Warning: Permanently added '10.128.0.89' (ED25519) to the list of known hosts. 2023/09/28 06:28:01 ignoring optional flag "sandboxArg"="0" 2023/09/28 06:28:01 parsed 1 programs 2023/09/28 06:28:01 executed programs: 0 [ 49.794423][ T2013] loop0: detected capacity change from 0 to 2048 [ 49.806356][ T2013] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 49.824003][ T2013] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 49.838505][ T2013] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 49.853701][ T2013] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 49.863420][ T2013] UDF-fs: Scanning with blocksize 512 failed [ 49.870813][ T2013] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 49.982705][ T2016] loop0: detected capacity change from 0 to 2048 [ 49.990900][ T2016] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 50.002402][ T2016] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 50.014218][ T2016] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 50.025721][ T2016] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 50.033983][ T2016] UDF-fs: Scanning with blocksize 512 failed [ 50.042310][ T2016] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 50.083894][ T1595] ================================================================== [ 50.092142][ T1595] BUG: KASAN: use-after-free in crc_itu_t+0x9c/0xc0 [ 50.099189][ T1595] Read of size 1 at addr ffff888069132000 by task syz-executor.0/1595 [ 50.108136][ T1595] [ 50.110559][ T1595] CPU: 1 PID: 1595 Comm: syz-executor.0 Not tainted 5.15.133-syzkaller #0 [ 50.120108][ T1595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 50.132702][ T1595] Call Trace: [ 50.136160][ T1595] [ 50.139158][ T1595] dump_stack_lvl+0x41/0x5e [ 50.144190][ T1595] print_address_description.constprop.0.cold+0x6c/0x309 [ 50.151807][ T1595] ? crc_itu_t+0x9c/0xc0 [ 50.156397][ T1595] ? crc_itu_t+0x9c/0xc0 [ 50.160624][ T1595] kasan_report.cold+0x83/0xdf [ 50.166195][ T1595] ? crc_itu_t+0x9c/0xc0 [ 50.170816][ T1595] crc_itu_t+0x9c/0xc0 [ 50.175441][ T1595] udf_finalize_lvid+0xdb/0x1d0 [ 50.183673][ T1595] ? udf_mount+0x10/0x10 [ 50.188048][ T1595] ? __dentry_kill+0x3d5/0x5e0 [ 50.192882][ T1595] udf_sync_fs+0xc9/0x130 [ 50.197279][ T1595] sync_filesystem.part.0+0x63/0x170 [ 50.202574][ T1595] generic_shutdown_super+0x64/0x320 [ 50.208002][ T1595] kill_block_super+0x93/0xd0 [ 50.212822][ T1595] deactivate_locked_super+0x7b/0x130 [ 50.218258][ T1595] cleanup_mnt+0x2b8/0x3e0 [ 50.222931][ T1595] task_work_run+0xb8/0x140 [ 50.227490][ T1595] exit_to_user_mode_prepare+0x164/0x170 [ 50.233179][ T1595] syscall_exit_to_user_mode+0x12/0x30 [ 50.238723][ T1595] do_syscall_64+0x42/0x80 [ 50.243135][ T1595] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 50.249564][ T1595] RIP: 0033:0x7f521d6c0c87 [ 50.254064][ T1595] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 [ 50.274179][ T1595] RSP: 002b:00007fff868ed168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 50.283210][ T1595] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f521d6c0c87 [ 50.291451][ T1595] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007fff868ed220 [ 50.299742][ T1595] RBP: 00007fff868ed220 R08: 0000000000000000 R09: 0000000000000000 [ 50.307773][ T1595] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff868ee2e0 [ 50.315802][ T1595] R13: 00007f521d71ac5a R14: 000000000000c2fd R15: 0000000000000006 [ 50.324016][ T1595] [ 50.327118][ T1595] [ 50.329690][ T1595] The buggy address belongs to the page: [ 50.335467][ T1595] page:ffffea0001a44c80 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x69132 [ 50.345884][ T1595] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 50.353515][ T1595] raw: 00fff00000000000 ffffea0001a44cc8 ffff8880bac3e120 0000000000000000 [ 50.362590][ T1595] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 50.371370][ T1595] page dumped because: kasan: bad access detected [ 50.377769][ T1595] page_owner tracks the page as freed [ 50.383200][ T1595] page last allocated via order 0, migratetype Movable, gfp_mask 0x8(__GFP_MOVABLE), pid 1, ts 5763371741, free_ts 6408092224 [ 50.396308][ T1595] split_map_pages+0x1b2/0x470 [ 50.401220][ T1595] isolate_freepages_range+0x251/0x2d0 [ 50.406833][ T1595] alloc_contig_range+0x505/0x690 [ 50.412080][ T1595] alloc_contig_pages+0x338/0x470 [ 50.417329][ T1595] debug_vm_pgtable+0x68c/0x178f [ 50.422504][ T1595] do_one_initcall+0xb4/0x320 [ 50.427397][ T1595] kernel_init_freeable+0x51b/0x57d [ 50.432765][ T1595] kernel_init+0x14/0x120 [ 50.437213][ T1595] ret_from_fork+0x1f/0x30 [ 50.441620][ T1595] page last free stack trace: [ 50.446880][ T1595] free_pcp_prepare+0x379/0x850 [ 50.451719][ T1595] free_unref_page+0x19/0x510 [ 50.456669][ T1595] free_contig_range+0x8b/0xb0 [ 50.461534][ T1595] destroy_args+0x7e/0x503 [ 50.466300][ T1595] debug_vm_pgtable+0x170d/0x178f [ 50.471385][ T1595] do_one_initcall+0xb4/0x320 [ 50.476122][ T1595] kernel_init_freeable+0x51b/0x57d [ 50.481566][ T1595] kernel_init+0x14/0x120 [ 50.485868][ T1595] ret_from_fork+0x1f/0x30 [ 50.490255][ T1595] [ 50.492642][ T1595] Memory state around the buggy address: [ 50.498699][ T1595] ffff888069131f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 50.506815][ T1595] ffff888069131f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 50.515102][ T1595] >ffff888069132000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 50.523234][ T1595] ^ [ 50.527582][ T1595] ffff888069132080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 50.535818][ T1595] ffff888069132100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 50.544400][ T1595] ================================================================== [ 50.552437][ T1595] Disabling lock debugging due to kernel taint [ 50.558728][ T1595] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 50.566361][ T1595] Kernel Offset: disabled [ 50.570663][ T1595] Rebooting in 86400 seconds..