Warning: Permanently added '10.128.0.187' (ED25519) to the list of known hosts.
2024/08/15 06:24:51 ignoring optional flag "sandboxArg"="0"
2024/08/15 06:24:51 parsed 1 programs
2024/08/15 06:24:54 executed programs: 0
[ 138.301118][ T5526] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 138.672837][ T5551] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 138.681155][ T5551] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 138.695911][ T5551] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 138.716594][ T5554] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 138.726015][ T5554] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 138.736071][ T5557] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 138.744929][ T5554] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 138.752921][ T5554] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 138.762173][ T5557] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 138.771828][ T5557] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 138.781462][ T5554] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 138.782114][ T5557] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 138.789950][ T5560] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 138.796810][ T5557] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 138.804686][ T5554] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 138.814103][ T5557] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 138.818510][ T5560] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 138.825331][ T5557] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 138.832031][ T5554] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 138.841656][ T5557] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 138.847623][ T5560] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 138.859136][ T5554] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 138.859748][ T5557] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[ 138.868401][ T5554] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[ 138.875394][ T5557] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[ 138.880415][ T5560] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 138.888010][ T5557] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 138.894258][ T5554] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 138.909103][ T5557] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 138.911900][ T5554] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 138.922480][ T5237] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 138.927231][ T5554] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[ 138.954983][ T5554] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 138.962487][ T5554] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 138.972663][ T5548] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[ 138.984517][ T5548] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 140.225176][ T5549] chnl_net:caif_netlink_parms(): no params data found
[ 140.611028][ T5543] chnl_net:caif_netlink_parms(): no params data found
[ 140.626451][ T5541] chnl_net:caif_netlink_parms(): no params data found
[ 140.663525][ T5540] chnl_net:caif_netlink_parms(): no params data found
[ 140.935526][ T5545] chnl_net:caif_netlink_parms(): no params data found
[ 140.973442][ T5549] bridge0: port 1(bridge_slave_0) entered blocking state
[ 140.981069][ T5549] bridge0: port 1(bridge_slave_0) entered disabled state
[ 140.984756][ T5554] Bluetooth: hci1: command tx timeout
[ 140.989815][ T5549] bridge_slave_0: entered allmulticast mode
[ 140.993790][ T54] Bluetooth: hci5: command tx timeout
[ 141.003346][ T5549] bridge_slave_0: entered promiscuous mode
[ 141.064489][ T5554] Bluetooth: hci0: command tx timeout
[ 141.070585][ T5554] Bluetooth: hci2: command tx timeout
[ 141.071861][ T5542] chnl_net:caif_netlink_parms(): no params data found
[ 141.076512][ T54] Bluetooth: hci4: command tx timeout
[ 141.089021][ T5548] Bluetooth: hci3: command tx timeout
[ 141.109928][ T5549] bridge0: port 2(bridge_slave_1) entered blocking state
[ 141.117731][ T5549] bridge0: port 2(bridge_slave_1) entered disabled state
[ 141.125144][ T5549] bridge_slave_1: entered allmulticast mode
[ 141.133333][ T5549] bridge_slave_1: entered promiscuous mode
[ 141.407024][ T5543] bridge0: port 1(bridge_slave_0) entered blocking state
[ 141.415184][ T5543] bridge0: port 1(bridge_slave_0) entered disabled state
[ 141.422448][ T5543] bridge_slave_0: entered allmulticast mode
[ 141.431965][ T5543] bridge_slave_0: entered promiscuous mode
[ 141.443163][ T5543] bridge0: port 2(bridge_slave_1) entered blocking state
[ 141.450530][ T5543] bridge0: port 2(bridge_slave_1) entered disabled state
[ 141.457811][ T5543] bridge_slave_1: entered allmulticast mode
[ 141.466615][ T5543] bridge_slave_1: entered promiscuous mode
[ 141.522341][ T5549] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 141.641445][ T5541] bridge0: port 1(bridge_slave_0) entered blocking state
[ 141.649200][ T5541] bridge0: port 1(bridge_slave_0) entered disabled state
[ 141.656831][ T5541] bridge_slave_0: entered allmulticast mode
[ 141.666858][ T5541] bridge_slave_0: entered promiscuous mode
[ 141.687590][ T5541] bridge0: port 2(bridge_slave_1) entered blocking state
[ 141.695949][ T5541] bridge0: port 2(bridge_slave_1) entered disabled state
[ 141.703259][ T5541] bridge_slave_1: entered allmulticast mode
[ 141.712677][ T5541] bridge_slave_1: entered promiscuous mode
[ 141.734891][ T5549] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 141.769468][ T5540] bridge0: port 1(bridge_slave_0) entered blocking state
[ 141.777000][ T5540] bridge0: port 1(bridge_slave_0) entered disabled state
[ 141.784518][ T5540] bridge_slave_0: entered allmulticast mode
[ 141.793228][ T5540] bridge_slave_0: entered promiscuous mode
[ 141.808674][ T5543] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 141.906565][ T5540] bridge0: port 2(bridge_slave_1) entered blocking state
[ 141.913928][ T5540] bridge0: port 2(bridge_slave_1) entered disabled state
[ 141.922224][ T5540] bridge_slave_1: entered allmulticast mode
[ 141.932216][ T5540] bridge_slave_1: entered promiscuous mode
[ 141.943236][ T5543] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 142.052323][ T5545] bridge0: port 1(bridge_slave_0) entered blocking state
[ 142.060310][ T5545] bridge0: port 1(bridge_slave_0) entered disabled state
[ 142.068718][ T5545] bridge_slave_0: entered allmulticast mode
[ 142.077335][ T5545] bridge_slave_0: entered promiscuous mode
[ 142.095274][ T5549] team0: Port device team_slave_0 added
[ 142.176353][ T5542] bridge0: port 1(bridge_slave_0) entered blocking state
[ 142.183627][ T5542] bridge0: port 1(bridge_slave_0) entered disabled state
[ 142.191667][ T5542] bridge_slave_0: entered allmulticast mode
[ 142.200920][ T5542] bridge_slave_0: entered promiscuous mode
[ 142.238310][ T5541] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 142.277333][ T5541] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 142.288650][ T5545] bridge0: port 2(bridge_slave_1) entered blocking state
[ 142.296098][ T5545] bridge0: port 2(bridge_slave_1) entered disabled state
[ 142.303437][ T5545] bridge_slave_1: entered allmulticast mode
[ 142.313211][ T5545] bridge_slave_1: entered promiscuous mode
[ 142.330368][ T5549] team0: Port device team_slave_1 added
[ 142.376203][ T5543] team0: Port device team_slave_0 added
[ 142.383195][ T5542] bridge0: port 2(bridge_slave_1) entered blocking state
[ 142.391296][ T5542] bridge0: port 2(bridge_slave_1) entered disabled state
[ 142.399099][ T5542] bridge_slave_1: entered allmulticast mode
[ 142.408397][ T5542] bridge_slave_1: entered promiscuous mode
[ 142.491076][ T5540] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 142.508735][ T5540] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 142.520611][ T5543] team0: Port device team_slave_1 added
[ 142.731412][ T5542] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 142.749121][ T5541] team0: Port device team_slave_0 added
[ 142.761903][ T5545] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 142.773181][ T5549] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 142.780952][ T5549] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 142.807280][ T5549] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 142.824382][ T5549] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 142.831423][ T5549] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 142.867470][ T5549] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 142.867925][ T1267] ieee802154 phy0 wpan0: encryption failed: -22
[ 142.885327][ T1267] ieee802154 phy1 wpan1: encryption failed: -22
[ 142.911193][ T5543] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 142.919577][ T5543] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 142.947012][ T5543] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 142.963115][ T5542] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 142.999815][ T5541] team0: Port device team_slave_1 added
[ 143.037639][ T5545] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 143.065036][ T54] Bluetooth: hci5: command tx timeout
[ 143.068473][ T5540] team0: Port device team_slave_0 added
[ 143.076257][ T54] Bluetooth: hci1: command tx timeout
[ 143.084454][ T5543] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 143.091413][ T5543] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 143.118376][ T5543] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 143.146136][ T54] Bluetooth: hci4: command tx timeout
[ 143.151589][ T54] Bluetooth: hci2: command tx timeout
[ 143.157808][ T5554] Bluetooth: hci3: command tx timeout
[ 143.161332][ T54] Bluetooth: hci0: command tx timeout
[ 143.258525][ T5545] team0: Port device team_slave_0 added
[ 143.272575][ T5540] team0: Port device team_slave_1 added
[ 143.320937][ T5542] team0: Port device team_slave_0 added
[ 143.331222][ T5541] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 143.339280][ T5541] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 143.368578][ T5541] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 143.385593][ T5545] team0: Port device team_slave_1 added
[ 143.444553][ T5540] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 143.451537][ T5540] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 143.479380][ T5540] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 143.498464][ T5542] team0: Port device team_slave_1 added
[ 143.506271][ T5541] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 143.513230][ T5541] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 143.540120][ T5541] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 143.654933][ T5540] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 143.661928][ T5540] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 143.689164][ T5540] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 143.822334][ T5545] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 143.829811][ T5545] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 143.858186][ T5545] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 143.908235][ T5543] hsr_slave_0: entered promiscuous mode
[ 143.916065][ T5543] hsr_slave_1: entered promiscuous mode
[ 143.928164][ T5542] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 143.938780][ T5542] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 143.965467][ T5542] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 144.008392][ T5549] hsr_slave_0: entered promiscuous mode
[ 144.016396][ T5549] hsr_slave_1: entered promiscuous mode
[ 144.023115][ T5549] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 144.031457][ T5549] Cannot create hsr debugfs directory
[ 144.067286][ T5545] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 144.074581][ T5545] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 144.100987][ T5545] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 144.129428][ T5542] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 144.136548][ T5542] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 144.163357][ T5542] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 144.186427][ T5541] hsr_slave_0: entered promiscuous mode
[ 144.193618][ T5541] hsr_slave_1: entered promiscuous mode
[ 144.201831][ T5541] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 144.209728][ T5541] Cannot create hsr debugfs directory
[ 144.358227][ T5540] hsr_slave_0: entered promiscuous mode
[ 144.366360][ T5540] hsr_slave_1: entered promiscuous mode
[ 144.373053][ T5540] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 144.382903][ T5540] Cannot create hsr debugfs directory
[ 144.651280][ T5545] hsr_slave_0: entered promiscuous mode
[ 144.660024][ T5545] hsr_slave_1: entered promiscuous mode
[ 144.668228][ T5545] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 144.675899][ T5545] Cannot create hsr debugfs directory
[ 144.725082][ T5542] hsr_slave_0: entered promiscuous mode
[ 144.732485][ T5542] hsr_slave_1: entered promiscuous mode
[ 144.740337][ T5542] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 144.748195][ T5542] Cannot create hsr debugfs directory
[ 145.152921][ T54] Bluetooth: hci1: command tx timeout
[ 145.158614][ T54] Bluetooth: hci5: command tx timeout
[ 145.225067][ T54] Bluetooth: hci0: command tx timeout
[ 145.225198][ T5554] Bluetooth: hci3: command tx timeout
[ 145.230622][ T54] Bluetooth: hci4: command tx timeout
[ 145.236043][ T5548] Bluetooth: hci2: command tx timeout
[ 145.797433][ T5549] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 145.837832][ T5549] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 145.871037][ T5549] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 145.901788][ T5549] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 145.970471][ T5543] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 145.992896][ T5543] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 146.021877][ T5543] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 146.048515][ T5543] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 146.158481][ T5540] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 146.204464][ T5540] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 146.220742][ T5540] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 146.277985][ T5540] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 146.691744][ T5545] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 146.723121][ T5545] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 146.755359][ T5545] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 147.046259][ T5545] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 147.224601][ T5548] Bluetooth: hci5: command tx timeout
[ 147.236531][ T5548] Bluetooth: hci1: command tx timeout
[ 147.306647][ T5548] Bluetooth: hci4: command tx timeout
[ 147.312315][ T5548] Bluetooth: hci0: command tx timeout
[ 147.322430][ T5554] Bluetooth: hci2: command tx timeout
[ 147.324251][ T5237] Bluetooth: hci3: command tx timeout
[ 147.660073][ T5549] 8021q: adding VLAN 0 to HW filter on device bond0
[ 147.936886][ T5549] 8021q: adding VLAN 0 to HW filter on device team0
[ 148.042833][ T1108] bridge0: port 1(bridge_slave_0) entered blocking state
[ 148.050193][ T1108] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 148.123195][ T5540] 8021q: adding VLAN 0 to HW filter on device bond0
[ 148.165331][ T5543] 8021q: adding VLAN 0 to HW filter on device bond0
[ 148.262889][ T1108] bridge0: port 2(bridge_slave_1) entered blocking state
[ 148.270521][ T1108] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 148.299462][ T5542] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 148.319323][ T5542] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 148.341684][ T5542] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 148.423684][ T5542] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 148.582209][ T5545] 8021q: adding VLAN 0 to HW filter on device bond0
[ 148.611157][ T5540] 8021q: adding VLAN 0 to HW filter on device team0
[ 148.699549][ T5543] 8021q: adding VLAN 0 to HW filter on device team0
[ 148.770187][ T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 148.777529][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 148.832425][ T5541] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 148.849542][ T5541] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 148.887408][ T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 148.894859][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 148.956240][ T5545] 8021q: adding VLAN 0 to HW filter on device team0
[ 148.967640][ T5541] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 148.995899][ T5541] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 149.033686][ T12] bridge0: port 2(bridge_slave_1) entered blocking state
[ 149.041047][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 149.101821][ T12] bridge0: port 2(bridge_slave_1) entered blocking state
[ 149.109339][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 149.189236][ T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 149.196664][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 149.402906][ T12] bridge0: port 2(bridge_slave_1) entered blocking state
[ 149.410266][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 150.202767][ T5543] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 150.471065][ T5549] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 150.610474][ T5541] 8021q: adding VLAN 0 to HW filter on device bond0
[ 150.776960][ T5542] 8021q: adding VLAN 0 to HW filter on device bond0
[ 150.882127][ T5541] 8021q: adding VLAN 0 to HW filter on device team0
[ 151.112815][ T5542] 8021q: adding VLAN 0 to HW filter on device team0
[ 151.137810][ T64] bridge0: port 1(bridge_slave_0) entered blocking state
[ 151.145139][ T64] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 151.212505][ T5540] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 151.270166][ T64] bridge0: port 2(bridge_slave_1) entered blocking state
[ 151.277650][ T64] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 151.324985][ T64] bridge0: port 1(bridge_slave_0) entered blocking state
[ 151.332292][ T64] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 151.388240][ T5549] veth0_vlan: entered promiscuous mode
[ 151.459337][ T64] bridge0: port 2(bridge_slave_1) entered blocking state
[ 151.466734][ T64] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 151.531022][ T5549] veth1_vlan: entered promiscuous mode
[ 151.583790][ T5543] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 151.772098][ T5545] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 152.162812][ T5549] veth0_macvtap: entered promiscuous mode
[ 152.293312][ T5549] veth1_macvtap: entered promiscuous mode
[ 152.566545][ T5549] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 152.748166][ T5545] veth0_vlan: entered promiscuous mode
[ 152.837999][ T5549] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 152.905421][ T5549] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 152.923550][ T5549] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 152.944159][ T5549] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 152.968051][ T5549] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 153.025216][ T5540] veth0_vlan: entered promiscuous mode
[ 153.104362][ T5545] veth1_vlan: entered promiscuous mode
[ 153.185366][ T5540] veth1_vlan: entered promiscuous mode
[ 153.382674][ T5541] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 153.726792][ T5545] veth0_macvtap: entered promiscuous mode
[ 153.819790][ T5540] veth0_macvtap: entered promiscuous mode
[ 153.872554][ T5542] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 153.963535][ T5545] veth1_macvtap: entered promiscuous mode
[ 153.977368][ T1108] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 154.009401][ T1108] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 154.031202][ T5543] veth0_vlan: entered promiscuous mode
[ 154.091875][ T5540] veth1_macvtap: entered promiscuous mode
[ 154.376436][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 154.412112][ T5540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 154.414061][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 154.445680][ T5540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 154.467970][ T5540] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 154.488171][ T5545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 154.534379][ T5545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 154.564107][ T5545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 154.585035][ T5545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 154.607206][ T5545] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 154.648643][ T5543] veth1_vlan: entered promiscuous mode
[ 154.728568][ T5540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 154.764532][ T5540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 154.791610][ T5540] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 154.803784][ T5541] veth0_vlan: entered promiscuous mode
[ 154.848099][ T5545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 154.877027][ T5545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 154.908861][ T5545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 154.945092][ T5545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 154.993662][ T5545] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 155.031007][ T5545] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 155.042672][ T5545] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 155.052523][ T5545] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 155.062012][ T5545] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 155.073574][ T5737] loop0: detected capacity change from 0 to 1024
[ 155.111068][ T5737] =======================================================
[ 155.111068][ T5737] WARNING: The mand mount option has been deprecated and
[ 155.111068][ T5737] and is ignored by this kernel. Remove the mand
[ 155.111068][ T5737] option from the mount to silence this warning.
