DUID 00:04:d5:34:fd:2d:90:3b:7d:1f:5f:ef:10:3f:c1:8d:8b:e5
forked to background, child pid 3213
[ 28.326967][ T3214] 8021q: adding VLAN 0 to HW filter on device bond0
[ 28.336260][ T3214] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.10.30' (ECDSA) to the list of known hosts.
syzkaller login: [ 55.679974][ T3541] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 55.688528][ T3541] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 55.696268][ T3541] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 55.704119][ T3541] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 55.711518][ T3541] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 55.718909][ T3543] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 55.794461][ T2476] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 55.808886][ T2476] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 55.818799][ T1170] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 55.828654][ T2476] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 55.836732][ T2476] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
executing program
[ 55.845507][ T1170] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 55.868028][ T3539] loop0: detected capacity change from 0 to 2048
[ 55.936081][ T3539] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 56.064304][ T3539] ==================================================================
[ 56.072751][ T3539] BUG: KASAN: use-after-free in crc_itu_t+0x218/0x2a0
[ 56.079537][ T3539] Read of size 1 at addr ffff888071670000 by task syz-executor503/3539
[ 56.087770][ T3539]
[ 56.090076][ T3539] CPU: 1 PID: 3539 Comm: syz-executor503 Not tainted 6.1.31-syzkaller #0
[ 56.098464][ T3539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[ 56.108505][ T3539] Call Trace:
[ 56.112034][ T3539]
[ 56.114947][ T3539] dump_stack_lvl+0x1e3/0x2cb
[ 56.119617][ T3539] ? irq_work_queue+0xc6/0x150
[ 56.124368][ T3539] ? nf_tcp_handle_invalid+0x642/0x642
[ 56.129820][ T3539] ? panic+0x75d/0x75d
[ 56.133880][ T3539] ? _printk+0xd1/0x111
[ 56.138013][ T3539] ? _raw_spin_lock_irqsave+0xac/0x120
[ 56.143452][ T3539] print_report+0x15f/0x4f0
[ 56.147948][ T3539] ? time64_to_tm+0x32d/0x4d0
[ 56.152610][ T3539] ? __virt_addr_valid+0x22b/0x2e0
[ 56.157712][ T3539] ? __phys_addr+0xb6/0x170
[ 56.162202][ T3539] ? crc_itu_t+0x218/0x2a0
[ 56.166627][ T3539] kasan_report+0x136/0x160
[ 56.171133][ T3539] ? crc_itu_t+0x218/0x2a0
[ 56.175542][ T3539] crc_itu_t+0x218/0x2a0
[ 56.179772][ T3539] udf_close_lvid+0x57a/0x9a0
[ 56.184440][ T3539] ? udf_open_lvid+0x5a0/0x5a0
[ 56.189191][ T3539] ? clear_inode+0x150/0x150
[ 56.193767][ T3539] ? module_put+0x15a/0x350
[ 56.198260][ T3539] udf_put_super+0xc9/0x160
[ 56.202759][ T3539] ? udf_free_in_core_inode+0x20/0x20
[ 56.208131][ T3539] generic_shutdown_super+0x130/0x340
[ 56.213494][ T3539] kill_block_super+0x7a/0xe0
[ 56.218159][ T3539] deactivate_locked_super+0xa0/0x110
[ 56.223522][ T3539] cleanup_mnt+0x490/0x520
[ 56.227933][ T3539] ? lockdep_hardirqs_on+0x94/0x130
[ 56.233124][ T3539] task_work_run+0x246/0x300
[ 56.237717][ T3539] ? kasan_quarantine_put+0xd4/0x220
[ 56.242991][ T3539] ? task_work_cancel+0x2b0/0x2b0
[ 56.248005][ T3539] ? kmem_cache_free+0x292/0x510
[ 56.252928][ T3539] ? do_exit+0x6f6/0x2300
[ 56.257250][ T3539] do_exit+0x6fb/0x2300
[ 56.261400][ T3539] ? do_group_exit+0x1f2/0x2b0
[ 56.266159][ T3539] ? put_task_struct+0x80/0x80
[ 56.270914][ T3539] ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[ 56.276881][ T3539] ? print_irqtrace_events+0x210/0x210
[ 56.282326][ T3539] ? _raw_spin_unlock_irq+0x1f/0x40
[ 56.287543][ T3539] ? lockdep_hardirqs_on+0x94/0x130
[ 56.292817][ T3539] do_group_exit+0x202/0x2b0
[ 56.297398][ T3539] __x64_sys_exit_group+0x3b/0x40
[ 56.302410][ T3539] do_syscall_64+0x3d/0xb0
[ 56.306813][ T3539] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 56.312693][ T3539] RIP: 0033:0x7f2762bc4ea9
[ 56.317090][ T3539] Code: Unable to access opcode bytes at 0x7f2762bc4e7f.
