Warning: Permanently added '[localhost]:15339' (ED25519) to the list of known hosts.
2025/09/23 18:35:52 parsed 1 programs
syzkaller login: [ 84.488695][ T5349] cgroup: Unknown subsys name 'net'
[ 84.561382][ T5349] cgroup: Unknown subsys name 'cpuset'
[ 84.568373][ T5349] cgroup: Unknown subsys name 'rlimit'
[ 86.160938][ T5349] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 90.150279][ T5361] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 91.870196][ T10] cfg80211: failed to load regulatory.db
[ 92.332521][ T5406] chnl_net:caif_netlink_parms(): no params data found
[ 92.401143][ T5406] bridge0: port 1(bridge_slave_0) entered blocking state
[ 92.404682][ T5406] bridge0: port 1(bridge_slave_0) entered disabled state
[ 92.408308][ T5406] bridge_slave_0: entered allmulticast mode
[ 92.412005][ T5406] bridge_slave_0: entered promiscuous mode
[ 92.418414][ T5406] bridge0: port 2(bridge_slave_1) entered blocking state
[ 92.421401][ T5406] bridge0: port 2(bridge_slave_1) entered disabled state
[ 92.424372][ T5406] bridge_slave_1: entered allmulticast mode
[ 92.429055][ T5406] bridge_slave_1: entered promiscuous mode
[ 92.455162][ T5406] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 92.461880][ T5406] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 92.484616][ T5406] team0: Port device team_slave_0 added
[ 92.489760][ T5406] team0: Port device team_slave_1 added
[ 92.513120][ T5406] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 92.516079][ T5406] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 92.527538][ T5406] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 92.533917][ T5406] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 92.536782][ T5406] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 92.549153][ T5406] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 92.585346][ T5406] hsr_slave_0: entered promiscuous mode
[ 92.588926][ T5406] hsr_slave_1: entered promiscuous mode
[ 92.728352][ T5406] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 92.736442][ T5406] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 92.743358][ T5406] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 92.750158][ T5406] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 92.776432][ T5406] bridge0: port 2(bridge_slave_1) entered blocking state
[ 92.779361][ T5406] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 92.783038][ T5406] bridge0: port 1(bridge_slave_0) entered blocking state
[ 92.785966][ T5406] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 92.842883][ T5406] 8021q: adding VLAN 0 to HW filter on device bond0
[ 92.855151][ T1041] bridge0: port 1(bridge_slave_0) entered disabled state
[ 92.859594][ T1041] bridge0: port 2(bridge_slave_1) entered disabled state
[ 92.872365][ T5406] 8021q: adding VLAN 0 to HW filter on device team0
[ 92.882340][ T31] bridge0: port 1(bridge_slave_0) entered blocking state
[ 92.885096][ T31] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 92.902766][ T31] bridge0: port 2(bridge_slave_1) entered blocking state
[ 92.905618][ T31] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 93.085296][ T5406] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 93.131325][ T5406] veth0_vlan: entered promiscuous mode
[ 93.140765][ T5406] veth1_vlan: entered promiscuous mode
[ 93.168810][ T5406] veth0_macvtap: entered promiscuous mode
[ 93.174380][ T5406] veth1_macvtap: entered promiscuous mode
[ 93.190470][ T5406] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 93.203417][ T5406] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 93.213257][ T31] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 93.230799][ T31] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 93.234310][ T31] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 93.251832][ T31] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 93.355918][ T31] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 93.413438][ T31] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 93.455850][ T31] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 93.523062][ T31] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 93.670089][ T1041] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 93.673438][ T1041] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 93.711581][ T1041] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 93.714929][ T1041] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 94.254101][ T5442] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 94.258670][ T5442] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 94.262021][ T5442] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 94.266066][ T5442] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 94.278831][ T5442] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
2025/09/23 18:36:05 executed programs: 0
[ 95.132371][ T4705] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 95.136505][ T4705] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 95.140587][ T4705] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 95.144286][ T4705] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 95.150137][ T4705] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 95.438937][ T5458] chnl_net:caif_netlink_parms(): no params data found
