Warning: Permanently added '10.128.0.102' (ECDSA) to the list of known hosts.
syzkaller login: [   53.266874][ T3499] chnl_net:caif_netlink_parms(): no params data found
[   53.315431][ T3499] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.322898][ T3499] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.330789][ T3499] device bridge_slave_0 entered promiscuous mode
[   53.339987][ T3499] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.347942][ T3499] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.356024][ T3499] device bridge_slave_1 entered promiscuous mode
[   53.380746][ T3499] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   53.392030][ T3499] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   53.415929][ T3499] team0: Port device team_slave_0 added
[   53.423868][ T3499] team0: Port device team_slave_1 added
[   53.443775][ T3499] batman_adv: batadv0: Adding interface: batadv_slave_0
[   53.450719][ T3499] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   53.477306][ T3499] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   53.489936][ T3499] batman_adv: batadv0: Adding interface: batadv_slave_1
[   53.497135][ T3499] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   53.523309][ T3499] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   53.554599][ T3499] device hsr_slave_0 entered promiscuous mode
[   53.562096][ T3499] device hsr_slave_1 entered promiscuous mode
[   53.655385][ T3499] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   53.666191][ T3499] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   53.675580][ T3499] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   53.685136][ T3499] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   53.706657][ T3499] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.713826][ T3499] bridge0: port 2(bridge_slave_1) entered forwarding state
[   53.721525][ T3499] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.728635][ T3499] bridge0: port 1(bridge_slave_0) entered forwarding state
[   53.776740][ T3499] 8021q: adding VLAN 0 to HW filter on device bond0
[   53.789392][   T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   53.799844][   T25] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.808834][   T25] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.817221][   T25] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   53.830085][ T3499] 8021q: adding VLAN 0 to HW filter on device team0
[   53.841565][ T1067] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   53.850984][ T1067] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.858069][ T1067] bridge0: port 1(bridge_slave_0) entered forwarding state
[   53.869964][ T3506] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   53.878463][ T3506] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.885536][ T3506] bridge0: port 2(bridge_slave_1) entered forwarding state
[   53.903187][ T3506] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   53.913629][ T3506] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   53.925696][ T3505] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   53.939740][ T3499] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   53.950516][ T3499] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   53.964163][ T3506] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   53.973192][ T3506] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   53.982666][ T3506] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   54.000099][ T1067] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   54.008385][ T1067] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   54.020376][ T3499] 8021q: adding VLAN 0 to HW filter on device batadv0
[   54.039462][ T3506] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   54.060018][ T3499] device veth0_vlan entered promiscuous mode
[   54.067506][   T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   54.076477][   T25] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   54.085384][   T25] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   54.098476][ T3499] device veth1_vlan entered promiscuous mode
[   54.116815][   T25] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   54.124959][   T25] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   54.133599][   T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   54.145806][ T3499] device veth0_macvtap entered promiscuous mode
[   54.155242][ T3499] device veth1_macvtap entered promiscuous mode
[   54.170911][ T3499] batman_adv: batadv0: Interface activated: batadv_slave_0
[   54.178595][ T1067] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   54.189252][ T1067] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   54.201035][ T3499] batman_adv: batadv0: Interface activated: batadv_slave_1
