forked to background, child pid 4643
no interfaces have a carrier
[ 21.532808][ T4644] 8021q: adding VLAN 0 to HW filter on device bond0
[ 21.541432][ T4644] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.1.88' (ECDSA) to the list of known hosts.
syzkaller login: [ 49.609189][ T5061] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 49.616705][ T5061] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 49.624531][ T5061] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 49.632362][ T5061] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 49.639722][ T5061] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 49.647141][ T5061] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
executing program
[ 49.694826][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 49.702801][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 49.712199][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 49.726684][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 49.734595][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 49.742772][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 49.760189][ T5060] loop0: detected capacity change from 0 to 2048
[ 49.770671][ T5060] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 49.797195][ T27] audit: type=1800 audit(1676363715.237:2): pid=5060 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor109" name="bus" dev="loop0" ino=1357 res=0 errno=0
[ 49.798002][ T5060] =======================================================
[ 49.798002][ T5060] WARNING: The mand mount option has been deprecated and
[ 49.798002][ T5060] and is ignored by this kernel. Remove the mand
[ 49.798002][ T5060] option from the mount to silence this warning.
[ 49.798002][ T5060] =======================================================
[ 49.908040][ T5060] ==================================================================
[ 49.916249][ T5060] BUG: KASAN: use-after-free in crc_itu_t+0xd2/0xe0
[ 49.922865][ T5060] Read of size 1 at addr ffff8880733d8000 by task syz-executor109/5060
[ 49.931081][ T5060]
[ 49.933388][ T5060] CPU: 1 PID: 5060 Comm: syz-executor109 Not tainted 6.2.0-rc8-syzkaller-00015-gf6feea56f66d #0
[ 49.943777][ T5060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 49.953811][ T5060] Call Trace:
[ 49.957068][ T5060]
[ 49.959982][ T5060] dump_stack_lvl+0xd1/0x138
[ 49.964570][ T5060] print_report+0x15e/0x45d
[ 49.969052][ T5060] ? __phys_addr+0xc8/0x140
[ 49.973537][ T5060] ? crc_itu_t+0xd2/0xe0
[ 49.977785][ T5060] kasan_report+0xbf/0x1f0
[ 49.982183][ T5060] ? crc_itu_t+0xd2/0xe0
[ 49.986432][ T5060] crc_itu_t+0xd2/0xe0
[ 49.990482][ T5060] udf_finalize_lvid+0xe0/0x1d0
[ 49.995403][ T5060] ? udf_mount+0x40/0x40
[ 49.999648][ T5060] ? get_nr_dirty_inodes+0x11e/0x1b0
[ 50.004924][ T5060] udf_sync_fs+0xea/0x150
[ 50.009239][ T5060] ? udf_finalize_lvid+0x1d0/0x1d0
[ 50.014334][ T5060] sync_filesystem.part.0+0x75/0x1d0
[ 50.019686][ T5060] sync_filesystem+0x8f/0xc0
[ 50.024254][ T5060] generic_shutdown_super+0x74/0x410
[ 50.029544][ T5060] kill_block_super+0x9b/0xf0
[ 50.034205][ T5060] deactivate_locked_super+0x98/0x160
[ 50.039554][ T5060] deactivate_super+0xb1/0xd0
[ 50.044209][ T5060] cleanup_mnt+0x2ae/0x3d0
[ 50.048603][ T5060] task_work_run+0x16f/0x270
[ 50.053174][ T5060] ? task_work_cancel+0x30/0x30
[ 50.058099][ T5060] do_exit+0xaa8/0x2950
[ 50.062236][ T5060] ? lock_downgrade+0x6e0/0x6e0
[ 50.067066][ T5060] ? do_raw_spin_lock+0x124/0x2b0
[ 50.072066][ T5060] ? mm_update_next_owner+0x7b0/0x7b0
[ 50.077441][ T5060] ? rwlock_bug.part.0+0x90/0x90
[ 50.082375][ T5060] ? _raw_spin_unlock_irq+0x23/0x50
[ 50.087551][ T5060] do_group_exit+0xd4/0x2a0
[ 50.092037][ T5060] __x64_sys_exit_group+0x3e/0x50
[ 50.097044][ T5060] do_syscall_64+0x39/0xb0
[ 50.101441][ T5060] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 50.107318][ T5060] RIP: 0033:0x7f5b792571d9
[ 50.111709][ T5060] Code: Unable to access opcode bytes at 0x7f5b792571af.
