DUID 00:04:fd:d1:b1:d5:68:a0:3a:5f:50:0a:64:49:ea:42:3f:75
forked to background, child pid 3173
[   28.255487][ T3174] 8021q: adding VLAN 0 to HW filter on device bond0
[   28.272317][ T3174] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.83' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   55.530215][ T3501] loop0: detected capacity change from 0 to 2048
[   55.540226][ T3501] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[   55.552573][ T3501] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[   55.563360][ T3501] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[   55.574051][ T3501] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found
[   55.581752][ T3501] UDF-fs: Scanning with blocksize 512 failed
[   55.590277][ T3501] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[   55.732595][ T3501] ==================================================================
[   55.740896][ T3501] BUG: KASAN: use-after-free in crc_itu_t+0x1d1/0x2a0
[   55.747678][ T3501] Read of size 1 at addr ffff8880704b3000 by task syz-executor221/3501
[   55.755910][ T3501] 
[   55.758230][ T3501] CPU: 0 PID: 3501 Comm: syz-executor221 Not tainted 5.15.112-syzkaller #0
[   55.766808][ T3501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
[   55.776865][ T3501] Call Trace:
[   55.780212][ T3501]  <TASK>
[   55.783152][ T3501]  dump_stack_lvl+0x1e3/0x2cb
[   55.787837][ T3501]  ? io_uring_drop_tctx_refs+0x19d/0x19d
[   55.793472][ T3501]  ? _printk+0xd1/0x111
[   55.797629][ T3501]  ? __wake_up_klogd+0xcc/0x100
[   55.802482][ T3501]  ? panic+0x84d/0x84d
[   55.806543][ T3501]  ? _raw_spin_lock_irqsave+0xdd/0x120
[   55.812003][ T3501]  print_address_description+0x63/0x3b0
[   55.817555][ T3501]  ? crc_itu_t+0x1d1/0x2a0
[   55.821966][ T3501]  kasan_report+0x16b/0x1c0
[   55.826495][ T3501]  ? crc_itu_t+0x1d1/0x2a0
[   55.830905][ T3501]  ? pvclock_gtod_unregister_notifier+0x50/0x50
[   55.837146][ T3501]  crc_itu_t+0x1d1/0x2a0
[   55.841397][ T3501]  udf_sync_fs+0x1ce/0x380
[   55.845830][ T3501]  ? udf_put_super+0x160/0x160
[   55.850865][ T3501]  ? get_nr_dirty_inodes+0x25f/0x2e0
[   55.856156][ T3501]  sync_filesystem+0xe8/0x220
[   55.860833][ T3501]  generic_shutdown_super+0x6e/0x2c0
[   55.866232][ T3501]  kill_block_super+0x7a/0xe0
[   55.870911][ T3501]  deactivate_locked_super+0xa0/0x110
[   55.876283][ T3501]  cleanup_mnt+0x44e/0x500
[   55.880698][ T3501]  ? lockdep_hardirqs_on+0x94/0x130
[   55.885930][ T3501]  task_work_run+0x129/0x1a0
[   55.890580][ T3501]  do_exit+0x6a3/0x2480
[   55.894765][ T3501]  ? put_task_struct+0x80/0x80
[   55.899578][ T3501]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[   55.905571][ T3501]  ? vtime_user_exit+0x2d1/0x400
[   55.910520][ T3501]  do_group_exit+0x144/0x310
[   55.915117][ T3501]  __x64_sys_exit_group+0x3b/0x40
[   55.920163][ T3501]  do_syscall_64+0x3d/0xb0
[   55.924581][ T3501]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   55.930470][ T3501] RIP: 0033:0x7f5a21ac15a9
[   55.934901][ T3501] Code: Unable to access opcode bytes at RIP 0x7f5a21ac157f.
