DUID 00:04:9a:9b:60:6a:39:26:c8:65:2f:c5:16:4d:58:03:30:c2
forked to background, child pid 3173
[   28.812855][ T3174] 8021q: adding VLAN 0 to HW filter on device bond0
[   28.829233][ T3174] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.1.130' (ECDSA) to the list of known hosts.
Setting up swapspace version 1, size = 127995904 bytes
executing program
syzkaller login: [   52.330751][ T3499] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k FS
[   52.395455][ T3503] loop0: detected capacity change from 0 to 2048
[   52.405692][ T3503] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[   52.416840][ T3503] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[   52.427828][ T3503] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[   52.438398][ T3503] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found
[   52.446109][ T3503] UDF-fs: Scanning with blocksize 512 failed
[   52.455259][ T3503] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[   52.565409][ T3503] ==================================================================
[   52.573633][ T3503] BUG: KASAN: use-after-free in crc_itu_t+0x218/0x2a0
[   52.580434][ T3503] Read of size 1 at addr ffff88807c5d2000 by task syz-executor172/3503
[   52.588669][ T3503] 
[   52.590991][ T3503] CPU: 1 PID: 3503 Comm: syz-executor172 Not tainted 5.15.117-syzkaller #0
[   52.599562][ T3503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[   52.609608][ T3503] Call Trace:
[   52.612876][ T3503]  <TASK>
[   52.615797][ T3503]  dump_stack_lvl+0x1e3/0x2cb
[   52.620471][ T3503]  ? io_uring_drop_tctx_refs+0x19d/0x19d
[   52.626102][ T3503]  ? _printk+0xd1/0x111
[   52.630249][ T3503]  ? __wake_up_klogd+0xcc/0x100
[   52.635088][ T3503]  ? panic+0x84d/0x84d
[   52.639143][ T3503]  ? _raw_spin_lock_irqsave+0xdd/0x120
[   52.644681][ T3503]  print_address_description+0x63/0x3b0
[   52.650219][ T3503]  ? crc_itu_t+0x218/0x2a0
[   52.654623][ T3503]  kasan_report+0x16b/0x1c0
[   52.659121][ T3503]  ? crc_itu_t+0x218/0x2a0
[   52.663525][ T3503]  ? pvclock_gtod_unregister_notifier+0x50/0x50
[   52.669793][ T3503]  crc_itu_t+0x218/0x2a0
[   52.674032][ T3503]  udf_sync_fs+0x1ce/0x380
[   52.678448][ T3503]  ? udf_put_super+0x160/0x160
[   52.683204][ T3503]  ? get_nr_dirty_inodes+0x25f/0x2e0
[   52.688484][ T3503]  sync_filesystem+0xe8/0x220
[   52.693152][ T3503]  generic_shutdown_super+0x6e/0x2c0
[   52.698432][ T3503]  kill_block_super+0x7a/0xe0
[   52.703102][ T3503]  deactivate_locked_super+0xa0/0x110
[   52.708469][ T3503]  cleanup_mnt+0x44e/0x500
[   52.712878][ T3503]  ? lockdep_hardirqs_on+0x94/0x130
[   52.718184][ T3503]  task_work_run+0x129/0x1a0
[   52.722770][ T3503]  do_exit+0x6a3/0x2480
[   52.726923][ T3503]  ? put_task_struct+0x80/0x80
[   52.731690][ T3503]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[   52.737665][ T3503]  ? vtime_user_exit+0x2d1/0x400
[   52.742596][ T3503]  do_group_exit+0x144/0x310
[   52.747182][ T3503]  __x64_sys_exit_group+0x3b/0x40
[   52.752197][ T3503]  do_syscall_64+0x3d/0xb0
[   52.756604][ T3503]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   52.762486][ T3503] RIP: 0033:0x7f72a51c0c59
[   52.766890][ T3503] Code: Unable to access opcode bytes at RIP 0x7f72a51c0c2f.