[ 50.118963][ T5060] RSP: 002b:00007ffedb67fbd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 50.127353][ T5060] RAX: ffffffffffffffda RBX: 00007f5b792d6390 RCX: 00007f5b792571d9
[ 50.135305][ T5060] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[ 50.143513][ T5060] RBP: 0000000000000001 R08: ffffffffffffffb8 R09: 00007ffe00000000
[ 50.151462][ T5060] R10: 000080001d00c0d0 R11: 0000000000000246 R12: 00007f5b792d6390
[ 50.159497][ T5060] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[ 50.167626][ T5060]
[ 50.170622][ T5060]
[ 50.172920][ T5060] The buggy address belongs to the physical page:
[ 50.179318][ T5060] page:ffffea0001ccf600 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x733d8
[ 50.189444][ T5060] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 50.196530][ T5060] raw: 00fff00000000000 ffffea0001ccf648 ffffea0001d16908 0000000000000000
[ 50.205265][ T5060] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[ 50.213819][ T5060] page dumped because: kasan: bad access detected
[ 50.220209][ T5060] page_owner tracks the page as freed
[ 50.225545][ T5060] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO), pid 5054, tgid 5054 (sshd), ts 43685980973, free_ts 43693956790
[ 50.243508][ T5060] get_page_from_freelist+0x119c/0x2ce0
[ 50.249033][ T5060] __alloc_pages+0x1cb/0x5b0
[ 50.253600][ T5060] __folio_alloc+0x16/0x40
[ 50.258000][ T5060] vma_alloc_folio+0x155/0x870
[ 50.262743][ T5060] __handle_mm_fault+0x1822/0x3c90
[ 50.267833][ T5060] handle_mm_fault+0x1b6/0x850
[ 50.272578][ T5060] do_user_addr_fault+0x475/0x1210
[ 50.277750][ T5060] exc_page_fault+0x98/0x170
[ 50.282341][ T5060] asm_exc_page_fault+0x26/0x30
[ 50.287189][ T5060] page last free stack trace:
[ 50.291835][ T5060] free_pcp_prepare+0x65c/0xc00
[ 50.296660][ T5060] free_unref_page_list+0x176/0xcd0
[ 50.301835][ T5060] release_pages+0xcb1/0x1330
[ 50.306486][ T5060] tlb_batch_pages_flush+0xa8/0x1a0
[ 50.311676][ T5060] tlb_finish_mmu+0x14b/0x7e0
[ 50.316344][ T5060] unmap_region+0x22c/0x2b0
[ 50.320848][ T5060] do_mas_align_munmap+0xc44/0x1260
[ 50.326018][ T5060] do_mas_munmap+0x26e/0x2c0
[ 50.330583][ T5060] __vm_munmap+0x14f/0x290
[ 50.334973][ T5060] __x64_sys_munmap+0x59/0x80
[ 50.339626][ T5060] do_syscall_64+0x39/0xb0
[ 50.344023][ T5060] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 50.349898][ T5060]
[ 50.352198][ T5060] Memory state around the buggy address:
[ 50.357796][ T5060] ffff8880733d7f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 50.365833][ T5060] ffff8880733d7f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 50.373870][ T5060] >ffff8880733d8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 50.381904][ T5060] ^
[ 50.385940][ T5060] ffff8880733d8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 50.393974][ T5060] ffff8880733d8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 50.402016][ T5060] ==================================================================
