Warning: Permanently added '[localhost]:3005' (ED25519) to the list of known hosts.
2025/04/10 05:20:44 ignoring optional flag "sandboxArg"="0"
2025/04/10 05:20:45 parsed 1 programs
[ 123.452441][ T5504] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 127.779051][ T1035] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 127.782287][ T1035] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 127.812033][ T3022] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 127.816753][ T3022] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 127.937324][ T5364] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 127.941280][ T5364] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 127.946752][ T5364] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 127.950675][ T5364] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 127.955196][ T5364] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 129.302067][ T5591] chnl_net:caif_netlink_parms(): no params data found
[ 129.362573][ T5591] bridge0: port 1(bridge_slave_0) entered blocking state
[ 129.366114][ T5591] bridge0: port 1(bridge_slave_0) entered disabled state
[ 129.369305][ T5591] bridge_slave_0: entered allmulticast mode
[ 129.373023][ T5591] bridge_slave_0: entered promiscuous mode
[ 129.379334][ T5591] bridge0: port 2(bridge_slave_1) entered blocking state
[ 129.382207][ T5591] bridge0: port 2(bridge_slave_1) entered disabled state
[ 129.386139][ T5591] bridge_slave_1: entered allmulticast mode
[ 129.391722][ T5591] bridge_slave_1: entered promiscuous mode
[ 129.416232][ T5591] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 129.422614][ T5591] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 129.448419][ T5591] team0: Port device team_slave_0 added
[ 129.453069][ T5591] team0: Port device team_slave_1 added
[ 129.475645][ T5591] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 129.478418][ T5591] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 129.490008][ T5591] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 129.498662][ T5591] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 129.501550][ T5591] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 129.512891][ T5591] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 129.548268][ T5591] hsr_slave_0: entered promiscuous mode
[ 129.551135][ T5591] hsr_slave_1: entered promiscuous mode
[ 129.555137][ T5591] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 129.558548][ T5591] Cannot create hsr debugfs directory
[ 129.666390][ T5591] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 129.717014][ T5591] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 129.764924][ T5591] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 129.798101][ T5591] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 129.887803][ T5591] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 129.904510][ T5591] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 129.909884][ T5591] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 129.917335][ T5591] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 129.938342][ T5591] bridge0: port 2(bridge_slave_1) entered blocking state
[ 129.941202][ T5591] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 129.944285][ T5591] bridge0: port 1(bridge_slave_0) entered blocking state
[ 129.947060][ T5591] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 130.007479][ T5591] 8021q: adding VLAN 0 to HW filter on device bond0
[ 130.018912][ T12] bridge0: port 1(bridge_slave_0) entered disabled state
[ 130.025186][ T12] bridge0: port 2(bridge_slave_1) entered disabled state
[ 130.037429][ T5591] 8021q: adding VLAN 0 to HW filter on device team0
[ 130.047089][ T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 130.050045][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 130.060561][ T12] bridge0: port 2(bridge_slave_1) entered blocking state
[ 130.063303][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 130.243490][ T5591] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 130.288471][ T5591] veth0_vlan: entered promiscuous mode
[ 130.298868][ T5591] veth1_vlan: entered promiscuous mode
[ 130.337286][ T5591] veth0_macvtap: entered promiscuous mode
[ 130.343137][ T5591] veth1_macvtap: entered promiscuous mode
[ 130.358556][ T5591] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 130.362999][ T5591] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 130.370174][ T5591] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 130.381655][ T5591] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 130.386755][ T5591] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 130.391883][ T5591] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 130.402710][ T5591] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 130.408484][ T5591] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 130.412055][ T5591] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 130.419981][ T5591] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
2025/04/10 05:20:57 executed programs: 0
[ 130.608617][ T5591] syz-executor (5591) used greatest stack depth: 19032 bytes left
[ 130.630674][ T4674] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 130.637429][ T4674] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 130.640753][ T4674] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 130.646163][ T4674] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 130.650077][ T4674] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 130.841126][ T5606] chnl_net:caif_netlink_parms(): no params data found
