[ 38.593720][ C1] eth0: bad gso: type: 1, size: 1408 [ 38.605461][ C1] eth0: bad gso: type: 1, size: 1408 [ 38.611118][ C1] eth0: bad gso: type: 1, size: 1408 [ 38.617105][ C1] eth0: bad gso: type: 1, size: 1408 [ 38.623132][ C1] eth0: bad gso: type: 1, size: 1408 [ 38.872075][ C1] eth0: bad gso: type: 1, size: 1408 [ 38.878706][ C1] eth0: bad gso: type: 1, size: 1408 [ 38.884524][ C1] eth0: bad gso: type: 1, size: 1408 [ 38.890533][ C1] eth0: bad gso: type: 1, size: 1408 [ 38.896529][ C1] eth0: bad gso: type: 1, size: 1408 Warning: Permanently added '10.128.0.171' (ED25519) to the list of known hosts. 2024/09/01 06:34:56 ignoring optional flag "sandboxArg"="0" 2024/09/01 06:34:56 parsed 1 programs 2024/09/01 06:34:56 executed programs: 0 [ 48.695648][ T1926] loop0: detected capacity change from 0 to 2048 [ 48.703966][ T1926] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 48.716339][ T1926] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 48.727838][ T1926] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 48.738726][ T1926] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 48.746711][ T1926] UDF-fs: Scanning with blocksize 512 failed [ 48.754331][ T1926] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 48.794996][ T1508] ================================================================== [ 48.803620][ T1508] BUG: KASAN: use-after-free in crc_itu_t+0x9c/0xc0 [ 48.810504][ T1508] Read of size 1 at addr ffff888004c1b000 by task syz-executor.0/1508 [ 48.818981][ T1508] [ 48.821378][ T1508] CPU: 1 PID: 1508 Comm: syz-executor.0 Not tainted 5.15.165-syzkaller #0 [ 48.830196][ T1508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 48.841047][ T1508] Call Trace: [ 48.844565][ T1508] [ 48.847569][ T1508] dump_stack_lvl+0x41/0x5e [ 48.852162][ T1508] print_address_description.constprop.0.cold+0x6c/0x309 [ 48.859353][ T1508] ? crc_itu_t+0x9c/0xc0 [ 48.863667][ T1508] ? crc_itu_t+0x9c/0xc0 [ 48.867975][ T1508] kasan_report.cold+0x83/0xdf [ 48.872807][ T1508] ? crc_itu_t+0x9c/0xc0 [ 48.877186][ T1508] crc_itu_t+0x9c/0xc0 [ 48.881319][ T1508] udf_finalize_lvid+0xdb/0x1d0 [ 48.886408][ T1508] ? udf_mount+0x10/0x10 [ 48.890719][ T1508] ? __dentry_kill+0x3d5/0x5e0 [ 48.895541][ T1508] udf_sync_fs+0xc9/0x130 [ 48.899962][ T1508] sync_filesystem.part.0+0x63/0x170 [ 48.905318][ T1508] generic_shutdown_super+0x64/0x320 [ 48.910756][ T1508] kill_block_super+0x93/0xd0 [ 48.915890][ T1508] deactivate_locked_super+0x7b/0x130 [ 48.923572][ T1508] cleanup_mnt+0x2b8/0x3e0 [ 48.928396][ T1508] task_work_run+0xb8/0x140 [ 48.933334][ T1508] exit_to_user_mode_prepare+0x15d/0x160 [ 48.938942][ T1508] syscall_exit_to_user_mode+0x12/0x30 [ 48.944548][ T1508] do_syscall_64+0x40/0x80 [ 48.948928][ T1508] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 48.955140][ T1508] RIP: 0033:0x7f17671c6c87 [ 48.959882][ T1508] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 [ 48.980110][ T1508] RSP: 002b:00007ffcf1f70ed8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 48.988846][ T1508] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f17671c6c87 [ 48.996967][ T1508] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffcf1f70f90 [ 49.004919][ T1508] RBP: 00007ffcf1f70f90 R08: 0000000000000000 R09: 0000000000000000 [ 49.013071][ T1508] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffcf1f72050 [ 49.021107][ T1508] R13: 00007f1767220c5a R14: 000000000000be15 R15: 0000000000000006 [ 49.029088][ T1508] [ 49.032326][ T1508] [ 49.034755][ T1508] The buggy address belongs to the page: [ 49.040570][ T1508] page:ffffea00001306c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x4c1b [ 49.051294][ T1508] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 49.058602][ T1508] raw: 00fff00000000000 ffffea000020c8c8 ffffea0001adf388 0000000000000000 [ 49.067901][ T1508] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 49.076627][ T1508] page dumped because: kasan: bad access detected [ 49.083118][ T1508] page_owner tracks the page as freed [ 49.088991][ T1508] page last allocated via order 0, migratetype Movable, gfp_mask 0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), pid 1487, ts 39518829455, free_ts 39537945199 [ 49.104664][ T1508] get_page_from_freelist+0x12d1/0x2d40 [ 49.110199][ T1508] __alloc_pages+0x1b2/0x440 [ 49.114879][ T1508] alloc_pages_vma+0xe0/0x650 [ 49.119796][ T1508] __handle_mm_fault+0x1ce9/0x33c0 [ 49.124970][ T1508] handle_mm_fault+0x1c5/0x5b0 [ 49.129738][ T1508] do_user_addr_fault+0x298/0xc80 [ 49.134903][ T1508] exc_page_fault+0x5a/0xb0 [ 49.139378][ T1508] asm_exc_page_fault+0x22/0x30 [ 49.144467][ T1508] page last free stack trace: [ 49.149126][ T1508] free_pcp_prepare+0x379/0x850 [ 49.153975][ T1508] free_unref_page_list+0x16f/0xbd0 [ 49.159146][ T1508] release_pages+0xb3a/0x1480 [ 49.163947][ T1508] tlb_finish_mmu+0x127/0x790 [ 49.168710][ T1508] unmap_region+0x298/0x390 [ 49.173196][ T1508] __do_munmap+0x481/0x10c0 [ 49.177726][ T1508] __vm_munmap+0xd2/0x1a0 [ 49.182026][ T1508] __x64_sys_munmap+0x5d/0x80 [ 49.186800][ T1508] do_syscall_64+0x33/0x80 [ 49.191205][ T1508] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 49.197093][ T1508] [ 49.199493][ T1508] Memory state around the buggy address: [ 49.205199][ T1508] ffff888004c1af00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 49.213362][ T1508] ffff888004c1af80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 49.221582][ T1508] >ffff888004c1b000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 49.229781][ T1508] ^ [ 49.233923][ T1508] ffff888004c1b080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 49.242178][ T1508] ffff888004c1b100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 49.250654][ T1508] ================================================================== [ 49.259113][ T1508] Disabling lock debugging due to kernel taint [ 49.265577][ T1508] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 49.273269][ T1508] Kernel Offset: disabled [ 49.277793][ T1508] Rebooting in 86400 seconds..