[ 95.503474][ T5458] bridge0: port 1(bridge_slave_0) entered blocking state
[ 95.508430][ T5458] bridge0: port 1(bridge_slave_0) entered disabled state
[ 95.511218][ T5458] bridge_slave_0: entered allmulticast mode
[ 95.514526][ T5458] bridge_slave_0: entered promiscuous mode
[ 95.519554][ T5458] bridge0: port 2(bridge_slave_1) entered blocking state
[ 95.522835][ T5458] bridge0: port 2(bridge_slave_1) entered disabled state
[ 95.526206][ T5458] bridge_slave_1: entered allmulticast mode
[ 95.531650][ T5458] bridge_slave_1: entered promiscuous mode
[ 95.556098][ T5458] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 95.562957][ T5458] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 95.588679][ T5458] team0: Port device team_slave_0 added
[ 95.593440][ T5458] team0: Port device team_slave_1 added
[ 95.614596][ T5458] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 95.617500][ T5458] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 95.633720][ T5458] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 95.642341][ T5458] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 95.645456][ T5458] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 95.658614][ T5458] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 95.703660][ T5458] hsr_slave_0: entered promiscuous mode
[ 95.706962][ T5458] hsr_slave_1: entered promiscuous mode
[ 95.711261][ T5458] debugfs: 'hsr0' already exists in 'hsr'
[ 95.713837][ T5458] Cannot create hsr debugfs directory
[ 96.238398][ T31] bridge_slave_1: left allmulticast mode
[ 96.240941][ T31] bridge_slave_1: left promiscuous mode
[ 96.244129][ T31] bridge0: port 2(bridge_slave_1) entered disabled state
[ 96.279299][ T31] bridge_slave_0: left allmulticast mode
[ 96.281820][ T31] bridge_slave_0: left promiscuous mode
[ 96.284301][ T31] bridge0: port 1(bridge_slave_0) entered disabled state
[ 96.626192][ T31] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 96.632644][ T31] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 96.636725][ T31] bond0 (unregistering): Released all slaves
[ 96.738281][ T31] hsr_slave_0: left promiscuous mode
[ 96.751295][ T31] hsr_slave_1: left promiscuous mode
[ 96.754304][ T31] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 96.768910][ T31] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 96.772432][ T31] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 96.775230][ T31] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 96.799919][ T31] veth1_macvtap: left promiscuous mode
[ 96.802531][ T31] veth0_macvtap: left promiscuous mode
[ 96.805025][ T31] veth1_vlan: left promiscuous mode
[ 96.815745][ T31] veth0_vlan: left promiscuous mode
[ 97.227685][ T4705] Bluetooth: hci0: command tx timeout
[ 97.235696][ T31] team0 (unregistering): Port device team_slave_1 removed
[ 97.250275][ T31] team0 (unregistering): Port device team_slave_0 removed
[ 97.790027][ T5458] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 97.799939][ T5458] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 97.811719][ T5458] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 97.841400][ T5458] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 98.324041][ T5458] 8021q: adding VLAN 0 to HW filter on device bond0
[ 98.381305][ T5458] 8021q: adding VLAN 0 to HW filter on device team0
[ 98.395690][ T1041] bridge0: port 1(bridge_slave_0) entered blocking state
[ 98.398509][ T1041] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 98.430556][ T1041] bridge0: port 2(bridge_slave_1) entered blocking state
[ 98.433757][ T1041] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 98.642347][ T5458] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 98.671703][ T5458] veth0_vlan: entered promiscuous mode
[ 98.681435][ T5458] veth1_vlan: entered promiscuous mode
[ 98.705593][ T5458] veth0_macvtap: entered promiscuous mode
[ 98.711885][ T5458] veth1_macvtap: entered promiscuous mode
[ 98.724251][ T5458] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 98.735291][ T5458] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 98.746153][ T31] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 98.758978][ T31] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 98.762681][ T31] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 98.766119][ T31] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 98.824547][ T31] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 98.830016][ T31] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 98.856797][ T31] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 98.861695][ T31] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 99.092163][ T5491] loop0: detected capacity change from 0 to 32768
[ 99.102228][ T5491] =======================================================
[ 99.102228][ T5491] WARNING: The mand mount option has been deprecated and
[ 99.102228][ T5491] and is ignored by this kernel. Remove the mand
[ 99.102228][ T5491] option from the mount to silence this warning.
