DUID 00:04:a4:d9:44:a1:3e:a2:79:db:da:6d:5d:0b:f7:25:ed:85
forked to background, child pid 3212
[   28.016016][ T3213] 8021q: adding VLAN 0 to HW filter on device bond0
[   28.025587][ T3213] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.247' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   53.915751][ T3539] loop0: detected capacity change from 0 to 2048
[   53.945580][ T3539] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=4294923874, location=4294923874
[   53.958111][ T3539] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[   54.018409][ T3539] ==================================================================
[   54.026513][ T3539] BUG: KASAN: use-after-free in crc_itu_t+0x1d1/0x2a0
[   54.033398][ T3539] Read of size 1 at addr ffff888071381000 by task syz-executor118/3539
[   54.041631][ T3539] 
[   54.043950][ T3539] CPU: 0 PID: 3539 Comm: syz-executor118 Not tainted 6.1.31-syzkaller #0
[   54.052345][ T3539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[   54.062474][ T3539] Call Trace:
[   54.065737][ T3539]  <TASK>
[   54.068650][ T3539]  dump_stack_lvl+0x1e3/0x2cb
[   54.073320][ T3539]  ? irq_work_queue+0xc6/0x150
[   54.078069][ T3539]  ? nf_tcp_handle_invalid+0x642/0x642
[   54.083520][ T3539]  ? panic+0x75d/0x75d
[   54.088873][ T3539]  ? _printk+0xd1/0x111
[   54.093007][ T3539]  ? _raw_spin_lock_irqsave+0xac/0x120
[   54.098618][ T3539]  print_report+0x15f/0x4f0
[   54.103207][ T3539]  ? time64_to_tm+0x32d/0x4d0
[   54.107868][ T3539]  ? __virt_addr_valid+0x22b/0x2e0
[   54.112977][ T3539]  ? __phys_addr+0xb6/0x170
[   54.117559][ T3539]  ? crc_itu_t+0x1d1/0x2a0
[   54.121963][ T3539]  kasan_report+0x136/0x160
[   54.126478][ T3539]  ? crc_itu_t+0x1d1/0x2a0
[   54.130921][ T3539]  crc_itu_t+0x1d1/0x2a0
[   54.135167][ T3539]  udf_sync_fs+0x1ce/0x380
[   54.139581][ T3539]  ? udf_put_super+0x160/0x160
[   54.144341][ T3539]  ? get_nr_dirty_inodes+0x2ab/0x2e0
[   54.149736][ T3539]  sync_filesystem+0xe8/0x220
[   54.154506][ T3539]  generic_shutdown_super+0x6b/0x340
[   54.159895][ T3539]  kill_block_super+0x7a/0xe0
[   54.164589][ T3539]  deactivate_locked_super+0xa0/0x110
[   54.169986][ T3539]  cleanup_mnt+0x490/0x520
[   54.174411][ T3539]  ? lockdep_hardirqs_on+0x94/0x130
[   54.179609][ T3539]  task_work_run+0x246/0x300
[   54.184285][ T3539]  ? kasan_quarantine_put+0xd4/0x220
[   54.189581][ T3539]  ? task_work_cancel+0x2b0/0x2b0
[   54.194613][ T3539]  ? kmem_cache_free+0x292/0x510
[   54.200330][ T3539]  ? do_exit+0x6f6/0x2300
[   54.204668][ T3539]  do_exit+0x6fb/0x2300
[   54.208835][ T3539]  ? do_group_exit+0x1f2/0x2b0
[   54.213586][ T3539]  ? put_task_struct+0x80/0x80
[   54.218339][ T3539]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[   54.224306][ T3539]  ? print_irqtrace_events+0x210/0x210
[   54.229767][ T3539]  ? _raw_spin_unlock_irq+0x1f/0x40
[   54.235231][ T3539]  ? lockdep_hardirqs_on+0x94/0x130
[   54.240522][ T3539]  do_group_exit+0x202/0x2b0
[   54.245118][ T3539]  __x64_sys_exit_group+0x3b/0x40
[   54.250143][ T3539]  do_syscall_64+0x3d/0xb0
[   54.254559][ T3539]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   54.260441][ T3539] RIP: 0033:0x7f3de5703fb9
[   54.264839][ T3539] Code: Unable to access opcode bytes at 0x7f3de5703f8f.
