Warning: Permanently added '[localhost]:37435' (ED25519) to the list of known hosts.
2025/04/10 21:59:47 ignoring optional flag "sandboxArg"="0"
2025/04/10 21:59:47 parsed 1 programs
[ 122.815623][ T5475] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 126.492703][ T4671] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 126.501586][ T4671] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 126.505861][ T4671] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 126.509809][ T4671] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 126.516330][ T4671] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 126.798447][ T2715] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 126.801853][ T2715] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 126.833955][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 126.838222][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 127.819067][ T5537] chnl_net:caif_netlink_parms(): no params data found
[ 127.898832][ T5537] bridge0: port 1(bridge_slave_0) entered blocking state
[ 127.901888][ T5537] bridge0: port 1(bridge_slave_0) entered disabled state
[ 127.905464][ T5537] bridge_slave_0: entered allmulticast mode
[ 127.909285][ T5537] bridge_slave_0: entered promiscuous mode
[ 127.913771][ T5537] bridge0: port 2(bridge_slave_1) entered blocking state
[ 127.918728][ T5537] bridge0: port 2(bridge_slave_1) entered disabled state
[ 127.921906][ T5537] bridge_slave_1: entered allmulticast mode
[ 127.926320][ T5537] bridge_slave_1: entered promiscuous mode
[ 127.953444][ T5537] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 127.961544][ T5537] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 127.994164][ T5537] team0: Port device team_slave_0 added
[ 128.000718][ T5537] team0: Port device team_slave_1 added
[ 128.025506][ T5537] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 128.028616][ T5537] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 128.040896][ T5537] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 128.047238][ T5537] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 128.050114][ T5537] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 128.062497][ T5537] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 128.106860][ T5537] hsr_slave_0: entered promiscuous mode
[ 128.109922][ T5537] hsr_slave_1: entered promiscuous mode
[ 128.233790][ T5537] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 128.276284][ T5537] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 128.308974][ T5537] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 128.348369][ T5537] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 128.460248][ T5537] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 128.467689][ T5537] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 128.473808][ T5537] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 128.481628][ T5537] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 128.500203][ T5537] bridge0: port 2(bridge_slave_1) entered blocking state
[ 128.503465][ T5537] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 128.506579][ T5537] bridge0: port 1(bridge_slave_0) entered blocking state
[ 128.509457][ T5537] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 128.566691][ T5537] 8021q: adding VLAN 0 to HW filter on device bond0
[ 128.579595][ T12] bridge0: port 1(bridge_slave_0) entered disabled state
[ 128.583192][ T12] bridge0: port 2(bridge_slave_1) entered disabled state
[ 128.597391][ T5537] 8021q: adding VLAN 0 to HW filter on device team0
[ 128.607257][ T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 128.610084][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 128.620206][ T2715] bridge0: port 2(bridge_slave_1) entered blocking state
[ 128.622990][ T2715] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 128.801433][ T5537] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 128.840650][ T5537] veth0_vlan: entered promiscuous mode
[ 128.850783][ T5537] veth1_vlan: entered promiscuous mode
[ 128.883481][ T5537] veth0_macvtap: entered promiscuous mode
[ 128.890418][ T5537] veth1_macvtap: entered promiscuous mode
[ 128.906304][ T5537] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 128.910651][ T5537] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 128.919855][ T5537] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 128.928367][ T5537] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 128.932557][ T5537] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 128.939278][ T5537] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 128.947190][ T5537] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 128.950691][ T5537] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 128.954184][ T5537] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 128.961328][ T5537] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
2025/04/10 22:00:00 executed programs: 0
[ 130.610144][ T5384] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 130.615721][ T5384] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 130.619284][ T5384] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 130.622905][ T5384] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 130.630894][ T5384] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 130.833572][ T5575] chnl_net:caif_netlink_parms(): no params data found