[   54.209998][ T1067] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   54.221247][ T3499] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   54.230564][ T3499] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
executing program
[   54.239325][ T3499] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   54.248270][ T3499] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   54.299015][ T3499] loop0: detected capacity change from 0 to 2048
[   54.312487][ T3499] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[   54.507530][ T3499] ==================================================================
[   54.515763][ T3499] BUG: KASAN: use-after-free in udf_close_lvid+0x6a4/0x9a0
[   54.522975][ T3499] Write of size 1 at addr ffff8881417a9cd8 by task syz-executor105/3499
[   54.531288][ T3499] 
[   54.533603][ T3499] CPU: 0 PID: 3499 Comm: syz-executor105 Not tainted 5.15.113-syzkaller #0
[   54.542262][ T3499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[   54.552305][ T3499] Call Trace:
[   54.555572][ T3499]  <TASK>
[   54.558490][ T3499]  dump_stack_lvl+0x1e3/0x2cb
[   54.563165][ T3499]  ? io_uring_drop_tctx_refs+0x19d/0x19d
[   54.568789][ T3499]  ? _printk+0xd1/0x111
[   54.572938][ T3499]  ? __wake_up_klogd+0xcc/0x100
[   54.577783][ T3499]  ? panic+0x84d/0x84d
[   54.581847][ T3499]  ? _raw_spin_lock_irqsave+0xdd/0x120
[   54.587312][ T3499]  print_address_description+0x63/0x3b0
[   54.592852][ T3499]  ? udf_close_lvid+0x6a4/0x9a0
[   54.597803][ T3499]  kasan_report+0x16b/0x1c0
[   54.602315][ T3499]  ? udf_close_lvid+0x6a4/0x9a0
[   54.607178][ T3499]  udf_close_lvid+0x6a4/0x9a0
[   54.611858][ T3499]  ? udf_open_lvid+0x5a0/0x5a0
[   54.616622][ T3499]  ? clear_inode+0x150/0x150
[   54.621216][ T3499]  udf_put_super+0xc9/0x160
[   54.625720][ T3499]  ? udf_free_in_core_inode+0x20/0x20
[   54.631087][ T3499]  generic_shutdown_super+0x136/0x2c0
[   54.636453][ T3499]  kill_block_super+0x7a/0xe0
[   54.641123][ T3499]  deactivate_locked_super+0xa0/0x110
[   54.646487][ T3499]  cleanup_mnt+0x44e/0x500
[   54.650897][ T3499]  ? lockdep_hardirqs_on+0x94/0x130
[   54.656087][ T3499]  task_work_run+0x129/0x1a0
[   54.660671][ T3499]  do_exit+0x6a3/0x2480
[   54.664831][ T3499]  ? put_task_struct+0x80/0x80
[   54.669586][ T3499]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[   54.675568][ T3499]  ? vtime_user_exit+0x2d1/0x400
[   54.680683][ T3499]  do_group_exit+0x144/0x310
[   54.685267][ T3499]  __x64_sys_exit_group+0x3b/0x40
[   54.690289][ T3499]  do_syscall_64+0x3d/0xb0
[   54.694698][ T3499]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   54.700582][ T3499] RIP: 0033:0x7f8a6ac27069
[   54.704988][ T3499] Code: Unable to access opcode bytes at RIP 0x7f8a6ac2703f.
[   54.712335][ T3499] RSP: 002b:00007fff17cc4128 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   54.720825][ T3499] RAX: ffffffffffffffda RBX: 00007f8a6ac9e3f0 RCX: 00007f8a6ac27069
[   54.728785][ T3499] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   54.736744][ T3499] RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 0000000000000140
[   54.744703][ T3499] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8a6ac9e3f0
[   54.752663][ T3499] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[   54.760633][ T3499]  </TASK>
[   54.763638][ T3499] 
[   54.765950][ T3499] The buggy address belongs to the page:
[   54.771684][ T3499] page:ffffea000505ea40 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1417a9
[   54.781907][ T3499] flags: 0x57ff00000000000(node=1|zone=2|lastcpupid=0x7ff)
[   54.789096][ T3499] raw: 057ff00000000000 0000000000000000 ffffffff05050301 0000000000000000
[   54.797666][ T3499] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   54.806241][ T3499] page dumped because: kasan: bad access detected
[   54.812725][ T3499] page_owner tracks the page as freed
[   54.818249][ T3499] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, ts 3880218554, free_ts 19708850541
[   54.836984][ T3499]  get_page_from_freelist+0x322a/0x33c0
[   54.842525][ T3499]  __alloc_pages+0x272/0x700
[   54.847107][ T3499]  alloc_page_interleave+0x22/0x1c0
[   54.852295][ T3499]  new_slab+0xbb/0x4b0
[   54.856352][ T3499]  ___slab_alloc+0x6f6/0xe10
[   54.860929][ T3499]  kmem_cache_alloc_trace+0x1a0/0x290
[   54.866290][ T3499]  kobject_uevent_env+0x283/0x8d0
[   54.871303][ T3499]  tty_register_device_attr+0x582/0x960
[   54.876836][ T3499]  tty_register_driver+0x5f6/0xc50
[   54.881936][ T3499]  vty_init+0x218/0x313
[   54.886076][ T3499]  tty_init+0x134/0x172
[   54.890216][ T3499]  do_one_initcall+0x22b/0x7a0
[   54.894984][ T3499]  do_initcall_level+0x157/0x207
[   54.899905][ T3499]  do_initcalls+0x49/0x86