[   54.271836][ T3539] RSP: 002b:00007fff565e0028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   54.280236][ T3539] RAX: ffffffffffffffda RBX: 00007f3de57983f0 RCX: 00007f3de5703fb9
[   54.288283][ T3539] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   54.296325][ T3539] RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 0000000000000000
[   54.304284][ T3539] R10: 0000000000000022 R11: 0000000000000246 R12: 00007f3de57983f0
[   54.312348][ T3539] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[   54.320345][ T3539]  </TASK>
[   54.323354][ T3539] 
[   54.325662][ T3539] The buggy address belongs to the physical page:
[   54.332067][ T3539] page:ffffea0001c4e040 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x71381
[   54.342215][ T3539] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   54.349320][ T3539] raw: 00fff00000000000 ffffea0001c4e088 ffffea0001c11848 0000000000000000
[   54.357891][ T3539] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[   54.366537][ T3539] page dumped because: kasan: bad access detected
[   54.372926][ T3539] page_owner tracks the page as freed
[   54.378423][ T3539] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO), pid 3533, tgid 3533 (sshd), ts 48358938045, free_ts 48378151982
[   54.396644][ T3539]  post_alloc_hook+0x18d/0x1b0
[   54.401402][ T3539]  get_page_from_freelist+0x32ed/0x3480
[   54.407019][ T3539]  __alloc_pages+0x28d/0x770
[   54.411605][ T3539]  __folio_alloc+0xf/0x30
[   54.415917][ T3539]  vma_alloc_folio+0x486/0x990
[   54.420668][ T3539]  handle_mm_fault+0x2e85/0x5330
[   54.425590][ T3539]  exc_page_fault+0x58d/0x790
[   54.430255][ T3539]  asm_exc_page_fault+0x22/0x30
[   54.435092][ T3539] page last free stack trace:
[   54.439742][ T3539]  free_unref_page_prepare+0xf63/0x1120
[   54.445283][ T3539]  free_unref_page_list+0x107/0x810
[   54.450466][ T3539]  release_pages+0x2836/0x2b40
[   54.455222][ T3539]  tlb_flush_mmu+0xfc/0x210
[   54.459722][ T3539]  tlb_finish_mmu+0xce/0x1f0
[   54.464298][ T3539]  unmap_region+0x29f/0x2f0
[   54.468787][ T3539]  do_mas_align_munmap+0xe98/0x15e0
[   54.473973][ T3539]  do_mas_munmap+0x246/0x2b0
[   54.478550][ T3539]  __vm_munmap+0x268/0x370
[   54.482951][ T3539]  __x64_sys_munmap+0x5c/0x70
[   54.487615][ T3539]  do_syscall_64+0x3d/0xb0
[   54.492016][ T3539]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   54.497896][ T3539] 
[   54.500201][ T3539] Memory state around the buggy address:
[   54.505812][ T3539]  ffff888071380f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   54.513855][ T3539]  ffff888071380f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   54.521897][ T3539] >ffff888071381000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   54.529936][ T3539]                    ^
[   54.533983][ T3539]  ffff888071381080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   54.542027][ T3539]  ffff888071381100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   54.550066][ T3539] ==================================================================
[   54.565860][ T3539] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   54.573074][ T3539] CPU: 0 PID: 3539 Comm: syz-executor118 Not tainted 6.1.31-syzkaller #0
