DUID 00:04:1b:4d:40:85:b1:6b:61:74:2c:72:11:ce:21:17:3d:97
forked to background, child pid 3172
[   23.077998][ T3173] 8021q: adding VLAN 0 to HW filter on device bond0
[   23.087522][ T3173] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.70' (ECDSA) to the list of known hosts.
syzkaller login: [   46.494234][ T3498] chnl_net:caif_netlink_parms(): no params data found
[   46.536260][ T3498] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.543870][ T3498] bridge0: port 1(bridge_slave_0) entered disabled state
[   46.551811][ T3498] device bridge_slave_0 entered promiscuous mode
[   46.561396][ T3498] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.569035][ T3498] bridge0: port 2(bridge_slave_1) entered disabled state
[   46.576769][ T3498] device bridge_slave_1 entered promiscuous mode
[   46.597457][ T3498] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   46.609192][ T3498] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   46.631935][ T3498] team0: Port device team_slave_0 added
[   46.638857][ T3498] team0: Port device team_slave_1 added
[   46.654651][ T3498] batman_adv: batadv0: Adding interface: batadv_slave_0
[   46.661809][ T3498] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   46.687893][ T3498] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   46.700577][ T3498] batman_adv: batadv0: Adding interface: batadv_slave_1
[   46.707739][ T3498] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   46.733642][ T3498] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   46.759860][ T3498] device hsr_slave_0 entered promiscuous mode
[   46.766420][ T3498] device hsr_slave_1 entered promiscuous mode
[   46.841754][ T3498] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   46.852745][ T3498] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   46.861931][ T3498] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   46.871165][ T3498] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   46.892704][ T3498] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.899980][ T3498] bridge0: port 2(bridge_slave_1) entered forwarding state
[   46.908002][ T3498] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.915047][ T3498] bridge0: port 1(bridge_slave_0) entered forwarding state
[   46.960396][ T3498] 8021q: adding VLAN 0 to HW filter on device bond0
[   46.972331][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   46.983127][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[   46.992446][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[   47.000952][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   47.015297][ T3498] 8021q: adding VLAN 0 to HW filter on device team0
[   47.026023][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   47.034658][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.041760][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[   47.052548][ T3508] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   47.061671][ T3508] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.068749][ T3508] bridge0: port 2(bridge_slave_1) entered forwarding state
[   47.085824][ T1067] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   47.094952][ T1067] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   47.110222][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   47.118928][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   47.131747][ T3508] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   47.141534][ T3498] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   47.155814][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   47.163530][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   47.175785][ T3498] 8021q: adding VLAN 0 to HW filter on device batadv0
[   47.192796][ T3508] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   47.210497][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   47.219197][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   47.226851][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   47.236253][ T3498] device veth0_vlan entered promiscuous mode
[   47.249100][ T3498] device veth1_vlan entered promiscuous mode
[   47.266833][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   47.275384][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   47.283847][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   47.294767][ T3498] device veth0_macvtap entered promiscuous mode
[   47.304332][ T3498] device veth1_macvtap entered promiscuous mode
[   47.320632][ T3498] batman_adv: batadv0: Interface activated: batadv_slave_0
[   47.328257][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   47.337959][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   47.348913][ T3498] batman_adv: batadv0: Interface activated: batadv_slave_1
[   47.357277][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
executing program
[   47.367613][ T3498] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   47.376429][ T3498] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   47.386002][ T3498] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   47.394915][ T3498] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   47.438803][ T3498] loop0: detected capacity change from 0 to 2048
[   47.446451][ T3498] =======================================================
[   47.446451][ T3498] WARNING: The mand mount option has been deprecated and
[   47.446451][ T3498]          and is ignored by this kernel. Remove the mand
[   47.446451][ T3498]          option from the mount to silence this warning.
