Warning: Permanently added '10.128.1.14' (ED25519) to the list of known hosts. 2024/03/11 14:02:41 ignoring optional flag "sandboxArg"="0" 2024/03/11 14:02:41 parsed 1 programs 2024/03/11 14:02:41 executed programs: 0 [ 56.404212][ T1991] loop0: detected capacity change from 0 to 2048 [ 56.413658][ T1991] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 56.425105][ T1991] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 56.436033][ T1991] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 2024/03/11 14:02:46 executed programs: 1 [ 56.447106][ T1991] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 56.454817][ T1991] UDF-fs: Scanning with blocksize 512 failed [ 56.462998][ T1991] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 56.511010][ T1579] ================================================================== [ 56.519301][ T1579] BUG: KASAN: use-after-free in crc_itu_t+0x178/0x240 [ 56.526222][ T1579] Read of size 1 at addr ffff88806aa1d000 by task syz-executor.0/1579 [ 56.534802][ T1579] [ 56.537116][ T1579] CPU: 0 PID: 1579 Comm: syz-executor.0 Not tainted 6.1.81-syzkaller #0 [ 56.545583][ T1579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 56.555611][ T1579] Call Trace: [ 56.558895][ T1579] [ 56.561801][ T1579] dump_stack_lvl+0xf4/0x251 [ 56.566546][ T1579] ? nf_tcp_handle_invalid+0x2f3/0x2f3 [ 56.572062][ T1579] ? panic+0x3f7/0x3f7 [ 56.576101][ T1579] ? lock_acquire+0xbe/0x390 [ 56.580687][ T1579] ? read_lock_is_recursive+0x10/0x10 [ 56.586025][ T1579] ? __virt_addr_valid+0x139/0x260 [ 56.591108][ T1579] ? __virt_addr_valid+0x211/0x260 [ 56.596187][ T1579] print_report+0x15f/0x4f0 [ 56.600775][ T1579] ? __virt_addr_valid+0x139/0x260 [ 56.605853][ T1579] ? __virt_addr_valid+0x211/0x260 [ 56.610930][ T1579] ? crc_itu_t+0x178/0x240 [ 56.615316][ T1579] kasan_report+0x136/0x160 [ 56.619904][ T1579] ? crc_itu_t+0x178/0x240 [ 56.624308][ T1579] crc_itu_t+0x178/0x240 [ 56.628519][ T1579] udf_sync_fs+0x1bd/0x370 [ 56.632928][ T1579] ? udf_put_super+0x130/0x130 [ 56.637747][ T1579] ? dentry_kill+0xbb/0x1e0 [ 56.642305][ T1579] sync_filesystem+0xbf/0x180 [ 56.646964][ T1579] generic_shutdown_super+0x65/0x2c0 [ 56.652221][ T1579] kill_block_super+0x75/0xb0 [ 56.656962][ T1579] deactivate_locked_super+0x71/0xd0 [ 56.662329][ T1579] cleanup_mnt+0x2bd/0x330 [ 56.666892][ T1579] task_work_run+0x206/0x280 [ 56.671455][ T1579] ? task_work_cancel+0x2a0/0x2a0 [ 56.676457][ T1579] ? __x64_sys_umount+0xe4/0x120 [ 56.681364][ T1579] ? path_umount+0xc70/0xc70 [ 56.686275][ T1579] exit_to_user_mode_loop+0xa9/0xc0 [ 56.691536][ T1579] exit_to_user_mode_prepare+0x64/0xb0 [ 56.697169][ T1579] syscall_exit_to_user_mode+0x27/0x1b0 [ 56.702684][ T1579] do_syscall_64+0x49/0x80 [ 56.707093][ T1579] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 56.713405][ T1579] RIP: 0033:0x7f761767dc87 [ 56.717792][ T1579] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 [ 56.737369][ T1579] RSP: 002b:00007ffdea255a08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 56.745767][ T1579] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f761767dc87 [ 56.753744][ T1579] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffdea255ac0 [ 56.761686][ T1579] RBP: 00007ffdea255ac0 R08: 0000000000000000 R09: 0000000000000000 [ 56.769635][ T1579] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffdea256b80 [ 56.777581][ T1579] R13: 00007f76176d7c5a R14: 000000000000dbfe R15: 0000000000000006 [ 56.785565][ T1579] [ 56.788735][ T1579] [ 56.791206][ T1579] The buggy address belongs to the physical page: [ 56.797599][ T1579] page:ffffea0001aa8740 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x6aa1d [ 56.807811][ T1579] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 56.814903][ T1579] raw: 00fff00000000000 ffffea0001aa8788 ffff8880bad3e5e0 0000000000000000 [ 56.823456][ T1579] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 56.832111][ T1579] page dumped because: kasan: bad access detected [ 56.838489][ T1579] page_owner tracks the page as freed [ 56.843825][ T1579] page last allocated via order 0, migratetype Movable, gfp_mask 0x8(__GFP_MOVABLE), pid 1, tgid 1 (swapper/0), ts 5562874768, free_ts 6652468849 [ 56.858545][ T1579] post_alloc_hook+0x286/0x2b0 [ 56.863282][ T1579] split_map_pages+0x22a/0x480 [ 56.868123][ T1579] isolate_freepages_range+0x2a4/0x460 [ 56.873548][ T1579] alloc_contig_range+0x60a/0x930 [ 56.878548][ T1579] alloc_contig_pages+0x3ef/0x4f0 [ 56.883546][ T1579] debug_vm_pgtable_alloc_huge_page+0x7d/0xd7 [ 56.889682][ T1579] init_args+0x965/0xbb0 [ 56.893984][ T1579] debug_vm_pgtable+0xa5/0x5ad [ 56.898714][ T1579] do_one_initcall+0x19f/0x4c0 [ 56.903448][ T1579] do_initcall_level+0x11e/0x1cd [ 56.908364][ T1579] do_initcalls+0x46/0x74 [ 56.912661][ T1579] kernel_init_freeable+0x375/0x4e4 [ 56.917824][ T1579] kernel_init+0x14/0x190 [ 56.922125][ T1579] ret_from_fork+0x1f/0x30 [ 56.926519][ T1579] page last free stack trace: [ 56.931173][ T1579] free_unref_page_prepare+0xd4b/0xee0 [ 56.936786][ T1579] free_unref_page+0x33/0x390 [ 56.941436][ T1579] free_contig_range+0x8d/0x130 [ 56.946275][ T1579] destroy_args+0xde/0x79f [ 56.950662][ T1579] debug_vm_pgtable+0x373/0x5ad [ 56.955916][ T1579] do_one_initcall+0x19f/0x4c0 [ 56.960646][ T1579] do_initcall_level+0x11e/0x1cd [ 56.965551][ T1579] do_initcalls+0x46/0x74 [ 56.969849][ T1579] kernel_init_freeable+0x375/0x4e4 [ 56.975877][ T1579] kernel_init+0x14/0x190 [ 56.980176][ T1579] ret_from_fork+0x1f/0x30 [ 56.984652][ T1579] [ 56.986949][ T1579] Memory state around the buggy address: [ 56.992635][ T1579] ffff88806aa1cf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 57.000665][ T1579] ffff88806aa1cf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 57.008798][ T1579] >ffff88806aa1d000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 57.017101][ T1579] ^ [ 57.021140][ T1579] ffff88806aa1d080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 57.029344][ T1579] ffff88806aa1d100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 57.037459][ T1579] ================================================================== [ 57.050916][ T1579] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 57.058483][ T1579] Kernel Offset: disabled [ 57.062803][ T1579] Rebooting in 86400 seconds..