Warning: Permanently added '10.128.0.216' (ECDSA) to the list of known hosts.
syzkaller login: [   51.728167][ T3540] chnl_net:caif_netlink_parms(): no params data found
[   51.765916][ T3540] bridge0: port 1(bridge_slave_0) entered blocking state
[   51.773305][ T3540] bridge0: port 1(bridge_slave_0) entered disabled state
[   51.781172][ T3540] device bridge_slave_0 entered promiscuous mode
[   51.789567][ T3540] bridge0: port 2(bridge_slave_1) entered blocking state
[   51.796771][ T3540] bridge0: port 2(bridge_slave_1) entered disabled state
[   51.804889][ T3540] device bridge_slave_1 entered promiscuous mode
[   51.823137][ T3540] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   51.834575][ T3540] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   51.856047][ T3540] team0: Port device team_slave_0 added
[   51.862998][ T3540] team0: Port device team_slave_1 added
[   51.879970][ T3540] batman_adv: batadv0: Adding interface: batadv_slave_0
[   51.887061][ T3540] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   51.913021][ T3540] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   51.925166][ T3540] batman_adv: batadv0: Adding interface: batadv_slave_1
[   51.932106][ T3540] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   51.958056][ T3540] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   51.986786][ T3540] device hsr_slave_0 entered promiscuous mode
[   51.993539][ T3540] device hsr_slave_1 entered promiscuous mode
[   52.073254][ T3540] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   52.082906][ T3540] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   52.091811][ T3540] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   52.101228][ T3540] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   52.120988][ T3540] bridge0: port 2(bridge_slave_1) entered blocking state
[   52.128140][ T3540] bridge0: port 2(bridge_slave_1) entered forwarding state
[   52.135930][ T3540] bridge0: port 1(bridge_slave_0) entered blocking state
[   52.142983][ T3540] bridge0: port 1(bridge_slave_0) entered forwarding state
[   52.182122][ T3540] 8021q: adding VLAN 0 to HW filter on device bond0
[   52.193376][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   52.202692][    T7] bridge0: port 1(bridge_slave_0) entered disabled state
[   52.212004][    T7] bridge0: port 2(bridge_slave_1) entered disabled state
[   52.219802][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   52.233969][ T3540] 8021q: adding VLAN 0 to HW filter on device team0
[   52.247432][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   52.255844][   T22] bridge0: port 1(bridge_slave_0) entered blocking state
[   52.262889][   T22] bridge0: port 1(bridge_slave_0) entered forwarding state
[   52.270579][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   52.279299][   T22] bridge0: port 2(bridge_slave_1) entered blocking state
[   52.286393][   T22] bridge0: port 2(bridge_slave_1) entered forwarding state
[   52.303101][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   52.311596][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   52.323313][ T3546] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   52.335380][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   52.347374][ T3540] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   52.359337][ T3540] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   52.367390][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   52.383961][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   52.391354][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   52.402193][ T3540] 8021q: adding VLAN 0 to HW filter on device batadv0
[   52.419274][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   52.436684][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   52.445506][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   52.453034][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   52.462581][ T3540] device veth0_vlan entered promiscuous mode
[   52.472909][ T3540] device veth1_vlan entered promiscuous mode
[   52.491175][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   52.499144][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   52.507553][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   52.517879][ T3540] device veth0_macvtap entered promiscuous mode
[   52.527117][ T3540] device veth1_macvtap entered promiscuous mode
[   52.542117][ T3540] batman_adv: batadv0: Interface activated: batadv_slave_0
[   52.551361][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   52.560528][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   52.571068][ T3540] batman_adv: batadv0: Interface activated: batadv_slave_1
[   52.578907][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
executing program
[   52.589874][ T3540] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   52.599668][ T3540] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   52.608438][ T3540] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   52.617151][ T3540] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   52.656893][ T3540] loop0: detected capacity change from 0 to 2048
[   52.665498][ T3540] =======================================================
[   52.665498][ T3540] WARNING: The mand mount option has been deprecated and
[   52.665498][ T3540]          and is ignored by this kernel. Remove the mand
[   52.665498][ T3540]          option from the mount to silence this warning.
