DUID 00:04:ab:21:30:2a:f6:ad:63:06:1d:ce:9a:68:94:64:4e:95
forked to background, child pid 4668
[   21.153341][ T4669] 8021q: adding VLAN 0 to HW filter on device bond0
[   21.161979][ T4669] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.1.39' (ECDSA) to the list of known hosts.
Setting up swapspace version 1, size = 127995904 bytes
syzkaller login: [   39.859426][ T4993] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k FS
[   39.907160][ T1101] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   39.919559][ T1101] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   39.927282][   T56] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   39.928079][ T4664] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   39.942520][   T56] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
executing program
[   39.952699][ T4664] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   39.963709][ T4995] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4995 'syz-executor422'
[   39.979350][ T4995] loop0: detected capacity change from 0 to 2048
[   39.987746][ T4995] =======================================================
[   39.987746][ T4995] WARNING: The mand mount option has been deprecated and
[   39.987746][ T4995]          and is ignored by this kernel. Remove the mand
[   39.987746][ T4995]          option from the mount to silence this warning.
[   39.987746][ T4995] =======================================================
[   40.025903][ T4995] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[   40.037445][ T4995] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[   40.065677][ T4995] ==================================================================
[   40.073747][ T4995] BUG: KASAN: use-after-free in crc_itu_t+0xd2/0xe0
[   40.080342][ T4995] Read of size 1 at addr ffff88806ba7f000 by task syz-executor422/4995
[   40.088560][ T4995] 
[   40.090861][ T4995] CPU: 1 PID: 4995 Comm: syz-executor422 Not tainted 6.4.0-syzkaller-00082-gc0a572d9d32f #0
[   40.100907][ T4995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[   40.110945][ T4995] Call Trace:
[   40.114203][ T4995]  <TASK>
[   40.117119][ T4995]  dump_stack_lvl+0xd9/0x150
[   40.121710][ T4995]  print_address_description.constprop.0+0x2c/0x3c0
[   40.128294][ T4995]  ? crc_itu_t+0xd2/0xe0
[   40.132528][ T4995]  kasan_report+0x11c/0x130
[   40.137022][ T4995]  ? crc_itu_t+0xd2/0xe0
[   40.141252][ T4995]  crc_itu_t+0xd2/0xe0
[   40.145309][ T4995]  udf_finalize_lvid+0xe0/0x1d0
[   40.150149][ T4995]  ? udf_mount+0x40/0x40
[   40.154374][ T4995]  udf_sync_fs+0xea/0x150
[   40.158685][ T4995]  ? udf_finalize_lvid+0x1d0/0x1d0
[   40.163781][ T4995]  sync_filesystem.part.0+0x75/0x1d0
[   40.169054][ T4995]  sync_filesystem+0x8f/0xc0
[   40.173628][ T4995]  generic_shutdown_super+0x74/0x480
[   40.178898][ T4995]  kill_block_super+0xa1/0x100
[   40.183649][ T4995]  deactivate_locked_super+0x98/0x160
[   40.189008][ T4995]  deactivate_super+0xb1/0xd0
[   40.193669][ T4995]  cleanup_mnt+0x2ae/0x3d0
[   40.198067][ T4995]  task_work_run+0x16f/0x270
[   40.202641][ T4995]  ? task_work_cancel+0x30/0x30
[   40.207472][ T4995]  do_exit+0xaa3/0x29b0
[   40.211609][ T4995]  ? lock_downgrade+0x690/0x690
[   40.216445][ T4995]  ? do_raw_spin_lock+0x124/0x2b0
[   40.221458][ T4995]  ? mm_update_next_owner+0x7b0/0x7b0
[   40.226812][ T4995]  ? spin_bug+0x1c0/0x1c0
[   40.231152][ T4995]  ? _raw_spin_unlock_irq+0x23/0x50
[   40.236340][ T4995]  do_group_exit+0xd4/0x2a0
[   40.240830][ T4995]  __x64_sys_exit_group+0x3e/0x50
[   40.245842][ T4995]  do_syscall_64+0x39/0xb0
[   40.250271][ T4995]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   40.256178][ T4995] RIP: 0033:0x7f5f8fe94359
[   40.260576][ T4995] Code: Unable to access opcode bytes at 0x7f5f8fe9432f.