[ 50.410329][ T5060] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 50.417565][ T5060] CPU: 1 PID: 5060 Comm: syz-executor109 Not tainted 6.2.0-rc8-syzkaller-00015-gf6feea56f66d #0
[ 50.427968][ T5060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 50.438097][ T5060] Call Trace:
[ 50.441362][ T5060]
[ 50.444278][ T5060] dump_stack_lvl+0xd1/0x138
[ 50.448880][ T5060] panic+0x2cc/0x626
[ 50.452774][ T5060] ? panic_print_sys_info.part.0+0x110/0x110
[ 50.458745][ T5060] ? preempt_schedule_thunk+0x1a/0x20
[ 50.464110][ T5060] ? preempt_schedule_common+0x59/0xc0
[ 50.469567][ T5060] check_panic_on_warn.cold+0x19/0x35
[ 50.474933][ T5060] end_report.part.0+0x36/0x73
[ 50.479687][ T5060] ? crc_itu_t+0xd2/0xe0
[ 50.483922][ T5060] kasan_report.cold+0xa/0xf
[ 50.488503][ T5060] ? crc_itu_t+0xd2/0xe0
[ 50.492738][ T5060] crc_itu_t+0xd2/0xe0
[ 50.496885][ T5060] udf_finalize_lvid+0xe0/0x1d0
[ 50.501728][ T5060] ? udf_mount+0x40/0x40
[ 50.505969][ T5060] ? get_nr_dirty_inodes+0x11e/0x1b0
[ 50.511249][ T5060] udf_sync_fs+0xea/0x150
[ 50.515574][ T5060] ? udf_finalize_lvid+0x1d0/0x1d0
[ 50.520681][ T5060] sync_filesystem.part.0+0x75/0x1d0
[ 50.525953][ T5060] sync_filesystem+0x8f/0xc0
[ 50.530532][ T5060] generic_shutdown_super+0x74/0x410
[ 50.535806][ T5060] kill_block_super+0x9b/0xf0
[ 50.540471][ T5060] deactivate_locked_super+0x98/0x160
[ 50.545832][ T5060] deactivate_super+0xb1/0xd0
[ 50.550503][ T5060] cleanup_mnt+0x2ae/0x3d0
[ 50.554912][ T5060] task_work_run+0x16f/0x270
[ 50.559495][ T5060] ? task_work_cancel+0x30/0x30
[ 50.564338][ T5060] do_exit+0xaa8/0x2950
[ 50.568487][ T5060] ? lock_downgrade+0x6e0/0x6e0
[ 50.573339][ T5060] ? do_raw_spin_lock+0x124/0x2b0
[ 50.578350][ T5060] ? mm_update_next_owner+0x7b0/0x7b0
[ 50.583717][ T5060] ? rwlock_bug.part.0+0x90/0x90
[ 50.588640][ T5060] ? _raw_spin_unlock_irq+0x23/0x50
[ 50.593826][ T5060] do_group_exit+0xd4/0x2a0
[ 50.598324][ T5060] __x64_sys_exit_group+0x3e/0x50
[ 50.603338][ T5060] do_syscall_64+0x39/0xb0
[ 50.607743][ T5060] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 50.613629][ T5060] RIP: 0033:0x7f5b792571d9
[ 50.618027][ T5060] Code: Unable to access opcode bytes at 0x7f5b792571af.
[ 50.625111][ T5060] RSP: 002b:00007ffedb67fbd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 50.633511][ T5060] RAX: ffffffffffffffda RBX: 00007f5b792d6390 RCX: 00007f5b792571d9
[ 50.641466][ T5060] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[ 50.649420][ T5060] RBP: 0000000000000001 R08: ffffffffffffffb8 R09: 00007ffe00000000
[ 50.657376][ T5060] R10: 000080001d00c0d0 R11: 0000000000000246 R12: 00007f5b792d6390
[ 50.665330][ T5060] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[ 50.673295][ T5060]
[ 50.677179][ T5060] Kernel Offset: disabled
[ 50.681487][ T5060] Rebooting in 86400 seconds..