[   52.665498][ T3540] =======================================================
[   52.703196][ T3540] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[   52.716030][ T3540] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[   52.757340][   T46] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   52.787583][ T3540] ==================================================================
[   52.795678][ T3540] BUG: KASAN: use-after-free in crc_itu_t+0x218/0x2a0
[   52.802464][ T3540] Read of size 1 at addr ffff888070630000 by task syz-executor202/3540
[   52.810707][ T3540] 
[   52.813026][ T3540] CPU: 1 PID: 3540 Comm: syz-executor202 Not tainted 6.1.33-syzkaller #0
[   52.821410][ T3540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[   52.831440][ T3540] Call Trace:
[   52.834699][ T3540]  <TASK>
[   52.837608][ T3540]  dump_stack_lvl+0x1e3/0x2cb
[   52.842276][ T3540]  ? irq_work_queue+0xc6/0x150
[   52.847026][ T3540]  ? nf_tcp_handle_invalid+0x642/0x642
[   52.852465][ T3540]  ? panic+0x75d/0x75d
[   52.856512][ T3540]  ? _printk+0xd1/0x111
[   52.860647][ T3540]  ? _raw_spin_lock_irqsave+0xac/0x120
[   52.866080][ T3540]  print_report+0x15f/0x4f0
[   52.870564][ T3540]  ? time64_to_tm+0x32d/0x4d0
[   52.875222][ T3540]  ? __virt_addr_valid+0x22b/0x2e0
[   52.880312][ T3540]  ? __phys_addr+0xb6/0x170
[   52.884791][ T3540]  ? crc_itu_t+0x218/0x2a0
[   52.889186][ T3540]  kasan_report+0x136/0x160
[   52.893676][ T3540]  ? crc_itu_t+0x218/0x2a0
[   52.898097][ T3540]  crc_itu_t+0x218/0x2a0
[   52.902337][ T3540]  udf_sync_fs+0x1ce/0x380
[   52.906742][ T3540]  ? udf_put_super+0x160/0x160
[   52.911490][ T3540]  ? get_nr_dirty_inodes+0x2ab/0x2e0
[   52.916769][ T3540]  sync_filesystem+0xe8/0x220
[   52.921431][ T3540]  generic_shutdown_super+0x6b/0x340
[   52.926702][ T3540]  kill_block_super+0x7a/0xe0
[   52.931366][ T3540]  deactivate_locked_super+0xa0/0x110
[   52.936724][ T3540]  cleanup_mnt+0x490/0x520
[   52.941134][ T3540]  ? lockdep_hardirqs_on+0x94/0x130
[   52.946320][ T3540]  task_work_run+0x246/0x300
[   52.950901][ T3540]  ? kasan_quarantine_put+0xd4/0x220
[   52.956174][ T3540]  ? task_work_cancel+0x2b0/0x2b0
[   52.961183][ T3540]  ? kmem_cache_free+0x292/0x510
[   52.966105][ T3540]  ? do_exit+0x6f6/0x2300
[   52.970425][ T3540]  do_exit+0x6fb/0x2300
[   52.974569][ T3540]  ? do_group_exit+0x1f2/0x2b0
[   52.979321][ T3540]  ? put_task_struct+0x80/0x80
[   52.984072][ T3540]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[   52.990034][ T3540]  ? print_irqtrace_events+0x210/0x210
[   52.995478][ T3540]  ? _raw_spin_unlock_irq+0x1f/0x40
[   53.000659][ T3540]  ? lockdep_hardirqs_on+0x94/0x130
[   53.005852][ T3540]  do_group_exit+0x202/0x2b0
[   53.010430][ T3540]  __x64_sys_exit_group+0x3b/0x40
[   53.015440][ T3540]  do_syscall_64+0x3d/0xb0
[   53.019843][ T3540]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   53.025720][ T3540] RIP: 0033:0x7fd96ac77639
[   53.030120][ T3540] Code: Unable to access opcode bytes at 0x7fd96ac7760f.
