Warning: Permanently added '10.128.1.31' (ED25519) to the list of known hosts. 2023/07/23 18:40:25 ignoring optional flag "sandboxArg"="0" 2023/07/23 18:40:26 parsed 1 programs 2023/07/23 18:40:26 executed programs: 0 [ 47.795452][ T2013] loop0: detected capacity change from 0 to 2048 [ 47.802973][ T2013] ======================================================= [ 47.802973][ T2013] WARNING: The mand mount option has been deprecated and [ 47.802973][ T2013] and is ignored by this kernel. Remove the mand [ 47.802973][ T2013] option from the mount to silence this warning. [ 47.802973][ T2013] ======================================================= [ 47.840455][ T2013] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 47.852264][ T2013] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 48.005048][ T2016] loop0: detected capacity change from 0 to 2048 [ 48.013593][ T2016] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 48.027041][ T2016] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 48.088624][ T1595] ================================================================== [ 48.096969][ T1595] BUG: KASAN: use-after-free in crc_itu_t+0x9c/0xc0 [ 48.103736][ T1595] Read of size 1 at addr ffff88806a76f000 by task syz-executor.0/1595 [ 48.112044][ T1595] [ 48.114434][ T1595] CPU: 0 PID: 1595 Comm: syz-executor.0 Not tainted 5.15.121-syzkaller #0 [ 48.122997][ T1595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 48.133410][ T1595] Call Trace: [ 48.136763][ T1595] [ 48.139721][ T1595] dump_stack_lvl+0x41/0x5e [ 48.144526][ T1595] print_address_description.constprop.0.cold+0x6c/0x309 [ 48.151820][ T1595] ? crc_itu_t+0x9c/0xc0 [ 48.156912][ T1595] ? crc_itu_t+0x9c/0xc0 [ 48.161489][ T1595] kasan_report.cold+0x83/0xdf [ 48.166715][ T1595] ? crc_itu_t+0x9c/0xc0 [ 48.171130][ T1595] crc_itu_t+0x9c/0xc0 [ 48.175184][ T1595] udf_finalize_lvid+0xdb/0x1d0 [ 48.180456][ T1595] ? udf_mount+0x10/0x10 [ 48.184844][ T1595] ? __dentry_kill+0x3d5/0x5e0 [ 48.189727][ T1595] udf_sync_fs+0xc9/0x130 [ 48.194261][ T1595] sync_filesystem.part.0+0x63/0x170 [ 48.199796][ T1595] generic_shutdown_super+0x64/0x320 [ 48.205382][ T1595] kill_block_super+0x93/0xd0 [ 48.210037][ T1595] deactivate_locked_super+0x7b/0x130 [ 48.216114][ T1595] cleanup_mnt+0x2b8/0x3e0 [ 48.220505][ T1595] task_work_run+0xb8/0x140 [ 48.225352][ T1595] exit_to_user_mode_prepare+0x164/0x170 [ 48.231301][ T1595] syscall_exit_to_user_mode+0x12/0x30 [ 48.236962][ T1595] do_syscall_64+0x42/0x80 [ 48.241623][ T1595] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 48.247839][ T1595] RIP: 0033:0x7f68805abc87 [ 48.252338][ T1595] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 [ 48.272357][ T1595] RSP: 002b:00007ffe20382df8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 48.282473][ T1595] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f68805abc87 [ 48.290613][ T1595] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffe20382eb0 [ 48.300287][ T1595] RBP: 00007ffe20382eb0 R08: 0000000000000000 R09: 0000000000000000 [ 48.309282][ T1595] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe20383f70 [ 48.317339][ T1595] R13: 00007f6880605c5a R14: 000000000000bb69 R15: 0000000000000006 [ 48.325722][ T1595] [ 48.328817][ T1595] [ 48.331120][ T1595] The buggy address belongs to the page: [ 48.337895][ T1595] page:ffffea0001a9dbc0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x6a76f [ 48.349154][ T1595] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 48.356687][ T1595] raw: 00fff00000000000 ffffea0001a9dc08 ffff8880bad3e060 0000000000000000 [ 48.365707][ T1595] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 48.374458][ T1595] page dumped because: kasan: bad access detected [ 48.381150][ T1595] page_owner tracks the page as freed [ 48.386840][ T1595] page last allocated via order 0, migratetype Movable, gfp_mask 0x8(__GFP_MOVABLE), pid 1, ts 4827161420, free_ts 5459520181 [ 48.400003][ T1595] split_map_pages+0x1b2/0x470 [ 48.405223][ T1595] isolate_freepages_range+0x251/0x2d0 [ 48.411285][ T1595] alloc_contig_range+0x505/0x690 [ 48.416282][ T1595] alloc_contig_pages+0x338/0x470 [ 48.421318][ T1595] debug_vm_pgtable+0x68c/0x178f [ 48.426500][ T1595] do_one_initcall+0xb4/0x320 [ 48.431408][ T1595] kernel_init_freeable+0x51b/0x57d [ 48.436756][ T1595] kernel_init+0x14/0x120 [ 48.441151][ T1595] ret_from_fork+0x1f/0x30 [ 48.445863][ T1595] page last free stack trace: [ 48.450772][ T1595] free_pcp_prepare+0x379/0x850 [ 48.455679][ T1595] free_unref_page+0x19/0x510 [ 48.460339][ T1595] free_contig_range+0x8b/0xb0 [ 48.465377][ T1595] destroy_args+0x7e/0x503 [ 48.469770][ T1595] debug_vm_pgtable+0x170d/0x178f [ 48.474970][ T1595] do_one_initcall+0xb4/0x320 [ 48.479638][ T1595] kernel_init_freeable+0x51b/0x57d [ 48.485272][ T1595] kernel_init+0x14/0x120 [ 48.489876][ T1595] ret_from_fork+0x1f/0x30 [ 48.494533][ T1595] [ 48.496930][ T1595] Memory state around the buggy address: [ 48.502727][ T1595] ffff88806a76ef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 48.510845][ T1595] ffff88806a76ef80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 48.518876][ T1595] >ffff88806a76f000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 48.526910][ T1595] ^ [ 48.531042][ T1595] ffff88806a76f080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 48.539361][ T1595] ffff88806a76f100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 48.548457][ T1595] ================================================================== [ 48.556501][ T1595] Disabling lock debugging due to kernel taint [ 48.563552][ T1595] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 48.571527][ T1595] Kernel Offset: disabled [ 48.576143][ T1595] Rebooting in 86400 seconds..