[ 130.915921][ T5575] bridge0: port 1(bridge_slave_0) entered blocking state
[ 130.919051][ T5575] bridge0: port 1(bridge_slave_0) entered disabled state
[ 130.922088][ T5575] bridge_slave_0: entered allmulticast mode
[ 130.928501][ T5575] bridge_slave_0: entered promiscuous mode
[ 130.933364][ T5575] bridge0: port 2(bridge_slave_1) entered blocking state
[ 130.937660][ T5575] bridge0: port 2(bridge_slave_1) entered disabled state
[ 130.940671][ T5575] bridge_slave_1: entered allmulticast mode
[ 130.951124][ T5575] bridge_slave_1: entered promiscuous mode
[ 130.987458][ T5575] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 130.994164][ T5575] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 131.023576][ T5575] team0: Port device team_slave_0 added
[ 131.031548][ T5575] team0: Port device team_slave_1 added
[ 131.066972][ T5575] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 131.069833][ T5575] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 131.081628][ T5575] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 131.089700][ T5575] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 131.092814][ T5575] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 131.108227][ T5575] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 131.153018][ T5575] hsr_slave_0: entered promiscuous mode
[ 131.157078][ T5575] hsr_slave_1: entered promiscuous mode
[ 131.160142][ T5575] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 131.163359][ T5575] Cannot create hsr debugfs directory
[ 131.299299][ T5575] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 132.289245][ T5575] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 132.326489][ T5575] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 132.367966][ T5575] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 132.462093][ T5575] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 132.473028][ T5575] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 132.480379][ T5575] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 132.488925][ T5575] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 132.572126][ T5575] 8021q: adding VLAN 0 to HW filter on device bond0
[ 132.589105][ T5575] 8021q: adding VLAN 0 to HW filter on device team0
[ 132.598974][ T13] bridge0: port 1(bridge_slave_0) entered blocking state
[ 132.601672][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 132.618637][ T13] bridge0: port 2(bridge_slave_1) entered blocking state
[ 132.621528][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 132.708064][ T5384] Bluetooth: hci0: command tx timeout
[ 132.823361][ T5575] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 132.863830][ T5575] veth0_vlan: entered promiscuous mode
[ 132.878965][ T5575] veth1_vlan: entered promiscuous mode
[ 132.909790][ T5575] veth0_macvtap: entered promiscuous mode
[ 132.917729][ T5575] veth1_macvtap: entered promiscuous mode
[ 132.933016][ T5575] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 132.939418][ T5575] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 132.943340][ T5575] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 132.951651][ T5575] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 132.957380][ T5575] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 132.967658][ T5575] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 132.971583][ T5575] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 132.976897][ T5575] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 132.980787][ T5575] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 132.987588][ T5575] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 132.995929][ T5575] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 132.999001][ T5575] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 133.002071][ T5575] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 133.008042][ T5575] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 133.091457][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 133.103266][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 133.130018][ T2715] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 133.133256][ T2715] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 133.242803][ T5589] loop0: detected capacity change from 0 to 2048
[ 133.263986][ T5589] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found
[ 133.276237][ T5589] UDF-fs: Scanning with blocksize 512 failed
[ 133.292691][ T5589] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 133.405241][ T5589] loop0: detected capacity change from 2048 to 2047
[ 133.408574][ T5589]
[ 133.409568][ T5589] ======================================================
[ 133.412363][ T5589] WARNING: possible circular locking dependency detected
[ 133.415291][ T5589] 6.15.0-rc1-syzkaller-00139-gab59a8605604 #0 Not tainted
[ 133.418893][ T5589] ------------------------------------------------------
[ 133.421653][ T5589] syz.0.15/5589 is trying to acquire lock:
[ 133.423900][ T5589] ffffffff90467508 (uevent_sock_mutex){+.+.}-{4:4}, at: kobject_uevent_net_broadcast+0x280/0x580
[ 133.428100][ T5589]
[ 133.428100][ T5589] but task is already holding lock:
[ 133.431107][ T5589] ffff888033d49de8 (&q->q_usage_counter(io)#17){++++}-{0:0}, at: loop_set_status+0x223/0xb20
[ 133.435117][ T5589]
[ 133.435117][ T5589] which lock already depends on the new lock.