[ 155.111068][ T5737] =======================================================
[ 155.143521][ T5541] veth1_vlan: entered promiscuous mode
[ 155.171156][ T5540] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 155.182927][ T5540] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 155.210130][ T5540] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
2024/08/15 06:25:11 executed programs: 6
[ 155.243563][ T5540] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 155.335892][ T1108] ==================================================================
[ 155.344087][ T1108] BUG: KASAN: slab-out-of-bounds in copy_page_from_iter_atomic+0x8bc/0x1170
[ 155.352872][ T1108] Read of size 2048 at addr ffff88807b4cb000 by task kworker/u8:7/1108
[ 155.359971][ T5543] veth0_macvtap: entered promiscuous mode
[ 155.361158][ T1108]
[ 155.361171][ T1108] CPU: 0 UID: 0 PID: 1108 Comm: kworker/u8:7 Not tainted 6.11.0-rc3-syzkaller-00066-g1fb918967b56 #0
[ 155.377272][ T5543] veth1_macvtap: entered promiscuous mode
[ 155.380028][ T1108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 155.395909][ T1108] Workqueue: loop0 loop_workfn
[ 155.400724][ T1108] Call Trace:
[ 155.404108][ T1108]
[ 155.407053][ T1108] dump_stack_lvl+0x116/0x1f0
[ 155.411988][ T1108] print_report+0xc3/0x620
[ 155.416752][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 155.422859][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 155.428635][ T1108] ? __phys_addr+0xc6/0x150
[ 155.433185][ T1108] kasan_report+0xd9/0x110
[ 155.437654][ T1108] ? copy_page_from_iter_atomic+0x8bc/0x1170
[ 155.443949][ T1108] ? copy_page_from_iter_atomic+0x8bc/0x1170
[ 155.449990][ T1108] kasan_check_range+0xef/0x1a0
[ 155.454874][ T1108] __asan_memcpy+0x23/0x60
[ 155.459326][ T1108] copy_page_from_iter_atomic+0x8bc/0x1170
[ 155.465183][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 155.470846][ T1108] ? __pfx_copy_page_from_iter_atomic+0x10/0x10
[ 155.477130][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 155.482997][ T1108] ? shmem_write_begin+0x16f/0x360
[ 155.488166][ T1108] ? __pfx_shmem_write_begin+0x10/0x10
[ 155.493669][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 155.499346][ T1108] ? lockdep_hardirqs_on+0x7c/0x110
[ 155.504590][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 155.510279][ T1108] ? balance_dirty_pages_ratelimited_flags+0x92/0x1270
[ 155.517350][ T1108] ? ktime_get_coarse_real_ts64+0x147/0x200
[ 155.523332][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 155.529019][ T1108] generic_perform_write+0x53d/0xaa0
[ 155.534366][ T1108] ? __pfx_generic_perform_write+0x10/0x10
[ 155.540420][ T1108] ? __mark_inode_dirty+0x2a6/0xe70
[ 155.545692][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 155.551361][ T1108] ? preempt_count_add+0x76/0x150
[ 155.556460][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 155.562126][ T1108] ? mnt_put_write_access_file+0xc1/0xf0
[ 155.567845][ T1108] shmem_file_write_iter+0x114/0x140
[ 155.573186][ T1108] do_iter_readv_writev+0x534/0x800
[ 155.578417][ T1108] ? __pfx_do_iter_readv_writev+0x10/0x10
[ 155.584177][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 155.589850][ T1108] vfs_iter_write+0x1eb/0x9c0
[ 155.594564][ T1108] loop_process_work+0x14dd/0x2000
[ 155.599736][ T1108] ? __pfx_loop_process_work+0x10/0x10
[ 155.605238][ T1108] ? __pfx_lock_release+0x10/0x10
[ 155.610398][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 155.616082][ T1108] process_one_work+0x9c8/0x1b40
[ 155.621086][ T1108] ? __pfx_batadv_nc_worker+0x10/0x10
[ 155.626729][ T1108] ? __pfx_process_one_work+0x10/0x10
[ 155.632153][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 155.637827][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 155.643490][ T1108] ? assign_work+0x1a0/0x250
[ 155.648134][ T1108] worker_thread+0x6c8/0xf20
[ 155.652815][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 155.658486][ T1108] ? __kthread_parkme+0x148/0x220
[ 155.663550][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 155.669243][ T1108] ? __pfx_worker_thread+0x10/0x10
[ 155.674409][ T1108] kthread+0x2c4/0x3a0
[ 155.678864][ T1108] ? _raw_spin_unlock_irq+0x23/0x50
[ 155.684204][ T1108] ? __pfx_kthread+0x10/0x10
[ 155.688827][ T1108] ret_from_fork+0x48/0x80
[ 155.693298][ T1108] ? __pfx_kthread+0x10/0x10
[ 155.697923][ T1108] ret_from_fork_asm+0x1a/0x30
[ 155.702754][ T1108]
[ 155.705785][ T1108]
[ 155.708110][ T1108] Allocated by task 5737:
[ 155.712453][ T1108] kasan_save_stack+0x33/0x60
[ 155.717168][ T1108] kasan_save_track+0x14/0x30
[ 155.721880][ T1108] __kasan_kmalloc+0xaa/0xb0
[ 155.726505][ T1108] __kmalloc_noprof+0x1e8/0x400
[ 155.731435][ T1108] hfsplus_read_wrapper+0x34c/0xff0
[ 155.736660][ T1108] hfsplus_fill_super+0x352/0x1bc0
[ 155.741831][ T1108] mount_bdev+0x1e6/0x2d0
[ 155.746189][ T1108] legacy_get_tree+0x10c/0x220
[ 155.751003][ T1108] vfs_get_tree+0x92/0x380
[ 155.755441][ T1108] path_mount+0x14e6/0x1f20
[ 155.759991][ T1108] __x64_sys_mount+0x294/0x320
[ 155.764801][ T1108] do_syscall_64+0xcd/0x250
[ 155.769341][ T1108] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 155.775282][ T1108]
[ 155.777605][ T1108] The buggy address belongs to the object at ffff88807b4cb000
[ 155.777605][ T1108] which belongs to the cache kmalloc-512 of size 512
[ 155.791673][ T1108] The buggy address is located 0 bytes inside of
[ 155.791673][ T1108] allocated 512-byte region [ffff88807b4cb000, ffff88807b4cb200)
[ 155.805666][ T1108]
[ 155.807996][ T1108] The buggy address belongs to the physical page:
[ 155.814407][ T1108] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7b4c8
[ 155.823200][ T1108] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 155.831724][ T1108] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 155.839297][ T1108] page_type: 0xfdffffff(slab)
[ 155.843997][ T1108] raw: 00fff00000000040 ffff888015841c80 dead000000000122 0000000000000000
[ 155.852613][ T1108] raw: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000
[ 155.861228][ T1108] head: 00fff00000000040 ffff888015841c80 dead000000000122 0000000000000000
[ 155.870041][ T1108] head: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000
[ 155.878738][ T1108] head: 00fff00000000002 ffffea0001ed3201 ffffffffffffffff 0000000000000000
[ 155.887456][ T1108] head: ffff888000000004 0000000000000000 00000000ffffffff 0000000000000000
[ 155.896399][ T1108] page dumped because: kasan: bad access detected
[ 155.902820][ T1108] page_owner tracks the page as allocated
[ 155.908536][ T1108] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5545, tgid 5545 (syz-executor.3), ts 154810862436, free_ts 153529740197
[ 155.931685][ T1108] post_alloc_hook+0x2d1/0x350
[ 155.936493][ T1108] get_page_from_freelist+0x1351/0x2e50
[ 155.942084][ T1108] __alloc_pages_noprof+0x22b/0x2460
[ 155.947413][ T1108] alloc_slab_page+0x4e/0xf0
[ 155.952027][ T1108] new_slab+0x84/0x260
[ 155.956135][ T1108] ___slab_alloc+0xdac/0x1870
[ 155.960844][ T1108] __slab_alloc.constprop.0+0x56/0xb0
[ 155.966253][ T1108] __kmalloc_noprof+0x367/0x400
[ 155.971138][ T1108] fib6_info_alloc+0x40/0x160
[ 155.975841][ T1108] ip6_route_info_create+0x337/0x1940
[ 155.981252][ T1108] ip6_route_add+0x26/0x190
[ 155.985799][ T1108] addrconf_add_mroute+0x1de/0x350
[ 155.990930][ T1108] addrconf_add_dev+0x14e/0x1c0
[ 155.995812][ T1108] inet6_addr_add+0x1a8/0xbe0
[ 156.000521][ T1108] inet6_rtm_newaddr+0x11e7/0x1ab0
[ 156.005663][ T1108] rtnetlink_rcv_msg+0x3ca/0xea0
[ 156.010634][ T1108] page last free pid 5718 tgid 5718 stack trace:
[ 156.016968][ T1108] free_unref_page+0x64a/0xe40
[ 156.021769][ T1108] __put_partials+0x14c/0x170
[ 156.026568][ T1108] qlist_free_all+0x4e/0x140
[ 156.031187][ T1108] kasan_quarantine_reduce+0x192/0x1e0
[ 156.036675][ T1108] __kasan_slab_alloc+0x69/0x90
[ 156.041820][ T1108] kmem_cache_alloc_noprof+0x121/0x2f0
[ 156.047316][ T1108] getname_flags.part.0+0x4c/0x550
[ 156.052468][ T1108] getname_flags+0x93/0xf0
[ 156.056904][ T1108] vfs_fstatat+0x86/0x160
[ 156.061268][ T1108] __do_sys_newfstatat+0xa2/0x130
[ 156.066503][ T1108] do_syscall_64+0xcd/0x250
[ 156.071043][ T1108] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 156.076980][ T1108]
[ 156.079329][ T1108] Memory state around the buggy address:
[ 156.085068][ T1108] ffff88807b4cb100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 156.093147][ T1108] ffff88807b4cb180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 156.101658][ T1108] >ffff88807b4cb200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 156.109730][ T1108] ^
[ 156.113845][ T1108] ffff88807b4cb280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 156.122047][ T1108] ffff88807b4cb300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 156.130127][ T1108] ==================================================================
[ 156.144300][ T1108] Disabling lock debugging due to kernel taint
[ 156.211054][ T1108] ==================================================================
[ 156.219163][ T1108] BUG: KASAN: slab-out-of-bounds in copy_page_from_iter_atomic+0x8bc/0x1170
[ 156.227896][ T1108] Read of size 2048 at addr ffff88807b4cb000 by task kworker/u8:7/1108
[ 156.236172][ T1108]
[ 156.238522][ T1108] CPU: 0 UID: 0 PID: 1108 Comm: kworker/u8:7 Tainted: G B 6.11.0-rc3-syzkaller-00066-g1fb918967b56 #0
[ 156.250898][ T1108] Tainted: [B]=BAD_PAGE
[ 156.255065][ T1108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 156.265153][ T1108] Workqueue: loop0 loop_workfn
[ 156.269967][ T1108] Call Trace:
[ 156.273276][ T1108]
[ 156.276228][ T1108] dump_stack_lvl+0x116/0x1f0
[ 156.280949][ T1108] print_report+0xc3/0x620
[ 156.285514][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 156.291238][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 156.296909][ T1108] ? __phys_addr+0xc6/0x150
[ 156.301471][ T1108] kasan_report+0xd9/0x110
[ 156.305952][ T1108] ? copy_page_from_iter_atomic+0x8bc/0x1170
[ 156.312018][ T1108] ? copy_page_from_iter_atomic+0x8bc/0x1170
[ 156.318070][ T1108] kasan_check_range+0xef/0x1a0
[ 156.323038][ T1108] __asan_memcpy+0x23/0x60
[ 156.327558][ T1108] copy_page_from_iter_atomic+0x8bc/0x1170
[ 156.333522][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 156.339222][ T1108] ? __pfx_copy_page_from_iter_atomic+0x10/0x10
[ 156.345509][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 156.351175][ T1108] ? shmem_write_begin+0x16f/0x360
[ 156.356502][ T1108] ? __pfx_shmem_write_begin+0x10/0x10
[ 156.362033][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 156.367733][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 156.373485][ T1108] ? balance_dirty_pages_ratelimited_flags+0x92/0x1270
[ 156.380393][ T1108] ? ktime_get_coarse_real_ts64+0x147/0x200
[ 156.386328][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 156.392021][ T1108] generic_perform_write+0x53d/0xaa0
[ 156.397402][ T1108] ? __pfx_generic_perform_write+0x10/0x10
[ 156.403248][ T1108] ? __mark_inode_dirty+0x2a6/0xe70
[ 156.408508][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 156.414779][ T1108] ? preempt_count_add+0x76/0x150
[ 156.419930][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 156.425682][ T1108] ? mnt_put_write_access_file+0xc1/0xf0
[ 156.431485][ T1108] shmem_file_write_iter+0x114/0x140
[ 156.436828][ T1108] do_iter_readv_writev+0x534/0x800
[ 156.442061][ T1108] ? __pfx_do_iter_readv_writev+0x10/0x10
[ 156.447812][ T1108] ? __pfx___might_resched+0x10/0x10
[ 156.453130][ T1108] vfs_iter_write+0x1eb/0x9c0
[ 156.457839][ T1108] loop_process_work+0x14dd/0x2000
[ 156.462991][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 156.468678][ T1108] ? __pfx_loop_process_work+0x10/0x10
[ 156.474175][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 156.479836][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 156.486018][ T1108] ? rcu_is_watching+0x12/0xc0
[ 156.490832][ T1108] ? lock_acquire+0x47b/0x560
[ 156.495580][ T1108] ? __pfx_lock_release+0x10/0x10
[ 156.500661][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 156.506412][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 156.512112][ T1108] ? rcu_is_watching+0x12/0xc0
[ 156.516944][ T1108] process_one_work+0x9c8/0x1b40
[ 156.521952][ T1108] ? __pfx_lock_acquire+0x10/0x10
[ 156.527035][ T1108] ? __pfx_process_one_work+0x10/0x10
[ 156.532457][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 156.538258][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 156.543928][ T1108] ? assign_work+0x1a0/0x250
