack trace: [ 60.781965][ T1507] free_unref_page_prepare+0xd4b/0xee0 [ 60.787852][ T1507] free_unref_page_list+0x54b/0x7e0 [ 60.793127][ T1507] release_pages+0x175c/0x1900 [ 60.797896][ T1507] tlb_flush_mmu+0xe5/0x1d0 [ 60.802388][ T1507] tlb_finish_mmu+0xb0/0x1b0 [ 60.806967][ T1507] exit_mmap+0x341/0x730 [ 60.811219][ T1507] __mmput+0x9b/0x2d0 [ 60.815419][ T1507] exit_mm+0x122/0x1b0 [ 60.819630][ T1507] do_exit+0x81e/0x23a0 [ 60.823785][ T1507] do_group_exit+0x1b5/0x280 [ 60.828382][ T1507] __x64_sys_exit_group+0x3b/0x40 [ 60.833603][ T1507] do_syscall_64+0x3b/0x80 [ 60.838183][ T1507] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 60.844105][ T1507] [ 60.846609][ T1507] Memory state around the buggy address: [ 60.852220][ T1507] ffff888071166f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 60.861165][ T1507] ffff888071166f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 60.869503][ T1507] >ffff888071167000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.877908][ T1507] ^ [ 60.881961][ T1507] ffff888071167080: fb fb fc fc fc fc fc fc fc fc fa fb fb fb fb fb [ 60.890377][ T1507] ffff888071167100: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 60.898426][ T1507] ================================================================== [ 60.907333][ T1507] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 60.914927][ T1507] Kernel Offset: disabled [ 60.919508][ T1507] Rebooting in 86400 seconds..