[ 133.435117][ T5589]
[ 133.439122][ T5589]
[ 133.439122][ T5589] the existing dependency chain (in reverse order) is:
[ 133.442740][ T5589]
[ 133.442740][ T5589] -> #2 (&q->q_usage_counter(io)#17){++++}-{0:0}:
[ 133.446402][ T5589] lock_acquire+0x116/0x2f0
[ 133.448489][ T5589] blk_alloc_queue+0x542/0x620
[ 133.450644][ T5589] __blk_mq_alloc_disk+0x162/0x380
[ 133.452901][ T5589] loop_add+0x445/0xaf0
[ 133.454704][ T5589] loop_init+0x168/0x220
[ 133.456659][ T5589] do_one_initcall+0x24a/0x940
[ 133.458814][ T5589] do_initcall_level+0x157/0x210
[ 133.460946][ T5589] do_initcalls+0x71/0xd0
[ 133.462907][ T5589] kernel_init_freeable+0x432/0x5d0
[ 133.465195][ T5589] kernel_init+0x1d/0x2b0
[ 133.467255][ T5589] ret_from_fork+0x4b/0x80
[ 133.469264][ T5589] ret_from_fork_asm+0x1a/0x30
[ 133.471435][ T5589]
[ 133.471435][ T5589] -> #1 (fs_reclaim){+.+.}-{0:0}:
[ 133.474350][ T5589] lock_acquire+0x116/0x2f0
[ 133.476432][ T5589] fs_reclaim_acquire+0x88/0x130
[ 133.478683][ T5589] kmem_cache_alloc_node_noprof+0x4e/0x3b0
[ 133.481105][ T5589] __alloc_skb+0x1c2/0x480
[ 133.483131][ T5589] alloc_uevent_skb+0x74/0x230
[ 133.485291][ T5589] kobject_uevent_net_broadcast+0x2fd/0x580
[ 133.487851][ T5589] kobject_uevent_env+0x57d/0x8e0
[ 133.490105][ T5589] kobject_synth_uevent+0x4f4/0xaf0
[ 133.492429][ T5589] bus_uevent_store+0x116/0x170
[ 133.494521][ T5589] kernfs_fop_write_iter+0x398/0x510
[ 133.496968][ T5589] vfs_write+0x70f/0xd10
[ 133.498858][ T5589] ksys_write+0x19d/0x2d0
[ 133.500834][ T5589] do_syscall_64+0xf3/0x230
[ 133.502817][ T5589] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 133.505420][ T5589]
[ 133.505420][ T5589] -> #0 (uevent_sock_mutex){+.+.}-{4:4}:
[ 133.508589][ T5589] validate_chain+0xa69/0x24e0
[ 133.510775][ T5589] __lock_acquire+0xad5/0xd80
[ 133.513226][ T5589] lock_acquire+0x116/0x2f0
[ 133.515301][ T5589] __mutex_lock+0x1a5/0x10c0
[ 133.517365][ T5589] kobject_uevent_net_broadcast+0x280/0x580
[ 133.519888][ T5589] kobject_uevent_env+0x57d/0x8e0
[ 133.522087][ T5589] set_capacity_and_notify+0x269/0x2d0
[ 133.524492][ T5589] loop_set_status+0x4a4/0xb20
[ 133.526628][ T5589] lo_ioctl+0xce1/0x2850
[ 133.528535][ T5589] blkdev_ioctl+0x5df/0x710
[ 133.530539][ T5589] __se_sys_ioctl+0xf1/0x160
[ 133.532587][ T5589] do_syscall_64+0xf3/0x230
[ 133.534611][ T5589] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 133.537241][ T5589]
[ 133.537241][ T5589] other info that might help us debug this:
[ 133.537241][ T5589]
[ 133.541255][ T5589] Chain exists of:
[ 133.541255][ T5589] uevent_sock_mutex --> fs_reclaim --> &q->q_usage_counter(io)#17
[ 133.541255][ T5589]
[ 133.546548][ T5589] Possible unsafe locking scenario:
[ 133.546548][ T5589]
[ 133.549215][ T5589] CPU0 CPU1
[ 133.551025][ T5589] ---- ----
[ 133.553037][ T5589] lock(&q->q_usage_counter(io)#17);
[ 133.555242][ T5589] lock(fs_reclaim);
[ 133.557857][ T5589] lock(&q->q_usage_counter(io)#17);