[ 156.548573][ T1108] worker_thread+0x6c8/0xf20
[ 156.553223][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 156.558920][ T1108] ? __kthread_parkme+0x148/0x220
[ 156.563978][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 156.569654][ T1108] ? __pfx_worker_thread+0x10/0x10
[ 156.574817][ T1108] kthread+0x2c4/0x3a0
[ 156.578921][ T1108] ? _raw_spin_unlock_irq+0x23/0x50
[ 156.584153][ T1108] ? __pfx_kthread+0x10/0x10
[ 156.588775][ T1108] ret_from_fork+0x48/0x80
[ 156.593237][ T1108] ? __pfx_kthread+0x10/0x10
[ 156.597880][ T1108] ret_from_fork_asm+0x1a/0x30
[ 156.602701][ T1108]
[ 156.605734][ T1108]
[ 156.608061][ T1108] Allocated by task 5737:
[ 156.612391][ T1108] kasan_save_stack+0x33/0x60
[ 156.617105][ T1108] kasan_save_track+0x14/0x30
[ 156.621815][ T1108] __kasan_kmalloc+0xaa/0xb0
[ 156.626608][ T1108] __kmalloc_noprof+0x1e8/0x400
[ 156.631494][ T1108] hfsplus_read_wrapper+0x34c/0xff0
[ 156.636716][ T1108] hfsplus_fill_super+0x352/0x1bc0
[ 156.641853][ T1108] mount_bdev+0x1e6/0x2d0
[ 156.646205][ T1108] legacy_get_tree+0x10c/0x220
[ 156.651019][ T1108] vfs_get_tree+0x92/0x380
[ 156.655461][ T1108] path_mount+0x14e6/0x1f20
[ 156.659989][ T1108] __x64_sys_mount+0x294/0x320
[ 156.664790][ T1108] do_syscall_64+0xcd/0x250
[ 156.669340][ T1108] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 156.675457][ T1108]
[ 156.677879][ T1108] The buggy address belongs to the object at ffff88807b4cb000
[ 156.677879][ T1108] which belongs to the cache kmalloc-512 of size 512
[ 156.692152][ T1108] The buggy address is located 0 bytes inside of
[ 156.692152][ T1108] allocated 512-byte region [ffff88807b4cb000, ffff88807b4cb200)
[ 156.706170][ T1108]
[ 156.708499][ T1108] The buggy address belongs to the physical page:
[ 156.714914][ T1108] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7b4c8
[ 156.723700][ T1108] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 156.732224][ T1108] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 156.739905][ T1108] page_type: 0xfdffffff(slab)
[ 156.744782][ T1108] raw: 00fff00000000040 ffff888015841c80 dead000000000122 0000000000000000
[ 156.753385][ T1108] raw: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000
[ 156.761991][ T1108] head: 00fff00000000040 ffff888015841c80 dead000000000122 0000000000000000
[ 156.770686][ T1108] head: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000
[ 156.779422][ T1108] head: 00fff00000000002 ffffea0001ed3201 ffffffffffffffff 0000000000000000
[ 156.788205][ T1108] head: ffff888000000004 0000000000000000 00000000ffffffff 0000000000000000
[ 156.796883][ T1108] page dumped because: kasan: bad access detected
[ 156.803304][ T1108] page_owner tracks the page as allocated
[ 156.809053][ T1108] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5545, tgid 5545 (syz-executor.3), ts 154810862436, free_ts 153529740197
[ 156.832546][ T1108] post_alloc_hook+0x2d1/0x350
[ 156.837352][ T1108] get_page_from_freelist+0x1351/0x2e50
[ 156.842943][ T1108] __alloc_pages_noprof+0x22b/0x2460
[ 156.848288][ T1108] alloc_slab_page+0x4e/0xf0
[ 156.852903][ T1108] new_slab+0x84/0x260
[ 156.857173][ T1108] ___slab_alloc+0xdac/0x1870
[ 156.861906][ T1108] __slab_alloc.constprop.0+0x56/0xb0
[ 156.867316][ T1108] __kmalloc_noprof+0x367/0x400
[ 156.872204][ T1108] fib6_info_alloc+0x40/0x160
[ 156.876905][ T1108] ip6_route_info_create+0x337/0x1940
[ 156.882338][ T1108] ip6_route_add+0x26/0x190
[ 156.886967][ T1108] addrconf_add_mroute+0x1de/0x350
[ 156.892097][ T1108] addrconf_add_dev+0x14e/0x1c0
[ 156.896973][ T1108] inet6_addr_add+0x1a8/0xbe0
[ 156.901698][ T1108] inet6_rtm_newaddr+0x11e7/0x1ab0
[ 156.906890][ T1108] rtnetlink_rcv_msg+0x3ca/0xea0
[ 156.911975][ T1108] page last free pid 5718 tgid 5718 stack trace:
[ 156.918349][ T1108] free_unref_page+0x64a/0xe40
[ 156.923156][ T1108] __put_partials+0x14c/0x170
[ 156.927872][ T1108] qlist_free_all+0x4e/0x140
[ 156.932586][ T1108] kasan_quarantine_reduce+0x192/0x1e0
[ 156.938196][ T1108] __kasan_slab_alloc+0x69/0x90
[ 156.943277][ T1108] kmem_cache_alloc_noprof+0x121/0x2f0
[ 156.948780][ T1108] getname_flags.part.0+0x4c/0x550
[ 156.954019][ T1108] getname_flags+0x93/0xf0
[ 156.958455][ T1108] vfs_fstatat+0x86/0x160
[ 156.962907][ T1108] __do_sys_newfstatat+0xa2/0x130
[ 156.967977][ T1108] do_syscall_64+0xcd/0x250
[ 156.972516][ T1108] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 156.978465][ T1108]
[ 156.980817][ T1108] Memory state around the buggy address:
[ 156.986454][ T1108] ffff88807b4cb100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 156.994637][ T1108] ffff88807b4cb180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 157.002720][ T1108] >ffff88807b4cb200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 157.010799][ T1108] ^
[ 157.014919][ T1108] ffff88807b4cb280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 157.022995][ T1108] ffff88807b4cb300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 157.031591][ T1108] ==================================================================
[ 157.307430][ T5542] veth0_vlan: entered promiscuous mode
[ 157.365905][ T5543] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 157.391815][ T5746] loop0: detected capacity change from 0 to 1024
[ 157.395956][ T5543] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 157.418881][ T5543] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 157.430042][ T5543] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 157.444608][ T5543] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 157.458855][ T5543] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 157.475546][ T5543] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 157.545055][ T1046] ==================================================================
[ 157.553170][ T1046] BUG: KASAN: slab-out-of-bounds in copy_page_from_iter_atomic+0x8bc/0x1170
[ 157.561932][ T1046] Read of size 2048 at addr ffff888022cfd400 by task kworker/u8:6/1046
[ 157.570199][ T1046]
[ 157.572540][ T1046] CPU: 1 UID: 0 PID: 1046 Comm: kworker/u8:6 Tainted: G B 6.11.0-rc3-syzkaller-00066-g1fb918967b56 #0
[ 157.584917][ T1046] Tainted: [B]=BAD_PAGE
[ 157.589092][ T1046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 157.599173][ T1046] Workqueue: loop0 loop_workfn
[ 157.603984][ T1046] Call Trace:
[ 157.607280][ T1046]
[ 157.610229][ T1046] dump_stack_lvl+0x116/0x1f0
[ 157.614957][ T1046] print_report+0xc3/0x620
[ 157.619429][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 157.622987][ T5543] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 157.625078][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 157.625127][ T1046] ? __phys_addr+0xc6/0x150
[ 157.625178][ T1046] kasan_report+0xd9/0x110
[ 157.625238][ T1046] ? copy_page_from_iter_atomic+0x8bc/0x1170
[ 157.625301][ T1046] ? copy_page_from_iter_atomic+0x8bc/0x1170
[ 157.625366][ T1046] kasan_check_range+0xef/0x1a0
[ 157.625408][ T1046] __asan_memcpy+0x23/0x60
[ 157.625457][ T1046] copy_page_from_iter_atomic+0x8bc/0x1170
[ 157.625522][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 157.625568][ T1046] ? __pfx_copy_page_from_iter_atomic+0x10/0x10
[ 157.625627][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 157.625672][ T1046] ? shmem_write_begin+0x16f/0x360
[ 157.625734][ T1046] ? __pfx_shmem_write_begin+0x10/0x10
[ 157.625787][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 157.625833][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 157.639294][ T5543] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 157.641811][ T1046] ? balance_dirty_pages_ratelimited_flags+0x92/0x1270
[ 157.646820][ T5543] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 157.650678][ T1046] ? ktime_get_coarse_real_ts64+0x147/0x200
[ 157.656739][ T5543] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 157.662585][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 157.662640][ T1046] generic_perform_write+0x53d/0xaa0
[ 157.662712][ T1046] ? __pfx_generic_perform_write+0x10/0x10
[ 157.662766][ T1046] ? __mark_inode_dirty+0x2a6/0xe70
[ 157.662818][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 157.662863][ T1046] ? preempt_count_add+0x76/0x150
[ 157.662919][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 157.662967][ T1046] ? mnt_put_write_access_file+0xc1/0xf0
[ 157.663038][ T1046] shmem_file_write_iter+0x114/0x140
[ 157.663106][ T1046] do_iter_readv_writev+0x534/0x800
[ 157.663152][ T1046] ? __pfx_do_iter_readv_writev+0x10/0x10
[ 157.663200][ T1046] ? __pfx___might_resched+0x10/0x10
[ 157.663249][ T1046] vfs_iter_write+0x1eb/0x9c0
[ 157.663295][ T1046] loop_process_work+0x14dd/0x2000
[ 157.669181][ T5543] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 157.672629][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 157.678474][ T5543] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 157.684025][ T1046] ? __pfx_loop_process_work+0x10/0x10
[ 157.684077][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 157.684124][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 157.712137][ T5543] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 157.712193][ T1046] ? rcu_is_watching+0x12/0xc0
[ 157.732472][ T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 157.734486][ T1046] ? lock_acquire+0x47b/0x560
[ 157.734557][ T1046] ? __pfx_lock_release+0x10/0x10
[ 157.751018][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 157.760982][ T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 157.766415][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 157.766466][ T1046] ? rcu_is_watching+0x12/0xc0
[ 157.766535][ T1046] process_one_work+0x9c8/0x1b40
[ 157.766611][ T1046] ? __pfx_lock_acquire+0x10/0x10
[ 157.766674][ T1046] ? __pfx_process_one_work+0x10/0x10
[ 157.766744][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 157.766796][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 157.810902][ T5543] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 157.815510][ T1046] ? assign_work+0x1a0/0x250
[ 157.815577][ T1046] worker_thread+0x6c8/0xf20
[ 157.815650][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 157.815697][ T1046] ? __kthread_parkme+0x148/0x220
[ 157.815746][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 157.815799][ T1046] ? __pfx_worker_thread+0x10/0x10
[ 157.815865][ T1046] kthread+0x2c4/0x3a0
[ 157.815911][ T1046] ? _raw_spin_unlock_irq+0x23/0x50
[ 157.815961][ T1046] ? __pfx_kthread+0x10/0x10
[ 157.816010][ T1046] ret_from_fork+0x48/0x80
[ 157.830274][ T5543] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 157.831655][ T1046] ? __pfx_kthread+0x10/0x10
[ 157.839183][ T5543] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 157.847127][ T1046] ret_from_fork_asm+0x1a/0x30
[ 157.847204][ T1046]
[ 157.847219][ T1046]
[ 157.853183][ T5543] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 157.862623][ T1046] Allocated by task 5746:
[ 157.862643][ T1046] kasan_save_stack+0x33/0x60
[ 157.862695][ T1046] kasan_save_track+0x14/0x30
[ 157.887533][ T5541] veth0_macvtap: entered promiscuous mode
[ 157.891673][ T1046] __kasan_kmalloc+0xaa/0xb0
[ 157.906318][ T5542] veth1_vlan: entered promiscuous mode
[ 157.909325][ T1046] __kmalloc_noprof+0x1e8/0x400
[ 157.988460][ T5541] veth1_macvtap: entered promiscuous mode
[ 157.993532][ T1046] hfsplus_read_wrapper+0x34c/0xff0
[ 158.103485][ T1046] hfsplus_fill_super+0x352/0x1bc0
[ 158.108639][ T1046] mount_bdev+0x1e6/0x2d0
[ 158.113005][ T1046] legacy_get_tree+0x10c/0x220
[ 158.117834][ T1046] vfs_get_tree+0x92/0x380
[ 158.122284][ T1046] path_mount+0x14e6/0x1f20
[ 158.126846][ T1046] __x64_sys_mount+0x294/0x320
[ 158.131646][ T1046] do_syscall_64+0xcd/0x250
[ 158.136209][ T1046] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 158.142162][ T1046]
[ 158.144500][ T1046] The buggy address belongs to the object at ffff888022cfd400
[ 158.144500][ T1046] which belongs to the cache kmalloc-512 of size 512
[ 158.158594][ T1046] The buggy address is located 0 bytes inside of
[ 158.158594][ T1046] allocated 512-byte region [ffff888022cfd400, ffff888022cfd600)
[ 158.172610][ T1046]
[ 158.174968][ T1046] The buggy address belongs to the physical page:
[ 158.181394][ T1046] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x22cfc
[ 158.190446][ T1046] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 158.199154][ T1046] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 158.206860][ T1046] page_type: 0xfdffffff(slab)
