DUID 00:04:d5:34:fd:2d:90:3b:7d:1f:5f:ef:10:3f:c1:8d:8b:e5
forked to background, child pid 3213
[ 36.440349][ T3214] 8021q: adding VLAN 0 to HW filter on device bond0
[ 36.462623][ T3214] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
syzkaller login: [ 81.335783][ T14] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.0.197' (ECDSA) to the list of known hosts.
executing program
[ 155.176851][ T3566] loop0: detected capacity change from 0 to 2048
[ 155.185678][ T3566] =======================================================
[ 155.185678][ T3566] WARNING: The mand mount option has been deprecated and
[ 155.185678][ T3566] and is ignored by this kernel. Remove the mand
[ 155.185678][ T3566] option from the mount to silence this warning.
[ 155.185678][ T3566] =======================================================
executing program
[ 155.482484][ T3568] loop0: detected capacity change from 0 to 2048
executing program
[ 155.737982][ T3569] loop0: detected capacity change from 0 to 2048
executing program
[ 155.973187][ T3570] loop0: detected capacity change from 0 to 2048
executing program
[ 156.224334][ T3571] loop0: detected capacity change from 0 to 2048
[ 156.422905][ T3565] ==================================================================
[ 156.431110][ T3565] BUG: KASAN: use-after-free in crc_itu_t+0x1d1/0x2a0
[ 156.437946][ T3565] Read of size 1 at addr ffff888070caa000 by task syz-executor250/3565
[ 156.446195][ T3565]
[ 156.448550][ T3565] CPU: 0 PID: 3565 Comm: syz-executor250 Not tainted 6.1.37-syzkaller #0
[ 156.456974][ T3565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 156.468156][ T3565] Call Trace:
[ 156.471434][ T3565]
[ 156.474365][ T3565] dump_stack_lvl+0x1e3/0x2cb
[ 156.479057][ T3565] ? irq_work_queue+0xc6/0x150
[ 156.483820][ T3565] ? nf_tcp_handle_invalid+0x642/0x642
[ 156.489281][ T3565] ? panic+0x75d/0x75d
[ 156.493350][ T3565] ? _printk+0xd1/0x111
[ 156.502014][ T3565] ? _raw_spin_lock_irqsave+0xac/0x120
[ 156.507488][ T3565] print_report+0x15f/0x4f0
[ 156.511984][ T3565] ? time64_to_tm+0x32d/0x4d0
[ 156.516656][ T3565] ? __virt_addr_valid+0x22b/0x2e0
[ 156.521764][ T3565] ? __phys_addr+0xb6/0x170
[ 156.526286][ T3565] ? crc_itu_t+0x1d1/0x2a0
[ 156.530719][ T3565] kasan_report+0x136/0x160
[ 156.535221][ T3565] ? crc_itu_t+0x1d1/0x2a0
[ 156.539645][ T3565] crc_itu_t+0x1d1/0x2a0
[ 156.543889][ T3565] udf_sync_fs+0x1ce/0x380
[ 156.548308][ T3565] ? udf_put_super+0x160/0x160
[ 156.553071][ T3565] ? get_nr_dirty_inodes+0x2ab/0x2e0
[ 156.558448][ T3565] sync_filesystem+0xe8/0x220
[ 156.563122][ T3565] generic_shutdown_super+0x6b/0x340
[ 156.568410][ T3565] kill_block_super+0x7a/0xe0
[ 156.573090][ T3565] deactivate_locked_super+0xa0/0x110
[ 156.578491][ T3565] cleanup_mnt+0x490/0x520
[ 156.582909][ T3565] ? lockdep_hardirqs_on+0x94/0x130
[ 156.588102][ T3565] task_work_run+0x246/0x300
[ 156.592696][ T3565] ? task_work_cancel+0x2b0/0x2b0
[ 156.597725][ T3565] ? exit_to_user_mode_loop+0x39/0x100
[ 156.603185][ T3565] exit_to_user_mode_loop+0xd9/0x100
[ 156.608468][ T3565] exit_to_user_mode_prepare+0xb1/0x140
[ 156.614011][ T3565] syscall_exit_to_user_mode+0x60/0x270
[ 156.619647][ T3565] do_syscall_64+0x49/0xb0
[ 156.624073][ T3565] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 156.630160][ T3565] RIP: 0033:0x7f3da0e57fc7
