Warning: Permanently added '10.128.0.223' (ED25519) to the list of known hosts. 2023/12/10 03:09:19 ignoring optional flag "sandboxArg"="0" 2023/12/10 03:09:20 parsed 1 programs 2023/12/10 03:09:20 executed programs: 0 [ 47.176090][ T2012] loop0: detected capacity change from 0 to 2048 [ 47.187069][ T2012] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 47.309847][ T2015] loop0: detected capacity change from 0 to 2048 [ 47.319196][ T2015] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 47.460858][ T2017] loop0: detected capacity change from 0 to 2048 [ 47.470225][ T2017] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 47.522938][ T1593] ================================================================== [ 47.531143][ T1593] BUG: KASAN: use-after-free in crc_itu_t+0x9c/0xc0 [ 47.537944][ T1593] Read of size 1 at addr ffff88806e0de000 by task syz-executor.0/1593 [ 47.546633][ T1593] [ 47.548941][ T1593] CPU: 1 PID: 1593 Comm: syz-executor.0 Not tainted 5.15.142-syzkaller #0 [ 47.557644][ T1593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 47.567805][ T1593] Call Trace: [ 47.571073][ T1593] [ 47.574653][ T1593] dump_stack_lvl+0x41/0x5e [ 47.579597][ T1593] print_address_description.constprop.0.cold+0x6c/0x309 [ 47.586619][ T1593] ? crc_itu_t+0x9c/0xc0 [ 47.590868][ T1593] ? crc_itu_t+0x9c/0xc0 [ 47.595111][ T1593] kasan_report.cold+0x83/0xdf [ 47.599958][ T1593] ? crc_itu_t+0x9c/0xc0 [ 47.605279][ T1593] crc_itu_t+0x9c/0xc0 [ 47.609681][ T1593] udf_finalize_lvid+0xdb/0x1d0 [ 47.614509][ T1593] ? udf_mount+0x10/0x10 [ 47.619070][ T1593] udf_close_lvid+0x3db/0x590 [ 47.623761][ T1593] udf_put_super+0x167/0x1d0 [ 47.628330][ T1593] generic_shutdown_super+0x129/0x320 [ 47.633670][ T1593] kill_block_super+0x93/0xd0 [ 47.638318][ T1593] deactivate_locked_super+0x7b/0x130 [ 47.643765][ T1593] cleanup_mnt+0x2b8/0x3e0 [ 47.648171][ T1593] task_work_run+0xb8/0x140 [ 47.653120][ T1593] exit_to_user_mode_prepare+0x15a/0x160 [ 47.660088][ T1593] syscall_exit_to_user_mode+0x12/0x30 [ 47.666044][ T1593] do_syscall_64+0x42/0x80 [ 47.671066][ T1593] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 47.676974][ T1593] RIP: 0033:0x7fae92b45c87 [ 47.681478][ T1593] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 [ 47.702960][ T1593] RSP: 002b:00007fff056df3a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 47.711743][ T1593] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fae92b45c87 [ 47.720005][ T1593] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007fff056df460 [ 47.728217][ T1593] RBP: 00007fff056df460 R08: 0000000000000000 R09: 0000000000000000 [ 47.736520][ T1593] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff056e0520 [ 47.744470][ T1593] R13: 00007fae92b9fc5a R14: 000000000000b942 R15: 0000000000000006 [ 47.752418][ T1593] [ 47.755623][ T1593] [ 47.757920][ T1593] Allocated by task 2015: [ 47.762215][ T1593] kasan_save_stack+0x1b/0x40 [ 47.767342][ T1593] __kasan_slab_alloc+0x61/0x80 [ 47.772364][ T1593] kmem_cache_alloc+0x223/0x370 [ 47.777663][ T1593] mempool_alloc+0xf8/0x2d0 [ 47.782326][ T1593] bio_alloc_bioset+0x190/0x1040 [ 47.787423][ T1593] submit_bh_wbc.constprop.0+0x14c/0x5b0 [ 47.793411][ T1593] __block_write_full_page+0x5a5/0xce0 [ 47.798851][ T1593] __writepage+0x58/0x140 [ 47.803373][ T1593] write_cache_pages+0x50e/0xc40 [ 47.808647][ T1593] generic_writepages+0xd7/0x140 [ 47.813599][ T1593] do_writepages+0x1db/0x680 [ 47.818256][ T1593] __filemap_fdatawrite_range+0x1ec/0x2c0 [ 47.823961][ T1593] file_write_and_wait_range+0x8d/0xf0 [ 47.829523][ T1593] blkdev_fsync+0x65/0xa0 [ 47.833827][ T1593] blkdev_write_iter+0x31a/0x4b0 [ 47.839058][ T1593] new_sync_write+0x35d/0x5f0 [ 47.843895][ T1593] vfs_write+0x574/0x7e0 [ 47.848384][ T1593] ksys_write+0xf4/0x1d0 [ 47.852626][ T1593] do_syscall_64+0x35/0x80 [ 47.857102][ T1593] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 47.863054][ T1593] [ 47.865368][ T1593] Freed by task 18: [ 47.869148][ T1593] kasan_save_stack+0x1b/0x40 [ 47.874161][ T1593] kasan_set_track+0x1c/0x30 [ 47.880421][ T1593] kasan_set_free_info+0x20/0x30 [ 47.885608][ T1593] __kasan_slab_free+0xe0/0x110 [ 47.890536][ T1593] kmem_cache_free+0x7e/0x470 [ 47.895313][ T1593] blk_update_request+0x6df/0xda0 [ 47.900487][ T1593] blk_mq_end_request+0x46/0x480 [ 47.905613][ T1593] blk_complete_reqs+0x90/0xc0 [ 47.910361][ T1593] __do_softirq+0x1ea/0x5c8 [ 47.915372][ T1593] [ 47.918140][ T1593] The buggy address belongs to the object at ffff88806e0de000 [ 47.918140][ T1593] which belongs to the cache bio-160 of size 160 [ 47.932817][ T1593] The buggy address is located 0 bytes inside of [ 47.932817][ T1593] 160-byte region [ffff88806e0de000, ffff88806e0de0a0) [ 47.946546][ T1593] The buggy address belongs to the page: [ 47.952159][ T1593] page:ffffea0001b83780 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6e0de [ 47.962599][ T1593] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff) [ 47.970375][ T1593] raw: 00fff00000000200 0000000000000000 dead000000000122 ffff8881443ee3c0 [ 47.979231][ T1593] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 47.988051][ T1593] page dumped because: kasan: bad access detected [ 47.994714][ T1593] page_owner tracks the page as allocated [ 48.000768][ T1593] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192800(GFP_NOWAIT|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 2015, ts 47363938444, free_ts 47240401957 [ 48.023645][ T1593] get_page_from_freelist+0x12d1/0x2d40 [ 48.029255][ T1593] __alloc_pages+0x1b2/0x440 [ 48.033929][ T1593] allocate_slab+0x2eb/0x430 [ 48.038883][ T1593] ___slab_alloc+0xa4b/0xfe0 [ 48.043548][ T1593] kmem_cache_alloc+0x31f/0x370 [ 48.048565][ T1593] mempool_alloc+0xf8/0x2d0 [ 48.053637][ T1593] bio_alloc_bioset+0x190/0x1040 [ 48.058857][ T1593] submit_bh_wbc.constprop.0+0x14c/0x5b0 [ 48.064556][ T1593] __block_write_full_page+0x5a5/0xce0 [ 48.070095][ T1593] __writepage+0x58/0x140 [ 48.075134][ T1593] write_cache_pages+0x50e/0xc40 [ 48.080168][ T1593] generic_writepages+0xd7/0x140 [ 48.085365][ T1593] do_writepages+0x1db/0x680 [ 48.090037][ T1593] __filemap_fdatawrite_range+0x1ec/0x2c0 [ 48.095929][ T1593] file_write_and_wait_range+0x8d/0xf0 [ 48.101531][ T1593] blkdev_fsync+0x65/0xa0 [ 48.106205][ T1593] page last free stack trace: [ 48.110942][ T1593] free_pcp_prepare+0x379/0x850 [ 48.115767][ T1593] free_unref_page+0x19/0x4b0 [ 48.120607][ T1593] __unfreeze_partials+0x2b9/0x2d0 [ 48.126120][ T1593] qlist_free_all+0x68/0x110 [ 48.130761][ T1593] kasan_quarantine_reduce+0x180/0x1f0 [ 48.136270][ T1593] __kasan_slab_alloc+0x73/0x80 [ 48.141190][ T1593] __kmalloc+0x241/0x3e0 [ 48.145577][ T1593] inotify_handle_inode_event+0x173/0x5d0 [ 48.151296][ T1593] fsnotify+0x92f/0xd80 [ 48.155511][ T1593] __fsnotify_parent+0x24d/0x8b0 [ 48.160759][ T1593] __fput+0x4a1/0x9a0 [ 48.164719][ T1593] task_work_run+0xb8/0x140 [ 48.169435][ T1593] exit_to_user_mode_prepare+0x15a/0x160 [ 48.175311][ T1593] syscall_exit_to_user_mode+0x12/0x30 [ 48.180998][ T1593] do_syscall_64+0x42/0x80 [ 48.185469][ T1593] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 48.191630][ T1593] [ 48.194018][ T1593] Memory state around the buggy address: [ 48.199637][ T1593] ffff88806e0ddf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 48.207688][ T1593] ffff88806e0ddf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 48.216513][ T1593] >ffff88806e0de000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 48.225194][ T1593] ^ [ 48.229686][ T1593] ffff88806e0de080: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 48.239356][ T1593] ffff88806e0de100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 48.247754][ T1593] ================================================================== [ 48.256399][ T1593] Disabling lock debugging due to kernel taint [ 48.263105][ T1593] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 48.270606][ T1593] Kernel Offset: disabled [ 48.274932][ T1593] Rebooting in 86400 seconds..