[ 158.211572][ T1046] raw: 00fff00000000040 ffff888015841c80 ffffea0000a69300 dead000000000002
[ 158.220200][ T1046] raw: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000
[ 158.228961][ T1046] head: 00fff00000000040 ffff888015841c80 ffffea0000a69300 dead000000000002
[ 158.237785][ T1046] head: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000
[ 158.246507][ T1046] head: 00fff00000000002 ffffea00008b3f01 ffffffffffffffff 0000000000000000
[ 158.255391][ T1046] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[ 158.264087][ T1046] page dumped because: kasan: bad access detected
[ 158.270514][ T1046] page_owner tracks the page as allocated
[ 158.276242][ T1046] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4682, tgid 4682 (udevd), ts 49773587910, free_ts 49751973603
[ 158.297063][ T1046] post_alloc_hook+0x2d1/0x350
[ 158.301890][ T1046] get_page_from_freelist+0x1351/0x2e50
[ 158.307498][ T1046] __alloc_pages_noprof+0x22b/0x2460
[ 158.312863][ T1046] alloc_slab_page+0x4e/0xf0
[ 158.317493][ T1046] new_slab+0x84/0x260
[ 158.321606][ T1046] ___slab_alloc+0xdac/0x1870
[ 158.326363][ T1046] __slab_alloc.constprop.0+0x56/0xb0
[ 158.331979][ T1046] __kmalloc_cache_noprof+0x2b4/0x300
[ 158.337924][ T1046] kernfs_fop_open+0x28b/0xdb0
[ 158.342726][ T1046] do_dentry_open+0x922/0x15f0
[ 158.347534][ T1046] vfs_open+0x82/0x3f0
[ 158.351651][ T1046] path_openat+0x2141/0x2d20
[ 158.356295][ T1046] do_filp_open+0x1dc/0x430
[ 158.360839][ T1046] do_sys_openat2+0x17a/0x1e0
[ 158.365567][ T1046] __x64_sys_openat+0x175/0x210
[ 158.370468][ T1046] do_syscall_64+0xcd/0x250
[ 158.375016][ T1046] page last free pid 4676 tgid 4676 stack trace:
[ 158.381354][ T1046] free_unref_page+0x64a/0xe40
[ 158.386166][ T1046] qlist_free_all+0x4e/0x140
[ 158.390889][ T1046] kasan_quarantine_reduce+0x192/0x1e0
[ 158.396390][ T1046] __kasan_slab_alloc+0x69/0x90
[ 158.401287][ T1046] kmem_cache_alloc_noprof+0x121/0x2f0
[ 158.406879][ T1046] getname_flags.part.0+0x4c/0x550
[ 158.412040][ T1046] getname_flags+0x93/0xf0
[ 158.416487][ T1046] vfs_fstatat+0x86/0x160
[ 158.420862][ T1046] __do_sys_newfstatat+0xa2/0x130
[ 158.425944][ T1046] do_syscall_64+0xcd/0x250
[ 158.430507][ T1046] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 158.436455][ T1046]
[ 158.438832][ T1046] Memory state around the buggy address:
[ 158.444472][ T1046] ffff888022cfd500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 158.452561][ T1046] ffff888022cfd580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 158.460643][ T1046] >ffff888022cfd600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 158.468722][ T1046] ^
[ 158.472811][ T1046] ffff888022cfd680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 158.480900][ T1046] ffff888022cfd700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 158.488979][ T1046] ==================================================================
[ 158.518674][ T61] ==================================================================
[ 158.526824][ T61] BUG: KASAN: slab-out-of-bounds in copy_page_from_iter_atomic+0x8bc/0x1170
[ 158.535560][ T61] Read of size 2048 at addr ffff888022cfd400 by task kworker/u8:4/61
[ 158.543748][ T61]
[ 158.546096][ T61] CPU: 0 UID: 0 PID: 61 Comm: kworker/u8:4 Tainted: G B 6.11.0-rc3-syzkaller-00066-g1fb918967b56 #0
[ 158.558737][ T61] Tainted: [B]=BAD_PAGE
[ 158.562903][ T61] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 158.572988][ T61] Workqueue: loop0 loop_workfn
[ 158.577806][ T61] Call Trace:
[ 158.581102][ T61]
[ 158.584052][ T61] dump_stack_lvl+0x116/0x1f0
[ 158.588781][ T61] print_report+0xc3/0x620
[ 158.593283][ T61] ? srso_alias_return_thunk+0x5/0xfbef5
[ 158.598962][ T61] ? srso_alias_return_thunk+0x5/0xfbef5
[ 158.604645][ T61] ? __phys_addr+0xc6/0x150
[ 158.609204][ T61] kasan_report+0xd9/0x110
[ 158.613692][ T61] ? copy_page_from_iter_atomic+0x8bc/0x1170
[ 158.619735][ T61] ? copy_page_from_iter_atomic+0x8bc/0x1170
[ 158.625972][ T61] kasan_check_range+0xef/0x1a0
[ 158.631335][ T61] __asan_memcpy+0x23/0x60
[ 158.635891][ T61] copy_page_from_iter_atomic+0x8bc/0x1170
[ 158.641759][ T61] ? srso_alias_return_thunk+0x5/0xfbef5
[ 158.647524][ T61] ? __pfx_copy_page_from_iter_atomic+0x10/0x10
[ 158.653826][ T61] ? srso_alias_return_thunk+0x5/0xfbef5
[ 158.659616][ T61] ? shmem_write_begin+0x16f/0x360
[ 158.664797][ T61] ? __pfx_shmem_write_begin+0x10/0x10
[ 158.670337][ T61] ? srso_alias_return_thunk+0x5/0xfbef5
[ 158.676017][ T61] ? srso_alias_return_thunk+0x5/0xfbef5
[ 158.681687][ T61] ? balance_dirty_pages_ratelimited_flags+0x92/0x1270
[ 158.688584][ T61] ? ktime_get_coarse_real_ts64+0x147/0x200
[ 158.694529][ T61] ? srso_alias_return_thunk+0x5/0xfbef5
[ 158.700208][ T61] generic_perform_write+0x53d/0xaa0
[ 158.705556][ T61] ? __pfx_generic_perform_write+0x10/0x10
[ 158.711503][ T61] ? __mark_inode_dirty+0x2a6/0xe70
[ 158.716749][ T61] ? srso_alias_return_thunk+0x5/0xfbef5
[ 158.722422][ T61] ? preempt_count_add+0x76/0x150
[ 158.727497][ T61] ? srso_alias_return_thunk+0x5/0xfbef5
[ 158.733170][ T61] ? mnt_put_write_access_file+0xc1/0xf0
[ 158.737430][ T5542] veth0_macvtap: entered promiscuous mode
[ 158.738884][ T61] shmem_file_write_iter+0x114/0x140
[ 158.749896][ T61] do_iter_readv_writev+0x534/0x800
[ 158.752498][ T5542] veth1_macvtap: entered promiscuous mode
[ 158.755147][ T61] ? __pfx_do_iter_readv_writev+0x10/0x10
[ 158.755199][ T61] ? __pfx___might_resched+0x10/0x10
[ 158.771901][ T61] vfs_iter_write+0x1eb/0x9c0
[ 158.776624][ T61] loop_process_work+0x14dd/0x2000
[ 158.781797][ T61] ? __pfx_loop_process_work+0x10/0x10
[ 158.787301][ T61] ? srso_alias_return_thunk+0x5/0xfbef5
[ 158.793069][ T61] ? srso_alias_return_thunk+0x5/0xfbef5
[ 158.798747][ T61] ? rcu_is_watching+0x12/0xc0
[ 158.803575][ T61] ? lock_acquire+0x47b/0x560
[ 158.808352][ T61] ? __pfx_lock_release+0x10/0x10
[ 158.808499][ T5542] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 158.813413][ T61] ? srso_alias_return_thunk+0x5/0xfbef5
[ 158.823826][ T5542] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 158.829435][ T61] ? srso_alias_return_thunk+0x5/0xfbef5
[ 158.829483][ T61] ? rcu_is_watching+0x12/0xc0
[ 158.829552][ T61] process_one_work+0x9c8/0x1b40
[ 158.829629][ T61] ? __pfx_batadv_iv_send_outstanding_bat_ogm_packet+0x10/0x10
[ 158.829679][ T61] ? __pfx_process_one_work+0x10/0x10
[ 158.829746][ T61] ? srso_alias_return_thunk+0x5/0xfbef5
[ 158.829797][ T61] ? srso_alias_return_thunk+0x5/0xfbef5
[ 158.829843][ T61] ? assign_work+0x1a0/0x250
[ 158.829906][ T61] worker_thread+0x6c8/0xf20
[ 158.829985][ T61] ? __pfx_worker_thread+0x10/0x10
[ 158.830057][ T61] kthread+0x2c4/0x3a0
[ 158.830105][ T61] ? _raw_spin_unlock_irq+0x23/0x50
[ 158.830155][ T61] ? __pfx_kthread+0x10/0x10
[ 158.830203][ T61] ret_from_fork+0x48/0x80
[ 158.830267][ T61] ? __pfx_kthread+0x10/0x10
[ 158.830316][ T61] ret_from_fork_asm+0x1a/0x30
[ 158.830392][ T61]
[ 158.830406][ T61]
[ 158.830414][ T61] Allocated by task 5746:
[ 158.830432][ T61] kasan_save_stack+0x33/0x60
[ 158.830482][ T61] kasan_save_track+0x14/0x30
[ 158.830531][ T61] __kasan_kmalloc+0xaa/0xb0
[ 158.830579][ T61] __kmalloc_noprof+0x1e8/0x400
[ 158.830631][ T61] hfsplus_read_wrapper+0x34c/0xff0
[ 158.830671][ T61] hfsplus_fill_super+0x352/0x1bc0
[ 158.830714][ T61] mount_bdev+0x1e6/0x2d0
[ 158.830751][ T61] legacy_get_tree+0x10c/0x220
[ 158.830812][ T61] vfs_get_tree+0x92/0x380
[ 158.830848][ T61] path_mount+0x14e6/0x1f20
[ 158.830888][ T61] __x64_sys_mount+0x294/0x320
[ 158.830930][ T61] do_syscall_64+0xcd/0x250
[ 158.830983][ T61] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 158.831051][ T61]
[ 158.831060][ T61] The buggy address belongs to the object at ffff888022cfd400
[ 158.831060][ T61] which belongs to the cache kmalloc-512 of size 512
[ 158.831091][ T61] The buggy address is located 0 bytes inside of
[ 158.831091][ T61] allocated 512-byte region [ffff888022cfd400, ffff888022cfd600)
[ 158.831131][ T61]
[ 158.831139][ T61] The buggy address belongs to the physical page:
[ 158.831153][ T61] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x22cfc
[ 158.831188][ T61] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 158.831222][ T61] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 158.831255][ T61] page_type: 0xfdffffff(slab)
[ 158.831289][ T61] raw: 00fff00000000040 ffff888015841c80 0000000000000000 dead000000000001
[ 158.831327][ T61] raw: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000
[ 158.831366][ T61] head: 00fff00000000040 ffff888015841c80 0000000000000000 dead000000000001
[ 158.831404][ T61] head: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000
[ 158.831442][ T61] head: 00fff00000000002 ffffea00008b3f01 ffffffffffffffff 0000000000000000
[ 158.831479][ T61] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[ 158.831502][ T61] page dumped because: kasan: bad access detected
[ 158.831519][ T61] page_owner tracks the page as allocated
[ 158.831530][ T61] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4682, tgid 4682 (udevd), ts 49773587910, free_ts 49751973603
[ 158.831601][ T61] post_alloc_hook+0x2d1/0x350
[ 158.831651][ T61] get_page_from_freelist+0x1351/0x2e50
[ 158.857685][ T5542] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 158.864343][ T61] __alloc_pages_noprof+0x22b/0x2460
[ 158.869981][ T5542] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 158.875497][ T61] alloc_slab_page+0x4e/0xf0
[ 158.875540][ T61] new_slab+0x84/0x260
[ 158.875586][ T61] ___slab_alloc+0xdac/0x1870
[ 158.875633][ T61] __slab_alloc.constprop.0+0x56/0xb0
[ 158.875685][ T61] __kmalloc_cache_noprof+0x2b4/0x300
[ 158.875738][ T61] kernfs_fop_open+0x28b/0xdb0
[ 158.875778][ T61] do_dentry_open+0x922/0x15f0
[ 158.875821][ T61] vfs_open+0x82/0x3f0
[ 158.875873][ T61] path_openat+0x2141/0x2d20
[ 158.875916][ T61] do_filp_open+0x1dc/0x430
[ 158.875958][ T61] do_sys_openat2+0x17a/0x1e0
[ 158.876017][ T61] __x64_sys_openat+0x175/0x210
[ 158.876074][ T61] do_syscall_64+0xcd/0x250
[ 158.876128][ T61] page last free pid 4676 tgid 4676 stack trace:
[ 158.876148][ T61] free_unref_page+0x64a/0xe40
[ 158.876201][ T61] qlist_free_all+0x4e/0x140
[ 158.876248][ T61] kasan_quarantine_reduce+0x192/0x1e0
[ 158.876298][ T61] __kasan_slab_alloc+0x69/0x90
[ 158.876351][ T61] kmem_cache_alloc_noprof+0x121/0x2f0
[ 158.876405][ T61] getname_flags.part.0+0x4c/0x550
[ 158.876464][ T61] getname_flags+0x93/0xf0
[ 158.876503][ T61] vfs_fstatat+0x86/0x160
[ 158.891282][ T5542] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 158.891381][ T61] __do_sys_newfstatat+0xa2/0x130
[ 158.896954][ T5542] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 158.900507][ T61] do_syscall_64+0xcd/0x250
[ 158.906290][ T5542] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 158.910265][ T61] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 158.915131][ T5542] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 158.919223][ T61]
[ 158.919231][ T61] Memory state around the buggy address:
[ 158.939521][ T5542] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 158.943101][ T61] ffff888022cfd500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 158.972027][ T5541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 158.976329][ T61] ffff888022cfd580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 158.976357][ T61] >ffff888022cfd600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 158.976377][ T61] ^
[ 158.976396][ T61] ffff888022cfd680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 158.976424][ T61] ffff888022cfd700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 158.976445][ T61] ==================================================================
[ 159.470507][ T5763] loop0: detected capacity change from 0 to 1024
[ 159.506896][ T5541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 159.534138][ T5541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 159.549669][ T5541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 159.568967][ T5541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 159.579796][ T5541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 159.590157][ T5541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 159.601003][ T5541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 159.612830][ T5541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 159.623340][ T5541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 159.642062][ T5541] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 159.714290][ T1108] ==================================================================
