Warning: Permanently added '10.128.1.29' (ECDSA) to the list of known hosts.
syzkaller login: [ 71.461633][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 71.469572][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 71.495029][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 71.496842][ T2550] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
executing program
[ 71.503396][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 71.519440][ T2550] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 71.551157][ T5066] loop0: detected capacity change from 0 to 2048
[ 71.570138][ T5066] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 71.593926][ T27] audit: type=1800 audit(1672302204.037:2): pid=5066 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor271" name="bus" dev="loop0" ino=1357 res=0 errno=0
[ 71.601723][ T5066] =======================================================
[ 71.601723][ T5066] WARNING: The mand mount option has been deprecated and
[ 71.601723][ T5066] and is ignored by this kernel. Remove the mand
[ 71.601723][ T5066] option from the mount to silence this warning.
[ 71.601723][ T5066] =======================================================
[ 71.697137][ T5066] ==================================================================
[ 71.705242][ T5066] BUG: KASAN: use-after-free in crc_itu_t+0x224/0x2b0
[ 71.712040][ T5066] Read of size 1 at addr ffff888072ee4000 by task syz-executor271/5066
[ 71.720288][ T5066]
[ 71.722620][ T5066] CPU: 1 PID: 5066 Comm: syz-executor271 Not tainted 6.2.0-rc1-syzkaller #0
[ 71.731297][ T5066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 71.741339][ T5066] Call Trace:
[ 71.744606][ T5066]
[ 71.747520][ T5066] dump_stack_lvl+0x1b1/0x290
[ 71.752192][ T5066] ? nf_tcp_handle_invalid+0x630/0x630
[ 71.757634][ T5066] ? __wake_up_klogd+0xcd/0x100
[ 71.762479][ T5066] ? panic+0x710/0x710
[ 71.767657][ T5066] ? _printk+0xc0/0x100
[ 71.771797][ T5066] ? _raw_spin_lock_irqsave+0x8e/0x100
[ 71.777253][ T5066] print_address_description+0x74/0x340
[ 71.782794][ T5066] print_report+0x107/0x1f0
[ 71.787294][ T5066] ? time64_to_tm+0x329/0x4d0
[ 71.791965][ T5066] ? __virt_addr_valid+0x21b/0x2d0
[ 71.797069][ T5066] ? __phys_addr+0xb5/0x160
[ 71.801563][ T5066] ? crc_itu_t+0x224/0x2b0
[ 71.805971][ T5066] kasan_report+0xcd/0x100
[ 71.810386][ T5066] ? crc_itu_t+0x224/0x2b0
[ 71.814800][ T5066] crc_itu_t+0x224/0x2b0
[ 71.819035][ T5066] udf_sync_fs+0x1bc/0x360
[ 71.823446][ T5066] ? udf_put_super+0x160/0x160
[ 71.828205][ T5066] sync_filesystem+0xe8/0x220
[ 71.832879][ T5066] generic_shutdown_super+0x6b/0x310
[ 71.838161][ T5066] kill_block_super+0x79/0xd0
[ 71.842825][ T5066] deactivate_locked_super+0xa7/0xf0
[ 71.848104][ T5066] cleanup_mnt+0x494/0x520
[ 71.852510][ T5066] ? lockdep_hardirqs_on+0x8d/0x130
[ 71.857698][ T5066] task_work_run+0x243/0x300
[ 71.862288][ T5066] ? task_work_cancel+0x290/0x290
[ 71.867305][ T5066] ? do_exit+0x63f/0x2150
[ 71.871631][ T5066] do_exit+0x644/0x2150
[ 71.875787][ T5066] ? mm_update_next_owner+0x6d0/0x6d0
[ 71.881153][ T5066] ? print_irqtrace_events+0x220/0x220
[ 71.886609][ T5066] ? _raw_spin_unlock_irq+0x1f/0x40
[ 71.891803][ T5066] ? lockdep_hardirqs_on+0x8d/0x130
[ 71.896992][ T5066] do_group_exit+0x1fd/0x2b0
[ 71.901574][ T5066] __x64_sys_exit_group+0x3b/0x40
[ 71.906586][ T5066] do_syscall_64+0x3d/0xb0
[ 71.910996][ T5066] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 71.916881][ T5066] RIP: 0033:0x7fd58b617099
[ 71.921287][ T5066] Code: Unable to access opcode bytes at 0x7fd58b61706f.
