Warning: Permanently added '10.128.1.188' (ED25519) to the list of known hosts. 2024/06/10 09:50:26 ignoring optional flag "sandboxArg"="0" 2024/06/10 09:50:26 parsed 1 programs 2024/06/10 09:50:26 executed programs: 0 [ 47.273574][ T1928] loop0: detected capacity change from 0 to 2048 [ 47.281725][ T1928] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 47.292941][ T1928] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 47.303775][ T1928] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 47.314317][ T1928] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 47.321972][ T1928] UDF-fs: Scanning with blocksize 512 failed [ 47.329476][ T1928] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 47.370235][ T1510] ================================================================== [ 47.378298][ T1510] BUG: KASAN: use-after-free in crc_itu_t+0x9c/0xc0 [ 47.385162][ T1510] Read of size 1 at addr ffff88806a787000 by task syz-executor.0/1510 [ 47.393281][ T1510] [ 47.395685][ T1510] CPU: 1 PID: 1510 Comm: syz-executor.0 Not tainted 5.15.160-syzkaller #0 [ 47.404424][ T1510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 47.414585][ T1510] Call Trace: [ 47.417853][ T1510] [ 47.420857][ T1510] dump_stack_lvl+0x41/0x5e [ 47.425332][ T1510] print_address_description.constprop.0.cold+0x6c/0x309 [ 47.432325][ T1510] ? crc_itu_t+0x9c/0xc0 [ 47.436547][ T1510] ? crc_itu_t+0x9c/0xc0 [ 47.440783][ T1510] kasan_report.cold+0x83/0xdf [ 47.445609][ T1510] ? crc_itu_t+0x9c/0xc0 [ 47.449828][ T1510] crc_itu_t+0x9c/0xc0 [ 47.453867][ T1510] udf_finalize_lvid+0xdb/0x1d0 [ 47.458771][ T1510] ? udf_mount+0x10/0x10 [ 47.462975][ T1510] ? __dentry_kill+0x3d5/0x5e0 [ 47.467700][ T1510] udf_sync_fs+0xc9/0x130 [ 47.471988][ T1510] sync_filesystem.part.0+0x63/0x170 [ 47.477234][ T1510] generic_shutdown_super+0x64/0x320 [ 47.482488][ T1510] kill_block_super+0x93/0xd0 [ 47.487169][ T1510] deactivate_locked_super+0x7b/0x130 [ 47.492605][ T1510] cleanup_mnt+0x2b8/0x3e0 [ 47.496996][ T1510] task_work_run+0xb8/0x140 [ 47.501466][ T1510] exit_to_user_mode_prepare+0x15d/0x160 [ 47.507064][ T1510] syscall_exit_to_user_mode+0x12/0x30 [ 47.512495][ T1510] do_syscall_64+0x40/0x80 [ 47.516980][ T1510] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 47.522903][ T1510] RIP: 0033:0x7fe11ee0dc87 [ 47.527295][ T1510] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 [ 47.546867][ T1510] RSP: 002b:00007ffcc3da00b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 47.555425][ T1510] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fe11ee0dc87 [ 47.563545][ T1510] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffcc3da0170 [ 47.571485][ T1510] RBP: 00007ffcc3da0170 R08: 0000000000000000 R09: 0000000000000000 [ 47.579539][ T1510] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffcc3da1230 [ 47.587484][ T1510] R13: 00007fe11ee67c5a R14: 000000000000b895 R15: 0000000000000006 [ 47.595431][ T1510] [ 47.598515][ T1510] [ 47.600887][ T1510] The buggy address belongs to the page: [ 47.606498][ T1510] page:ffffea0001a9e1c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x6a787 [ 47.616622][ T1510] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 47.623703][ T1510] raw: 00fff00000000000 ffffea0001a9e008 ffffea0001b10288 0000000000000000 [ 47.632256][ T1510] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 47.640799][ T1510] page dumped because: kasan: bad access detected [ 47.647187][ T1510] page_owner tracks the page as freed [ 47.652602][ T1510] page last allocated via order 0, migratetype Movable, gfp_mask 0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), pid 1928, ts 47266659863, free_ts 47273195405 [ 47.668272][ T1510] get_page_from_freelist+0x12d1/0x2d40 [ 47.673788][ T1510] __alloc_pages+0x1b2/0x440 [ 47.678523][ T1510] alloc_pages_vma+0xe0/0x650 [ 47.683176][ T1510] __handle_mm_fault+0x1ce9/0x33c0 [ 47.688267][ T1510] handle_mm_fault+0x1c5/0x5b0 [ 47.693002][ T1510] do_user_addr_fault+0x298/0xcb0 [ 47.697998][ T1510] exc_page_fault+0x5a/0xb0 [ 47.702484][ T1510] asm_exc_page_fault+0x22/0x30 [ 47.707297][ T1510] page last free stack trace: [ 47.711935][ T1510] free_pcp_prepare+0x379/0x850 [ 47.716848][ T1510] free_unref_page_list+0x16f/0xbd0 [ 47.722104][ T1510] release_pages+0xb3a/0x1480 [ 47.726773][ T1510] tlb_finish_mmu+0x127/0x790 [ 47.731524][ T1510] unmap_region+0x298/0x390 [ 47.736005][ T1510] __do_munmap+0x481/0x10c0 [ 47.740635][ T1510] __vm_munmap+0xd2/0x1a0 [ 47.745022][ T1510] __x64_sys_munmap+0x5d/0x80 [ 47.749769][ T1510] do_syscall_64+0x33/0x80 [ 47.754156][ T1510] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 47.760014][ T1510] [ 47.762309][ T1510] Memory state around the buggy address: [ 47.767902][ T1510] ffff88806a786f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 47.775942][ T1510] ffff88806a786f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 47.784074][ T1510] >ffff88806a787000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 47.792138][ T1510] ^ [ 47.796170][ T1510] ffff88806a787080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 47.804202][ T1510] ffff88806a787100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 47.812320][ T1510] ================================================================== [ 47.820553][ T1510] Disabling lock debugging due to kernel taint [ 47.827569][ T1510] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 47.835196][ T1510] Kernel Offset: disabled [ 47.839597][ T1510] Rebooting in 86400 seconds..