[ 159.722487][ T1108] BUG: KASAN: slab-out-of-bounds in copy_page_from_iter_atomic+0x8bc/0x1170
[ 159.731212][ T1108] Read of size 2048 at addr ffff88807b776000 by task kworker/u8:7/1108
[ 159.739756][ T1108]
[ 159.742100][ T1108] CPU: 1 UID: 0 PID: 1108 Comm: kworker/u8:7 Tainted: G B 6.11.0-rc3-syzkaller-00066-g1fb918967b56 #0
[ 159.754461][ T1108] Tainted: [B]=BAD_PAGE
[ 159.758617][ T1108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 159.768687][ T1108] Workqueue: loop0 loop_workfn
[ 159.773482][ T1108] Call Trace:
[ 159.776781][ T1108]
[ 159.779723][ T1108] dump_stack_lvl+0x116/0x1f0
[ 159.784436][ T1108] print_report+0xc3/0x620
[ 159.788903][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 159.794595][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 159.800255][ T1108] ? __phys_addr+0xc6/0x150
[ 159.804795][ T1108] kasan_report+0xd9/0x110
[ 159.809512][ T1108] ? copy_page_from_iter_atomic+0x8bc/0x1170
[ 159.815545][ T1108] ? copy_page_from_iter_atomic+0x8bc/0x1170
[ 159.821572][ T1108] kasan_check_range+0xef/0x1a0
[ 159.826451][ T1108] __asan_memcpy+0x23/0x60
[ 159.830899][ T1108] copy_page_from_iter_atomic+0x8bc/0x1170
[ 159.836929][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 159.842591][ T1108] ? __pfx_copy_page_from_iter_atomic+0x10/0x10
[ 159.848876][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 159.854541][ T1108] ? shmem_write_begin+0x16f/0x360
[ 159.859867][ T1108] ? __pfx_shmem_write_begin+0x10/0x10
[ 159.865398][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 159.871063][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 159.876725][ T1108] ? balance_dirty_pages_ratelimited_flags+0x92/0x1270
[ 159.883610][ T1108] ? ktime_get_coarse_real_ts64+0x147/0x200
[ 159.889546][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 159.895215][ T1108] generic_perform_write+0x53d/0xaa0
[ 159.900556][ T1108] ? __pfx_generic_perform_write+0x10/0x10
[ 159.906403][ T1108] ? __mark_inode_dirty+0x2a6/0xe70
[ 159.911637][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 159.917304][ T1108] ? preempt_count_add+0x76/0x150
[ 159.922398][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 159.928063][ T1108] ? mnt_put_write_access_file+0xc1/0xf0
[ 159.933761][ T1108] shmem_file_write_iter+0x114/0x140
[ 159.939119][ T1108] do_iter_readv_writev+0x534/0x800
[ 159.944354][ T1108] ? __pfx_do_iter_readv_writev+0x10/0x10
[ 159.950111][ T1108] ? __pfx___might_resched+0x10/0x10
[ 159.955428][ T1108] vfs_iter_write+0x1eb/0x9c0
[ 159.960145][ T1108] loop_process_work+0x14dd/0x2000
[ 159.965297][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 159.970992][ T1108] ? __pfx_loop_process_work+0x10/0x10
[ 159.976482][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 159.982147][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 159.987815][ T1108] ? rcu_is_watching+0x12/0xc0
[ 159.992647][ T1108] ? lock_acquire+0x47b/0x560
[ 159.997370][ T1108] ? __pfx_lock_release+0x10/0x10
[ 160.002552][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 160.008242][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 160.013908][ T1108] ? rcu_is_watching+0x12/0xc0
[ 160.018733][ T1108] process_one_work+0x9c8/0x1b40
[ 160.023760][ T1108] ? __pfx_lock_acquire+0x10/0x10
[ 160.028853][ T1108] ? __pfx_process_one_work+0x10/0x10
[ 160.034286][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 160.039956][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 160.045620][ T1108] ? assign_work+0x1a0/0x250
[ 160.050254][ T1108] worker_thread+0x6c8/0xf20
[ 160.054947][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 160.060982][ T1108] ? __kthread_parkme+0x148/0x220
[ 160.066563][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 160.072231][ T1108] ? __pfx_worker_thread+0x10/0x10
[ 160.077393][ T1108] kthread+0x2c4/0x3a0
[ 160.081495][ T1108] ? _raw_spin_unlock_irq+0x23/0x50
[ 160.086731][ T1108] ? __pfx_kthread+0x10/0x10
[ 160.091360][ T1108] ret_from_fork+0x48/0x80
[ 160.095823][ T1108] ? __pfx_kthread+0x10/0x10
[ 160.100614][ T1108] ret_from_fork_asm+0x1a/0x30
[ 160.105436][ T1108]
[ 160.108464][ T1108]
[ 160.110797][ T1108] Allocated by task 5763:
[ 160.115131][ T1108] kasan_save_stack+0x33/0x60
[ 160.119849][ T1108] kasan_save_track+0x14/0x30
[ 160.124562][ T1108] __kasan_kmalloc+0xaa/0xb0
[ 160.129266][ T1108] __kmalloc_noprof+0x1e8/0x400
[ 160.134178][ T1108] hfsplus_read_wrapper+0x34c/0xff0
[ 160.139507][ T1108] hfsplus_fill_super+0x352/0x1bc0
[ 160.144758][ T1108] mount_bdev+0x1e6/0x2d0
[ 160.149136][ T1108] legacy_get_tree+0x10c/0x220
[ 160.153940][ T1108] vfs_get_tree+0x92/0x380
[ 160.158468][ T1108] path_mount+0x14e6/0x1f20
[ 160.163043][ T1108] __x64_sys_mount+0x294/0x320
[ 160.167837][ T1108] do_syscall_64+0xcd/0x250
[ 160.172373][ T1108] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 160.178428][ T1108]
[ 160.180752][ T1108] The buggy address belongs to the object at ffff88807b776000
[ 160.180752][ T1108] which belongs to the cache kmalloc-512 of size 512
[ 160.195009][ T1108] The buggy address is located 0 bytes inside of
[ 160.195009][ T1108] allocated 512-byte region [ffff88807b776000, ffff88807b776200)
[ 160.209021][ T1108]
[ 160.211353][ T1108] The buggy address belongs to the physical page:
[ 160.217769][ T1108] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7b774
[ 160.226556][ T1108] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 160.235510][ T1108] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 160.243089][ T1108] page_type: 0xfdffffff(slab)
[ 160.247794][ T1108] raw: 00fff00000000040 ffff888015841c80 dead000000000122 0000000000000000
[ 160.256401][ T1108] raw: 0000000000000000 0000000080100010 00000001fdffffff 0000000000000000
[ 160.265039][ T1108] head: 00fff00000000040 ffff888015841c80 dead000000000122 0000000000000000
[ 160.273734][ T1108] head: 0000000000000000 0000000080100010 00000001fdffffff 0000000000000000
[ 160.282438][ T1108] head: 00fff00000000002 ffffea0001eddd01 ffffffffffffffff 0000000000000000
[ 160.291187][ T1108] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[ 160.299878][ T1108] page dumped because: kasan: bad access detected
[ 160.306388][ T1108] page_owner tracks the page as allocated
[ 160.312126][ T1108] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5541, tgid 5541 (syz-executor.1), ts 158958610015, free_ts 157115524368
[ 160.335906][ T1108] post_alloc_hook+0x2d1/0x350
[ 160.340712][ T1108] get_page_from_freelist+0x1351/0x2e50
[ 160.346319][ T1108] __alloc_pages_noprof+0x22b/0x2460
[ 160.351645][ T1108] alloc_slab_page+0x4e/0xf0
[ 160.356346][ T1108] new_slab+0x84/0x260
[ 160.360531][ T1108] ___slab_alloc+0xdac/0x1870
[ 160.365241][ T1108] __slab_alloc.constprop.0+0x56/0xb0
[ 160.370733][ T1108] __kmalloc_noprof+0x367/0x400
[ 160.375624][ T1108] fib6_info_alloc+0x40/0x160
[ 160.380500][ T1108] ip6_route_info_create+0x337/0x1940
[ 160.385910][ T1108] ip6_route_add+0x26/0x190
[ 160.390447][ T1108] addrconf_add_mroute+0x1de/0x350
[ 160.395578][ T1108] addrconf_add_dev+0x14e/0x1c0
[ 160.400482][ T1108] inet6_addr_add+0x1a8/0xbe0
[ 160.405188][ T1108] inet6_rtm_newaddr+0x11e7/0x1ab0
[ 160.410328][ T1108] rtnetlink_rcv_msg+0x3ca/0xea0
[ 160.415297][ T1108] page last free pid 1046 tgid 1046 stack trace:
[ 160.421644][ T1108] free_unref_page+0x64a/0xe40
[ 160.426447][ T1108] qlist_free_all+0x4e/0x140
[ 160.431069][ T1108] kasan_quarantine_reduce+0x192/0x1e0
[ 160.436556][ T1108] __kasan_slab_alloc+0x69/0x90
[ 160.441442][ T1108] __kmalloc_cache_noprof+0x11e/0x300
[ 160.446854][ T1108] __ipv6_dev_mc_inc+0x2b7/0xc50
[ 160.451833][ T1108] addrconf_dad_work+0x232/0x1500
[ 160.456895][ T1108] process_one_work+0x9c8/0x1b40
[ 160.461961][ T1108] worker_thread+0x6c8/0xf20
[ 160.466595][ T1108] kthread+0x2c4/0x3a0
[ 160.470718][ T1108] ret_from_fork+0x48/0x80
[ 160.475263][ T1108] ret_from_fork_asm+0x1a/0x30
[ 160.480063][ T1108]
[ 160.482472][ T1108] Memory state around the buggy address:
[ 160.488135][ T1108] ffff88807b776100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 160.496209][ T1108] ffff88807b776180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 160.504284][ T1108] >ffff88807b776200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 160.512351][ T1108] ^
[ 160.516421][ T1108] ffff88807b776280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 160.524496][ T1108] ffff88807b776300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 160.532567][ T1108] ==================================================================
[ 160.567538][ T5542] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 160.601610][ T5542] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 160.611774][ T5542] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 160.612660][ T1108] ==================================================================
[ 160.625109][ T5542] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 160.630247][ T1108] BUG: KASAN: slab-out-of-bounds in copy_page_from_iter_atomic+0x8bc/0x1170
[ 160.630313][ T1108] Read of size 2048 at addr ffff88807b776000 by task kworker/u8:7/1108
[ 160.630346][ T1108]
[ 160.630362][ T1108] CPU: 1 UID: 0 PID: 1108 Comm: kworker/u8:7 Tainted: G B 6.11.0-rc3-syzkaller-00066-g1fb918967b56 #0
[ 160.630419][ T1108] Tainted: [B]=BAD_PAGE
[ 160.630434][ T1108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 160.630461][ T1108] Workqueue: loop0 loop_workfn
[ 160.630505][ T1108] Call Trace:
[ 160.630520][ T1108]
[ 160.630534][ T1108] dump_stack_lvl+0x116/0x1f0
[ 160.630577][ T1108] print_report+0xc3/0x620
[ 160.630636][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 160.630682][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 160.630727][ T1108] ? __phys_addr+0xc6/0x150
[ 160.630784][ T1108] kasan_report+0xd9/0x110
[ 160.630843][ T1108] ? copy_page_from_iter_atomic+0x8bc/0x1170
[ 160.630905][ T1108] ? copy_page_from_iter_atomic+0x8bc/0x1170
[ 160.630969][ T1108] kasan_check_range+0xef/0x1a0
[ 160.631010][ T1108] __asan_memcpy+0x23/0x60
[ 160.631059][ T1108] copy_page_from_iter_atomic+0x8bc/0x1170
[ 160.631120][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 160.631167][ T1108] ? __pfx_copy_page_from_iter_atomic+0x10/0x10
[ 160.631225][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 160.631269][ T1108] ? shmem_write_begin+0x16f/0x360
[ 160.643856][ T5542] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 160.649741][ T1108] ? __pfx_shmem_write_begin+0x10/0x10
[ 160.649804][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 160.649852][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 160.649897][ T1108] ? balance_dirty_pages_ratelimited_flags+0x92/0x1270
[ 160.649945][ T1108] ? ktime_get_coarse_real_ts64+0x147/0x200
[ 160.650002][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 160.650051][ T1108] generic_perform_write+0x53d/0xaa0
[ 160.650118][ T1108] ? __pfx_generic_perform_write+0x10/0x10
[ 160.664601][ T5542] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 160.672967][ T1108] ? __mark_inode_dirty+0x2a6/0xe70
[ 160.679111][ T5542] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 160.687133][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 160.687184][ T1108] ? preempt_count_add+0x76/0x150
[ 160.687241][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 160.687285][ T1108] ? mnt_put_write_access_file+0xc1/0xf0
[ 160.687358][ T1108] shmem_file_write_iter+0x114/0x140
[ 160.703515][ T5542] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 160.707473][ T1108] do_iter_readv_writev+0x534/0x800
[ 160.707525][ T1108] ? __pfx_do_iter_readv_writev+0x10/0x10
[ 160.719725][ T5542] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 160.723371][ T1108] ? __pfx___might_resched+0x10/0x10
[ 160.734963][ T2514] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 160.739726][ T1108] vfs_iter_write+0x1eb/0x9c0
[ 160.755201][ T5541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 160.760451][ T1108] loop_process_work+0x14dd/0x2000
[ 160.773648][ T2514] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 160.777369][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 160.777435][ T1108] ? __pfx_loop_process_work+0x10/0x10
[ 160.791931][ T5541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 160.793343][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 160.802573][ T5541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 160.804570][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 160.804620][ T1108] ? rcu_is_watching+0x12/0xc0