[ 130.909711][ T5606] bridge0: port 1(bridge_slave_0) entered blocking state
[ 130.912615][ T5606] bridge0: port 1(bridge_slave_0) entered disabled state
[ 130.916865][ T5606] bridge_slave_0: entered allmulticast mode
[ 130.920449][ T5606] bridge_slave_0: entered promiscuous mode
[ 130.928063][ T5606] bridge0: port 2(bridge_slave_1) entered blocking state
[ 130.931022][ T5606] bridge0: port 2(bridge_slave_1) entered disabled state
[ 130.936647][ T5606] bridge_slave_1: entered allmulticast mode
[ 130.940352][ T5606] bridge_slave_1: entered promiscuous mode
[ 130.976192][ T5606] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 130.982274][ T5606] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 131.009513][ T5606] team0: Port device team_slave_0 added
[ 131.016306][ T5606] team0: Port device team_slave_1 added
[ 131.041669][ T5606] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 131.046275][ T5606] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 131.058296][ T5606] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 131.066618][ T5606] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 131.069423][ T5606] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 131.081892][ T5606] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 131.120370][ T5606] hsr_slave_0: entered promiscuous mode
[ 131.123428][ T5606] hsr_slave_1: entered promiscuous mode
[ 131.129565][ T5606] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 131.136582][ T5606] Cannot create hsr debugfs directory
[ 131.252027][ T5606] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 132.308177][ T5606] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 132.724472][ T4674] Bluetooth: hci0: command tx timeout
[ 133.546441][ T5606] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 133.589531][ T5606] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 133.681313][ T5606] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 133.692363][ T5606] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 133.700444][ T5606] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 133.706907][ T5606] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 133.779696][ T5606] 8021q: adding VLAN 0 to HW filter on device bond0
[ 133.798364][ T5606] 8021q: adding VLAN 0 to HW filter on device team0
[ 133.807247][ T1035] bridge0: port 1(bridge_slave_0) entered blocking state
[ 133.810104][ T1035] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 133.826007][ T1087] bridge0: port 2(bridge_slave_1) entered blocking state
[ 133.828976][ T1087] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 133.995730][ T5606] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 134.037008][ T5606] veth0_vlan: entered promiscuous mode
[ 134.046765][ T5606] veth1_vlan: entered promiscuous mode
[ 134.077867][ T5606] veth0_macvtap: entered promiscuous mode
[ 134.083391][ T5606] veth1_macvtap: entered promiscuous mode
[ 134.106173][ T5606] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 134.110128][ T5606] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 134.116145][ T5606] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 134.120162][ T5606] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 134.126912][ T5606] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 134.137928][ T5606] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 134.142081][ T5606] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 134.147216][ T5606] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 134.151360][ T5606] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 134.159143][ T5606] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 134.172371][ T5606] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 134.177731][ T5606] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 134.181289][ T5606] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 134.186454][ T5606] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 134.262047][ T3022] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 134.276784][ T3022] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 134.306242][ T1087] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 134.309582][ T1087] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 134.660066][ T5621] loop0: detected capacity change from 0 to 32768
[ 134.728374][ T25] audit: type=1800 audit(1744262461.654:2): pid=5621 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.15" name="file1" dev="loop0" ino=4 res=0 errno=0
[ 134.774265][ T5621] loop0: detected capacity change from 32768 to 32736
[ 134.778401][ T5621]
[ 134.779450][ T5621] ======================================================
[ 134.782175][ T5621] WARNING: possible circular locking dependency detected
[ 134.785064][ T5621] 6.15.0-rc1-syzkaller-00065-g3b07108ada81 #0 Not tainted
[ 134.788733][ T5621] ------------------------------------------------------
[ 134.791602][ T5621] syz.0.15/5621 is trying to acquire lock:
[ 134.793905][ T5621] ffffffff90467508 (uevent_sock_mutex){+.+.}-{4:4}, at: kobject_uevent_net_broadcast+0x280/0x580
[ 134.798284][ T5621]
[ 134.798284][ T5621] but task is already holding lock:
[ 134.801495][ T5621] ffff888000c01de8 (&q->q_usage_counter(io)#17){++++}-{0:0}, at: loop_set_status+0x223/0xb20
[ 134.805757][ T5621]
[ 134.805757][ T5621] which lock already depends on the new lock.