[ 133.561089][ T5589] lock(uevent_sock_mutex);
[ 133.563035][ T5589]
[ 133.563035][ T5589] *** DEADLOCK ***
[ 133.563035][ T5589]
[ 133.566258][ T5589] 3 locks held by syz.0.15/5589:
[ 133.568304][ T5589] #0: ffff8880347b2368 (&lo->lo_mutex){+.+.}-{4:4}, at: loop_set_status+0x2b/0xb20
[ 133.571959][ T5589] #1: ffff888033d49de8 (&q->q_usage_counter(io)#17){++++}-{0:0}, at: loop_set_status+0x223/0xb20
[ 133.576319][ T5589] #2: ffff888033d49e20 (&q->q_usage_counter(queue)#20){+.+.}-{0:0}, at: loop_set_status+0x223/0xb20
[ 133.580763][ T5589]
[ 133.580763][ T5589] stack backtrace:
[ 133.583361][ T5589] CPU: 0 UID: 0 PID: 5589 Comm: syz.0.15 Not tainted 6.15.0-rc1-syzkaller-00139-gab59a8605604 #0 PREEMPT(full)
[ 133.583375][ T5589] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 133.583382][ T5589] Call Trace:
[ 133.583389][ T5589]
[ 133.583394][ T5589] dump_stack_lvl+0x241/0x360
[ 133.583412][ T5589] ? __pfx_dump_stack_lvl+0x10/0x10
[ 133.583434][ T5589] ? __pfx__printk+0x10/0x10
[ 133.583448][ T5589] ? print_lock+0x171/0x1a0
[ 133.583461][ T5589] print_circular_bug+0x2e1/0x300
[ 133.583475][ T5589] check_noncircular+0x142/0x160
[ 133.583488][ T5589] validate_chain+0xa69/0x24e0
[ 133.583500][ T5589] ? __pfx_number+0x10/0x10
[ 133.583520][ T5589] __lock_acquire+0xad5/0xd80
[ 133.583533][ T5589] lock_acquire+0x116/0x2f0
[ 133.583542][ T5589] ? kobject_uevent_net_broadcast+0x280/0x580
[ 133.583556][ T5589] ? vsnprintf+0x1156/0x1230
[ 133.583570][ T5589] __mutex_lock+0x1a5/0x10c0
[ 133.583582][ T5589] ? kobject_uevent_net_broadcast+0x280/0x580
[ 133.583596][ T5589] ? __pfx_vsnprintf+0x10/0x10
[ 133.583610][ T5589] ? kobject_uevent_net_broadcast+0x280/0x580
[ 133.583623][ T5589] ? __pfx___mutex_lock+0x10/0x10
[ 133.583634][ T5589] ? add_uevent_var+0x291/0x490
[ 133.583647][ T5589] ? kobject_uevent_env+0x503/0x8e0
[ 133.583660][ T5589] ? __pfx_add_uevent_var+0x10/0x10
[ 133.583673][ T5589] kobject_uevent_net_broadcast+0x280/0x580
[ 133.583688][ T5589] kobject_uevent_env+0x57d/0x8e0
[ 133.583704][ T5589] set_capacity_and_notify+0x269/0x2d0
[ 133.583719][ T5589] ? __pfx_set_capacity_and_notify+0x10/0x10
[ 133.583731][ T5589] ? __asan_memcpy+0x40/0x70
[ 133.583742][ T5589] ? loop_set_status_from_info+0x184/0x240
[ 133.583757][ T5589] loop_set_status+0x4a4/0xb20
[ 133.583773][ T5589] lo_ioctl+0xce1/0x2850
[ 133.583787][ T5589] ? kasan_save_track+0x51/0x80
[ 133.583798][ T5589] ? kasan_save_track+0x3f/0x80
[ 133.583808][ T5589] ? kasan_save_free_info+0x40/0x50
[ 133.583817][ T5589] ? __kasan_slab_free+0x59/0x70
[ 133.583828][ T5589] ? kfree+0x198/0x430
[ 133.583840][ T5589] ? __pfx_lo_ioctl+0x10/0x10
[ 133.583852][ T5589] ? vfs_open+0x3b/0x370
[ 133.583865][ T5589] ? path_openat+0x2caf/0x35d0
[ 133.583875][ T5589] ? do_filp_open+0x284/0x4e0
[ 133.583889][ T5589] ? __lock_acquire+0xad5/0xd80
[ 133.583899][ T5589] ? xfd_validate_state+0x6e/0x150
