DUID 00:04:e6:d8:3e:4c:c1:15:84:42:dc:00:60:8c:e3:5f:26:b4
forked to background, child pid 3209
[   30.497188][ T3210] 8021q: adding VLAN 0 to HW filter on device bond0
[   30.512180][ T3210] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
syzkaller login: [   76.431105][   T14] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.10.30' (ECDSA) to the list of known hosts.
executing program
[  574.500059][ T3661] loop0: detected capacity change from 0 to 2048
[  574.505388][ T3662] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  574.521761][ T3661] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  574.536533][   T27] audit: type=1800 audit(1669653888.344:2): pid=3661 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor416" name="bus" dev="loop0" ino=1367 res=0 errno=0
[  574.602974][ T3660] ==================================================================
[  574.611090][ T3660] BUG: KASAN: use-after-free in crc_itu_t+0x224/0x2b0
[  574.618021][ T3660] Read of size 1 at addr ffff8880794d1000 by task syz-executor416/3660
[  574.626245][ T3660] 
[  574.628554][ T3660] CPU: 0 PID: 3660 Comm: syz-executor416 Not tainted 6.1.0-rc7-syzkaller #0
[  574.637205][ T3660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  574.647245][ T3660] Call Trace:
[  574.650512][ T3660]  <TASK>
[  574.653428][ T3660]  dump_stack_lvl+0x1b1/0x28e
[  574.658131][ T3660]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  574.663575][ T3660]  ? __wake_up_klogd+0xcd/0x100
[  574.668454][ T3660]  ? panic+0x710/0x710
[  574.672547][ T3660]  ? _printk+0xc0/0x100
[  574.676685][ T3660]  ? _raw_spin_lock_irqsave+0x8e/0x100
[  574.682198][ T3660]  print_address_description+0x74/0x340
[  574.687773][ T3660]  print_report+0x107/0x1f0
[  574.692258][ T3660]  ? time64_to_tm+0x329/0x4d0
[  574.696987][ T3660]  ? __virt_addr_valid+0x21b/0x2d0
[  574.702116][ T3660]  ? __phys_addr+0xb5/0x160
[  574.706607][ T3660]  ? crc_itu_t+0x224/0x2b0
[  574.711006][ T3660]  kasan_report+0xcd/0x100
[  574.715405][ T3660]  ? crc_itu_t+0x224/0x2b0
[  574.719807][ T3660]  crc_itu_t+0x224/0x2b0
[  574.724037][ T3660]  udf_sync_fs+0x1bc/0x360
[  574.728461][ T3660]  ? udf_put_super+0x160/0x160
[  574.733232][ T3660]  sync_filesystem+0xe8/0x220
[  574.737945][ T3660]  generic_shutdown_super+0x6b/0x310
[  574.743232][ T3660]  kill_block_super+0x79/0xd0
[  574.747893][ T3660]  deactivate_locked_super+0xa7/0xf0
[  574.753158][ T3660]  cleanup_mnt+0x494/0x520
[  574.757570][ T3660]  ? lockdep_hardirqs_on+0x8d/0x130
[  574.762764][ T3660]  task_work_run+0x243/0x300
[  574.767480][ T3660]  ? task_work_cancel+0x290/0x290
[  574.772489][ T3660]  ? exit_to_user_mode_loop+0x42/0x150
[  574.777964][ T3660]  exit_to_user_mode_loop+0x124/0x150
[  574.783408][ T3660]  exit_to_user_mode_prepare+0xb2/0x140
[  574.788945][ T3660]  syscall_exit_to_user_mode+0x26/0x60
[  574.794389][ T3660]  do_syscall_64+0x49/0xb0
[  574.798788][ T3660]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  574.804676][ T3660] RIP: 0033:0x7f2e7bf7cea7
[  574.809108][ T3660] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  574.828795][ T3660] RSP: 002b:00007ffd5d4249f8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[  574.837191][ T3660] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f2e7bf7cea7
[  574.845145][ T3660] RDX: 00007ffd5d424ab9 RSI: 000000000000000a RDI: 00007ffd5d424ab0
[  574.853104][ T3660] RBP: 00007ffd5d424ab0 R08: 00000000ffffffff R09: 00007ffd5d424890
[  574.861057][ T3660] R10: 0000555555ad7653 R11: 0000000000000202 R12: 00007ffd5d425b20
[  574.869011][ T3660] R13: 0000555555ad75f0 R14: 00007ffd5d424a20 R15: 0000000000000001
[  574.876971][ T3660]  </TASK>
[  574.879973][ T3660] 
[  574.882277][ T3660] The buggy address belongs to the physical page:
[  574.888666][ T3660] page:ffffea0001e53440 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x794d1
[  574.898796][ T3660] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  574.905889][ T3660] raw: 00fff00000000000 ffffea0002ff9088 ffffea0001c45608 0000000000000000
[  574.914453][ T3660] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[  574.923043][ T3660] page dumped because: kasan: bad access detected
[  574.929442][ T3660] page_owner tracks the page as freed
[  574.934885][ T3660] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 3657, tgid 3657 (scp), ts 568874542190, free_ts 568954926800
[  574.951978][ T3660]  get_page_from_freelist+0x742/0x7c0
[  574.957406][ T3660]  __alloc_pages+0x259/0x560