[ 160.804685][ T1108] ? lock_acquire+0x47b/0x560
[ 160.804750][ T1108] ? __pfx_lock_release+0x10/0x10
[ 160.804819][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 160.804864][ T1108] ? pwq_dec_nr_in_flight+0xc9/0xed0
[ 160.804931][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 160.816753][ T5541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 160.817657][ T1108] ? rcu_is_watching+0x12/0xc0
[ 160.823397][ T5541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 160.828662][ T1108] process_one_work+0x9c8/0x1b40
[ 160.828739][ T1108] ? __pfx_loop_rootcg_workfn+0x10/0x10
[ 160.828794][ T1108] ? __pfx_process_one_work+0x10/0x10
[ 160.828859][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 160.828912][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 160.828956][ T1108] ? assign_work+0x1a0/0x250
[ 160.829018][ T1108] worker_thread+0x6c8/0xf20
[ 160.829090][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 160.829134][ T1108] ? __kthread_parkme+0x148/0x220
[ 160.829181][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 160.829228][ T1108] ? __pfx_worker_thread+0x10/0x10
[ 160.829294][ T1108] kthread+0x2c4/0x3a0
[ 160.829340][ T1108] ? _raw_spin_unlock_irq+0x23/0x50
[ 160.829390][ T1108] ? __pfx_kthread+0x10/0x10
[ 160.829439][ T1108] ret_from_fork+0x48/0x80
[ 160.842982][ T5541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 160.845051][ T1108] ? __pfx_kthread+0x10/0x10
[ 160.845105][ T1108] ret_from_fork_asm+0x1a/0x30
[ 160.850771][ T5541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 160.860878][ T1108]
[ 160.860898][ T1108]
[ 160.860905][ T1108] Allocated by task 5763:
[ 160.860924][ T1108] kasan_save_stack+0x33/0x60
[ 160.860981][ T1108] kasan_save_track+0x14/0x30
[ 160.861027][ T1108] __kasan_kmalloc+0xaa/0xb0
[ 160.861074][ T1108] __kmalloc_noprof+0x1e8/0x400
[ 160.861126][ T1108] hfsplus_read_wrapper+0x34c/0xff0
[ 160.861167][ T1108] hfsplus_fill_super+0x352/0x1bc0
[ 160.861208][ T1108] mount_bdev+0x1e6/0x2d0
[ 160.861247][ T1108] legacy_get_tree+0x10c/0x220
[ 160.861306][ T1108] vfs_get_tree+0x92/0x380
[ 160.872080][ T5541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 160.877560][ T1108] path_mount+0x14e6/0x1f20
[ 160.877606][ T1108] __x64_sys_mount+0x294/0x320
[ 160.877647][ T1108] do_syscall_64+0xcd/0x250
[ 160.877698][ T1108] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 160.877772][ T1108]
[ 160.877781][ T1108] The buggy address belongs to the object at ffff88807b776000
[ 160.877781][ T1108] which belongs to the cache kmalloc-512 of size 512
[ 160.877812][ T1108] The buggy address is located 0 bytes inside of
[ 160.877812][ T1108] allocated 512-byte region [ffff88807b776000, ffff88807b776200)
[ 160.877851][ T1108]
[ 160.877860][ T1108] The buggy address belongs to the physical page:
[ 160.877873][ T1108] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7b774
[ 160.877908][ T1108] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 160.877942][ T1108] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 160.877973][ T1108] page_type: 0xfdffffff(slab)
[ 160.878005][ T1108] raw: 00fff00000000040 ffff888015841c80 dead000000000122 0000000000000000
[ 160.892863][ T5541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 160.898677][ T1108] raw: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000
[ 160.898714][ T1108] head: 00fff00000000040 ffff888015841c80 dead000000000122 0000000000000000
[ 160.898750][ T1108] head: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000
[ 160.908922][ T5541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 160.909634][ T1108] head: 00fff00000000002 ffffea0001eddd01 ffffffffffffffff 0000000000000000
[ 160.921017][ T5541] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 160.922159][ T1108] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[ 160.941297][ T5541] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 160.945058][ T1108] page dumped because: kasan: bad access detected
[ 160.945076][ T1108] page_owner tracks the page as allocated
[ 160.945088][ T1108] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5541, tgid 5541 (syz-executor.1), ts 158958610015, free_ts 157115524368
[ 160.945162][ T1108] post_alloc_hook+0x2d1/0x350
[ 160.945218][ T1108] get_page_from_freelist+0x1351/0x2e50
[ 160.945277][ T1108] __alloc_pages_noprof+0x22b/0x2460
[ 160.945334][ T1108] alloc_slab_page+0x4e/0xf0
[ 160.945372][ T1108] new_slab+0x84/0x260
[ 160.945419][ T1108] ___slab_alloc+0xdac/0x1870
[ 160.945467][ T1108] __slab_alloc.constprop.0+0x56/0xb0
[ 160.953045][ T5541] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 160.957849][ T1108] __kmalloc_noprof+0x367/0x400
[ 160.957905][ T1108] fib6_info_alloc+0x40/0x160
[ 160.966761][ T5541] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 160.968957][ T1108] ip6_route_info_create+0x337/0x1940
[ 160.981327][ T5541] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 160.984364][ T1108] ip6_route_add+0x26/0x190
[ 160.984423][ T1108] addrconf_add_mroute+0x1de/0x350
[ 160.984459][ T1108] addrconf_add_dev+0x14e/0x1c0
[ 160.984500][ T1108] inet6_addr_add+0x1a8/0xbe0
[ 160.984546][ T1108] inet6_rtm_newaddr+0x11e7/0x1ab0
[ 160.984597][ T1108] rtnetlink_rcv_msg+0x3ca/0xea0
[ 160.984650][ T1108] page last free pid 1046 tgid 1046 stack trace:
[ 160.984671][ T1108] free_unref_page+0x64a/0xe40
[ 160.984724][ T1108] qlist_free_all+0x4e/0x140
[ 160.984775][ T1108] kasan_quarantine_reduce+0x192/0x1e0
[ 160.984824][ T1108] __kasan_slab_alloc+0x69/0x90
[ 160.984875][ T1108] __kmalloc_cache_noprof+0x11e/0x300
[ 160.984927][ T1108] __ipv6_dev_mc_inc+0x2b7/0xc50
[ 160.984987][ T1108] addrconf_dad_work+0x232/0x1500
[ 160.985036][ T1108] process_one_work+0x9c8/0x1b40
[ 160.985097][ T1108] worker_thread+0x6c8/0xf20
[ 160.985157][ T1108] kthread+0x2c4/0x3a0
[ 160.985199][ T1108] ret_from_fork+0x48/0x80
[ 160.985258][ T1108] ret_from_fork_asm+0x1a/0x30
[ 160.985315][ T1108]
[ 160.985322][ T1108] Memory state around the buggy address:
[ 160.985341][ T1108] ffff88807b776100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 160.985368][ T1108] ffff88807b776180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 160.985395][ T1108] >ffff88807b776200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 160.985416][ T1108] ^
[ 160.985434][ T1108] ffff88807b776280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 160.985461][ T1108] ffff88807b776300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 160.985482][ T1108] ==================================================================
[ 161.468809][ T5766] loop0: detected capacity change from 0 to 1024
2024/08/15 06:25:18 executed programs: 9
[ 161.846934][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 161.848998][ T5542] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 161.856389][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 161.873916][ T5542] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 161.886629][ T5542] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 161.895792][ T5542] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 161.913246][ T61] ==================================================================
[ 161.921342][ T61] BUG: KASAN: slab-out-of-bounds in copy_page_from_iter_atomic+0x8bc/0x1170
[ 161.930074][ T61] Read of size 2048 at addr ffff88807b178400 by task kworker/u8:4/61
[ 161.938198][ T61]
[ 161.940541][ T61] CPU: 1 UID: 0 PID: 61 Comm: kworker/u8:4 Tainted: G B 6.11.0-rc3-syzkaller-00066-g1fb918967b56 #0
[ 161.952742][ T61] Tainted: [B]=BAD_PAGE
[ 161.956927][ T61] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 161.967269][ T61] Workqueue: loop0 loop_workfn
[ 161.972087][ T61] Call Trace:
[ 161.975384][ T61]
[ 161.978340][ T61] dump_stack_lvl+0x116/0x1f0
[ 161.983058][ T61] print_report+0xc3/0x620
[ 161.987529][ T61] ? srso_alias_return_thunk+0x5/0xfbef5
[ 161.993246][ T61] ? srso_alias_return_thunk+0x5/0xfbef5
[ 161.998927][ T61] ? __phys_addr+0xc6/0x150
[ 162.003485][ T61] kasan_report+0xd9/0x110
[ 162.008073][ T61] ? copy_page_from_iter_atomic+0x8bc/0x1170
[ 162.014125][ T61] ? copy_page_from_iter_atomic+0x8bc/0x1170
[ 162.020204][ T61] kasan_check_range+0xef/0x1a0
[ 162.025106][ T61] __asan_memcpy+0x23/0x60
[ 162.029574][ T61] copy_page_from_iter_atomic+0x8bc/0x1170
[ 162.035479][ T61] ? srso_alias_return_thunk+0x5/0xfbef5
[ 162.041161][ T61] ? __pfx_copy_page_from_iter_atomic+0x10/0x10
[ 162.047743][ T61] ? srso_alias_return_thunk+0x5/0xfbef5
[ 162.053422][ T61] ? shmem_write_begin+0x16f/0x360
[ 162.058585][ T61] ? __pfx_shmem_write_begin+0x10/0x10
[ 162.064115][ T61] ? srso_alias_return_thunk+0x5/0xfbef5
[ 162.069889][ T61] ? srso_alias_return_thunk+0x5/0xfbef5
[ 162.075567][ T61] ? balance_dirty_pages_ratelimited_flags+0x92/0x1270
[ 162.082504][ T61] ? ktime_get_coarse_real_ts64+0x147/0x200
[ 162.088455][ T61] ? srso_alias_return_thunk+0x5/0xfbef5
[ 162.094145][ T61] generic_perform_write+0x53d/0xaa0
[ 162.099580][ T61] ? __pfx_generic_perform_write+0x10/0x10
[ 162.105536][ T61] ? __mark_inode_dirty+0x2a6/0xe70
[ 162.110785][ T61] ? srso_alias_return_thunk+0x5/0xfbef5
[ 162.116461][ T61] ? preempt_count_add+0x76/0x150
[ 162.121536][ T61] ? srso_alias_return_thunk+0x5/0xfbef5
[ 162.127214][ T61] ? mnt_put_write_access_file+0xc1/0xf0
[ 162.132915][ T61] shmem_file_write_iter+0x114/0x140
[ 162.138266][ T61] do_iter_readv_writev+0x534/0x800
[ 162.143537][ T61] ? __pfx_do_iter_readv_writev+0x10/0x10
[ 162.149300][ T61] ? __pfx___might_resched+0x10/0x10
[ 162.154630][ T61] vfs_iter_write+0x1eb/0x9c0
[ 162.159376][ T61] loop_process_work+0x14dd/0x2000
[ 162.164547][ T61] ? srso_alias_return_thunk+0x5/0xfbef5
[ 162.170334][ T61] ? __pfx_loop_process_work+0x10/0x10
[ 162.175844][ T61] ? srso_alias_return_thunk+0x5/0xfbef5
[ 162.181523][ T61] ? srso_alias_return_thunk+0x5/0xfbef5
[ 162.187204][ T61] ? rcu_is_watching+0x12/0xc0
[ 162.192043][ T61] ? lock_acquire+0x47b/0x560
[ 162.196792][ T61] ? __pfx_lock_release+0x10/0x10
[ 162.201887][ T61] ? srso_alias_return_thunk+0x5/0xfbef5
[ 162.207613][ T61] ? srso_alias_return_thunk+0x5/0xfbef5
[ 162.213310][ T61] ? rcu_is_watching+0x12/0xc0
[ 162.218140][ T61] process_one_work+0x9c8/0x1b40
[ 162.223179][ T61] ? __pfx_lock_acquire+0x10/0x10
[ 162.228264][ T61] ? __pfx_process_one_work+0x10/0x10
[ 162.233693][ T61] ? srso_alias_return_thunk+0x5/0xfbef5
[ 162.239374][ T61] ? srso_alias_return_thunk+0x5/0xfbef5
[ 162.245133][ T61] ? assign_work+0x1a0/0x250
[ 162.249805][ T61] worker_thread+0x6c8/0xf20
[ 162.254467][ T61] ? __pfx_worker_thread+0x10/0x10
[ 162.259635][ T61] kthread+0x2c4/0x3a0
[ 162.263845][ T61] ? _raw_spin_unlock_irq+0x23/0x50
[ 162.269086][ T61] ? __pfx_kthread+0x10/0x10
[ 162.273719][ T61] ret_from_fork+0x48/0x80
[ 162.278195][ T61] ? __pfx_kthread+0x10/0x10
[ 162.282828][ T61] ret_from_fork_asm+0x1a/0x30
[ 162.287667][ T61]
[ 162.290703][ T61]
[ 162.293044][ T61] Allocated by task 5766:
[ 162.297410][ T61] kasan_save_stack+0x33/0x60
[ 162.302132][ T61] kasan_save_track+0x14/0x30
[ 162.306860][ T61] __kasan_kmalloc+0xaa/0xb0
[ 162.311492][ T61] __kmalloc_noprof+0x1e8/0x400
[ 162.316394][ T61] hfsplus_read_wrapper+0x34c/0xff0
[ 162.321627][ T61] hfsplus_fill_super+0x352/0x1bc0
[ 162.326776][ T61] mount_bdev+0x1e6/0x2d0
[ 162.331139][ T61] legacy_get_tree+0x10c/0x220
[ 162.336133][ T61] vfs_get_tree+0x92/0x380
[ 162.340583][ T61] path_mount+0x14e6/0x1f20
[ 162.345123][ T61] __x64_sys_mount+0x294/0x320
[ 162.349927][ T61] do_syscall_64+0xcd/0x250
[ 162.354525][ T61] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 162.360486][ T61]
[ 162.362822][ T61] The buggy address belongs to the object at ffff88807b178400
[ 162.362822][ T61] which belongs to the cache kmalloc-512 of size 512
[ 162.376905][ T61] The buggy address is located 0 bytes inside of
[ 162.376905][ T61] allocated 512-byte region [ffff88807b178400, ffff88807b178600)
[ 162.390917][ T61]
[ 162.393256][ T61] The buggy address belongs to the physical page:
[ 162.399701][ T61] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7b178
[ 162.408541][ T61] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 162.417097][ T61] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 162.424669][ T61] page_type: 0xfdffffff(slab)
[ 162.429407][ T61] raw: 00fff00000000040 ffff888015841c80 dead000000000122 0000000000000000