[ 71.928289][ T5066] RSP: 002b:00007ffd3bf463e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 71.936692][ T5066] RAX: ffffffffffffffda RBX: 00007fd58b687350 RCX: 00007fd58b617099
[ 71.944658][ T5066] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[ 71.952618][ T5066] RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 000000000000000c
[ 71.960579][ T5066] R10: 000080001d00c0d0 R11: 0000000000000246 R12: 00007fd58b687350
[ 71.968540][ T5066] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[ 71.976506][ T5066]
[ 71.979514][ T5066]
[ 71.981828][ T5066] The buggy address belongs to the physical page:
[ 71.988225][ T5066] page:ffffea0001cbb900 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x72ee4
[ 71.998384][ T5066] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 72.005501][ T5066] raw: 00fff00000000000 ffffea0001ddde48 ffffea0001dc1c08 0000000000000000
[ 72.014861][ T5066] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[ 72.023444][ T5066] page dumped because: kasan: bad access detected
[ 72.029863][ T5066] page_owner tracks the page as freed
[ 72.035222][ T5066] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO), pid 5062, tgid 5062 (scp), ts 65441830241, free_ts 65559597064
[ 72.054402][ T5066] get_page_from_freelist+0x742/0x7c0
[ 72.059771][ T5066] __alloc_pages+0x259/0x560
[ 72.064352][ T5066] __folio_alloc+0xf/0x30
[ 72.068693][ T5066] vma_alloc_folio+0x660/0xb60
[ 72.073470][ T5066] do_anonymous_page+0x357/0x10b0
[ 72.078509][ T5066] handle_mm_fault+0x1610/0x26b0
[ 72.083463][ T5066] do_user_addr_fault+0x69b/0xcb0
[ 72.088488][ T5066] exc_page_fault+0x7a/0x110
[ 72.093067][ T5066] asm_exc_page_fault+0x22/0x30
[ 72.097930][ T5066] page last free stack trace:
[ 72.102594][ T5066] free_pcp_prepare+0x751/0x780
[ 72.107446][ T5066] free_unref_page_list+0xb2/0x830
[ 72.112573][ T5066] release_pages+0x233e/0x25e0
[ 72.117350][ T5066] tlb_flush_mmu+0x860/0xa80
[ 72.121948][ T5066] tlb_finish_mmu+0xcd/0x200
[ 72.126529][ T5066] exit_mmap+0x275/0x630
[ 72.130761][ T5066] __mmput+0x114/0x3b0
[ 72.134817][ T5066] exit_mm+0x1ec/0x2c0
[ 72.138880][ T5066] do_exit+0x5c7/0x2150
[ 72.143030][ T5066] do_group_exit+0x1fd/0x2b0
[ 72.147606][ T5066] __x64_sys_exit_group+0x3b/0x40
[ 72.152617][ T5066] do_syscall_64+0x3d/0xb0
[ 72.157025][ T5066] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 72.162912][ T5066]
[ 72.165221][ T5066] Memory state around the buggy address:
[ 72.170839][ T5066] ffff888072ee3f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 72.178922][ T5066] ffff888072ee3f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 72.186967][ T5066] >ffff888072ee4000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 72.195013][ T5066] ^
[ 72.199063][ T5066] ffff888072ee4080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 72.207110][ T5066] ffff888072ee4100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 72.215151][ T5066] ==================================================================