[   40.267574][ T4995] RSP: 002b:00007ffd6740b198 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   40.275971][ T4995] RAX: ffffffffffffffda RBX: 00007f5f8ff2c410 RCX: 00007f5f8fe94359
[   40.283924][ T4995] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   40.291881][ T4995] RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 0000000000000000
[   40.299841][ T4995] R10: 0000000000000022 R11: 0000000000000246 R12: 00007f5f8ff2c410
[   40.307798][ T4995] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[   40.315773][ T4995]  </TASK>
[   40.318775][ T4995] 
[   40.321079][ T4995] The buggy address belongs to the physical page:
[   40.327494][ T4995] page:ffffea0001ae9fc0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x6ba7f
[   40.337733][ T4995] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   40.344824][ T4995] page_type: 0xffffffff()
[   40.349137][ T4995] raw: 00fff00000000000 ffffea0001aea008 ffffea0001d12e88 0000000000000000
[   40.357701][ T4995] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[   40.366265][ T4995] page dumped because: kasan: bad access detected
[   40.372659][ T4995] page_owner tracks the page as freed
[   40.378012][ T4995] page last allocated via order 0, migratetype Movable, gfp_mask 0x8(__GFP_MOVABLE), pid 1, tgid 1 (swapper/0), ts 9015827618, free_ts 9529194656
[   40.392774][ T4995]  post_alloc_hook+0x2db/0x350
[   40.397541][ T4995]  split_map_pages+0x1ef/0x520
[   40.402304][ T4995]  isolate_freepages_range+0x313/0x350
[   40.407763][ T4995]  alloc_contig_range+0x2fa/0x4a0
[   40.412782][ T4995]  alloc_contig_pages+0x361/0x4d0
[   40.417804][ T4995]  debug_vm_pgtable+0x91f/0x4210
[   40.422727][ T4995]  do_one_initcall+0x102/0x540
[   40.427483][ T4995]  kernel_init_freeable+0x64e/0xba0
[   40.432666][ T4995]  kernel_init+0x1e/0x2c0
[   40.436990][ T4995]  ret_from_fork+0x1f/0x30
[   40.441395][ T4995] page last free stack trace:
[   40.446045][ T4995]  free_unref_page_prepare+0x62e/0xcb0
[   40.451493][ T4995]  free_unref_page+0x33/0x370
[   40.456163][ T4995]  free_contig_range+0xb5/0x180
[   40.461002][ T4995]  destroy_args+0x6c4/0x920
[   40.465491][ T4995]  debug_vm_pgtable+0x2412/0x4210
[   40.470505][ T4995]  do_one_initcall+0x102/0x540
[   40.475256][ T4995]  kernel_init_freeable+0x64e/0xba0
[   40.480435][ T4995]  kernel_init+0x1e/0x2c0
[   40.484754][ T4995]  ret_from_fork+0x1f/0x30
[   40.489160][ T4995] 
[   40.491467][ T4995] Memory state around the buggy address:
[   40.497077][ T4995]  ffff88806ba7ef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   40.505120][ T4995]  ffff88806ba7ef80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   40.513164][ T4995] >ffff88806ba7f000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   40.521204][ T4995]                    ^
[   40.525251][ T4995]  ffff88806ba7f080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   40.533293][ T4995]  ffff88806ba7f100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   40.541331][ T4995] ==================================================================
[   40.558867][ T4995] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   40.566083][ T4995] CPU: 0 PID: 4995 Comm: syz-executor422 Not tainted 6.4.0-syzkaller-00082-gc0a572d9d32f #0
[   40.576152][ T4995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[   40.586212][ T4995] Call Trace:
[   40.589475][ T4995]  <TASK>
[   40.592383][ T4995]  dump_stack_lvl+0xd9/0x150
[   40.597022][ T4995]  panic+0x686/0x730
[   40.600901][ T4995]  ? panic_smp_self_stop+0xa0/0xa0
[   40.605995][ T4995]  ? preempt_schedule_thunk+0x1a/0x20
[   40.611348][ T4995]  ? preempt_schedule_common+0x45/0xb0
[   40.616786][ T4995]  check_panic_on_warn+0xb1/0xc0
[   40.621708][ T4995]  end_report+0xe9/0x120
[   40.625955][ T4995]  ? crc_itu_t+0xd2/0xe0
[   40.630175][ T4995]  kasan_report+0xf9/0x130
[   40.634586][ T4995]  ? crc_itu_t+0xd2/0xe0
[   40.638828][ T4995]  crc_itu_t+0xd2/0xe0
[   40.642875][ T4995]  udf_finalize_lvid+0xe0/0x1d0
[   40.647704][ T4995]  ? udf_mount+0x40/0x40
[   40.651924][ T4995]  udf_sync_fs+0xea/0x150
[   40.656229][ T4995]  ? udf_finalize_lvid+0x1d0/0x1d0
[   40.661318][ T4995]  sync_filesystem.part.0+0x75/0x1d0
[   40.666593][ T4995]  sync_filesystem+0x8f/0xc0
[   40.671159][ T4995]  generic_shutdown_super+0x74/0x480
[   40.676427][ T4995]  kill_block_super+0xa1/0x100
[   40.681171][ T4995]  deactivate_locked_super+0x98/0x160
[   40.686524][ T4995]  deactivate_super+0xb1/0xd0
[   40.691178][ T4995]  cleanup_mnt+0x2ae/0x3d0
[   40.695577][ T4995]  task_work_run+0x16f/0x270
[   40.700161][ T4995]  ? task_work_cancel+0x30/0x30
[   40.704993][ T4995]  do_exit+0xaa3/0x29b0
[   40.709129][ T4995]  ? lock_downgrade+0x690/0x690
[   40.713957][ T4995]  ? do_raw_spin_lock+0x124/0x2b0
[   40.718962][ T4995]  ? mm_update_next_owner+0x7b0/0x7b0
[   40.724306][ T4995]  ? spin_bug+0x1c0/0x1c0
[   40.728615][ T4995]  ? _raw_spin_unlock_irq+0x23/0x50
[   40.733793][ T4995]  do_group_exit+0xd4/0x2a0
[   40.738278][ T4995]  __x64_sys_exit_group+0x3e/0x50
[   40.743278][ T4995]  do_syscall_64+0x39/0xb0
[   40.747668][ T4995]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   40.753541][ T4995] RIP: 0033:0x7f5f8fe94359
[   40.757931][ T4995] Code: Unable to access opcode bytes at 0x7f5f8fe9432f.
[   40.764923][ T4995] RSP: 002b:00007ffd6740b198 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   40.773315][ T4995] RAX: ffffffffffffffda RBX: 00007f5f8ff2c410 RCX: 00007f5f8fe94359
[   40.781266][ T4995] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   40.789214][ T4995] RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 0000000000000000
[   40.797166][ T4995] R10: 0000000000000022 R11: 0000000000000246 R12: 00007f5f8ff2c410
[   40.805115][ T4995] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[   40.813078][ T4995]  </TASK>
[   40.816998][ T4995] Kernel Offset: disabled
[   40.821306][ T4995] Rebooting in 86400 seconds..