[ 133.583911][ T5589] ? __lock_acquire+0xad5/0xd80
[ 133.583921][ T5589] ? __lock_acquire+0xad5/0xd80
[ 133.583932][ T5589] ? __lock_acquire+0xad5/0xd80
[ 133.583942][ T5589] ? __lock_acquire+0xad5/0xd80
[ 133.583952][ T5589] ? __lock_acquire+0xad5/0xd80
[ 133.583962][ T5589] ? __lock_acquire+0xad5/0xd80
[ 133.583974][ T5589] ? is_bpf_text_address+0x26/0x2a0
[ 133.583986][ T5589] ? is_bpf_text_address+0x288/0x2a0
[ 133.583997][ T5589] ? is_bpf_text_address+0x26/0x2a0
[ 133.584008][ T5589] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 133.584023][ T5589] ? kernel_text_address+0xa7/0xe0
[ 133.584033][ T5589] ? __kernel_text_address+0xd/0x40
[ 133.584041][ T5589] ? unwind_get_return_address+0x4d/0x90
[ 133.584053][ T5589] ? arch_stack_walk+0xff/0x150
[ 133.584068][ T5589] ? stack_trace_save+0x11a/0x1d0
[ 133.584081][ T5589] ? __pfx_stack_trace_save+0x10/0x10
[ 133.584095][ T5589] ? stack_depot_save_flags+0x44/0x940
[ 133.584109][ T5589] ? do_syscall_64+0xf3/0x230
[ 133.584120][ T5589] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 133.584130][ T5589] ? do_vfs_ioctl+0xef8/0x2750
[ 133.584148][ T5589] ? kasan_quarantine_put+0xdc/0x230
[ 133.584159][ T5589] ? lockdep_hardirqs_on+0x9d/0x150
[ 133.584171][ T5589] ? tomoyo_path_number_perm+0x215/0x790
[ 133.584185][ T5589] ? blkdev_common_ioctl+0x1060/0x25a0
[ 133.584197][ T5589] ? __pfx_blkdev_common_ioctl+0x10/0x10
[ 133.584211][ T5589] ? tomoyo_path_number_perm+0x215/0x790
[ 133.584223][ T5589] ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 133.584236][ T5589] ? do_sys_openat2+0x165/0x1d0
[ 133.584251][ T5589] ? __lock_acquire+0xad5/0xd80
[ 133.584264][ T5589] ? file_to_blk_mode+0xcb/0x140
[ 133.584278][ T5589] ? __pfx_lo_ioctl+0x10/0x10
[ 133.584290][ T5589] blkdev_ioctl+0x5df/0x710
[ 133.584303][ T5589] ? __pfx_blkdev_ioctl+0x10/0x10
[ 133.584315][ T5589] ? __pfx_blkdev_ioctl+0x10/0x10
[ 133.584327][ T5589] __se_sys_ioctl+0xf1/0x160
[ 133.584339][ T5589] do_syscall_64+0xf3/0x230
[ 133.584351][ T5589] ? clear_bhb_loop+0x45/0xa0
[ 133.584363][ T5589] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 133.584373][ T5589] RIP: 0033:0x7f3077b7e719
[ 133.584384][ T5589] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 133.584392][ T5589] RSP: 002b:00007f30788bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 133.584404][ T5589] RAX: ffffffffffffffda RBX: 00007f3077d35f80 RCX: 00007f3077b7e719
[ 133.584412][ T5589] RDX: 00000000200000c0 RSI: 0000000000004c02 RDI: 0000000000000006
[ 133.584427][ T5589] RBP: 00007f3077bf132e R08: 0000000000000000 R09: 0000000000000000
[ 133.584433][ T5589] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 133.584439][ T5589] R13: 0000000000000000 R14: 00007f3077d35f80 R15: 00007fff5412f5e8
[ 133.584449][ T5589]
[ 133.811488][ T5588] UDF-fs: warning (device loop0): udf_truncate_tail_extent: Too long extent after EOF in inode 818: i_size: 134220898 lbcount: 141077504 extent 0+14745600