[ 56.324086][ T3539] RSP: 002b:00007ffd0d08b538 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 56.332490][ T3539] RAX: ffffffffffffffda RBX: 00007f2762c4a450 RCX: 00007f2762bc4ea9
[ 56.340447][ T3539] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[ 56.348403][ T3539] RBP: 0000000000000001 R08: ffffffffffffffb8 R09: 00007f2762c1c959
[ 56.356360][ T3539] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2762c4a450
[ 56.364316][ T3539] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[ 56.372362][ T3539]
[ 56.375371][ T3539]
[ 56.377678][ T3539] The buggy address belongs to the physical page:
[ 56.384136][ T3539] page:ffffea0001c59c00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x71670
[ 56.394279][ T3539] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 56.401376][ T3539] raw: 00fff00000000000 ffffea0001c59c48 ffffea0001c6abc8 0000000000000000
[ 56.410034][ T3539] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[ 56.418595][ T3539] page dumped because: kasan: bad access detected
[ 56.424986][ T3539] page_owner tracks the page as freed
[ 56.430335][ T3539] page last allocated via order 0, migratetype Movable, gfp_mask 0x8(__GFP_MOVABLE), pid 1, tgid 1 (swapper/0), ts 10388424199, free_ts 11695529804
[ 56.445244][ T3539] post_alloc_hook+0x18d/0x1b0
[ 56.450005][ T3539] split_map_pages+0x246/0x510
[ 56.454751][ T3539] isolate_freepages_range+0x47c/0x4e0
[ 56.460198][ T3539] alloc_contig_range+0x62a/0x990
[ 56.465208][ T3539] alloc_contig_pages+0x3f0/0x4e0
[ 56.470217][ T3539] debug_vm_pgtable_alloc_huge_page+0xb9/0x108
[ 56.476440][ T3539] init_args+0xa7d/0xda4
[ 56.480670][ T3539] debug_vm_pgtable+0xaa/0x46b
[ 56.485420][ T3539] do_one_initcall+0x265/0x8f0
[ 56.490175][ T3539] do_initcall_level+0x157/0x207
[ 56.495095][ T3539] do_initcalls+0x49/0x86
[ 56.499412][ T3539] kernel_init_freeable+0x473/0x61f
[ 56.504604][ T3539] kernel_init+0x19/0x290
[ 56.508965][ T3539] ret_from_fork+0x1f/0x30
[ 56.513375][ T3539] page last free stack trace:
[ 56.518028][ T3539] free_unref_page_prepare+0xf63/0x1120
[ 56.523563][ T3539] free_unref_page+0x98/0x570
[ 56.528229][ T3539] free_contig_range+0x9a/0x150
[ 56.533080][ T3539] destroy_args+0xfe/0x997
[ 56.537595][ T3539] debug_vm_pgtable+0x416/0x46b
[ 56.542446][ T3539] do_one_initcall+0x265/0x8f0
[ 56.547211][ T3539] do_initcall_level+0x157/0x207
[ 56.552138][ T3539] do_initcalls+0x49/0x86
[ 56.556458][ T3539] kernel_init_freeable+0x473/0x61f
[ 56.561644][ T3539] kernel_init+0x19/0x290
[ 56.565965][ T3539] ret_from_fork+0x1f/0x30
[ 56.570367][ T3539]
[ 56.572676][ T3539] Memory state around the buggy address:
[ 56.578283][ T3539] ffff88807166ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 56.586328][ T3539] ffff88807166ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 56.594367][ T3539] >ffff888071670000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 56.603291][ T3539] ^
[ 56.607346][ T3539] ffff888071670080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 56.615389][ T3539] ffff888071670100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 56.623449][ T3539] ==================================================================