[  574.961987][ T3660]  __folio_alloc+0xf/0x30
[  574.966301][ T3660]  vma_alloc_folio+0x660/0xb60
[  574.971095][ T3660]  wp_page_copy+0x249/0x1610
[  574.975674][ T3660]  handle_mm_fault+0x1e72/0x3630
[  574.980591][ T3660]  do_user_addr_fault+0x69b/0xcb0
[  574.985673][ T3660]  exc_page_fault+0x7a/0x110
[  574.990259][ T3660]  asm_exc_page_fault+0x22/0x30
[  574.995101][ T3660] page last free stack trace:
[  574.999764][ T3660]  free_pcp_prepare+0x80c/0x8f0
[  575.004615][ T3660]  free_unref_page_list+0xb4/0x7b0
[  575.009720][ T3660]  release_pages+0x232a/0x25c0
[  575.014626][ T3660]  tlb_flush_mmu+0x850/0xa70
[  575.019203][ T3660]  tlb_finish_mmu+0xcb/0x200
[  575.023777][ T3660]  exit_mmap+0x275/0x630
[  575.028006][ T3660]  __mmput+0x114/0x3b0
[  575.032091][ T3660]  exit_mm+0x1f5/0x2d0
[  575.036164][ T3660]  do_exit+0x5e7/0x2070
[  575.040305][ T3660]  do_group_exit+0x1fd/0x2b0
[  575.044880][ T3660]  __x64_sys_exit_group+0x3b/0x40
[  575.049887][ T3660]  do_syscall_64+0x3d/0xb0
[  575.054291][ T3660]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  575.060178][ T3660] 
[  575.062488][ T3660] Memory state around the buggy address:
[  575.068107][ T3660]  ffff8880794d0f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  575.076149][ T3660]  ffff8880794d0f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  575.084193][ T3660] >ffff8880794d1000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  575.092294][ T3660]                    ^
[  575.096338][ T3660]  ffff8880794d1080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  575.104381][ T3660]  ffff8880794d1100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  575.112421][ T3660] ==================================================================
[  575.120912][ T3660] Kernel panic - not syncing: panic_on_warn set ...
[  575.127514][ T3660] CPU: 1 PID: 3660 Comm: syz-executor416 Not tainted 6.1.0-rc7-syzkaller #0
[  575.136197][ T3660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  575.146249][ T3660] Call Trace:
[  575.149524][ T3660]  <TASK>
[  575.152452][ T3660]  dump_stack_lvl+0x1b1/0x28e
[  575.157127][ T3660]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  575.162595][ T3660]  ? panic+0x710/0x710
[  575.166656][ T3660]  ? preempt_schedule_common+0xb7/0xe0
[  575.172111][ T3660]  ? vscnprintf+0x59/0x80
[  575.176436][ T3660]  panic+0x2d6/0x710
[  575.180337][ T3660]  ? memcpy_page_flushcache+0xfc/0xfc
[  575.185705][ T3660]  ? _raw_spin_unlock_irqrestore+0x110/0x120
[  575.191685][ T3660]  ? print_report+0x1b4/0x1f0
[  575.196366][ T3660]  ? crc_itu_t+0x224/0x2b0
[  575.200776][ T3660]  end_report+0x91/0xa0
[  575.205008][ T3660]  kasan_report+0xda/0x100
[  575.209420][ T3660]  ? crc_itu_t+0x224/0x2b0
[  575.213831][ T3660]  crc_itu_t+0x224/0x2b0
[  575.218080][ T3660]  udf_sync_fs+0x1bc/0x360
[  575.222494][ T3660]  ? udf_put_super+0x160/0x160
[  575.227259][ T3660]  sync_filesystem+0xe8/0x220
[  575.231935][ T3660]  generic_shutdown_super+0x6b/0x310
[  575.237219][ T3660]  kill_block_super+0x79/0xd0
[  575.241894][ T3660]  deactivate_locked_super+0xa7/0xf0
[  575.247173][ T3660]  cleanup_mnt+0x494/0x520
[  575.251582][ T3660]  ? lockdep_hardirqs_on+0x8d/0x130
[  575.256775][ T3660]  task_work_run+0x243/0x300
[  575.261370][ T3660]  ? task_work_cancel+0x290/0x290
[  575.266393][ T3660]  ? exit_to_user_mode_loop+0x42/0x150
[  575.271849][ T3660]  exit_to_user_mode_loop+0x124/0x150
[  575.277216][ T3660]  exit_to_user_mode_prepare+0xb2/0x140
[  575.282762][ T3660]  syscall_exit_to_user_mode+0x26/0x60
[  575.288221][ T3660]  do_syscall_64+0x49/0xb0
[  575.292632][ T3660]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  575.298518][ T3660] RIP: 0033:0x7f2e7bf7cea7
[  575.302942][ T3660] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  575.322540][ T3660] RSP: 002b:00007ffd5d4249f8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[  575.330948][ T3660] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f2e7bf7cea7
[  575.338914][ T3660] RDX: 00007ffd5d424ab9 RSI: 000000000000000a RDI: 00007ffd5d424ab0
[  575.346878][ T3660] RBP: 00007ffd5d424ab0 R08: 00000000ffffffff R09: 00007ffd5d424890
[  575.354930][ T3660] R10: 0000555555ad7653 R11: 0000000000000202 R12: 00007ffd5d425b20
[  575.362983][ T3660] R13: 0000555555ad75f0 R14: 00007ffd5d424a20 R15: 0000000000000001
[  575.370952][ T3660]  </TASK>
[  575.374182][ T3660] Kernel Offset: disabled
[  575.378533][ T3660] Rebooting in 86400 seconds..