[   55.942252][ T3501] RSP: 002b:00007ffdd171c348 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   55.950663][ T3501] RAX: ffffffffffffffda RBX: 00007f5a21b68470 RCX: 00007f5a21ac15a9
[   55.958632][ T3501] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   55.966600][ T3501] RBP: 0000000000000001 R08: ffffffffffffffb8 R09: 0000000000000000
[   55.974570][ T3501] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5a21b68470
[   55.982570][ T3501] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[   55.990562][ T3501]  </TASK>
[   55.993576][ T3501] 
[   55.995891][ T3501] The buggy address belongs to the page:
[   56.001512][ T3501] page:ffffea0001c12cc0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x704b3
[   56.011656][ T3501] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   56.018767][ T3501] raw: 00fff00000000000 ffffea0001c12d08 ffffea0001f4ea48 0000000000000000
[   56.027344][ T3501] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[   56.035913][ T3501] page dumped because: kasan: bad access detected
[   56.042338][ T3501] page_owner tracks the page as freed
[   56.047707][ T3501] page last allocated via order 0, migratetype Movable, gfp_mask 0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), pid 3491, ts 47938476688, free_ts 47957151035
[   56.063247][ T3501]  get_page_from_freelist+0x322a/0x33c0
[   56.068818][ T3501]  __alloc_pages+0x272/0x700
[   56.073419][ T3501]  alloc_pages_vma+0x39a/0x800
[   56.078188][ T3501]  handle_mm_fault+0x2f49/0x5950
[   56.083121][ T3501]  exc_page_fault+0x271/0x740
[   56.087802][ T3501]  asm_exc_page_fault+0x22/0x30
[   56.092683][ T3501] page last free stack trace:
[   56.097528][ T3501]  free_unref_page_prepare+0xc34/0xcf0
[   56.103020][ T3501]  free_unref_page_list+0x1f7/0x8e0
[   56.108215][ T3501]  release_pages+0x1bb9/0x1f40
[   56.112970][ T3501]  tlb_finish_mmu+0x177/0x320
[   56.117637][ T3501]  unmap_region+0x304/0x350
[   56.122136][ T3501]  __do_munmap+0x12db/0x1740
[   56.126862][ T3501]  __vm_munmap+0x134/0x230
[   56.131283][ T3501]  __x64_sys_munmap+0x67/0x70
[   56.136046][ T3501]  do_syscall_64+0x3d/0xb0
[   56.140512][ T3501]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   56.146406][ T3501] 
[   56.148727][ T3501] Memory state around the buggy address:
[   56.154533][ T3501]  ffff8880704b2f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   56.162606][ T3501]  ffff8880704b2f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   56.170662][ T3501] >ffff8880704b3000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   56.178713][ T3501]                    ^
[   56.182771][ T3501]  ffff8880704b3080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   56.190843][ T3501]  ffff8880704b3100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   56.198894][ T3501] ==================================================================
[   56.206949][ T3501] Disabling lock debugging due to kernel taint
[   56.213400][ T3501] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   56.221745][ T3501] CPU: 0 PID: 3501 Comm: syz-executor221 Tainted: G    B             5.15.112-syzkaller #0
[   56.231718][ T3501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
[   56.241766][ T3501] Call Trace:
[   56.245038][ T3501]  <TASK>
[   56.247961][ T3501]  dump_stack_lvl+0x1e3/0x2cb
[   56.252639][ T3501]  ? io_uring_drop_tctx_refs+0x19d/0x19d
[   56.258265][ T3501]  ? panic+0x84d/0x84d
[   56.262330][ T3501]  ? preempt_schedule_common+0xa6/0xd0
[   56.267783][ T3501]  ? preempt_schedule+0xd9/0xe0
[   56.272629][ T3501]  panic+0x318/0x84d
[   56.276539][ T3501]  ? check_panic_on_warn+0x1d/0xa0
[   56.281646][ T3501]  ? fb_is_primary_device+0xcc/0xcc
[   56.286882][ T3501]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[   56.292855][ T3501]  ? _raw_spin_unlock+0x40/0x40
[   56.297694][ T3501]  ? print_memory_metadata+0xe2/0x140
[   56.303082][ T3501]  check_panic_on_warn+0x7e/0xa0
[   56.308014][ T3501]  ? crc_itu_t+0x1d1/0x2a0
[   56.312422][ T3501]  end_report+0x6d/0xf0
[   56.316573][ T3501]  kasan_report+0x18e/0x1c0
[   56.321067][ T3501]  ? crc_itu_t+0x1d1/0x2a0
[   56.325473][ T3501]  ? pvclock_gtod_unregister_notifier+0x50/0x50
[   56.331705][ T3501]  crc_itu_t+0x1d1/0x2a0
[   56.335941][ T3501]  udf_sync_fs+0x1ce/0x380
[   56.340357][ T3501]  ? udf_put_super+0x160/0x160
[   56.345228][ T3501]  ? get_nr_dirty_inodes+0x25f/0x2e0
[   56.350509][ T3501]  sync_filesystem+0xe8/0x220
[   56.355200][ T3501]  generic_shutdown_super+0x6e/0x2c0
[   56.360498][ T3501]  kill_block_super+0x7a/0xe0
[   56.365271][ T3501]  deactivate_locked_super+0xa0/0x110
[   56.370651][ T3501]  cleanup_mnt+0x44e/0x500
[   56.375079][ T3501]  ? lockdep_hardirqs_on+0x94/0x130
[   56.380283][ T3501]  task_work_run+0x129/0x1a0
[   56.384894][ T3501]  do_exit+0x6a3/0x2480
[   56.389091][ T3501]  ? put_task_struct+0x80/0x80
[   56.393852][ T3501]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[   56.399987][ T3501]  ? vtime_user_exit+0x2d1/0x400
[   56.404959][ T3501]  do_group_exit+0x144/0x310
[   56.409557][ T3501]  __x64_sys_exit_group+0x3b/0x40
[   56.414582][ T3501]  do_syscall_64+0x3d/0xb0
[   56.419014][ T3501]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   56.425000][ T3501] RIP: 0033:0x7f5a21ac15a9
[   56.429407][ T3501] Code: Unable to access opcode bytes at RIP 0x7f5a21ac157f.
[   56.436759][ T3501] RSP: 002b:00007ffdd171c348 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   56.445169][ T3501] RAX: ffffffffffffffda RBX: 00007f5a21b68470 RCX: 00007f5a21ac15a9
[   56.453144][ T3501] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   56.461219][ T3501] RBP: 0000000000000001 R08: ffffffffffffffb8 R09: 0000000000000000
[   56.469210][ T3501] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5a21b68470
[   56.477176][ T3501] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[   56.485152][ T3501]  </TASK>
[   56.488441][ T3501] Kernel Offset: disabled
[   56.492767][ T3501] Rebooting in 86400 seconds..