[ 72.224736][ T5066] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 72.232053][ T5066] CPU: 0 PID: 5066 Comm: syz-executor271 Not tainted 6.2.0-rc1-syzkaller #0
[ 72.240718][ T5066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 72.250780][ T5066] Call Trace:
[ 72.254050][ T5066]
[ 72.256974][ T5066] dump_stack_lvl+0x1b1/0x290
[ 72.261763][ T5066] ? nf_tcp_handle_invalid+0x630/0x630
[ 72.267222][ T5066] ? panic+0x710/0x710
[ 72.271298][ T5066] ? lock_release+0x81/0x820
[ 72.275896][ T5066] ? vscnprintf+0x59/0x80
[ 72.280220][ T5066] panic+0x2d6/0x710
[ 72.284116][ T5066] ? check_panic_on_warn+0x1d/0xa0
[ 72.289223][ T5066] ? memcpy_page_flushcache+0x100/0x100
[ 72.294763][ T5066] ? _raw_spin_unlock_irqrestore+0x110/0x120
[ 72.300739][ T5066] ? _raw_spin_unlock+0x40/0x40
[ 72.305584][ T5066] ? print_report+0x1b4/0x1f0
[ 72.310256][ T5066] check_panic_on_warn+0x80/0xa0
[ 72.315184][ T5066] ? crc_itu_t+0x224/0x2b0
[ 72.319594][ T5066] end_report+0x47/0x90
[ 72.323743][ T5066] kasan_report+0xda/0x100
[ 72.328167][ T5066] ? crc_itu_t+0x224/0x2b0
[ 72.332580][ T5066] crc_itu_t+0x224/0x2b0
[ 72.336817][ T5066] udf_sync_fs+0x1bc/0x360
[ 72.341230][ T5066] ? udf_put_super+0x160/0x160
[ 72.345992][ T5066] sync_filesystem+0xe8/0x220
[ 72.350663][ T5066] generic_shutdown_super+0x6b/0x310
[ 72.355944][ T5066] kill_block_super+0x79/0xd0
[ 72.360614][ T5066] deactivate_locked_super+0xa7/0xf0
[ 72.365895][ T5066] cleanup_mnt+0x494/0x520
[ 72.370301][ T5066] ? lockdep_hardirqs_on+0x8d/0x130
[ 72.375495][ T5066] task_work_run+0x243/0x300
[ 72.380083][ T5066] ? task_work_cancel+0x290/0x290
[ 72.385106][ T5066] ? do_exit+0x63f/0x2150
[ 72.389434][ T5066] do_exit+0x644/0x2150
[ 72.393593][ T5066] ? mm_update_next_owner+0x6d0/0x6d0
[ 72.398971][ T5066] ? print_irqtrace_events+0x220/0x220
[ 72.404426][ T5066] ? _raw_spin_unlock_irq+0x1f/0x40
[ 72.409621][ T5066] ? lockdep_hardirqs_on+0x8d/0x130
[ 72.414808][ T5066] do_group_exit+0x1fd/0x2b0
[ 72.419390][ T5066] __x64_sys_exit_group+0x3b/0x40
[ 72.424406][ T5066] do_syscall_64+0x3d/0xb0
[ 72.428815][ T5066] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 72.434790][ T5066] RIP: 0033:0x7fd58b617099
[ 72.439192][ T5066] Code: Unable to access opcode bytes at 0x7fd58b61706f.
[ 72.446194][ T5066] RSP: 002b:00007ffd3bf463e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 72.454597][ T5066] RAX: ffffffffffffffda RBX: 00007fd58b687350 RCX: 00007fd58b617099
[ 72.462559][ T5066] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[ 72.470522][ T5066] RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 000000000000000c
[ 72.478483][ T5066] R10: 000080001d00c0d0 R11: 0000000000000246 R12: 00007fd58b687350
[ 72.486443][ T5066] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[ 72.494407][ T5066]
[ 72.497576][ T5066] Kernel Offset: disabled
[ 72.501890][ T5066] Rebooting in 86400 seconds..