[ 162.438037][ T61] raw: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000
[ 162.447012][ T61] head: 00fff00000000040 ffff888015841c80 dead000000000122 0000000000000000
[ 162.455831][ T61] head: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000
[ 162.464548][ T61] head: 00fff00000000002 ffffea0001ec5e01 ffffffffffffffff 0000000000000000
[ 162.473265][ T61] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[ 162.481965][ T61] page dumped because: kasan: bad access detected
[ 162.488415][ T61] page_owner tracks the page as allocated
[ 162.494155][ T61] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5743, tgid 5743 (udevd), ts 161724843222, free_ts 161325089563
[ 162.516709][ T61] post_alloc_hook+0x2d1/0x350
[ 162.521540][ T61] get_page_from_freelist+0x1351/0x2e50
[ 162.527231][ T61] __alloc_pages_noprof+0x22b/0x2460
[ 162.532572][ T61] alloc_slab_page+0x4e/0xf0
[ 162.537234][ T61] new_slab+0x84/0x260
[ 162.541387][ T61] ___slab_alloc+0xdac/0x1870
[ 162.546109][ T61] __slab_alloc.constprop.0+0x56/0xb0
[ 162.551531][ T61] __kmalloc_cache_noprof+0x2b4/0x300
[ 162.557121][ T61] kernfs_fop_open+0x28b/0xdb0
[ 162.561923][ T61] do_dentry_open+0x922/0x15f0
[ 162.566722][ T61] vfs_open+0x82/0x3f0
[ 162.570840][ T61] path_openat+0x2141/0x2d20
[ 162.575467][ T61] do_filp_open+0x1dc/0x430
[ 162.580464][ T61] do_sys_openat2+0x17a/0x1e0
[ 162.585191][ T61] __x64_sys_openat+0x175/0x210
[ 162.590092][ T61] do_syscall_64+0xcd/0x250
[ 162.594643][ T61] page last free pid 4674 tgid 4674 stack trace:
[ 162.600985][ T61] free_unref_page+0x64a/0xe40
[ 162.605927][ T61] qlist_free_all+0x4e/0x140
[ 162.610557][ T61] kasan_quarantine_reduce+0x192/0x1e0
[ 162.616060][ T61] __kasan_slab_alloc+0x69/0x90
[ 162.620962][ T61] kmem_cache_alloc_noprof+0x121/0x2f0
[ 162.626474][ T61] getname_flags.part.0+0x4c/0x550
[ 162.631639][ T61] getname_flags+0x93/0xf0
[ 162.636180][ T61] vfs_fstatat+0x86/0x160
[ 162.640552][ T61] __do_sys_newfstatat+0xa2/0x130
[ 162.645802][ T61] do_syscall_64+0xcd/0x250
[ 162.650360][ T61] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 162.656306][ T61]
[ 162.658637][ T61] Memory state around the buggy address:
[ 162.664281][ T61] ffff88807b178500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 162.672374][ T61] ffff88807b178580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 162.680497][ T61] >ffff88807b178600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 162.688578][ T61] ^
[ 162.692677][ T61] ffff88807b178680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 162.700774][ T61] ffff88807b178700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 162.708948][ T61] ==================================================================
[ 162.778456][ T61] ==================================================================
[ 162.786591][ T61] BUG: KASAN: slab-out-of-bounds in copy_page_from_iter_atomic+0x8bc/0x1170
[ 162.795526][ T61] Read of size 2048 at addr ffff88807b178400 by task kworker/u8:4/61
[ 162.803770][ T61]
[ 162.806141][ T61] CPU: 1 UID: 0 PID: 61 Comm: kworker/u8:4 Tainted: G B 6.11.0-rc3-syzkaller-00066-g1fb918967b56 #0
[ 162.818345][ T61] Tainted: [B]=BAD_PAGE
[ 162.822523][ T61] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 162.832711][ T61] Workqueue: loop0 loop_workfn
[ 162.837525][ T61] Call Trace:
[ 162.840815][ T61]
[ 162.843753][ T61] dump_stack_lvl+0x116/0x1f0
[ 162.848461][ T61] print_report+0xc3/0x620
[ 162.852915][ T61] ? srso_alias_return_thunk+0x5/0xfbef5
[ 162.858575][ T61] ? srso_alias_return_thunk+0x5/0xfbef5
[ 162.864265][ T61] ? __phys_addr+0xc6/0x150
[ 162.868829][ T61] kasan_report+0xd9/0x110
[ 162.873312][ T61] ? copy_page_from_iter_atomic+0x8bc/0x1170
[ 162.879340][ T61] ? copy_page_from_iter_atomic+0x8bc/0x1170
[ 162.885380][ T61] kasan_check_range+0xef/0x1a0
[ 162.890260][ T61] __asan_memcpy+0x23/0x60
[ 162.894796][ T61] copy_page_from_iter_atomic+0x8bc/0x1170
[ 162.900650][ T61] ? srso_alias_return_thunk+0x5/0xfbef5
[ 162.906321][ T61] ? __pfx_copy_page_from_iter_atomic+0x10/0x10
[ 162.912604][ T61] ? srso_alias_return_thunk+0x5/0xfbef5
[ 162.918271][ T61] ? shmem_write_begin+0x16f/0x360
[ 162.923423][ T61] ? __pfx_shmem_write_begin+0x10/0x10
[ 162.928922][ T61] ? srso_alias_return_thunk+0x5/0xfbef5
[ 162.934769][ T61] ? srso_alias_return_thunk+0x5/0xfbef5
[ 162.940437][ T61] ? balance_dirty_pages_ratelimited_flags+0x92/0x1270
[ 162.947324][ T61] ? ktime_get_coarse_real_ts64+0x147/0x200
[ 162.953258][ T61] ? srso_alias_return_thunk+0x5/0xfbef5
[ 162.958928][ T61] generic_perform_write+0x53d/0xaa0
[ 162.964268][ T61] ? __pfx_generic_perform_write+0x10/0x10
[ 162.970149][ T61] ? __mark_inode_dirty+0x2a6/0xe70
[ 162.975393][ T61] ? srso_alias_return_thunk+0x5/0xfbef5
[ 162.981183][ T61] ? preempt_count_add+0x76/0x150
[ 162.986382][ T61] ? srso_alias_return_thunk+0x5/0xfbef5
[ 162.992089][ T61] ? mnt_put_write_access_file+0xc1/0xf0
[ 162.997786][ T61] shmem_file_write_iter+0x114/0x140
[ 163.003159][ T61] do_iter_readv_writev+0x534/0x800
[ 163.008393][ T61] ? __pfx_do_iter_readv_writev+0x10/0x10
[ 163.014257][ T61] ? __pfx___might_resched+0x10/0x10
[ 163.019597][ T61] vfs_iter_write+0x1eb/0x9c0
[ 163.024312][ T61] loop_process_work+0x14dd/0x2000
[ 163.029460][ T61] ? srso_alias_return_thunk+0x5/0xfbef5
[ 163.035137][ T61] ? __pfx_loop_process_work+0x10/0x10
[ 163.040714][ T61] ? srso_alias_return_thunk+0x5/0xfbef5
[ 163.046642][ T61] ? srso_alias_return_thunk+0x5/0xfbef5
[ 163.052308][ T61] ? rcu_is_watching+0x12/0xc0
[ 163.057207][ T61] ? lock_acquire+0x47b/0x560
[ 163.061930][ T61] ? __pfx_lock_release+0x10/0x10
[ 163.067003][ T61] ? srso_alias_return_thunk+0x5/0xfbef5
[ 163.072665][ T61] ? srso_alias_return_thunk+0x5/0xfbef5
[ 163.078330][ T61] ? rcu_is_watching+0x12/0xc0
[ 163.083237][ T61] process_one_work+0x9c8/0x1b40
[ 163.088280][ T61] ? __pfx_lock_acquire+0x10/0x10
[ 163.093459][ T61] ? __pfx_process_one_work+0x10/0x10
[ 163.098888][ T61] ? srso_alias_return_thunk+0x5/0xfbef5
[ 163.104564][ T61] ? srso_alias_return_thunk+0x5/0xfbef5
[ 163.110235][ T61] ? assign_work+0x1a0/0x250
[ 163.114877][ T61] worker_thread+0x6c8/0xf20
[ 163.119553][ T61] ? __pfx_worker_thread+0x10/0x10
[ 163.124722][ T61] kthread+0x2c4/0x3a0
[ 163.128825][ T61] ? _raw_spin_unlock_irq+0x23/0x50
[ 163.134056][ T61] ? __pfx_kthread+0x10/0x10
[ 163.138675][ T61] ret_from_fork+0x48/0x80
[ 163.143132][ T61] ? __pfx_kthread+0x10/0x10
[ 163.147838][ T61] ret_from_fork_asm+0x1a/0x30
[ 163.152664][ T61]
[ 163.155691][ T61]
[ 163.158014][ T61] Allocated by task 5766:
[ 163.162429][ T61] kasan_save_stack+0x33/0x60
[ 163.167138][ T61] kasan_save_track+0x14/0x30
[ 163.171858][ T61] __kasan_kmalloc+0xaa/0xb0
[ 163.176477][ T61] __kmalloc_noprof+0x1e8/0x400
[ 163.181357][ T61] hfsplus_read_wrapper+0x34c/0xff0
[ 163.186575][ T61] hfsplus_fill_super+0x352/0x1bc0
[ 163.191706][ T61] mount_bdev+0x1e6/0x2d0
[ 163.196059][ T61] legacy_get_tree+0x10c/0x220
[ 163.200864][ T61] vfs_get_tree+0x92/0x380
[ 163.205301][ T61] path_mount+0x14e6/0x1f20
[ 163.209825][ T61] __x64_sys_mount+0x294/0x320
[ 163.214611][ T61] do_syscall_64+0xcd/0x250
[ 163.219147][ T61] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 163.225081][ T61]
[ 163.227405][ T61] The buggy address belongs to the object at ffff88807b178400
[ 163.227405][ T61] which belongs to the cache kmalloc-512 of size 512
[ 163.241471][ T61] The buggy address is located 0 bytes inside of
[ 163.241471][ T61] allocated 512-byte region [ffff88807b178400, ffff88807b178600)
[ 163.255663][ T61]
[ 163.257988][ T61] The buggy address belongs to the physical page:
[ 163.264395][ T61] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7b178
[ 163.273254][ T61] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 163.281774][ T61] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 163.289427][ T61] page_type: 0xfdffffff(slab)
[ 163.294124][ T61] raw: 00fff00000000040 ffff888015841c80 dead000000000122 0000000000000000
[ 163.302819][ T61] raw: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000
[ 163.311426][ T61] head: 00fff00000000040 ffff888015841c80 dead000000000122 0000000000000000
[ 163.320287][ T61] head: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000
[ 163.329160][ T61] head: 00fff00000000002 ffffea0001ec5e01 ffffffffffffffff 0000000000000000
[ 163.337945][ T61] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[ 163.346710][ T61] page dumped because: kasan: bad access detected
[ 163.353120][ T61] page_owner tracks the page as allocated
[ 163.358922][ T61] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5743, tgid 5743 (udevd), ts 161724843222, free_ts 161325089563
[ 163.381286][ T61] post_alloc_hook+0x2d1/0x350
[ 163.386093][ T61] get_page_from_freelist+0x1351/0x2e50
[ 163.391676][ T61] __alloc_pages_noprof+0x22b/0x2460
[ 163.397002][ T61] alloc_slab_page+0x4e/0xf0
[ 163.401634][ T61] new_slab+0x84/0x260
[ 163.405747][ T61] ___slab_alloc+0xdac/0x1870
[ 163.410461][ T61] __slab_alloc.constprop.0+0x56/0xb0
[ 163.415873][ T61] __kmalloc_cache_noprof+0x2b4/0x300
[ 163.421284][ T61] kernfs_fop_open+0x28b/0xdb0
[ 163.426329][ T61] do_dentry_open+0x922/0x15f0
[ 163.431146][ T61] vfs_open+0x82/0x3f0
[ 163.435248][ T61] path_openat+0x2141/0x2d20
[ 163.439865][ T61] do_filp_open+0x1dc/0x430
[ 163.444391][ T61] do_sys_openat2+0x17a/0x1e0
[ 163.449102][ T61] __x64_sys_openat+0x175/0x210
[ 163.453988][ T61] do_syscall_64+0xcd/0x250
[ 163.458538][ T61] page last free pid 4674 tgid 4674 stack trace:
[ 163.464899][ T61] free_unref_page+0x64a/0xe40
[ 163.469696][ T61] qlist_free_all+0x4e/0x140
[ 163.474312][ T61] kasan_quarantine_reduce+0x192/0x1e0
[ 163.479810][ T61] __kasan_slab_alloc+0x69/0x90
[ 163.484697][ T61] kmem_cache_alloc_noprof+0x121/0x2f0
[ 163.490193][ T61] getname_flags.part.0+0x4c/0x550
[ 163.495361][ T61] getname_flags+0x93/0xf0
[ 163.499817][ T61] vfs_fstatat+0x86/0x160
[ 163.504279][ T61] __do_sys_newfstatat+0xa2/0x130
[ 163.509349][ T61] do_syscall_64+0xcd/0x250
[ 163.513889][ T61] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 163.519834][ T61]
[ 163.522158][ T61] Memory state around the buggy address:
[ 163.527792][ T61] ffff88807b178500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 163.535864][ T61] ffff88807b178580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 163.544024][ T61] >ffff88807b178600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 163.552092][ T61] ^
[ 163.556166][ T61] ffff88807b178680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 163.564332][ T61] ffff88807b178700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 163.572396][ T61] ==================================================================
[ 163.797580][ T5790] loop0: detected capacity change from 0 to 1024
[ 163.927580][ T1046] ==================================================================
[ 163.935742][ T1046] BUG: KASAN: slab-out-of-bounds in copy_page_from_iter_atomic+0x8bc/0x1170
[ 163.944501][ T1046] Read of size 2048 at addr ffff8880299be400 by task kworker/u8:6/1046
[ 163.952771][ T1046]
[ 163.955114][ T1046] CPU: 1 UID: 0 PID: 1046 Comm: kworker/u8:6 Tainted: G B 6.11.0-rc3-syzkaller-00066-g1fb918967b56 #0
[ 163.967474][ T1046] Tainted: [B]=BAD_PAGE
[ 163.971650][ T1046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 163.981733][ T1046] Workqueue: loop0 loop_workfn
[ 163.986534][ T1046] Call Trace:
[ 163.989913][ T1046]
[ 163.992860][ T1046] dump_stack_lvl+0x116/0x1f0
[ 163.997567][ T1046] print_report+0xc3/0x620
[ 164.002046][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 164.007709][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 164.013374][ T1046] ? __phys_addr+0xc6/0x150
[ 164.017943][ T1046] kasan_report+0xd9/0x110
[ 164.022411][ T1046] ? copy_page_from_iter_atomic+0x8bc/0x1170
[ 164.028435][ T1046] ? copy_page_from_iter_atomic+0x8bc/0x1170
[ 164.034662][ T1046] kasan_check_range+0xef/0x1a0
[ 164.039629][ T1046] __asan_memcpy+0x23/0x60
[ 164.044092][ T1046] copy_page_from_iter_atomic+0x8bc/0x1170
[ 164.049986][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 164.055655][ T1046] ? __pfx_copy_page_from_iter_atomic+0x10/0x10
[ 164.061953][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 164.067636][ T1046] ? shmem_write_begin+0x16f/0x360
[ 164.072791][ T1046] ? __pfx_shmem_write_begin+0x10/0x10
[ 164.078400][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 164.084254][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 164.089952][ T1046] ? balance_dirty_pages_ratelimited_flags+0x92/0x1270
