Warning: Permanently added '10.128.10.40' (ED25519) to the list of known hosts.
syzkaller login: [ 58.927659][ T3545] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 58.935732][ T3545] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 58.943513][ T3545] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 58.952627][ T3545] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 58.960290][ T3545] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 58.967878][ T3545] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
executing program
[ 59.039997][ T3544] loop0: detected capacity change from 0 to 2048
[ 59.047848][ T3544] =======================================================
[ 59.047848][ T3544] WARNING: The mand mount option has been deprecated and
[ 59.047848][ T3544] and is ignored by this kernel. Remove the mand
[ 59.047848][ T3544] option from the mount to silence this warning.
[ 59.047848][ T3544] =======================================================
[ 59.196728][ T3544] ==================================================================
[ 59.204834][ T3544] BUG: KASAN: slab-out-of-bounds in udf_close_lvid+0x6a4/0x9a0
[ 59.212402][ T3544] Write of size 1 at addr ffff88807d5161d8 by task syz-executor205/3544
[ 59.220729][ T3544]
[ 59.223051][ T3544] CPU: 0 PID: 3544 Comm: syz-executor205 Not tainted 6.1.53-syzkaller #0
[ 59.231557][ T3544] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 59.241696][ T3544] Call Trace:
[ 59.244984][ T3544]
[ 59.247902][ T3544] dump_stack_lvl+0x1e3/0x2cb
[ 59.252745][ T3544] ? irq_work_queue+0xc6/0x150
[ 59.257493][ T3544] ? nf_tcp_handle_invalid+0x642/0x642
[ 59.263029][ T3544] ? panic+0x75d/0x75d
[ 59.267081][ T3544] ? _printk+0xd1/0x111
[ 59.271293][ T3544] ? _raw_spin_lock_irqsave+0xac/0x120
[ 59.276808][ T3544] print_report+0x15f/0x4f0
[ 59.281440][ T3544] ? hook_sb_delete+0x728/0xb30
[ 59.286361][ T3544] ? __virt_addr_valid+0x22b/0x2e0
[ 59.291573][ T3544] ? __phys_addr+0xb6/0x170
[ 59.296118][ T3544] ? udf_close_lvid+0x6a4/0x9a0
[ 59.300975][ T3544] kasan_report+0x136/0x160
[ 59.305520][ T3544] ? udf_close_lvid+0x6a4/0x9a0
[ 59.310396][ T3544] udf_close_lvid+0x6a4/0x9a0
[ 59.315126][ T3544] ? udf_open_lvid+0x5a0/0x5a0
[ 59.319983][ T3544] ? iput+0x3f7/0x980
[ 59.323967][ T3544] ? clear_inode+0x150/0x150
[ 59.328594][ T3544] ? module_put+0x15a/0x350
[ 59.333218][ T3544] udf_put_super+0xc9/0x160
[ 59.337736][ T3544] ? udf_free_in_core_inode+0x20/0x20
[ 59.343138][ T3544] generic_shutdown_super+0x130/0x340
[ 59.348510][ T3544] kill_block_super+0x7a/0xe0
[ 59.353181][ T3544] deactivate_locked_super+0xa0/0x110
[ 59.358545][ T3544] cleanup_mnt+0x490/0x520
[ 59.362965][ T3544] ? lockdep_hardirqs_on+0x94/0x130
[ 59.368154][ T3544] task_work_run+0x246/0x300
[ 59.372739][ T3544] ? kasan_quarantine_put+0xd4/0x220
[ 59.378041][ T3544] ? task_work_cancel+0x2b0/0x2b0
[ 59.383068][ T3544] ? kmem_cache_free+0x292/0x510
[ 59.388003][ T3544] ? do_exit+0x6f6/0x2300
[ 59.392331][ T3544] do_exit+0x6fb/0x2300
[ 59.396488][ T3544] ? do_group_exit+0x1f2/0x2b0
[ 59.401254][ T3544] ? put_task_struct+0x80/0x80
[ 59.406131][ T3544] ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[ 59.412128][ T3544] ? print_irqtrace_events+0x210/0x210
[ 59.417664][ T3544] ? _raw_spin_unlock_irq+0x1f/0x40
[ 59.423461][ T3544] ? lockdep_hardirqs_on+0x94/0x130
[ 59.428689][ T3544] do_group_exit+0x202/0x2b0
[ 59.433418][ T3544] __x64_sys_exit_group+0x3b/0x40
[ 59.438905][ T3544] do_syscall_64+0x3d/0xb0
[ 59.443319][ T3544] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 59.449203][ T3544] RIP: 0033:0x7f2773560e89
[ 59.453605][ T3544] Code: Unable to access opcode bytes at 0x7f2773560e5f.