[   54.904218][ T3499]  kernel_init_freeable+0x43c/0x5c5
[   54.909402][ T3499]  kernel_init+0x19/0x290
[   54.913723][ T3499] page last free stack trace:
[   54.918376][ T3499]  free_unref_page_prepare+0xc34/0xcf0
[   54.923825][ T3499]  free_unref_page+0x95/0x2d0
[   54.928501][ T3499]  __unfreeze_partials+0x1b7/0x210
[   54.933602][ T3499]  put_cpu_partial+0x132/0x1a0
[   54.938351][ T3499]  ___cache_free+0xe3/0x100
[   54.942841][ T3499]  qlist_free_all+0x36/0x90
[   54.947330][ T3499]  kasan_quarantine_reduce+0x162/0x180
[   54.952784][ T3499]  __kasan_slab_alloc+0x2f/0xc0
[   54.957622][ T3499]  slab_post_alloc_hook+0x53/0x380
[   54.962718][ T3499]  kmem_cache_alloc+0xf3/0x280
[   54.967467][ T3499]  getname_flags+0xb8/0x4e0
[   54.971954][ T3499]  do_sys_openat2+0xd2/0x500
[   54.976533][ T3499]  __x64_sys_openat+0x243/0x290
[   54.981367][ T3499]  do_syscall_64+0x3d/0xb0
[   54.985768][ T3499]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   54.991653][ T3499] 
[   54.993967][ T3499] Memory state around the buggy address:
[   54.999579][ T3499]  ffff8881417a9b80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   55.007627][ T3499]  ffff8881417a9c00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   55.015761][ T3499] >ffff8881417a9c80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   55.023806][ T3499]                                                     ^
[   55.030765][ T3499]  ffff8881417a9d00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   55.038809][ T3499]  ffff8881417a9d80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   55.046852][ T3499] ==================================================================
[   55.054893][ T3499] Disabling lock debugging due to kernel taint
[   55.065368][ T3499] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   55.072584][ T3499] CPU: 1 PID: 3499 Comm: syz-executor105 Tainted: G    B             5.15.113-syzkaller #0
[   55.082566][ T3499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[   55.092632][ T3499] Call Trace:
[   55.095901][ T3499]  <TASK>
[   55.098819][ T3499]  dump_stack_lvl+0x1e3/0x2cb
[   55.103494][ T3499]  ? io_uring_drop_tctx_refs+0x19d/0x19d
[   55.109114][ T3499]  ? panic+0x84d/0x84d
[   55.113168][ T3499]  ? rcu_is_watching+0x11/0xa0
[   55.117919][ T3499]  ? preempt_schedule_common+0xa6/0xd0
[   55.123369][ T3499]  panic+0x318/0x84d
[   55.127255][ T3499]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[   55.133395][ T3499]  ? check_panic_on_warn+0x1d/0xa0
[   55.138500][ T3499]  ? fb_is_primary_device+0xcc/0xcc
[   55.143695][ T3499]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[   55.149676][ T3499]  ? _raw_spin_unlock+0x40/0x40
[   55.154520][ T3499]  check_panic_on_warn+0x7e/0xa0
[   55.159544][ T3499]  ? udf_close_lvid+0x6a4/0x9a0
[   55.164389][ T3499]  end_report+0x6d/0xf0
[   55.168542][ T3499]  kasan_report+0x18e/0x1c0
[   55.173033][ T3499]  ? udf_close_lvid+0x6a4/0x9a0
[   55.177876][ T3499]  udf_close_lvid+0x6a4/0x9a0
[   55.182544][ T3499]  ? udf_open_lvid+0x5a0/0x5a0
[   55.187300][ T3499]  ? clear_inode+0x150/0x150
[   55.191891][ T3499]  udf_put_super+0xc9/0x160
[   55.196383][ T3499]  ? udf_free_in_core_inode+0x20/0x20
[   55.201753][ T3499]  generic_shutdown_super+0x136/0x2c0
[   55.207131][ T3499]  kill_block_super+0x7a/0xe0
[   55.211807][ T3499]  deactivate_locked_super+0xa0/0x110
[   55.217180][ T3499]  cleanup_mnt+0x44e/0x500
[   55.221596][ T3499]  ? lockdep_hardirqs_on+0x94/0x130
[   55.226806][ T3499]  task_work_run+0x129/0x1a0
[   55.231460][ T3499]  do_exit+0x6a3/0x2480
[   55.235624][ T3499]  ? put_task_struct+0x80/0x80
[   55.240391][ T3499]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[   55.246373][ T3499]  ? vtime_user_exit+0x2d1/0x400
[   55.251312][ T3499]  do_group_exit+0x144/0x310
[   55.255894][ T3499]  __x64_sys_exit_group+0x3b/0x40
[   55.260908][ T3499]  do_syscall_64+0x3d/0xb0
[   55.265315][ T3499]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   55.271201][ T3499] RIP: 0033:0x7f8a6ac27069
[   55.275606][ T3499] Code: Unable to access opcode bytes at RIP 0x7f8a6ac2703f.
[   55.282959][ T3499] RSP: 002b:00007fff17cc4128 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   55.291360][ T3499] RAX: ffffffffffffffda RBX: 00007f8a6ac9e3f0 RCX: 00007f8a6ac27069
[   55.300361][ T3499] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   55.308322][ T3499] RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 0000000000000140
[   55.316293][ T3499] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8a6ac9e3f0
[   55.324276][ T3499] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[   55.332256][ T3499]  </TASK>
[   55.335518][ T3499] Kernel Offset: disabled
[   55.339846][ T3499] Rebooting in 86400 seconds..