[ 134.805757][ T5621]
[ 134.810499][ T5621]
[ 134.810499][ T5621] the existing dependency chain (in reverse order) is:
[ 134.814158][ T5621]
[ 134.814158][ T5621] -> #2 (&q->q_usage_counter(io)#17){++++}-{0:0}:
[ 134.817709][ T5621] lock_acquire+0x116/0x2f0
[ 134.819835][ T5621] blk_alloc_queue+0x542/0x620
[ 134.822082][ T5621] __blk_mq_alloc_disk+0x162/0x380
[ 134.824475][ T5621] loop_add+0x445/0xaf0
[ 134.826335][ T5621] loop_init+0x168/0x220
[ 134.828493][ T5621] do_one_initcall+0x24a/0x940
[ 134.830661][ T5621] do_initcall_level+0x157/0x210
[ 134.832956][ T5621] do_initcalls+0x71/0xd0
[ 134.834950][ T5621] kernel_init_freeable+0x432/0x5d0
[ 134.837292][ T5621] kernel_init+0x1d/0x2b0
[ 134.839266][ T5621] ret_from_fork+0x4b/0x80
[ 134.841351][ T5621] ret_from_fork_asm+0x1a/0x30
[ 134.843667][ T5621]
[ 134.843667][ T5621] -> #1 (fs_reclaim){+.+.}-{0:0}:
[ 134.846275][ T5621] lock_acquire+0x116/0x2f0
[ 134.848300][ T5621] fs_reclaim_acquire+0x88/0x130
[ 134.850540][ T5621] kmem_cache_alloc_node_noprof+0x4e/0x3b0
[ 134.853103][ T5621] __alloc_skb+0x1c2/0x480
[ 134.855168][ T5621] alloc_uevent_skb+0x74/0x230
[ 134.857365][ T5621] kobject_uevent_net_broadcast+0x2fd/0x580
[ 134.859918][ T5621] kobject_uevent_env+0x57d/0x8e0
[ 134.862174][ T5621] kobject_synth_uevent+0x4f4/0xaf0
[ 134.864588][ T5621] bus_uevent_store+0x116/0x170
[ 134.866762][ T5621] kernfs_fop_write_iter+0x398/0x510
[ 134.869147][ T5621] vfs_write+0x70f/0xd10
[ 134.871039][ T5621] ksys_write+0x19d/0x2d0
[ 134.873047][ T5621] do_syscall_64+0xf3/0x230
[ 134.875004][ T5621] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 134.877566][ T5621]
[ 134.877566][ T5621] -> #0 (uevent_sock_mutex){+.+.}-{4:4}:
[ 134.881148][ T5621] validate_chain+0xa69/0x24e0
[ 134.883596][ T5621] __lock_acquire+0xad5/0xd80
[ 134.886056][ T5621] lock_acquire+0x116/0x2f0
[ 134.888404][ T5621] __mutex_lock+0x1a5/0x10c0
[ 134.890780][ T5621] kobject_uevent_net_broadcast+0x280/0x580
[ 134.893607][ T5621] kobject_uevent_env+0x57d/0x8e0
[ 134.895658][ T5621] set_capacity_and_notify+0x269/0x2d0
[ 134.897989][ T5621] loop_set_status+0x4a4/0xb20
[ 134.900102][ T5621] lo_ioctl+0xce1/0x2850
[ 134.902026][ T5621] blkdev_ioctl+0x5df/0x710
[ 134.904079][ T5621] __se_sys_ioctl+0xf1/0x160
[ 134.906124][ T5621] do_syscall_64+0xf3/0x230
[ 134.908075][ T5621] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 134.910649][ T5621]
[ 134.910649][ T5621] other info that might help us debug this:
[ 134.910649][ T5621]
[ 134.914583][ T5621] Chain exists of:
[ 134.914583][ T5621] uevent_sock_mutex --> fs_reclaim --> &q->q_usage_counter(io)#17
[ 134.914583][ T5621]
[ 134.919913][ T5621] Possible unsafe locking scenario:
[ 134.919913][ T5621]
[ 134.923202][ T5621] CPU0 CPU1
[ 134.925887][ T5621] ---- ----
[ 134.928261][ T5621] lock(&q->q_usage_counter(io)#17);
[ 134.930501][ T5621] lock(fs_reclaim);
[ 134.933200][ T5621] lock(&q->q_usage_counter(io)#17);
[ 134.936625][ T5621] lock(uevent_sock_mutex);
[ 134.938956][ T5621]