[ 133.818482][ T5588] ==================================================================
[ 133.821571][ T5588] BUG: KASAN: use-after-free in crc_itu_t+0x1de/0x2b0
[ 133.824267][ T5588] Read of size 1 at addr ffff888054791000 by task syz.0.15/5588
[ 133.827315][ T5588]
[ 133.828266][ T5588] CPU: 0 UID: 0 PID: 5588 Comm: syz.0.15 Not tainted 6.15.0-rc1-syzkaller-00139-gab59a8605604 #0 PREEMPT(full)
[ 133.828282][ T5588] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 133.828289][ T5588] Call Trace:
[ 133.828295][ T5588]
[ 133.828300][ T5588] dump_stack_lvl+0x241/0x360
[ 133.828321][ T5588] ? __pfx_dump_stack_lvl+0x10/0x10
[ 133.828334][ T5588] ? __virt_addr_valid+0x183/0x530
[ 133.828348][ T5588] ? rcu_is_watching+0x15/0xb0
[ 133.828367][ T5588] ? __virt_addr_valid+0x183/0x530
[ 133.828387][ T5588] ? lock_release+0x4e/0x3e0
[ 133.828406][ T5588] ? __virt_addr_valid+0x183/0x530
[ 133.828422][ T5588] ? __virt_addr_valid+0x183/0x530
[ 133.828435][ T5588] print_report+0x16e/0x5b0
[ 133.828449][ T5588] ? __virt_addr_valid+0x183/0x530
[ 133.828469][ T5588] ? __virt_addr_valid+0x183/0x530
[ 133.828481][ T5588] ? __virt_addr_valid+0x45f/0x530
[ 133.828495][ T5588] ? __phys_addr+0xba/0x170
[ 133.828508][ T5588] ? crc_itu_t+0x1de/0x2b0
[ 133.828517][ T5588] kasan_report+0x143/0x180
[ 133.828530][ T5588] ? crc_itu_t+0x1de/0x2b0
[ 133.828541][ T5588] crc_itu_t+0x1de/0x2b0
[ 133.828551][ T5588] udf_update_tag+0x70/0x6a0
[ 133.828563][ T5588] udf_write_aext+0x4d8/0x7b0
[ 133.828577][ T5588] extent_trunc+0x2ee/0x4a0
[ 133.828591][ T5588] ? __pfx_extent_trunc+0x10/0x10
[ 133.828608][ T5588] udf_truncate_tail_extent+0x544/0x810
[ 133.828624][ T5588] ? __pfx_udf_truncate_tail_extent+0x10/0x10
[ 133.828641][ T5588] ? down_write+0x18d/0x220
[ 133.828654][ T5588] ? __pfx_down_write+0x10/0x10
[ 133.828670][ T5588] udf_release_file+0xc1/0x120
[ 133.828681][ T5588] ? __pfx_udf_release_file+0x10/0x10
[ 133.828691][ T5588] __fput+0x3e9/0x9f0
[ 133.828702][ T5588] task_work_run+0x251/0x310
[ 133.828718][ T5588] ? _raw_spin_unlock+0x28/0x50
[ 133.828728][ T5588] ? __pfx_task_work_run+0x10/0x10
[ 133.828743][ T5588] ? rcu_is_watching+0x15/0xb0
[ 133.828756][ T5588] syscall_exit_to_user_mode+0x13f/0x340
[ 133.828769][ T5588] do_syscall_64+0x100/0x230
[ 133.828781][ T5588] ? clear_bhb_loop+0x45/0xa0
[ 133.828793][ T5588] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 133.828804][ T5588] RIP: 0033:0x7f3077b7e719
[ 133.828816][ T5588] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 133.828824][ T5588] RSP: 002b:00007fff5412f748 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 133.828837][ T5588] RAX: 0000000000000000 RBX: 00007f3077d37a80 RCX: 00007f3077b7e719
[ 133.828845][ T5588] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 133.828852][ T5588] RBP: 00007f3077d37a80 R08: 0000000000000000 R09: 00007fff5412fa3f