[ 156.634577][ T3565] Code: 09 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 156.654182][ T3565] RSP: 002b:00007fffd1e7fde8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
[ 156.662590][ T3565] RAX: 0000000000000000 RBX: 0000000000026219 RCX: 00007f3da0e57fc7
[ 156.670731][ T3565] RDX: 00007fffd1e7fea7 RSI: 000000000000000a RDI: 00007fffd1e7fea0
[ 156.678817][ T3565] RBP: 00007fffd1e7fea0 R08: 00000000ffffffff R09: 00007fffd1e7fc80
[ 156.687045][ T3565] R10: 000055555720b633 R11: 0000000000000206 R12: 00007fffd1e80f10
[ 156.695104][ T3565] R13: 000055555720b5f0 R14: 00007fffd1e7fe10 R15: 0000000000000005
[ 156.703095][ T3565]
[ 156.706113][ T3565]
[ 156.708517][ T3565] The buggy address belongs to the physical page:
[ 156.715015][ T3565] page:ffffea0001c32a80 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x70caa
[ 156.725164][ T3565] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 156.732273][ T3565] raw: 00fff00000000000 ffffea0001c46248 ffffea0001c461c8 0000000000000000
[ 156.740853][ T3565] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[ 156.749429][ T3565] page dumped because: kasan: bad access detected
[ 156.755832][ T3565] page_owner tracks the page as freed
[ 156.761188][ T3565] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 3569, tgid 3569 (syz-executor250), ts 155778954961, free_ts 155802993342
[ 156.779325][ T3565] post_alloc_hook+0x18d/0x1b0
[ 156.784098][ T3565] get_page_from_freelist+0x32ed/0x3480
[ 156.789927][ T3565] __alloc_pages+0x28d/0x770
[ 156.794510][ T3565] __folio_alloc+0xf/0x30
[ 156.798833][ T3565] vma_alloc_folio+0x486/0x990
[ 156.804639][ T3565] shmem_alloc_and_acct_folio+0x5a8/0xd50
[ 156.810358][ T3565] shmem_get_folio_gfp+0x13f0/0x3470
[ 156.815653][ T3565] shmem_write_begin+0x16e/0x4e0
[ 156.820697][ T3565] generic_perform_write+0x2fc/0x5e0
[ 156.826020][ T3565] __generic_file_write_iter+0x176/0x400
[ 156.831654][ T3565] generic_file_write_iter+0xab/0x310
[ 156.837031][ T3565] vfs_write+0x7ae/0xba0
[ 156.841266][ T3565] ksys_write+0x19c/0x2c0
[ 156.845590][ T3565] do_syscall_64+0x3d/0xb0
[ 156.850093][ T3565] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 156.855984][ T3565] page last free stack trace:
[ 156.860651][ T3565] free_unref_page_prepare+0xf63/0x1120
[ 156.866720][ T3565] free_unref_page_list+0x107/0x810
[ 156.871918][ T3565] release_pages+0x2836/0x2b40
[ 156.876686][ T3565] __pagevec_release+0x80/0xf0
[ 156.881445][ T3565] shmem_undo_range+0x867/0x2020
[ 156.886380][ T3565] shmem_evict_inode+0x265/0xa60
[ 156.891579][ T3565] evict+0x2a4/0x620
[ 156.895465][ T3565] __dentry_kill+0x436/0x650
[ 156.900053][ T3565] dentry_kill+0xbb/0x290
[ 156.904379][ T3565] dput+0x1ef/0x420
[ 156.908180][ T3565] __fput+0x5e4/0x890
[ 156.912250][ T3565] task_work_run+0x246/0x300
[ 156.916928][ T3565] exit_to_user_mode_loop+0xd9/0x100
[ 156.922297][ T3565] exit_to_user_mode_prepare+0xb1/0x140
[ 156.927855][ T3565] syscall_exit_to_user_mode+0x60/0x270
[ 156.933396][ T3565] do_syscall_64+0x49/0xb0
[ 156.937810][ T3565]
[ 156.940122][ T3565] Memory state around the buggy address:
[ 156.945748][ T3565] ffff888070ca9f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 156.954154][ T3565] ffff888070ca9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 156.962207][ T3565] >ffff888070caa000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 156.970256][ T3565] ^
[ 156.974331][ T3565] ffff888070caa080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 156.982384][ T3565] ffff888070caa100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 156.990696][ T3565] ==================================================================
[ 156.999752][ T3565] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 157.007498][ T3565] CPU: 0 PID: 3565 Comm: syz-executor250 Not tainted 6.1.37-syzkaller #0
[ 157.016019][ T3565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 157.026080][ T3565] Call Trace:
[ 157.029445][ T3565]
[ 157.032374][ T3565] dump_stack_lvl+0x1e3/0x2cb
[ 157.037325][ T3565] ? nf_tcp_handle_invalid+0x642/0x642
[ 157.042784][ T3565] ? panic+0x75d/0x75d
[ 157.046848][ T3565] ? preempt_schedule_common+0xa6/0xd0
[ 157.052398][ T3565] ? vscnprintf+0x59/0x80
[ 157.056735][ T3565] panic+0x318/0x75d
[ 157.060639][ T3565] ? check_panic_on_warn+0x1d/0xa0
[ 157.065765][ T3565] ? memcpy_page_flushcache+0xfc/0xfc
[ 157.071141][ T3565] ? _raw_spin_unlock_irqrestore+0x128/0x130
[ 157.077122][ T3565] ? _raw_spin_unlock+0x40/0x40
[ 157.082862][ T3565] ? print_report+0x4a3/0x4f0
[ 157.087738][ T3565] check_panic_on_warn+0x7e/0xa0
[ 157.092773][ T3565] ? crc_itu_t+0x1d1/0x2a0
[ 157.097200][ T3565] end_report+0x66/0x110
[ 157.101461][ T3565] kasan_report+0x143/0x160
[ 157.106122][ T3565] ? crc_itu_t+0x1d1/0x2a0
[ 157.110558][ T3565] crc_itu_t+0x1d1/0x2a0
[ 157.114814][ T3565] udf_sync_fs+0x1ce/0x380
[ 157.119247][ T3565] ? udf_put_super+0x160/0x160
[ 157.124023][ T3565] ? get_nr_dirty_inodes+0x2ab/0x2e0
[ 157.129959][ T3565] sync_filesystem+0xe8/0x220
[ 157.134650][ T3565] generic_shutdown_super+0x6b/0x340
[ 157.139956][ T3565] kill_block_super+0x7a/0xe0
[ 157.144647][ T3565] deactivate_locked_super+0xa0/0x110
[ 157.150216][ T3565] cleanup_mnt+0x490/0x520
[ 157.154648][ T3565] ? lockdep_hardirqs_on+0x94/0x130
[ 157.160036][ T3565] task_work_run+0x246/0x300
[ 157.164643][ T3565] ? task_work_cancel+0x2b0/0x2b0
[ 157.170374][ T3565] ? exit_to_user_mode_loop+0x39/0x100
[ 157.175838][ T3565] exit_to_user_mode_loop+0xd9/0x100
[ 157.181129][ T3565] exit_to_user_mode_prepare+0xb1/0x140
[ 157.186681][ T3565] syscall_exit_to_user_mode+0x60/0x270
[ 157.192251][ T3565] do_syscall_64+0x49/0xb0
[ 157.196672][ T3565] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 157.202739][ T3565] RIP: 0033:0x7f3da0e57fc7
[ 157.207506][ T3565] Code: 09 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 157.227745][ T3565] RSP: 002b:00007fffd1e7fde8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
[ 157.236248][ T3565] RAX: 0000000000000000 RBX: 0000000000026219 RCX: 00007f3da0e57fc7
[ 157.244398][ T3565] RDX: 00007fffd1e7fea7 RSI: 000000000000000a RDI: 00007fffd1e7fea0
[ 157.252464][ T3565] RBP: 00007fffd1e7fea0 R08: 00000000ffffffff R09: 00007fffd1e7fc80
[ 157.260441][ T3565] R10: 000055555720b633 R11: 0000000000000206 R12: 00007fffd1e80f10
[ 157.268594][ T3565] R13: 000055555720b5f0 R14: 00007fffd1e7fe10 R15: 0000000000000005
[ 157.276931][ T3565]
[ 157.280330][ T3565] Kernel Offset: disabled
[ 157.284676][ T3565] Rebooting in 86400 seconds..