[ 56.633414][ T3539] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 56.640646][ T3539] CPU: 1 PID: 3539 Comm: syz-executor503 Not tainted 6.1.31-syzkaller #0
[ 56.649229][ T3539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[ 56.659531][ T3539] Call Trace:
[ 56.662796][ T3539]
[ 56.665712][ T3539] dump_stack_lvl+0x1e3/0x2cb
[ 56.670379][ T3539] ? nf_tcp_handle_invalid+0x642/0x642
[ 56.675825][ T3539] ? panic+0x75d/0x75d
[ 56.679880][ T3539] ? preempt_schedule_common+0xa6/0xd0
[ 56.685328][ T3539] ? vscnprintf+0x59/0x80
[ 56.689650][ T3539] panic+0x318/0x75d
[ 56.693536][ T3539] ? check_panic_on_warn+0x1d/0xa0
[ 56.698645][ T3539] ? memcpy_page_flushcache+0xfc/0xfc
[ 56.704015][ T3539] ? _raw_spin_unlock_irqrestore+0x128/0x130
[ 56.709980][ T3539] ? _raw_spin_unlock+0x40/0x40
[ 56.714816][ T3539] ? print_report+0x4a3/0x4f0
[ 56.719673][ T3539] check_panic_on_warn+0x7e/0xa0
[ 56.724621][ T3539] ? crc_itu_t+0x218/0x2a0
[ 56.729044][ T3539] end_report+0x66/0x110
[ 56.733380][ T3539] kasan_report+0x143/0x160
[ 56.737971][ T3539] ? crc_itu_t+0x218/0x2a0
[ 56.742383][ T3539] crc_itu_t+0x218/0x2a0
[ 56.746662][ T3539] udf_close_lvid+0x57a/0x9a0
[ 56.751505][ T3539] ? udf_open_lvid+0x5a0/0x5a0
[ 56.756345][ T3539] ? clear_inode+0x150/0x150
[ 56.760924][ T3539] ? module_put+0x15a/0x350
[ 56.765678][ T3539] udf_put_super+0xc9/0x160
[ 56.770167][ T3539] ? udf_free_in_core_inode+0x20/0x20
[ 56.775531][ T3539] generic_shutdown_super+0x130/0x340
[ 56.780891][ T3539] kill_block_super+0x7a/0xe0
[ 56.785553][ T3539] deactivate_locked_super+0xa0/0x110
[ 56.790916][ T3539] cleanup_mnt+0x490/0x520
[ 56.795843][ T3539] ? lockdep_hardirqs_on+0x94/0x130
[ 56.801030][ T3539] task_work_run+0x246/0x300
[ 56.805642][ T3539] ? kasan_quarantine_put+0xd4/0x220
[ 56.810924][ T3539] ? task_work_cancel+0x2b0/0x2b0
[ 56.815939][ T3539] ? kmem_cache_free+0x292/0x510
[ 56.820862][ T3539] ? do_exit+0x6f6/0x2300
[ 56.825183][ T3539] do_exit+0x6fb/0x2300
[ 56.829331][ T3539] ? do_group_exit+0x1f2/0x2b0
[ 56.834256][ T3539] ? put_task_struct+0x80/0x80
[ 56.839181][ T3539] ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[ 56.845150][ T3539] ? print_irqtrace_events+0x210/0x210
[ 56.850767][ T3539] ? _raw_spin_unlock_irq+0x1f/0x40
[ 56.856122][ T3539] ? lockdep_hardirqs_on+0x94/0x130
[ 56.861307][ T3539] do_group_exit+0x202/0x2b0
[ 56.865975][ T3539] __x64_sys_exit_group+0x3b/0x40
[ 56.871013][ T3539] do_syscall_64+0x3d/0xb0
[ 56.875447][ T3539] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 56.881353][ T3539] RIP: 0033:0x7f2762bc4ea9
[ 56.885765][ T3539] Code: Unable to access opcode bytes at 0x7f2762bc4e7f.
[ 56.892773][ T3539] RSP: 002b:00007ffd0d08b538 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 56.901359][ T3539] RAX: ffffffffffffffda RBX: 00007f2762c4a450 RCX: 00007f2762bc4ea9
[ 56.909341][ T3539] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[ 56.917301][ T3539] RBP: 0000000000000001 R08: ffffffffffffffb8 R09: 00007f2762c1c959
[ 56.925343][ T3539] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2762c4a450
[ 56.933297][ T3539] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[ 56.941258][ T3539]
[ 56.944321][ T3539] Kernel Offset: disabled
[ 56.948633][ T3539] Rebooting in 86400 seconds..