[ 59.460789][ T3544] RSP: 002b:00007ffeb9ff34f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 59.469427][ T3544] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f2773560e89
[ 59.477733][ T3544] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[ 59.486235][ T3544] RBP: 00007f277360a390 R08: ffffffffffffffb0 R09: 0000000000000000
[ 59.494196][ T3544] R10: 0000000000000022 R11: 0000000000000246 R12: 00007f277360a390
[ 59.502251][ T3544] R13: 0000000000000000 R14: 00007f277360c160 R15: 00007f277352b800
[ 59.510318][ T3544]
[ 59.513324][ T3544]
[ 59.515639][ T3544] Allocated by task 3219:
[ 59.519951][ T3544] kasan_set_track+0x4b/0x70
[ 59.524535][ T3544] __kasan_kmalloc+0x97/0xb0
[ 59.529112][ T3544] __kmalloc_node_track_caller+0xb1/0x220
[ 59.534837][ T3544] __alloc_skb+0x130/0x620
[ 59.539260][ T3544] netlink_dump+0x1ed/0xc50
[ 59.543844][ T3544] netlink_recvmsg+0x698/0x1190
[ 59.548732][ T3544] ____sys_recvmsg+0x285/0x530
[ 59.553514][ T3544] __sys_recvmsg+0x2e9/0x3d0
[ 59.558211][ T3544] do_syscall_64+0x3d/0xb0
[ 59.562650][ T3544] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 59.568536][ T3544]
[ 59.570853][ T3544] Freed by task 3219:
[ 59.574903][ T3544] kasan_set_track+0x4b/0x70
[ 59.579480][ T3544] kasan_save_free_info+0x27/0x40
[ 59.584510][ T3544] ____kasan_slab_free+0xd6/0x120
[ 59.589700][ T3544] __kmem_cache_free+0x25c/0x3c0
[ 59.594653][ T3544] skb_release_data+0x5de/0x7a0
[ 59.599509][ T3544] consume_skb+0xa3/0x140
[ 59.603834][ T3544] netlink_recvmsg+0x5ea/0x1190
[ 59.608680][ T3544] ____sys_recvmsg+0x285/0x530
[ 59.613434][ T3544] __sys_recvmsg+0x2e9/0x3d0
[ 59.618328][ T3544] do_syscall_64+0x3d/0xb0
[ 59.622852][ T3544] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 59.628753][ T3544]
[ 59.631072][ T3544] The buggy address belongs to the object at ffff88807d514000
[ 59.631072][ T3544] which belongs to the cache kmalloc-8k of size 8192
[ 59.645445][ T3544] The buggy address is located 472 bytes to the right of
[ 59.645445][ T3544] 8192-byte region [ffff88807d514000, ffff88807d516000)
[ 59.659585][ T3544]
[ 59.661899][ T3544] The buggy address belongs to the physical page:
[ 59.668305][ T3544] page:ffffea0001f54400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7d510
[ 59.678529][ T3544] head:ffffea0001f54400 order:3 compound_mapcount:0 compound_pincount:0
[ 59.687013][ T3544] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 59.695067][ T3544] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888012442280
[ 59.703726][ T3544] raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000
[ 59.712470][ T3544] page dumped because: kasan: bad access detected
[ 59.718957][ T3544] page_owner tracks the page as allocated