[ 164.096830][ T1046] ? ktime_get_coarse_real_ts64+0x147/0x200
[ 164.102761][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 164.108428][ T1046] generic_perform_write+0x53d/0xaa0
[ 164.113766][ T1046] ? __pfx_generic_perform_write+0x10/0x10
[ 164.119639][ T1046] ? __mark_inode_dirty+0x2a6/0xe70
[ 164.124885][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 164.130543][ T1046] ? preempt_count_add+0x76/0x150
[ 164.135605][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 164.141262][ T1046] ? mnt_put_write_access_file+0xc1/0xf0
[ 164.146949][ T1046] shmem_file_write_iter+0x114/0x140
[ 164.152285][ T1046] do_iter_readv_writev+0x534/0x800
[ 164.157598][ T1046] ? __pfx_do_iter_readv_writev+0x10/0x10
[ 164.163348][ T1046] ? __pfx___might_resched+0x10/0x10
[ 164.168662][ T1046] vfs_iter_write+0x1eb/0x9c0
[ 164.173370][ T1046] loop_process_work+0x14dd/0x2000
[ 164.178690][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 164.184370][ T1046] ? __pfx_loop_process_work+0x10/0x10
[ 164.189858][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 164.195517][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 164.201175][ T1046] ? rcu_is_watching+0x12/0xc0
[ 164.206071][ T1046] ? lock_acquire+0x47b/0x560
[ 164.210822][ T1046] ? __pfx_lock_release+0x10/0x10
[ 164.215980][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 164.221641][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 164.227476][ T1046] ? rcu_is_watching+0x12/0xc0
[ 164.232287][ T1046] process_one_work+0x9c8/0x1b40
[ 164.237281][ T1046] ? __pfx_lock_acquire+0x10/0x10
[ 164.242347][ T1046] ? __pfx_process_one_work+0x10/0x10
[ 164.247765][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 164.253436][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 164.259103][ T1046] ? assign_work+0x1a0/0x250
[ 164.263759][ T1046] worker_thread+0x6c8/0xf20
[ 164.268411][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 164.274334][ T1046] ? __kthread_parkme+0x148/0x220
[ 164.279407][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 164.285093][ T1046] ? __pfx_worker_thread+0x10/0x10
[ 164.290272][ T1046] kthread+0x2c4/0x3a0
[ 164.294719][ T1046] ? _raw_spin_unlock_irq+0x23/0x50
[ 164.299956][ T1046] ? __pfx_kthread+0x10/0x10
[ 164.304584][ T1046] ret_from_fork+0x48/0x80
[ 164.309045][ T1046] ? __pfx_kthread+0x10/0x10
[ 164.313836][ T1046] ret_from_fork_asm+0x1a/0x30
[ 164.318654][ T1046]
[ 164.321680][ T1046]
[ 164.324024][ T1046] Allocated by task 5790:
[ 164.328364][ T1046] kasan_save_stack+0x33/0x60
[ 164.333092][ T1046] kasan_save_track+0x14/0x30
[ 164.337820][ T1046] __kasan_kmalloc+0xaa/0xb0
[ 164.342545][ T1046] __kmalloc_noprof+0x1e8/0x400
[ 164.347448][ T1046] hfsplus_read_wrapper+0x34c/0xff0
[ 164.352700][ T1046] hfsplus_fill_super+0x352/0x1bc0
[ 164.357837][ T1046] mount_bdev+0x1e6/0x2d0
[ 164.362361][ T1046] legacy_get_tree+0x10c/0x220
[ 164.367168][ T1046] vfs_get_tree+0x92/0x380
[ 164.371694][ T1046] path_mount+0x14e6/0x1f20
[ 164.376241][ T1046] __x64_sys_mount+0x294/0x320
[ 164.381575][ T1046] do_syscall_64+0xcd/0x250
[ 164.386111][ T1046] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 164.392050][ T1046]
[ 164.394376][ T1046] The buggy address belongs to the object at ffff8880299be400
[ 164.394376][ T1046] which belongs to the cache kmalloc-512 of size 512
[ 164.408726][ T1046] The buggy address is located 0 bytes inside of
[ 164.408726][ T1046] allocated 512-byte region [ffff8880299be400, ffff8880299be600)
[ 164.422826][ T1046]
[ 164.425152][ T1046] The buggy address belongs to the physical page:
[ 164.431561][ T1046] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x299bc
[ 164.440331][ T1046] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 164.448846][ T1046] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 164.456402][ T1046] page_type: 0xfdffffff(slab)
[ 164.461095][ T1046] raw: 00fff00000000040 ffff888015841c80 dead000000000100 dead000000000122
[ 164.469697][ T1046] raw: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000
[ 164.478325][ T1046] head: 00fff00000000040 ffff888015841c80 dead000000000100 dead000000000122
[ 164.487013][ T1046] head: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000
[ 164.495705][ T1046] head: 00fff00000000002 ffffea0000a66f01 ffffffffffffffff 0000000000000000
[ 164.504395][ T1046] head: ffff888000000004 0000000000000000 00000000ffffffff 0000000000000000
[ 164.513121][ T1046] page dumped because: kasan: bad access detected
[ 164.519541][ T1046] page_owner tracks the page as allocated
[ 164.525264][ T1046] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4674, tgid 4674 (udevd), ts 65705726479, free_ts 65534211109
[ 164.546241][ T1046] post_alloc_hook+0x2d1/0x350
[ 164.551045][ T1046] get_page_from_freelist+0x1351/0x2e50
[ 164.556805][ T1046] __alloc_pages_noprof+0x22b/0x2460
[ 164.562302][ T1046] alloc_slab_page+0x4e/0xf0
[ 164.566914][ T1046] new_slab+0x84/0x260
[ 164.571007][ T1046] ___slab_alloc+0xdac/0x1870
[ 164.575713][ T1046] __slab_alloc.constprop.0+0x56/0xb0
[ 164.581120][ T1046] __kmalloc_cache_noprof+0x2b4/0x300
[ 164.586527][ T1046] kernfs_fop_open+0x28b/0xdb0
[ 164.591320][ T1046] do_dentry_open+0x922/0x15f0
[ 164.596285][ T1046] vfs_open+0x82/0x3f0
[ 164.600389][ T1046] path_openat+0x2141/0x2d20
[ 164.605001][ T1046] do_filp_open+0x1dc/0x430
[ 164.609627][ T1046] do_sys_openat2+0x17a/0x1e0
[ 164.614341][ T1046] __x64_sys_openat+0x175/0x210
[ 164.619226][ T1046] do_syscall_64+0xcd/0x250
[ 164.623853][ T1046] page last free pid 4679 tgid 4679 stack trace:
[ 164.630184][ T1046] free_unref_page+0x64a/0xe40
[ 164.634988][ T1046] rcu_core+0x82b/0x16b0
[ 164.639267][ T1046] handle_softirqs+0x219/0x8f0
[ 164.644050][ T1046] irq_exit_rcu+0xbb/0x120
[ 164.648487][ T1046] sysvec_apic_timer_interrupt+0x95/0xb0
[ 164.654178][ T1046] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 164.660294][ T1046]
[ 164.662618][ T1046] Memory state around the buggy address:
[ 164.668259][ T1046] ffff8880299be500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 164.676421][ T1046] ffff8880299be580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 164.684495][ T1046] >ffff8880299be600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 164.692759][ T1046] ^
[ 164.696835][ T1046] ffff8880299be680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 164.704909][ T1046] ffff8880299be700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 164.712977][ T1046] ==================================================================
[ 164.771587][ T5794] loop5: detected capacity change from 0 to 1024
[ 164.811579][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 164.822393][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 164.835548][ T1108] ==================================================================
[ 164.843669][ T1108] BUG: KASAN: slab-out-of-bounds in copy_page_from_iter_atomic+0x8bc/0x1170
[ 164.852399][ T1108] Read of size 2048 at addr ffff8880299be400 by task kworker/u8:7/1108
[ 164.860665][ T1108]
[ 164.863003][ T1108] CPU: 1 UID: 0 PID: 1108 Comm: kworker/u8:7 Tainted: G B 6.11.0-rc3-syzkaller-00066-g1fb918967b56 #0
[ 164.875374][ T1108] Tainted: [B]=BAD_PAGE
[ 164.879540][ T1108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 164.889620][ T1108] Workqueue: loop0 loop_workfn
[ 164.894433][ T1108] Call Trace:
[ 164.897818][ T1108]
[ 164.900757][ T1108] dump_stack_lvl+0x116/0x1f0
[ 164.905467][ T1108] print_report+0xc3/0x620
[ 164.909963][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 164.915627][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 164.921285][ T1108] ? __phys_addr+0xc6/0x150
[ 164.925825][ T1108] kasan_report+0xd9/0x110
[ 164.930372][ T1108] ? copy_page_from_iter_atomic+0x8bc/0x1170
[ 164.936490][ T1108] ? copy_page_from_iter_atomic+0x8bc/0x1170
[ 164.942517][ T1108] kasan_check_range+0xef/0x1a0
[ 164.947391][ T1108] __asan_memcpy+0x23/0x60
[ 164.951838][ T1108] copy_page_from_iter_atomic+0x8bc/0x1170
[ 164.957688][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 164.963352][ T1108] ? __pfx_copy_page_from_iter_atomic+0x10/0x10
[ 164.969979][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 164.975639][ T1108] ? shmem_write_begin+0x16f/0x360
[ 164.980787][ T1108] ? __pfx_shmem_write_begin+0x10/0x10
[ 164.986455][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 164.992114][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 164.997775][ T1108] ? balance_dirty_pages_ratelimited_flags+0x92/0x1270
[ 165.004666][ T1108] ? ktime_get_coarse_real_ts64+0x147/0x200
[ 165.010592][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 165.016346][ T1108] generic_perform_write+0x53d/0xaa0
[ 165.021676][ T1108] ? __pfx_generic_perform_write+0x10/0x10
[ 165.027515][ T1108] ? __mark_inode_dirty+0x2a6/0xe70
[ 165.032760][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 165.038476][ T1108] ? preempt_count_add+0x76/0x150
[ 165.043539][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 165.049199][ T1108] ? mnt_put_write_access_file+0xc1/0xf0
[ 165.054883][ T1108] shmem_file_write_iter+0x114/0x140
[ 165.060215][ T1108] do_iter_readv_writev+0x534/0x800
[ 165.065441][ T1108] ? __pfx_do_iter_readv_writev+0x10/0x10
[ 165.071189][ T1108] ? __pfx___might_resched+0x10/0x10
[ 165.076507][ T1108] vfs_iter_write+0x1eb/0x9c0
[ 165.081209][ T1108] loop_process_work+0x14dd/0x2000
[ 165.086390][ T1108] ? __pfx_loop_process_work+0x10/0x10
[ 165.091887][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 165.097550][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 165.103215][ T1108] ? rcu_is_watching+0x12/0xc0
[ 165.108029][ T1108] ? lock_acquire+0x47b/0x560
[ 165.112753][ T1108] ? __pfx_lock_release+0x10/0x10
[ 165.117826][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 165.123513][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 165.129258][ T1108] ? rcu_is_watching+0x12/0xc0
[ 165.134069][ T1108] process_one_work+0x9c8/0x1b40
[ 165.139065][ T1108] ? __pfx_batadv_iv_send_outstanding_bat_ogm_packet+0x10/0x10
[ 165.146651][ T1108] ? __pfx_process_one_work+0x10/0x10
[ 165.152077][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 165.157741][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 165.163532][ T1108] ? assign_work+0x1a0/0x250
[ 165.168372][ T1108] worker_thread+0x6c8/0xf20
[ 165.173021][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 165.178694][ T1108] ? __kthread_parkme+0x148/0x220
[ 165.183843][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5
[ 165.189508][ T1108] ? __pfx_worker_thread+0x10/0x10
[ 165.194778][ T1108] kthread+0x2c4/0x3a0
[ 165.198966][ T1108] ? _raw_spin_unlock_irq+0x23/0x50
[ 165.204285][ T1108] ? __pfx_kthread+0x10/0x10
[ 165.208902][ T1108] ret_from_fork+0x48/0x80
[ 165.213365][ T1108] ? __pfx_kthread+0x10/0x10
[ 165.217998][ T1108] ret_from_fork_asm+0x1a/0x30
[ 165.222827][ T1108]
[ 165.225858][ T1108]
[ 165.228186][ T1108] Allocated by task 5790:
[ 165.232627][ T1108] kasan_save_stack+0x33/0x60
[ 165.237364][ T1108] kasan_save_track+0x14/0x30
[ 165.242171][ T1108] __kasan_kmalloc+0xaa/0xb0
[ 165.246800][ T1108] __kmalloc_noprof+0x1e8/0x400
[ 165.251880][ T1108] hfsplus_read_wrapper+0x34c/0xff0
[ 165.257101][ T1108] hfsplus_fill_super+0x352/0x1bc0
[ 165.262236][ T1108] mount_bdev+0x1e6/0x2d0
[ 165.266588][ T1108] legacy_get_tree+0x10c/0x220
[ 165.271393][ T1108] vfs_get_tree+0x92/0x380
[ 165.275832][ T1108] path_mount+0x14e6/0x1f20
[ 165.280356][ T1108] __x64_sys_mount+0x294/0x320
[ 165.285142][ T1108] do_syscall_64+0xcd/0x250
[ 165.289680][ T1108] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 165.295614][ T1108]
[ 165.297940][ T1108] The buggy address belongs to the object at ffff8880299be400
[ 165.297940][ T1108] which belongs to the cache kmalloc-512 of size 512
[ 165.312032][ T1108] The buggy address is located 0 bytes inside of
[ 165.312032][ T1108] allocated 512-byte region [ffff8880299be400, ffff8880299be600)
[ 165.326028][ T1108]
[ 165.328356][ T1108] The buggy address belongs to the physical page:
[ 165.334968][ T1108] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x299bc
[ 165.343745][ T1108] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 165.352267][ T1108] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 165.359827][ T1108] page_type: 0xfdffffff(slab)
[ 165.364520][ T1108] raw: 00fff00000000040 ffff888015841c80 dead000000000100 dead000000000122