[   53.037127][ T3540] RSP: 002b:00007ffc6ac21c38 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   53.045527][ T3540] RAX: ffffffffffffffda RBX: 00007fd96ad0e410 RCX: 00007fd96ac77639
[   53.053481][ T3540] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   53.061437][ T3540] RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 0000000000000000
[   53.069391][ T3540] R10: 0000000000000022 R11: 0000000000000246 R12: 00007fd96ad0e410
[   53.077344][ T3540] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[   53.085302][ T3540]  </TASK>
[   53.088304][ T3540] 
[   53.090610][ T3540] The buggy address belongs to the physical page:
[   53.096999][ T3540] page:ffffea0001c18c00 refcount:0 mapcount:-128 mapping:0000000000000000 index:0x1 pfn:0x70630
[   53.107389][ T3540] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   53.114482][ T3540] raw: 00fff00000000000 ffffea0001c1c008 ffffea0001c17408 0000000000000000
[   53.123046][ T3540] raw: 0000000000000001 0000000000000004 00000000ffffff7f 0000000000000000
[   53.131603][ T3540] page dumped because: kasan: bad access detected
[   53.137992][ T3540] page_owner tracks the page as freed
[   53.143336][ T3540] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO), pid 3531, tgid 3531 (sshd), ts 44213999540, free_ts 44229177115
[   53.161286][ T3540]  post_alloc_hook+0x18d/0x1b0
[   53.166038][ T3540]  get_page_from_freelist+0x32ed/0x3480
[   53.171564][ T3540]  __alloc_pages+0x28d/0x770
[   53.176135][ T3540]  __folio_alloc+0xf/0x30
[   53.180444][ T3540]  vma_alloc_folio+0x486/0x990
[   53.185194][ T3540]  handle_mm_fault+0x2e85/0x5330
[   53.190119][ T3540]  exc_page_fault+0x58d/0x790
[   53.194781][ T3540]  asm_exc_page_fault+0x22/0x30
[   53.199613][ T3540] page last free stack trace:
[   53.204263][ T3540]  free_unref_page_prepare+0xf63/0x1120
[   53.209796][ T3540]  free_unref_page_list+0x107/0x810
[   53.214988][ T3540]  release_pages+0x2836/0x2b40
[   53.219738][ T3540]  tlb_flush_mmu+0xfc/0x210
[   53.224225][ T3540]  tlb_finish_mmu+0xce/0x1f0
[   53.228801][ T3540]  unmap_region+0x29f/0x2f0
[   53.233289][ T3540]  do_mas_align_munmap+0xe98/0x15e0
[   53.238473][ T3540]  do_mas_munmap+0x246/0x2b0
[   53.243047][ T3540]  __vm_munmap+0x268/0x370
[   53.247454][ T3540]  __x64_sys_munmap+0x5c/0x70
[   53.252115][ T3540]  do_syscall_64+0x3d/0xb0
[   53.256515][ T3540]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   53.262390][ T3540] 
[   53.264694][ T3540] Memory state around the buggy address:
[   53.270299][ T3540]  ffff88807062ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   53.278338][ T3540]  ffff88807062ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   53.286377][ T3540] >ffff888070630000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   53.294415][ T3540]                    ^
[   53.298462][ T3540]  ffff888070630080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   53.306513][ T3540]  ffff888070630100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   53.314555][ T3540] ==================================================================
[   53.333877][ T3540] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   53.341093][ T3540] CPU: 0 PID: 3540 Comm: syz-executor202 Not tainted 6.1.33-syzkaller #0