[ 59.724762][ T3544] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd28c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3219, tgid 3219 (dhcpcd), ts 29528012993, free_ts 29495662073
[ 59.747067][ T3544] post_alloc_hook+0x18d/0x1b0
[ 59.752082][ T3544] get_page_from_freelist+0x32ed/0x3480
[ 59.757708][ T3544] __alloc_pages+0x28d/0x770
[ 59.762283][ T3544] alloc_slab_page+0x6a/0x150
[ 59.766948][ T3544] new_slab+0x84/0x2d0
[ 59.771277][ T3544] ___slab_alloc+0xa71/0x1080
[ 59.776057][ T3544] __kmem_cache_alloc_node+0x19f/0x260
[ 59.781509][ T3544] __kmalloc_node_track_caller+0xa0/0x220
[ 59.787227][ T3544] __alloc_skb+0x130/0x620
[ 59.791818][ T3544] netlink_dump+0x1ed/0xc50
[ 59.796423][ T3544] netlink_recvmsg+0x698/0x1190
[ 59.801300][ T3544] ____sys_recvmsg+0x285/0x530
[ 59.806073][ T3544] __sys_recvmsg+0x2e9/0x3d0
[ 59.810736][ T3544] do_syscall_64+0x3d/0xb0
[ 59.815158][ T3544] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 59.821065][ T3544] page last free stack trace:
[ 59.825816][ T3544] free_unref_page_prepare+0xf63/0x1120
[ 59.831359][ T3544] free_unref_page+0x98/0x570
[ 59.836315][ T3544] __unfreeze_partials+0x1b7/0x210
[ 59.841423][ T3544] put_cpu_partial+0x116/0x180
[ 59.846365][ T3544] qlist_free_all+0x22/0x60
[ 59.850943][ T3544] kasan_quarantine_reduce+0x162/0x180
[ 59.856406][ T3544] __kasan_slab_alloc+0x1f/0x70
[ 59.861335][ T3544] slab_post_alloc_hook+0x50/0x370
[ 59.866438][ T3544] kmem_cache_alloc+0x10c/0x2d0
[ 59.871283][ T3544] getname_flags+0xb8/0x4e0
[ 59.875787][ T3544] user_path_at_empty+0x2a/0x180
[ 59.880713][ T3544] user_statfs+0xd5/0x450
[ 59.885035][ T3544] __x64_sys_statfs+0xe4/0x1a0
[ 59.889790][ T3544] do_syscall_64+0x3d/0xb0
[ 59.894324][ T3544] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 59.900317][ T3544]
[ 59.902630][ T3544] Memory state around the buggy address:
[ 59.908339][ T3544] ffff88807d516080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 59.916572][ T3544] ffff88807d516100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 59.924724][ T3544] >ffff88807d516180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 59.932796][ T3544] ^
[ 59.939853][ T3544] ffff88807d516200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 59.947915][ T3544] ffff88807d516280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 59.956166][ T3544] ==================================================================
[ 59.965430][ T3544] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 59.972738][ T3544] CPU: 1 PID: 3544 Comm: syz-executor205 Not tainted 6.1.53-syzkaller #0
[ 59.981156][ T3544] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 59.991299][ T3544] Call Trace:
[ 59.994583][ T3544]
[ 59.997514][ T3544] dump_stack_lvl+0x1e3/0x2cb
[ 60.004799][ T3544] ? nf_tcp_handle_invalid+0x642/0x642
[ 60.010371][ T3544] ? panic+0x75d/0x75d
[ 60.014434][ T3544] ? preempt_schedule_common+0xa6/0xd0