[ 134.938956][ T5621] *** DEADLOCK ***
[ 134.938956][ T5621]
[ 134.943095][ T5621] 3 locks held by syz.0.15/5621:
[ 134.945556][ T5621] #0: ffff88803441db68 (&lo->lo_mutex){+.+.}-{4:4}, at: loop_set_status+0x2b/0xb20
[ 134.950374][ T5621] #1: ffff888000c01de8 (&q->q_usage_counter(io)#17){++++}-{0:0}, at: loop_set_status+0x223/0xb20
[ 134.955442][ T5621] #2: ffff888000c01e20 (&q->q_usage_counter(queue)#20){+.+.}-{0:0}, at: loop_set_status+0x223/0xb20
[ 134.960448][ T5621]
[ 134.960448][ T5621] stack backtrace:
[ 134.962873][ T5621] CPU: 0 UID: 0 PID: 5621 Comm: syz.0.15 Not tainted 6.15.0-rc1-syzkaller-00065-g3b07108ada81 #0 PREEMPT(full)
[ 134.962888][ T5621] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 134.962895][ T5621] Call Trace:
[ 134.962903][ T5621]
[ 134.962908][ T5621] dump_stack_lvl+0x241/0x360
[ 134.962926][ T5621] ? __pfx_dump_stack_lvl+0x10/0x10
[ 134.962939][ T5621] ? __pfx__printk+0x10/0x10
[ 134.962952][ T5621] ? print_lock+0x171/0x1a0
[ 134.962965][ T5621] print_circular_bug+0x2e1/0x300
[ 134.962979][ T5621] check_noncircular+0x142/0x160
[ 134.962994][ T5621] validate_chain+0xa69/0x24e0
[ 134.963006][ T5621] ? __pfx_number+0x10/0x10
[ 134.963026][ T5621] __lock_acquire+0xad5/0xd80
[ 134.963038][ T5621] lock_acquire+0x116/0x2f0
[ 134.963048][ T5621] ? kobject_uevent_net_broadcast+0x280/0x580
[ 134.963062][ T5621] ? vsnprintf+0x1156/0x1230
[ 134.963076][ T5621] __mutex_lock+0x1a5/0x10c0
[ 134.963089][ T5621] ? kobject_uevent_net_broadcast+0x280/0x580
[ 134.963102][ T5621] ? __pfx_vsnprintf+0x10/0x10
[ 134.963118][ T5621] ? kobject_uevent_net_broadcast+0x280/0x580
[ 134.963132][ T5621] ? __pfx___mutex_lock+0x10/0x10
[ 134.963142][ T5621] ? add_uevent_var+0x291/0x490
[ 134.963157][ T5621] ? kobject_uevent_env+0x503/0x8e0
[ 134.963170][ T5621] ? __pfx_add_uevent_var+0x10/0x10
[ 134.963193][ T5621] kobject_uevent_net_broadcast+0x280/0x580
[ 134.963208][ T5621] kobject_uevent_env+0x57d/0x8e0
[ 134.963224][ T5621] set_capacity_and_notify+0x269/0x2d0
[ 134.963239][ T5621] ? __pfx_set_capacity_and_notify+0x10/0x10
[ 134.963251][ T5621] ? __asan_memcpy+0x40/0x70
[ 134.963262][ T5621] ? loop_set_status_from_info+0x184/0x240
[ 134.963276][ T5621] loop_set_status+0x4a4/0xb20
[ 134.963291][ T5621] lo_ioctl+0xce1/0x2850
[ 134.963304][ T5621] ? kasan_save_track+0x51/0x80
[ 134.963315][ T5621] ? kasan_save_track+0x3f/0x80
[ 134.963324][ T5621] ? kasan_save_free_info+0x40/0x50
[ 134.963332][ T5621] ? __kasan_slab_free+0x59/0x70
[ 134.963343][ T5621] ? kfree+0x198/0x430
[ 134.963355][ T5621] ? __pfx_lo_ioctl+0x10/0x10
[ 134.963366][ T5621] ? vfs_open+0x3b/0x370
[ 134.963378][ T5621] ? path_openat+0x2caf/0x35d0
[ 134.963389][ T5621] ? do_filp_open+0x284/0x4e0
[ 134.963401][ T5621] ? cgroup_rstat_updated+0x144/0xc40
[ 134.963417][ T5621] ? __lock_acquire+0xad5/0xd80
[ 134.963428][ T5621] ? __lock_acquire+0xad5/0xd80
[ 134.963437][ T5621] ? __lock_acquire+0xad5/0xd80
[ 134.963447][ T5621] ? __lock_acquire+0xad5/0xd80
[ 134.963458][ T5621] ? __lock_acquire+0xad5/0xd80
