Warning: Permanently added '10.128.0.218' (ED25519) to the list of known hosts. 2025/06/20 12:00:28 ignoring optional flag "sandboxArg"="0" 2025/06/20 12:00:28 ignoring optional flag "type"="gce" 2025/06/20 12:00:28 parsed 1 programs [ 76.691904][ T2041] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k 2025/06/20 12:00:33 executed programs: 0 [ 84.437853][ T2952] loop0: detected capacity change from 0 to 32768 [ 84.585034][ T2952] loop0: detected capacity change from 0 to 2048 [ 84.676766][ T2952] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 84.685018][ T2952] UDF-fs: Scanning with blocksize 512 failed [ 84.694406][ T2952] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 84.743869][ T2533] UDF-fs: error (device loop0): udf_read_inode: (ino 817) failed !bh [ 84.753005][ T2533] UDF-fs: error (device loop0): udf_read_inode: (ino 817) failed !bh [ 84.769841][ T2533] ================================================================== [ 84.778030][ T2533] BUG: KASAN: use-after-free in crc_itu_t+0x9c/0xc0 [ 84.785149][ T2533] Read of size 1 at addr ffff8880651f1000 by task syz-executor/2533 [ 84.793214][ T2533] [ 84.795819][ T2533] CPU: 0 PID: 2533 Comm: syz-executor Not tainted 5.15.185-syzkaller #0 [ 84.804460][ T2533] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 84.814792][ T2533] Call Trace: [ 84.818078][ T2533] [ 84.821016][ T2533] dump_stack_lvl+0x41/0x5e [ 84.825827][ T2533] print_address_description.constprop.0.cold+0x6c/0x309 [ 84.833229][ T2533] ? crc_itu_t+0x9c/0xc0 [ 84.837697][ T2533] ? crc_itu_t+0x9c/0xc0 [ 84.842043][ T2533] kasan_report.cold+0x83/0xdf [ 84.846805][ T2533] ? crc_itu_t+0x9c/0xc0 [ 84.851129][ T2533] crc_itu_t+0x9c/0xc0 [ 84.855189][ T2533] udf_finalize_lvid+0xdb/0x1d0 [ 84.860055][ T2533] ? udf_mount+0x10/0x10 [ 84.864323][ T2533] ? __dentry_kill+0x3d5/0x5e0 [ 84.869102][ T2533] udf_sync_fs+0xc9/0x130 [ 84.873600][ T2533] sync_filesystem.part.0+0x63/0x170 [ 84.878975][ T2533] generic_shutdown_super+0x64/0x3a0 [ 84.884370][ T2533] kill_block_super+0x93/0xd0 [ 84.889037][ T2533] deactivate_locked_super+0x7b/0x130 [ 84.894512][ T2533] cleanup_mnt+0x2b8/0x3e0 [ 84.898933][ T2533] task_work_run+0xb8/0x140 [ 84.903556][ T2533] do_exit+0x904/0x2200 [ 84.907812][ T2533] ? lock_downgrade+0x4f0/0x4f0 [ 84.912656][ T2533] ? mm_update_next_owner+0x6f0/0x6f0 [ 84.918125][ T2533] do_group_exit+0xe7/0x290 [ 84.922629][ T2533] __x64_sys_exit_group+0x35/0x40 [ 84.927650][ T2533] do_syscall_64+0x33/0x80 [ 84.932162][ T2533] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 84.938710][ T2533] RIP: 0033:0x7f61f7a48eb9 [ 84.943160][ T2533] Code: Unable to access opcode bytes at RIP 0x7f61f7a48e8f. [ 84.950697][ T2533] RSP: 002b:00007fffe5b82c58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 84.959227][ T2533] RAX: ffffffffffffffda RBX: 00007f61f7ab6801 RCX: 00007f61f7a48eb9 [ 84.967479][ T2533] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 84.975617][ T2533] RBP: 0000000000000005 R08: 00007fffe5b809f7 R09: 00007fffe5b83f10 [ 84.983784][ T2533] R10: 0000000000000009 R11: 0000000000000246 R12: 00007fffe5b83f10 [ 84.992176][ T2533] R13: 00007f61f7ab67dc R14: 000000000001494c R15: 00007fffe5b84fd0 [ 85.000146][ T2533] [ 85.003300][ T2533] [ 85.005616][ T2533] The buggy address belongs to the page: [ 85.011235][ T2533] page:ffffea0001947c40 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x651f1 [ 85.021553][ T2533] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 85.028646][ T2533] raw: 00fff00000000000 ffffea00019c7a48 ffffea0001947e08 0000000000000000 [ 85.037223][ T2533] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 85.045794][ T2533] page dumped because: kasan: bad access detected [ 85.052226][ T2533] page_owner tracks the page as freed [ 85.057665][ T2533] page last allocated via order 0, migratetype Movable, gfp_mask 0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), pid 2953, ts 84754120763, free_ts 84759470401 [ 85.073432][ T2533] get_page_from_freelist+0x1369/0x31f0 [ 85.079085][ T2533] __alloc_pages+0x1b2/0x440 [ 85.083742][ T2533] alloc_pages_vma+0xe0/0x650 [ 85.088499][ T2533] __handle_mm_fault+0x1d97/0x33a0 [ 85.093681][ T2533] handle_mm_fault+0x1c5/0x5b0 [ 85.098552][ T2533] do_user_addr_fault+0x298/0xc80 [ 85.103558][ T2533] exc_page_fault+0x5a/0xb0 [ 85.108045][ T2533] asm_exc_page_fault+0x22/0x30 [ 85.113058][ T2533] copy_user_enhanced_fast_string+0xe/0x40 [ 85.118932][ T2533] copy_page_to_iter+0x3d8/0xb60 [ 85.123940][ T2533] filemap_read+0x4e1/0xab0 [ 85.128470][ T2533] blkdev_read_iter+0xfb/0x180 [ 85.133424][ T2533] new_sync_read+0x35a/0x5f0 [ 85.138016][ T2533] vfs_read+0x209/0x470 [ 85.142297][ T2533] ksys_read+0xf4/0x1d0 [ 85.146451][ T2533] do_syscall_64+0x33/0x80 [ 85.150853][ T2533] page last free stack trace: [ 85.155518][ T2533] free_pcp_prepare+0x379/0x850 [ 85.160356][ T2533] free_unref_page_list+0x16f/0xbd0 [ 85.165634][ T2533] release_pages+0xb3a/0x1480 [ 85.170294][ T2533] tlb_finish_mmu+0x127/0x790 [ 85.174950][ T2533] unmap_region+0x298/0x390 [ 85.179465][ T2533] __do_munmap+0x47e/0x10d0 [ 85.183975][ T2533] __vm_munmap+0xd2/0x1a0 [ 85.188413][ T2533] __x64_sys_munmap+0x5d/0x80 [ 85.193076][ T2533] do_syscall_64+0x33/0x80 [ 85.197918][ T2533] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 85.204111][ T2533] [ 85.206519][ T2533] Memory state around the buggy address: [ 85.212232][ T2533] ffff8880651f0f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 85.220398][ T2533] ffff8880651f0f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 85.228448][ T2533] >ffff8880651f1000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 85.236500][ T2533] ^ [ 85.240559][ T2533] ffff8880651f1080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 85.249312][ T2533] ffff8880651f1100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 85.257451][ T2533] ================================================================== [ 85.265515][ T2533] Disabling lock debugging due to kernel taint [ 85.274229][ T2533] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 85.281837][ T2533] Kernel Offset: disabled [ 85.286171][ T2533] Rebooting in 86400 seconds..