[   54.581562][ T3539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[   54.591888][ T3539] Call Trace:
[   54.595162][ T3539]  <TASK>
[   54.598115][ T3539]  dump_stack_lvl+0x1e3/0x2cb
[   54.602778][ T3539]  ? nf_tcp_handle_invalid+0x642/0x642
[   54.608220][ T3539]  ? panic+0x75d/0x75d
[   54.612271][ T3539]  ? preempt_schedule_common+0xa6/0xd0
[   54.617711][ T3539]  ? vscnprintf+0x59/0x80
[   54.622048][ T3539]  panic+0x318/0x75d
[   54.625928][ T3539]  ? check_panic_on_warn+0x1d/0xa0
[   54.631021][ T3539]  ? memcpy_page_flushcache+0xfc/0xfc
[   54.636381][ T3539]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[   54.642344][ T3539]  ? _raw_spin_unlock+0x40/0x40
[   54.647263][ T3539]  ? print_report+0x4a3/0x4f0
[   54.651921][ T3539]  check_panic_on_warn+0x7e/0xa0
[   54.656839][ T3539]  ? crc_itu_t+0x1d1/0x2a0
[   54.661235][ T3539]  end_report+0x66/0x110
[   54.665488][ T3539]  kasan_report+0x143/0x160
[   54.669983][ T3539]  ? crc_itu_t+0x1d1/0x2a0
[   54.674393][ T3539]  crc_itu_t+0x1d1/0x2a0
[   54.678625][ T3539]  udf_sync_fs+0x1ce/0x380
[   54.683029][ T3539]  ? udf_put_super+0x160/0x160
[   54.687778][ T3539]  ? get_nr_dirty_inodes+0x2ab/0x2e0
[   54.693052][ T3539]  sync_filesystem+0xe8/0x220
[   54.697722][ T3539]  generic_shutdown_super+0x6b/0x340
[   54.702992][ T3539]  kill_block_super+0x7a/0xe0
[   54.707657][ T3539]  deactivate_locked_super+0xa0/0x110
[   54.713016][ T3539]  cleanup_mnt+0x490/0x520
[   54.717421][ T3539]  ? lockdep_hardirqs_on+0x94/0x130
[   54.722609][ T3539]  task_work_run+0x246/0x300
[   54.727190][ T3539]  ? kasan_quarantine_put+0xd4/0x220
[   54.732467][ T3539]  ? task_work_cancel+0x2b0/0x2b0
[   54.737479][ T3539]  ? kmem_cache_free+0x292/0x510
[   54.742404][ T3539]  ? do_exit+0x6f6/0x2300
[   54.746734][ T3539]  do_exit+0x6fb/0x2300
[   54.750889][ T3539]  ? do_group_exit+0x1f2/0x2b0
[   54.755640][ T3539]  ? put_task_struct+0x80/0x80
[   54.760390][ T3539]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[   54.766441][ T3539]  ? print_irqtrace_events+0x210/0x210
[   54.771885][ T3539]  ? _raw_spin_unlock_irq+0x1f/0x40
[   54.777066][ T3539]  ? lockdep_hardirqs_on+0x94/0x130
[   54.782253][ T3539]  do_group_exit+0x202/0x2b0
[   54.786922][ T3539]  __x64_sys_exit_group+0x3b/0x40
[   54.791936][ T3539]  do_syscall_64+0x3d/0xb0
[   54.796356][ T3539]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   54.802237][ T3539] RIP: 0033:0x7f3de5703fb9
[   54.806656][ T3539] Code: Unable to access opcode bytes at 0x7f3de5703f8f.
[   54.813653][ T3539] RSP: 002b:00007fff565e0028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   54.822060][ T3539] RAX: ffffffffffffffda RBX: 00007f3de57983f0 RCX: 00007f3de5703fb9
[   54.830033][ T3539] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   54.837985][ T3539] RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 0000000000000000
[   54.845939][ T3539] R10: 0000000000000022 R11: 0000000000000246 R12: 00007f3de57983f0
[   54.853891][ T3539] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[   54.861848][ T3539]  </TASK>
[   54.865014][ T3539] Kernel Offset: disabled
[   54.869342][ T3539] Rebooting in 86400 seconds..