[ 134.963468][ T5621] ? __lock_acquire+0xad5/0xd80
[ 134.963481][ T5621] ? is_bpf_text_address+0x26/0x2a0
[ 134.963493][ T5621] ? is_bpf_text_address+0x288/0x2a0
[ 134.963503][ T5621] ? is_bpf_text_address+0x26/0x2a0
[ 134.963514][ T5621] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 134.963528][ T5621] ? kernel_text_address+0xa7/0xe0
[ 134.963537][ T5621] ? __kernel_text_address+0xd/0x40
[ 134.963546][ T5621] ? unwind_get_return_address+0x4d/0x90
[ 134.963559][ T5621] ? arch_stack_walk+0xff/0x150
[ 134.963574][ T5621] ? stack_trace_save+0x11a/0x1d0
[ 134.963588][ T5621] ? __pfx_stack_trace_save+0x10/0x10
[ 134.963601][ T5621] ? stack_depot_save_flags+0x44/0x940
[ 134.963614][ T5621] ? do_syscall_64+0xf3/0x230
[ 134.963627][ T5621] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 134.963638][ T5621] ? do_vfs_ioctl+0xef8/0x2750
[ 134.963655][ T5621] ? kasan_quarantine_put+0xdc/0x230
[ 134.963665][ T5621] ? lockdep_hardirqs_on+0x9d/0x150
[ 134.963678][ T5621] ? tomoyo_path_number_perm+0x215/0x790
[ 134.963692][ T5621] ? blkdev_common_ioctl+0x1060/0x25a0
[ 134.963705][ T5621] ? __pfx_blkdev_common_ioctl+0x10/0x10
[ 134.963716][ T5621] ? tomoyo_path_number_perm+0x215/0x790
[ 134.963727][ T5621] ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 134.963740][ T5621] ? do_sys_openat2+0x165/0x1d0
[ 134.963755][ T5621] ? __lock_acquire+0xad5/0xd80
[ 134.963769][ T5621] ? file_to_blk_mode+0xcb/0x140
[ 134.963782][ T5621] ? __pfx_lo_ioctl+0x10/0x10
[ 134.963794][ T5621] blkdev_ioctl+0x5df/0x710
[ 134.963806][ T5621] ? __pfx_blkdev_ioctl+0x10/0x10
[ 134.963817][ T5621] ? __pfx_blkdev_ioctl+0x10/0x10
[ 134.963828][ T5621] __se_sys_ioctl+0xf1/0x160
[ 134.963839][ T5621] do_syscall_64+0xf3/0x230
[ 134.963851][ T5621] ? clear_bhb_loop+0x45/0xa0
[ 134.963863][ T5621] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 134.963873][ T5621] RIP: 0033:0x7f125497dff9
[ 134.963883][ T5621] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 134.963892][ T5621] RSP: 002b:00007f1255833038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 134.963904][ T5621] RAX: ffffffffffffffda RBX: 00007f1254b35f80 RCX: 00007f125497dff9
[ 134.963912][ T5621] RDX: 0000000020000100 RSI: 0000000000004c02 RDI: 0000000000000005
[ 134.963919][ T5621] RBP: 00007f12549f0296 R08: 0000000000000000 R09: 0000000000000000
[ 134.963925][ T5621] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 134.963932][ T5621] R13: 0000000000000000 R14: 00007f1254b35f80 R15: 00007fff2e5e1e38
[ 134.963941][ T5621]
[ 135.162939][ T4674] Bluetooth: hci0: command tx timeout
[ 135.183388][ T5622] ERROR: (device loop0): dbAdjCtl: Corrupt dmapctl page
[ 135.183388][ T5622]
[ 135.199249][ T5622] ERROR: (device loop0): remounting filesystem as read-only
[ 135.202248][ T5622] ERROR: (device loop0): dbDiscardAG: -EIO
[ 135.202248][ T5622]
[ 135.211989][ T5621] ERROR: (device loop0): dbAllocBits: leaf page corrupt
[ 135.211989][ T5621]
[ 135.216539][ T5621] ------------[ cut here ]------------