[   52.774245][ T3503] RSP: 002b:00007ffdecef4878 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   52.782647][ T3503] RAX: ffffffffffffffda RBX: 00007f72a525a410 RCX: 00007f72a51c0c59
[   52.790617][ T3503] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   52.798579][ T3503] RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 0000000000000000
[   52.806543][ T3503] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f72a525a410
[   52.814515][ T3503] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[   52.822486][ T3503]  </TASK>
[   52.825491][ T3503] 
[   52.827800][ T3503] The buggy address belongs to the page:
[   52.833411][ T3503] page:ffffea0001f17480 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x7c5d2
[   52.843562][ T3503] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   52.850697][ T3503] raw: 00fff00000000000 ffffea0001c5eb08 ffffea0001ca9048 0000000000000000
[   52.859296][ T3503] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[   52.867874][ T3503] page dumped because: kasan: bad access detected
[   52.874275][ T3503] page_owner tracks the page as freed
[   52.879626][ T3503] page last allocated via order 0, migratetype Movable, gfp_mask 0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), pid 3356, ts 42948810914, free_ts 43082729309
[   52.895151][ T3503]  get_page_from_freelist+0x322a/0x33c0
[   52.900691][ T3503]  __alloc_pages+0x272/0x700
[   52.905275][ T3503]  alloc_pages_vma+0x39a/0x800
[   52.910031][ T3503]  handle_mm_fault+0x2f49/0x5950
[   52.914964][ T3503]  exc_page_fault+0x271/0x740
[   52.919631][ T3503]  asm_exc_page_fault+0x22/0x30
[   52.924469][ T3503] page last free stack trace:
[   52.929128][ T3503]  free_unref_page_prepare+0xc34/0xcf0
[   52.934577][ T3503]  free_unref_page_list+0x1f7/0x8e0
[   52.939767][ T3503]  release_pages+0x1bb9/0x1f40
[   52.944518][ T3503]  tlb_finish_mmu+0x177/0x320
[   52.949183][ T3503]  unmap_region+0x304/0x350
[   52.953674][ T3503]  __do_munmap+0x12db/0x1740
[   52.958254][ T3503]  __vm_munmap+0x134/0x230
[   52.962656][ T3503]  __x64_sys_munmap+0x67/0x70
[   52.967320][ T3503]  do_syscall_64+0x3d/0xb0
[   52.971726][ T3503]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   52.977609][ T3503] 
[   52.979920][ T3503] Memory state around the buggy address:
[   52.985536][ T3503]  ffff88807c5d1f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   52.993589][ T3503]  ffff88807c5d1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   53.001644][ T3503] >ffff88807c5d2000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   53.009688][ T3503]                    ^
[   53.013739][ T3503]  ffff88807c5d2080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   53.021788][ T3503]  ffff88807c5d2100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   53.029831][ T3503] ==================================================================
[   53.037892][ T3503] Disabling lock debugging due to kernel taint
[   53.044807][ T3503] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   53.052128][ T3503] CPU: 1 PID: 3503 Comm: syz-executor172 Tainted: G    B             5.15.117-syzkaller #0
[   53.062123][ T3503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[   53.072179][ T3503] Call Trace:
[   53.075456][ T3503]  <TASK>
[   53.078559][ T3503]  dump_stack_lvl+0x1e3/0x2cb
[   53.083329][ T3503]  ? io_uring_drop_tctx_refs+0x19d/0x19d
[   53.089121][ T3503]  ? panic+0x84d/0x84d
[   53.093197][ T3503]  ? preempt_schedule_common+0xa6/0xd0
[   53.098649][ T3503]  ? preempt_schedule+0xd9/0xe0
[   53.103497][ T3503]  panic+0x318/0x84d
[   53.107393][ T3503]  ? check_panic_on_warn+0x1d/0xa0
[   53.112496][ T3503]  ? fb_is_primary_device+0xcc/0xcc
[   53.117683][ T3503]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[   53.123653][ T3503]  ? _raw_spin_unlock+0x40/0x40
[   53.128489][ T3503]  ? print_memory_metadata+0xe2/0x140
[   53.133852][ T3503]  check_panic_on_warn+0x7e/0xa0
[   53.138777][ T3503]  ? crc_itu_t+0x218/0x2a0
[   53.143177][ T3503]  end_report+0x6d/0xf0
[   53.147320][ T3503]  kasan_report+0x18e/0x1c0
[   53.151811][ T3503]  ? crc_itu_t+0x218/0x2a0
[   53.156220][ T3503]  ? pvclock_gtod_unregister_notifier+0x50/0x50
[   53.162476][ T3503]  crc_itu_t+0x218/0x2a0
[   53.166722][ T3503]  udf_sync_fs+0x1ce/0x380
[   53.171137][ T3503]  ? udf_put_super+0x160/0x160
[   53.175888][ T3503]  ? get_nr_dirty_inodes+0x25f/0x2e0
[   53.181163][ T3503]  sync_filesystem+0xe8/0x220
[   53.185826][ T3503]  generic_shutdown_super+0x6e/0x2c0
[   53.191101][ T3503]  kill_block_super+0x7a/0xe0
[   53.195767][ T3503]  deactivate_locked_super+0xa0/0x110
[   53.201130][ T3503]  cleanup_mnt+0x44e/0x500
[   53.205537][ T3503]  ? lockdep_hardirqs_on+0x94/0x130
[   53.210723][ T3503]  task_work_run+0x129/0x1a0
[   53.215302][ T3503]  do_exit+0x6a3/0x2480
[   53.219448][ T3503]  ? put_task_struct+0x80/0x80
[   53.224198][ T3503]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[   53.230171][ T3503]  ? vtime_user_exit+0x2d1/0x400
[   53.235097][ T3503]  do_group_exit+0x144/0x310
[   53.239679][ T3503]  __x64_sys_exit_group+0x3b/0x40
[   53.244691][ T3503]  do_syscall_64+0x3d/0xb0
[   53.249094][ T3503]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   53.254979][ T3503] RIP: 0033:0x7f72a51c0c59
[   53.259379][ T3503] Code: Unable to access opcode bytes at RIP 0x7f72a51c0c2f.
[   53.266734][ T3503] RSP: 002b:00007ffdecef4878 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   53.275158][ T3503] RAX: ffffffffffffffda RBX: 00007f72a525a410 RCX: 00007f72a51c0c59
[   53.283123][ T3503] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   53.291083][ T3503] RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 0000000000000000
[   53.299039][ T3503] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f72a525a410
[   53.306999][ T3503] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[   53.314961][ T3503]  </TASK>
[   53.318248][ T3503] Kernel Offset: disabled
[   53.322566][ T3503] Rebooting in 86400 seconds..