[ 133.828859][ T5588] R10: 000000000003fd6c R11: 0000000000000246 R12: 0000000000020b09
[ 133.828866][ T5588] R13: 00007fff5412f850 R14: 0000000000000032 R15: ffffffffffffffff
[ 133.828876][ T5588]
[ 133.828880][ T5588]
[ 133.941784][ T5588] The buggy address belongs to the physical page:
[ 133.944415][ T5588] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x7f306e804 pfn:0x54791
[ 133.948689][ T5588] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[ 133.951564][ T5588] raw: 04fff00000000000 ffffea000151e488 ffff88801fc3f870 0000000000000000
[ 133.954922][ T5588] raw: 00000007f306e804 0000000000000000 00000000ffffffff 0000000000000000
[ 133.958419][ T5588] page dumped because: kasan: bad access detected
[ 133.960904][ T5588] page_owner tracks the page as freed
[ 133.963060][ T5588] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|__GFP_COMP), pid 5589, tgid 5588 (syz.0.15), ts 133342058605, free_ts 133372984754
[ 133.970142][ T5588] post_alloc_hook+0x1f4/0x240
[ 133.972055][ T5588] get_page_from_freelist+0x352b/0x36c0
[ 133.974183][ T5588] __alloc_frozen_pages_noprof+0x211/0x5b0
[ 133.976466][ T5588] alloc_pages_mpol+0x339/0x690
[ 133.978925][ T5588] vma_alloc_folio_noprof+0x12d/0x260
[ 133.981024][ T5588] folio_prealloc+0x2e/0x170
[ 133.983002][ T5588] handle_pte_fault+0x2e45/0x61c0
[ 133.985068][ T5588] handle_mm_fault+0x1129/0x1bf0
[ 133.987441][ T5588] exc_page_fault+0x45b/0x920
[ 133.989822][ T5588] asm_exc_page_fault+0x26/0x30
[ 133.991833][ T5588] page last free pid 5589 tgid 5588 stack trace:
[ 133.994301][ T5588] free_unref_folios+0xe0e/0x17f0
[ 133.996298][ T5588] folios_put_refs+0x70a/0x800
[ 133.998254][ T5588] free_pages_and_swap_cache+0x5cb/0x6a0
[ 134.000534][ T5588] tlb_flush_mmu+0x3a9/0x690
[ 134.002372][ T5588] tlb_finish_mmu+0xd4/0x200
[ 134.004275][ T5588] vms_clear_ptes+0x431/0x540
[ 134.006204][ T5588] vms_complete_munmap_vmas+0x210/0x8f0
[ 134.008492][ T5588] do_vmi_align_munmap+0x5b9/0x6c0
[ 134.010622][ T5588] do_vmi_munmap+0x24e/0x2d0
[ 134.012560][ T5588] __vm_munmap+0x37b/0x520
[ 134.014396][ T5588] __x64_sys_munmap+0x60/0x70
[ 134.016312][ T5588] do_syscall_64+0xf3/0x230
[ 134.018194][ T5588] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 134.020647][ T5588]
[ 134.021694][ T5588] Memory state around the buggy address:
[ 134.023986][ T5588] ffff888054790f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 134.027100][ T5588] ffff888054790f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 134.030324][ T5588] >ffff888054791000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 134.033483][ T5588] ^
[ 134.035110][ T5588] ffff888054791080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 134.038302][ T5588] ffff888054791100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 134.041402][ T5588] ==================================================================