[ 135.218626][ T5621] UBSAN: shift-out-of-bounds in fs/jfs/jfs_dmap.c:3019:55
[ 135.221397][ T5621] shift exponent 32 is too large for 32-bit type 'u32' (aka 'unsigned int')
[ 135.227815][ T5621] CPU: 0 UID: 0 PID: 5621 Comm: syz.0.15 Not tainted 6.15.0-rc1-syzkaller-00065-g3b07108ada81 #0 PREEMPT(full)
[ 135.227826][ T5621] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 135.227832][ T5621] Call Trace:
[ 135.227835][ T5621]
[ 135.227838][ T5621] dump_stack_lvl+0x241/0x360
[ 135.227852][ T5621] ? __pfx_dump_stack_lvl+0x10/0x10
[ 135.227861][ T5621] ? __pfx__printk+0x10/0x10
[ 135.227870][ T5621] ? filemap_get_entry+0x32a/0x3b0
[ 135.227878][ T5621] ? filemap_get_entry+0x125/0x3b0
[ 135.227886][ T5621] __ubsan_handle_shift_out_of_bounds+0x3c8/0x420
[ 135.227898][ T5621] ? lock_metapage+0x3f9/0x4a0
[ 135.227914][ T5621] dbFindBits+0x11a/0x1d0
[ 135.227926][ T5621] dbAllocDmapLev+0x22c/0x4b0
[ 135.227938][ T5621] ? __pfx_dbAllocDmapLev+0x10/0x10
[ 135.227948][ T5621] ? __get_metapage+0x91a/0xdc0
[ 135.227962][ T5621] dbAllocCtl+0x149/0x9b0
[ 135.227972][ T5621] ? rcu_is_watching+0x15/0xb0
[ 135.227981][ T5621] ? lock_release+0x4e/0x3e0
[ 135.227988][ T5621] dbAllocAG+0x2a1/0x1130
[ 135.227996][ T5621] ? __phys_addr+0xba/0x170
[ 135.228004][ T5621] ? __kasan_kmalloc_large+0x8c/0xa0
[ 135.228014][ T5621] ? __pfx_dbAllocAG+0x10/0x10
[ 135.228021][ T5621] ? rcu_is_watching+0x15/0xb0
[ 135.228028][ T5621] ? trace_kmalloc+0x1f/0xd0
[ 135.228051][ T5621] ? dbDiscardAG+0x234/0xa40
[ 135.228061][ T5621] ? down_read+0x813/0xa50
[ 135.228074][ T5621] dbDiscardAG+0x369/0xa40
[ 135.228086][ T5621] ? __pfx_dbDiscardAG+0x10/0x10
[ 135.228097][ T5621] ? __might_fault+0xaa/0x120
[ 135.228111][ T5621] ? rcu_is_watching+0x15/0xb0
[ 135.228120][ T5621] ? __might_fault+0xaa/0x120
[ 135.228129][ T5621] jfs_ioc_trim+0x45c/0x6b0
[ 135.228139][ T5621] jfs_ioctl+0x2e5/0x400
[ 135.228147][ T5621] ? __pfx_jfs_ioctl+0x10/0x10
[ 135.228155][ T5621] ? __pfx_jfs_ioctl+0x10/0x10
[ 135.228163][ T5621] __se_sys_ioctl+0xf1/0x160
[ 135.228171][ T5621] do_syscall_64+0xf3/0x230
[ 135.228179][ T5621] ? clear_bhb_loop+0x45/0xa0
[ 135.228186][ T5621] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 135.228197][ T5621] RIP: 0033:0x7f125497dff9
[ 135.228204][ T5621] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 135.228209][ T5621] RSP: 002b:00007f1255833038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 135.228218][ T5621] RAX: ffffffffffffffda RBX: 00007f1254b35f80 RCX: 00007f125497dff9
[ 135.228223][ T5621] RDX: 00000000200000c0 RSI: 00000000c0185879 RDI: 0000000000000004
[ 135.228227][ T5621] RBP: 00007f12549f0296 R08: 0000000000000000 R09: 0000000000000000
[ 135.228231][ T5621] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 135.228235][ T5621] R13: 0000000000000000 R14: 00007f1254b35f80 R15: 00007fff2e5e1e38
[ 135.228241][ T5621]
[ 135.228244][ T5621] ---[ end trace ]---
[ 135.347595][ T5621] Kernel panic - not syncing: UBSAN: panic_on_warn set ...