[   47.446451][ T3498] =======================================================
[   47.485443][ T3498] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[   47.499131][ T3498] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[   47.522028][   T26] audit: type=1800 audit(1686526878.899:2): pid=3498 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor176" name="bus" dev="loop0" ino=1367 res=0 errno=0
[   47.657082][ T3498] ==================================================================
[   47.665293][ T3498] BUG: KASAN: use-after-free in crc_itu_t+0x218/0x2a0
[   47.672116][ T3498] Read of size 1 at addr ffff888072c44000 by task syz-executor176/3498
[   47.680341][ T3498] 
[   47.682649][ T3498] CPU: 0 PID: 3498 Comm: syz-executor176 Not tainted 5.15.116-syzkaller #0
[   47.691210][ T3498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[   47.701265][ T3498] Call Trace:
[   47.704537][ T3498]  <TASK>
[   47.707459][ T3498]  dump_stack_lvl+0x1e3/0x2cb
[   47.712141][ T3498]  ? io_uring_drop_tctx_refs+0x19d/0x19d
[   47.717763][ T3498]  ? _printk+0xd1/0x111
[   47.721910][ T3498]  ? __wake_up_klogd+0xcc/0x100
[   47.726747][ T3498]  ? panic+0x84d/0x84d
[   47.730808][ T3498]  ? _raw_spin_lock_irqsave+0xdd/0x120
[   47.736266][ T3498]  print_address_description+0x63/0x3b0
[   47.741818][ T3498]  ? crc_itu_t+0x218/0x2a0
[   47.746228][ T3498]  kasan_report+0x16b/0x1c0
[   47.750711][ T3498]  ? crc_itu_t+0x218/0x2a0
[   47.755104][ T3498]  crc_itu_t+0x218/0x2a0
[   47.759337][ T3498]  udf_sync_fs+0x1ce/0x380
[   47.763758][ T3498]  ? udf_put_super+0x160/0x160
[   47.768616][ T3498]  ? get_nr_dirty_inodes+0x25f/0x2e0
[   47.773910][ T3498]  sync_filesystem+0xe8/0x220
[   47.778591][ T3498]  generic_shutdown_super+0x6e/0x2c0
[   47.783873][ T3498]  kill_block_super+0x7a/0xe0
[   47.788547][ T3498]  deactivate_locked_super+0xa0/0x110
[   47.793924][ T3498]  cleanup_mnt+0x44e/0x500
[   47.798334][ T3498]  ? lockdep_hardirqs_on+0x94/0x130
[   47.803535][ T3498]  task_work_run+0x129/0x1a0
[   47.808122][ T3498]  do_exit+0x6a3/0x2480
[   47.812271][ T3498]  ? put_task_struct+0x80/0x80
[   47.817016][ T3498]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[   47.822982][ T3498]  ? vtime_user_exit+0x2d1/0x400
[   47.827899][ T3498]  do_group_exit+0x144/0x310
[   47.832468][ T3498]  __x64_sys_exit_group+0x3b/0x40
[   47.837480][ T3498]  do_syscall_64+0x3d/0xb0
[   47.841874][ T3498]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   47.847744][ T3498] RIP: 0033:0x7efc76ecd3d9
[   47.852135][ T3498] Code: Unable to access opcode bytes at RIP 0x7efc76ecd3af.
[   47.859485][ T3498] RSP: 002b:00007ffcee5c4b68 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   47.867899][ T3498] RAX: ffffffffffffffda RBX: 00007efc76f6b450 RCX: 00007efc76ecd3d9
[   47.875862][ T3498] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   47.883962][ T3498] RBP: 0000000000000001 R08: ffffffffffffffb8 R09: 00007ffcee5c4bf0
[   47.891926][ T3498] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc76f6b450
[   47.899887][ T3498] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[   47.907864][ T3498]  </TASK>
[   47.910878][ T3498] 
[   47.913189][ T3498] The buggy address belongs to the page:
[   47.918804][ T3498] page:ffffea0001cb1100 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x72c44
[   47.929021][ T3498] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   47.936114][ T3498] raw: 00fff00000000000 ffffea0001ca2488 ffffea0001cb9b48 0000000000000000
[   47.944672][ T3498] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[   47.953338][ T3498] page dumped because: kasan: bad access detected
[   47.959732][ T3498] page_owner tracks the page as freed
[   47.965086][ T3498] page last allocated via order 0, migratetype Movable, gfp_mask 0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), pid 3354, ts 36740772760, free_ts 36815645841
[   47.980599][ T3498]  get_page_from_freelist+0x322a/0x33c0
[   47.986219][ T3498]  __alloc_pages+0x272/0x700
[   47.990785][ T3498]  alloc_pages_vma+0x39a/0x800
[   47.995524][ T3498]  handle_mm_fault+0x2f49/0x5950
[   48.000434][ T3498]  exc_page_fault+0x271/0x740
[   48.005090][ T3498]  asm_exc_page_fault+0x22/0x30
[   48.009916][ T3498] page last free stack trace:
[   48.014563][ T3498]  free_unref_page_prepare+0xc34/0xcf0
[   48.020008][ T3498]  free_unref_page_list+0x1f7/0x8e0
[   48.025206][ T3498]  release_pages+0x1bb9/0x1f40
[   48.029959][ T3498]  tlb_finish_mmu+0x177/0x320
[   48.034617][ T3498]  unmap_region+0x304/0x350
[   48.039108][ T3498]  __do_munmap+0x12db/0x1740
[   48.043689][ T3498]  __vm_munmap+0x134/0x230
[   48.048105][ T3498]  __x64_sys_munmap+0x67/0x70
[   48.052776][ T3498]  do_syscall_64+0x3d/0xb0
[   48.057186][ T3498]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   48.063070][ T3498] 
[   48.065395][ T3498] Memory state around the buggy address:
[   48.071032][ T3498]  ffff888072c43f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   48.079081][ T3498]  ffff888072c43f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   48.087121][ T3498] >ffff888072c44000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   48.095154][ T3498]                    ^
[   48.099195][ T3498]  ffff888072c44080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   48.107322][ T3498]  ffff888072c44100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   48.115364][ T3498] ==================================================================
[   48.123482][ T3498] Disabling lock debugging due to kernel taint
[   48.133786][ T3498] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   48.141016][ T3498] CPU: 0 PID: 3498 Comm: syz-executor176 Tainted: G    B             5.15.116-syzkaller #0
[   48.150998][ T3498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[   48.161048][ T3498] Call Trace:
[   48.164319][ T3498]  <TASK>
[   48.167231][ T3498]  dump_stack_lvl+0x1e3/0x2cb
[   48.171894][ T3498]  ? io_uring_drop_tctx_refs+0x19d/0x19d
[   48.177504][ T3498]  ? panic+0x84d/0x84d
[   48.181546][ T3498]  ? preempt_schedule_common+0xa6/0xd0
[   48.187065][ T3498]  ? preempt_schedule+0xd9/0xe0
[   48.191898][ T3498]  panic+0x318/0x84d
[   48.195781][ T3498]  ? check_panic_on_warn+0x1d/0xa0
[   48.200889][ T3498]  ? fb_is_primary_device+0xcc/0xcc
[   48.206079][ T3498]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[   48.212048][ T3498]  ? _raw_spin_unlock+0x40/0x40
[   48.216884][ T3498]  ? print_memory_metadata+0xe2/0x140
[   48.222244][ T3498]  check_panic_on_warn+0x7e/0xa0
[   48.227158][ T3498]  ? crc_itu_t+0x218/0x2a0
[   48.231548][ T3498]  end_report+0x6d/0xf0
[   48.235676][ T3498]  kasan_report+0x18e/0x1c0
[   48.240238][ T3498]  ? crc_itu_t+0x218/0x2a0
[   48.244629][ T3498]  crc_itu_t+0x218/0x2a0
[   48.248853][ T3498]  udf_sync_fs+0x1ce/0x380
[   48.253261][ T3498]  ? udf_put_super+0x160/0x160
[   48.258012][ T3498]  ? get_nr_dirty_inodes+0x25f/0x2e0
[   48.263289][ T3498]  sync_filesystem+0xe8/0x220
[   48.267958][ T3498]  generic_shutdown_super+0x6e/0x2c0
[   48.273237][ T3498]  kill_block_super+0x7a/0xe0
[   48.277903][ T3498]  deactivate_locked_super+0xa0/0x110
[   48.283265][ T3498]  cleanup_mnt+0x44e/0x500
[   48.287773][ T3498]  ? lockdep_hardirqs_on+0x94/0x130
[   48.292956][ T3498]  task_work_run+0x129/0x1a0
[   48.297536][ T3498]  do_exit+0x6a3/0x2480
[   48.301828][ T3498]  ? put_task_struct+0x80/0x80
[   48.306590][ T3498]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[   48.312571][ T3498]  ? vtime_user_exit+0x2d1/0x400
[   48.317494][ T3498]  do_group_exit+0x144/0x310
[   48.322083][ T3498]  __x64_sys_exit_group+0x3b/0x40
[   48.327091][ T3498]  do_syscall_64+0x3d/0xb0
[   48.331584][ T3498]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   48.337470][ T3498] RIP: 0033:0x7efc76ecd3d9
[   48.341880][ T3498] Code: Unable to access opcode bytes at RIP 0x7efc76ecd3af.
[   48.349226][ T3498] RSP: 002b:00007ffcee5c4b68 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   48.357743][ T3498] RAX: ffffffffffffffda RBX: 00007efc76f6b450 RCX: 00007efc76ecd3d9
[   48.365719][ T3498] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   48.373677][ T3498] RBP: 0000000000000001 R08: ffffffffffffffb8 R09: 00007ffcee5c4bf0
[   48.381627][ T3498] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc76f6b450
[   48.389574][ T3498] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[   48.397533][ T3498]  </TASK>
[   48.400603][ T3498] Kernel Offset: disabled
[   48.404923][ T3498] Rebooting in 86400 seconds..