DUID 00:04:9a:9b:60:6a:39:26:c8:65:2f:c5:16:4d:58:03:30:c2
forked to background, child pid 3173
[   31.100080][ T3174] 8021q: adding VLAN 0 to HW filter on device bond0
[   31.110843][ T3174] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.7' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   53.248822][ T3499] loop0: detected capacity change from 0 to 2048
[   53.257485][ T3499] =======================================================
[   53.257485][ T3499] WARNING: The mand mount option has been deprecated and
[   53.257485][ T3499]          and is ignored by this kernel. Remove the mand
[   53.257485][ T3499]          option from the mount to silence this warning.
[   53.257485][ T3499] =======================================================
[   53.296105][ T3499] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[   53.308485][ T3499] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[   53.365788][ T3499] ==================================================================
[   53.374019][ T3499] BUG: KASAN: use-after-free in crc_itu_t+0x218/0x2a0
[   53.380828][ T3499] Read of size 1 at addr ffff88807fb5e000 by task syz-executor630/3499
[   53.389087][ T3499] 
[   53.391428][ T3499] CPU: 1 PID: 3499 Comm: syz-executor630 Not tainted 5.15.115-syzkaller #0
[   53.400028][ T3499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[   53.410170][ T3499] Call Trace:
[   53.413447][ T3499]  <TASK>
[   53.416371][ T3499]  dump_stack_lvl+0x1e3/0x2cb
[   53.421051][ T3499]  ? io_uring_drop_tctx_refs+0x19d/0x19d
[   53.426692][ T3499]  ? _printk+0xd1/0x111
[   53.430839][ T3499]  ? __wake_up_klogd+0xcc/0x100
[   53.435683][ T3499]  ? panic+0x84d/0x84d
[   53.439746][ T3499]  ? _raw_spin_lock_irqsave+0xdd/0x120
[   53.445201][ T3499]  print_address_description+0x63/0x3b0
[   53.450747][ T3499]  ? crc_itu_t+0x218/0x2a0
[   53.455155][ T3499]  kasan_report+0x16b/0x1c0
[   53.459652][ T3499]  ? crc_itu_t+0x218/0x2a0
[   53.464056][ T3499]  ? pvclock_gtod_unregister_notifier+0x50/0x50
[   53.470292][ T3499]  crc_itu_t+0x218/0x2a0
[   53.474533][ T3499]  udf_sync_fs+0x1ce/0x380
[   53.478946][ T3499]  ? udf_put_super+0x160/0x160
[   53.483704][ T3499]  ? get_nr_dirty_inodes+0x25f/0x2e0
[   53.489003][ T3499]  sync_filesystem+0xe8/0x220
[   53.493694][ T3499]  generic_shutdown_super+0x6e/0x2c0
[   53.499001][ T3499]  kill_block_super+0x7a/0xe0
[   53.503699][ T3499]  deactivate_locked_super+0xa0/0x110
[   53.509079][ T3499]  cleanup_mnt+0x44e/0x500
[   53.513495][ T3499]  ? lockdep_hardirqs_on+0x94/0x130
[   53.518706][ T3499]  task_work_run+0x129/0x1a0
[   53.523320][ T3499]  do_exit+0x6a3/0x2480
[   53.527494][ T3499]  ? put_task_struct+0x80/0x80
[   53.532278][ T3499]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[   53.538268][ T3499]  ? vtime_user_exit+0x2d1/0x400
[   53.543310][ T3499]  do_group_exit+0x144/0x310
[   53.547903][ T3499]  __x64_sys_exit_group+0x3b/0x40
[   53.552952][ T3499]  do_syscall_64+0x3d/0xb0
[   53.557376][ T3499]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   53.563279][ T3499] RIP: 0033:0x7fc1dddb5bf9
[   53.567700][ T3499] Code: Unable to access opcode bytes at RIP 0x7fc1dddb5bcf.
[   53.575062][ T3499] RSP: 002b:00007ffdd090eb18 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   53.583476][ T3499] RAX: ffffffffffffffda RBX: 00007fc1dde4a330 RCX: 00007fc1dddb5bf9
[   53.591441][ T3499] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   53.599493][ T3499] RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 0000000000000000
[   53.607452][ T3499] R10: 0000000000000022 R11: 0000000000000246 R12: 00007fc1dde4a330
[   53.615413][ T3499] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[   53.623389][ T3499]  </TASK>
[   53.626397][ T3499] 
[   53.628705][ T3499] The buggy address belongs to the page:
[   53.634318][ T3499] page:ffffea0001fed780 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x7fb5e
[   53.644467][ T3499] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   53.651571][ T3499] raw: 00fff00000000000 ffffea0001c3dac8 ffffea0001ff10c8 0000000000000000
[   53.660143][ T3499] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[   53.668705][ T3499] page dumped because: kasan: bad access detected
[   53.675099][ T3499] page_owner tracks the page as freed
[   53.680448][ T3499] page last allocated via order 0, migratetype Movable, gfp_mask 0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), pid 3498, ts 53178460024, free_ts 53190550058
[   53.695983][ T3499]  get_page_from_freelist+0x322a/0x33c0
[   53.701528][ T3499]  __alloc_pages+0x272/0x700
[   53.706106][ T3499]  alloc_pages_vma+0x39a/0x800
[   53.710856][ T3499]  handle_mm_fault+0x2f49/0x5950