[ 60.020082][ T3544] ? vscnprintf+0x59/0x80
[ 60.024454][ T3544] panic+0x318/0x75d
[ 60.028363][ T3544] ? check_panic_on_warn+0x1d/0xa0
[ 60.033563][ T3544] ? memcpy_page_flushcache+0xfc/0xfc
[ 60.038932][ T3544] ? _raw_spin_unlock_irqrestore+0x128/0x130
[ 60.044932][ T3544] ? _raw_spin_unlock+0x40/0x40
[ 60.049881][ T3544] ? print_report+0x4a3/0x4f0
[ 60.054728][ T3544] check_panic_on_warn+0x7e/0xa0
[ 60.060879][ T3544] ? udf_close_lvid+0x6a4/0x9a0
[ 60.065816][ T3544] end_report+0x66/0x110
[ 60.070049][ T3544] kasan_report+0x143/0x160
[ 60.074563][ T3544] ? udf_close_lvid+0x6a4/0x9a0
[ 60.079414][ T3544] udf_close_lvid+0x6a4/0x9a0
[ 60.084093][ T3544] ? udf_open_lvid+0x5a0/0x5a0
[ 60.088850][ T3544] ? iput+0x3f7/0x980
[ 60.092831][ T3544] ? clear_inode+0x150/0x150
[ 60.097416][ T3544] ? module_put+0x15a/0x350
[ 60.102439][ T3544] udf_put_super+0xc9/0x160
[ 60.106938][ T3544] ? udf_free_in_core_inode+0x20/0x20
[ 60.112315][ T3544] generic_shutdown_super+0x130/0x340
[ 60.117682][ T3544] kill_block_super+0x7a/0xe0
[ 60.122449][ T3544] deactivate_locked_super+0xa0/0x110
[ 60.127818][ T3544] cleanup_mnt+0x490/0x520
[ 60.132281][ T3544] ? lockdep_hardirqs_on+0x94/0x130
[ 60.137474][ T3544] task_work_run+0x246/0x300
[ 60.142073][ T3544] ? kasan_quarantine_put+0xd4/0x220
[ 60.147382][ T3544] ? task_work_cancel+0x2b0/0x2b0
[ 60.152409][ T3544] ? kmem_cache_free+0x292/0x510
[ 60.157684][ T3544] ? do_exit+0x6f6/0x2300
[ 60.162193][ T3544] do_exit+0x6fb/0x2300
[ 60.166438][ T3544] ? do_group_exit+0x1f2/0x2b0
[ 60.171284][ T3544] ? put_task_struct+0x80/0x80
[ 60.176042][ T3544] ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[ 60.182107][ T3544] ? print_irqtrace_events+0x210/0x210
[ 60.187558][ T3544] ? _raw_spin_unlock_irq+0x1f/0x40
[ 60.192836][ T3544] ? lockdep_hardirqs_on+0x94/0x130
[ 60.198039][ T3544] do_group_exit+0x202/0x2b0
[ 60.202626][ T3544] __x64_sys_exit_group+0x3b/0x40
[ 60.207649][ T3544] do_syscall_64+0x3d/0xb0
[ 60.212074][ T3544] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 60.217958][ T3544] RIP: 0033:0x7f2773560e89
[ 60.222382][ T3544] Code: Unable to access opcode bytes at 0x7f2773560e5f.
[ 60.229550][ T3544] RSP: 002b:00007ffeb9ff34f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 60.238996][ T3544] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f2773560e89
[ 60.247436][ T3544] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[ 60.255658][ T3544] RBP: 00007f277360a390 R08: ffffffffffffffb0 R09: 0000000000000000
[ 60.263970][ T3544] R10: 0000000000000022 R11: 0000000000000246 R12: 00007f277360a390
[ 60.272545][ T3544] R13: 0000000000000000 R14: 00007f277360c160 R15: 00007f277352b800
[ 60.280686][ T3544]
[ 60.283870][ T3544] Kernel Offset: disabled
[ 60.288231][ T3544] Rebooting in 86400 seconds..