[ 135.350366][ T5621] CPU: 0 UID: 0 PID: 5621 Comm: syz.0.15 Not tainted 6.15.0-rc1-syzkaller-00065-g3b07108ada81 #0 PREEMPT(full)
[ 135.354993][ T5621] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 135.359465][ T5621] Call Trace:
[ 135.360834][ T5621]
[ 135.362035][ T5621] dump_stack_lvl+0x241/0x360
[ 135.364190][ T5621] ? __pfx_dump_stack_lvl+0x10/0x10
[ 135.366268][ T5621] ? __pfx__printk+0x10/0x10
[ 135.368199][ T5621] ? vscnprintf+0x5d/0x90
[ 135.369915][ T5621] panic+0x349/0x880
[ 135.371450][ T5621] ? check_panic_on_warn+0x21/0xb0
[ 135.373486][ T5621] ? __pfx_panic+0x10/0x10
[ 135.375257][ T5621] ? _printk+0xd5/0x120
[ 135.376921][ T5621] ? __pfx__printk+0x10/0x10
[ 135.378762][ T5621] ? filemap_get_entry+0x32a/0x3b0
[ 135.380802][ T5621] check_panic_on_warn+0x86/0xb0
[ 135.382811][ T5621] __ubsan_handle_shift_out_of_bounds+0x3e7/0x420
[ 135.385260][ T5621] ? lock_metapage+0x3f9/0x4a0
[ 135.387163][ T5621] dbFindBits+0x11a/0x1d0
[ 135.388905][ T5621] dbAllocDmapLev+0x22c/0x4b0
[ 135.390871][ T5621] ? __pfx_dbAllocDmapLev+0x10/0x10
[ 135.393286][ T5621] ? __get_metapage+0x91a/0xdc0
[ 135.395452][ T5621] dbAllocCtl+0x149/0x9b0
[ 135.397073][ T5621] ? rcu_is_watching+0x15/0xb0
[ 135.398931][ T5621] ? lock_release+0x4e/0x3e0
[ 135.400783][ T5621] dbAllocAG+0x2a1/0x1130
[ 135.402546][ T5621] ? __phys_addr+0xba/0x170
[ 135.404341][ T5621] ? __kasan_kmalloc_large+0x8c/0xa0
[ 135.406321][ T5621] ? __pfx_dbAllocAG+0x10/0x10
[ 135.408227][ T5621] ? rcu_is_watching+0x15/0xb0
[ 135.410194][ T5621] ? trace_kmalloc+0x1f/0xd0
[ 135.412088][ T5621] ? dbDiscardAG+0x234/0xa40
[ 135.413969][ T5621] ? down_read+0x813/0xa50
[ 135.415714][ T5621] dbDiscardAG+0x369/0xa40
[ 135.417532][ T5621] ? __pfx_dbDiscardAG+0x10/0x10
[ 135.419512][ T5621] ? __might_fault+0xaa/0x120
[ 135.421410][ T5621] ? rcu_is_watching+0x15/0xb0
[ 135.423330][ T5621] ? __might_fault+0xaa/0x120
[ 135.425209][ T5621] jfs_ioc_trim+0x45c/0x6b0
[ 135.426959][ T5621] jfs_ioctl+0x2e5/0x400
[ 135.428862][ T5621] ? __pfx_jfs_ioctl+0x10/0x10
[ 135.430764][ T5621] ? __pfx_jfs_ioctl+0x10/0x10
[ 135.432569][ T5621] __se_sys_ioctl+0xf1/0x160
[ 135.434620][ T5621] do_syscall_64+0xf3/0x230
[ 135.436778][ T5621] ? clear_bhb_loop+0x45/0xa0
[ 135.438801][ T5621] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 135.441144][ T5621] RIP: 0033:0x7f125497dff9
[ 135.442902][ T5621] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 135.450192][ T5621] RSP: 002b:00007f1255833038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 135.453472][ T5621] RAX: ffffffffffffffda RBX: 00007f1254b35f80 RCX: 00007f125497dff9
[ 135.456424][ T5621] RDX: 00000000200000c0 RSI: 00000000c0185879 RDI: 0000000000000004
[ 135.459380][ T5621] RBP: 00007f12549f0296 R08: 0000000000000000 R09: 0000000000000000
[ 135.462345][ T5621] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 135.465308][ T5621] R13: 0000000000000000 R14: 00007f1254b35f80 R15: 00007fff2e5e1e38
[ 135.468376][ T5621]
[ 135.469849][ T5621] Kernel Offset: disabled
[ 135.471492][ T5621] Rebooting in 86400 seconds..