[   53.715789][ T3499]  exc_page_fault+0x271/0x740
[   53.720472][ T3499]  asm_exc_page_fault+0x22/0x30
[   53.725312][ T3499] page last free stack trace:
[   53.729971][ T3499]  free_unref_page_prepare+0xc34/0xcf0
[   53.735418][ T3499]  free_unref_page_list+0x1f7/0x8e0
[   53.740612][ T3499]  release_pages+0x1bb9/0x1f40
[   53.745363][ T3499]  tlb_finish_mmu+0x177/0x320
[   53.750029][ T3499]  exit_mmap+0x3cd/0x670
[   53.754260][ T3499]  __mmput+0x112/0x3b0
[   53.758316][ T3499]  exec_mmap+0x543/0x630
[   53.762544][ T3499]  begin_new_exec+0x75d/0xfe0
[   53.767210][ T3499]  load_elf_binary+0x945/0x2750
[   53.772055][ T3499]  bprm_execve+0x8fd/0x17c0
[   53.776542][ T3499]  do_execveat_common+0x583/0x720
[   53.781557][ T3499]  __x64_sys_execve+0x8e/0xa0
[   53.786228][ T3499]  do_syscall_64+0x3d/0xb0
[   53.790633][ T3499]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   53.796527][ T3499] 
[   53.798847][ T3499] Memory state around the buggy address:
[   53.804463][ T3499]  ffff88807fb5df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   53.812512][ T3499]  ffff88807fb5df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   53.820558][ T3499] >ffff88807fb5e000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   53.828774][ T3499]                    ^
[   53.832838][ T3499]  ffff88807fb5e080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   53.840905][ T3499]  ffff88807fb5e100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   53.848964][ T3499] ==================================================================
[   53.857010][ T3499] Disabling lock debugging due to kernel taint
[   53.874036][ T3499] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   53.881258][ T3499] CPU: 0 PID: 3499 Comm: syz-executor630 Tainted: G    B             5.15.115-syzkaller #0
[   53.891226][ T3499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[   53.901282][ T3499] Call Trace:
[   53.904551][ T3499]  <TASK>
[   53.907471][ T3499]  dump_stack_lvl+0x1e3/0x2cb
[   53.912143][ T3499]  ? io_uring_drop_tctx_refs+0x19d/0x19d
[   53.917762][ T3499]  ? panic+0x84d/0x84d
[   53.921818][ T3499]  ? preempt_schedule_common+0xa6/0xd0
[   53.927273][ T3499]  ? preempt_schedule+0xd9/0xe0
[   53.932549][ T3499]  panic+0x318/0x84d
[   53.936434][ T3499]  ? check_panic_on_warn+0x1d/0xa0
[   53.941533][ T3499]  ? fb_is_primary_device+0xcc/0xcc
[   53.946806][ T3499]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[   53.952776][ T3499]  ? _raw_spin_unlock+0x40/0x40
[   53.957611][ T3499]  ? print_memory_metadata+0xe2/0x140
[   53.962974][ T3499]  check_panic_on_warn+0x7e/0xa0
[   53.967901][ T3499]  ? crc_itu_t+0x218/0x2a0
[   53.972307][ T3499]  end_report+0x6d/0xf0
[   53.976454][ T3499]  kasan_report+0x18e/0x1c0
[   53.980948][ T3499]  ? crc_itu_t+0x218/0x2a0
[   53.985350][ T3499]  ? pvclock_gtod_unregister_notifier+0x50/0x50
[   53.991577][ T3499]  crc_itu_t+0x218/0x2a0
[   53.995809][ T3499]  udf_sync_fs+0x1ce/0x380
[   54.000215][ T3499]  ? udf_put_super+0x160/0x160
[   54.004965][ T3499]  ? get_nr_dirty_inodes+0x25f/0x2e0
[   54.010242][ T3499]  sync_filesystem+0xe8/0x220
[   54.015342][ T3499]  generic_shutdown_super+0x6e/0x2c0
[   54.020613][ T3499]  kill_block_super+0x7a/0xe0
[   54.025276][ T3499]  deactivate_locked_super+0xa0/0x110
[   54.030634][ T3499]  cleanup_mnt+0x44e/0x500
[   54.035038][ T3499]  ? lockdep_hardirqs_on+0x94/0x130
[   54.040230][ T3499]  task_work_run+0x129/0x1a0
[   54.044811][ T3499]  do_exit+0x6a3/0x2480
[   54.048956][ T3499]  ? put_task_struct+0x80/0x80
[   54.053709][ T3499]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[   54.059690][ T3499]  ? vtime_user_exit+0x2d1/0x400
[   54.064627][ T3499]  do_group_exit+0x144/0x310
[   54.069206][ T3499]  __x64_sys_exit_group+0x3b/0x40
[   54.074216][ T3499]  do_syscall_64+0x3d/0xb0
[   54.078618][ T3499]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   54.084504][ T3499] RIP: 0033:0x7fc1dddb5bf9
[   54.088905][ T3499] Code: Unable to access opcode bytes at RIP 0x7fc1dddb5bcf.
[   54.096251][ T3499] RSP: 002b:00007ffdd090eb18 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   54.104649][ T3499] RAX: ffffffffffffffda RBX: 00007fc1dde4a330 RCX: 00007fc1dddb5bf9
[   54.112607][ T3499] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   54.120576][ T3499] RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 0000000000000000
[   54.128533][ T3499] R10: 0000000000000022 R11: 0000000000000246 R12: 00007fc1dde4a330
[   54.136492][ T3499] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[   54.144458][ T3499]  </TASK>
[   54.147785][ T3499] Kernel Offset: disabled
[   54.152130][ T3499] Rebooting in 86400 seconds..