[ 134.058233][ T5588] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 134.061249][ T5588] CPU: 0 UID: 0 PID: 5588 Comm: syz.0.15 Not tainted 6.15.0-rc1-syzkaller-00139-gab59a8605604 #0 PREEMPT(full)
[ 134.065806][ T5588] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 134.069697][ T5588] Call Trace:
[ 134.070939][ T5588]
[ 134.072043][ T5588] dump_stack_lvl+0x241/0x360
[ 134.073867][ T5588] ? __pfx_dump_stack_lvl+0x10/0x10
[ 134.075842][ T5588] ? __pfx__printk+0x10/0x10
[ 134.077780][ T5588] ? preempt_schedule+0xe4/0xf0
[ 134.079766][ T5588] ? vscnprintf+0x5d/0x90
[ 134.081558][ T5588] panic+0x349/0x880
[ 134.083136][ T5588] ? check_panic_on_warn+0x21/0xb0
[ 134.085246][ T5588] ? __pfx_panic+0x10/0x10
[ 134.087401][ T5588] ? _raw_spin_unlock_irqrestore+0x134/0x140
[ 134.089845][ T5588] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 134.092303][ T5588] ? print_report+0x519/0x5b0
[ 134.094255][ T5588] check_panic_on_warn+0x86/0xb0
[ 134.096282][ T5588] ? crc_itu_t+0x1de/0x2b0
[ 134.098097][ T5588] end_report+0x77/0x160
[ 134.099847][ T5588] kasan_report+0x154/0x180
[ 134.101877][ T5588] ? crc_itu_t+0x1de/0x2b0
[ 134.104317][ T5588] crc_itu_t+0x1de/0x2b0
[ 134.106505][ T5588] udf_update_tag+0x70/0x6a0
[ 134.108304][ T5588] udf_write_aext+0x4d8/0x7b0
[ 134.110225][ T5588] extent_trunc+0x2ee/0x4a0
[ 134.112121][ T5588] ? __pfx_extent_trunc+0x10/0x10
[ 134.114147][ T5588] udf_truncate_tail_extent+0x544/0x810
[ 134.116373][ T5588] ? __pfx_udf_truncate_tail_extent+0x10/0x10
[ 134.118791][ T5588] ? down_write+0x18d/0x220
[ 134.120649][ T5588] ? __pfx_down_write+0x10/0x10
[ 134.122533][ T5588] udf_release_file+0xc1/0x120
[ 134.124491][ T5588] ? __pfx_udf_release_file+0x10/0x10
[ 134.126594][ T5588] __fput+0x3e9/0x9f0
[ 134.128236][ T5588] task_work_run+0x251/0x310
[ 134.130089][ T5588] ? _raw_spin_unlock+0x28/0x50
[ 134.132017][ T5588] ? __pfx_task_work_run+0x10/0x10
[ 134.134002][ T5588] ? rcu_is_watching+0x15/0xb0
[ 134.136016][ T5588] syscall_exit_to_user_mode+0x13f/0x340
[ 134.138277][ T5588] do_syscall_64+0x100/0x230
[ 134.140157][ T5588] ? clear_bhb_loop+0x45/0xa0
[ 134.141999][ T5588] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 134.144384][ T5588] RIP: 0033:0x7f3077b7e719
[ 134.146241][ T5588] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 134.153783][ T5588] RSP: 002b:00007fff5412f748 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 134.157154][ T5588] RAX: 0000000000000000 RBX: 00007f3077d37a80 RCX: 00007f3077b7e719
[ 134.160357][ T5588] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 134.163523][ T5588] RBP: 00007f3077d37a80 R08: 0000000000000000 R09: 00007fff5412fa3f
[ 134.166680][ T5588] R10: 000000000003fd6c R11: 0000000000000246 R12: 0000000000020b09
[ 134.169961][ T5588] R13: 00007fff5412f850 R14: 0000000000000032 R15: ffffffffffffffff
[ 134.173231][ T5588]
[ 134.174795][ T5588] Kernel Offset: disabled
[ 134.176586][ T5588] Rebooting in 86400 seconds..