[   53.349512][ T3540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[   53.359570][ T3540] Call Trace:
[   53.362850][ T3540]  <TASK>
[   53.365779][ T3540]  dump_stack_lvl+0x1e3/0x2cb
[   53.370460][ T3540]  ? nf_tcp_handle_invalid+0x642/0x642
[   53.375919][ T3540]  ? panic+0x75d/0x75d
[   53.379989][ T3540]  ? preempt_schedule_common+0xa6/0xd0
[   53.385469][ T3540]  ? vscnprintf+0x59/0x80
[   53.389801][ T3540]  panic+0x318/0x75d
[   53.393696][ T3540]  ? check_panic_on_warn+0x1d/0xa0
[   53.398817][ T3540]  ? memcpy_page_flushcache+0xfc/0xfc
[   53.404193][ T3540]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[   53.410173][ T3540]  ? _raw_spin_unlock+0x40/0x40
[   53.415027][ T3540]  ? print_report+0x4a3/0x4f0
[   53.419716][ T3540]  check_panic_on_warn+0x7e/0xa0
[   53.424657][ T3540]  ? crc_itu_t+0x218/0x2a0
[   53.429080][ T3540]  end_report+0x66/0x110
[   53.433326][ T3540]  kasan_report+0x143/0x160
[   53.437831][ T3540]  ? crc_itu_t+0x218/0x2a0
[   53.442250][ T3540]  crc_itu_t+0x218/0x2a0
[   53.446499][ T3540]  udf_sync_fs+0x1ce/0x380
[   53.450921][ T3540]  ? udf_put_super+0x160/0x160
[   53.455685][ T3540]  ? get_nr_dirty_inodes+0x2ab/0x2e0
[   53.460976][ T3540]  sync_filesystem+0xe8/0x220
[   53.465655][ T3540]  generic_shutdown_super+0x6b/0x340
[   53.470943][ T3540]  kill_block_super+0x7a/0xe0
[   53.475622][ T3540]  deactivate_locked_super+0xa0/0x110
[   53.480993][ T3540]  cleanup_mnt+0x490/0x520
[   53.485409][ T3540]  ? lockdep_hardirqs_on+0x94/0x130
[   53.490613][ T3540]  task_work_run+0x246/0x300
[   53.495210][ T3540]  ? kasan_quarantine_put+0xd4/0x220
[   53.500500][ T3540]  ? task_work_cancel+0x2b0/0x2b0
[   53.505535][ T3540]  ? kmem_cache_free+0x292/0x510
[   53.510476][ T3540]  ? do_exit+0x6f6/0x2300
[   53.514806][ T3540]  do_exit+0x6fb/0x2300
[   53.518964][ T3540]  ? do_group_exit+0x1f2/0x2b0
[   53.523730][ T3540]  ? put_task_struct+0x80/0x80
[   53.528494][ T3540]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[   53.534479][ T3540]  ? print_irqtrace_events+0x210/0x210
[   53.539936][ T3540]  ? _raw_spin_unlock_irq+0x1f/0x40
[   53.545134][ T3540]  ? lockdep_hardirqs_on+0x94/0x130
[   53.550338][ T3540]  do_group_exit+0x202/0x2b0
[   53.554931][ T3540]  __x64_sys_exit_group+0x3b/0x40
[   53.559957][ T3540]  do_syscall_64+0x3d/0xb0
[   53.564382][ T3540]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   53.570275][ T3540] RIP: 0033:0x7fd96ac77639
[   53.574691][ T3540] Code: Unable to access opcode bytes at 0x7fd96ac7760f.
[   53.581706][ T3540] RSP: 002b:00007ffc6ac21c38 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   53.590121][ T3540] RAX: ffffffffffffffda RBX: 00007fd96ad0e410 RCX: 00007fd96ac77639
[   53.598124][ T3540] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   53.606092][ T3540] RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 0000000000000000
[   53.614065][ T3540] R10: 0000000000000022 R11: 0000000000000246 R12: 00007fd96ad0e410
[   53.622030][ T3540] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[   53.630007][ T3540]  </TASK>
[   53.633174][ T3540] Kernel Offset: disabled
[   53.637485][ T3540] Rebooting in 86400 seconds..