[ 99.102228][ T5491] =======================================================
[ 99.162930][ T5491] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 99.213112][ T5491] ==================================================================
[ 99.216553][ T5491] BUG: KASAN: slab-out-of-bounds in crc32c+0xd0/0x460
[ 99.219465][ T5491] Read of size 8 at addr ffff88804011a200 by task syz.0.17/5491
[ 99.223835][ T5491]
[ 99.224823][ T5491] CPU: 0 UID: 0 PID: 5491 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)
[ 99.224837][ T5491] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 99.224844][ T5491] Call Trace:
[ 99.224852][ T5491]
[ 99.224857][ T5491] dump_stack_lvl+0x189/0x250
[ 99.224873][ T5491] ? rcu_is_watching+0x15/0xb0
[ 99.224884][ T5491] ? __kasan_check_byte+0x12/0x40
[ 99.224898][ T5491] ? __pfx_dump_stack_lvl+0x10/0x10
[ 99.224910][ T5491] ? rcu_is_watching+0x15/0xb0
[ 99.224920][ T5491] ? lock_release+0x4b/0x3e0
[ 99.224935][ T5491] ? __virt_addr_valid+0x1c8/0x5c0
[ 99.224950][ T5491] ? __virt_addr_valid+0x4a5/0x5c0
[ 99.224963][ T5491] print_report+0xca/0x240
[ 99.224974][ T5491] ? crc32c+0xd0/0x460
[ 99.224985][ T5491] kasan_report+0x118/0x150
[ 99.224998][ T5491] ? crc32c+0xd0/0x460
[ 99.225009][ T5491] crc32c+0xd0/0x460
[ 99.225018][ T5491] ? xlog_cksum+0x6b/0xf0
[ 99.225032][ T5491] xlog_cksum+0x92/0xf0
[ 99.225046][ T5491] xlog_recover_process+0x7a/0x1f0
[ 99.225060][ T5491] xlog_do_recovery_pass+0x9cd/0xc30
[ 99.225075][ T5491] ? __pfx_xlog_do_recovery_pass+0x10/0x10
[ 99.225090][ T5491] ? xlog_verify_head+0xf2/0x440
[ 99.225103][ T5491] xlog_verify_head+0x136/0x440
[ 99.225116][ T5491] xlog_find_tail+0x5ca/0x840
[ 99.225129][ T5491] xlog_recover+0x4b/0x3e0
[ 99.225141][ T5491] xfs_log_mount+0x253/0x3e0
[ 99.225155][ T5491] xfs_mountfs+0xe5e/0x2330
[ 99.225175][ T5491] ? __pfx_xfs_mountfs+0x10/0x10
[ 99.225186][ T5491] ? trace_xfs_inode_timestamp_range+0x84/0x200
[ 99.225197][ T5491] xfs_fs_fill_super+0x11b3/0x1600
[ 99.225214][ T5491] get_tree_bdev_flags+0x40e/0x4d0
[ 99.225228][ T5491] ? __pfx_xfs_fs_fill_super+0x10/0x10
[ 99.225243][ T5491] ? __pfx_get_tree_bdev_flags+0x10/0x10
[ 99.225258][ T5491] vfs_get_tree+0x92/0x2b0
[ 99.225271][ T5491] do_new_mount+0x2a2/0x9e0
[ 99.225285][ T5491] ? __pfx_do_new_mount+0x10/0x10
[ 99.225297][ T5491] ? path_mount+0x61c/0xfe0
[ 99.225309][ T5491] ? user_path_at+0x44/0x60
[ 99.225320][ T5491] __se_sys_mount+0x317/0x410
[ 99.225335][ T5491] ? __pfx___se_sys_mount+0x10/0x10
[ 99.225350][ T5491] ? do_syscall_64+0xbe/0x3b0
[ 99.225408][ T5491] ? __x64_sys_mount+0x20/0xc0
[ 99.225422][ T5491] do_syscall_64+0xfa/0x3b0
[ 99.225433][ T5491] ? lockdep_hardirqs_on+0x9c/0x150
[ 99.225443][ T5491] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 99.225455][ T5491] ? clear_bhb_loop+0x60/0xb0
[ 99.225466][ T5491] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 99.225477][ T5491] RIP: 0033:0x7f43f919066a
[ 99.225488][ T5491] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 99.225497][ T5491] RSP: 002b:00007ffd215a5eb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 99.225509][ T5491] RAX: ffffffffffffffda RBX: 00007ffd215a5f40 RCX: 00007f43f919066a
[ 99.225517][ T5491] RDX: 0000200000000500 RSI: 0000200000000200 RDI: 00007ffd215a5f00
[ 99.225524][ T5491] RBP: 0000200000000500 R08: 00007ffd215a5f40 R09: 0000000002218a5d
[ 99.225530][ T5491] R10: 0000000002218a5d R11: 0000000000000246 R12: 0000200000000200
[ 99.225536][ T5491] R13: 00007ffd215a5f00 R14: 0000000000009706 R15: 0000200000000100
[ 99.225547][ T5491]
[ 99.225551][ T5491]
[ 99.358727][ T5491] Allocated by task 5491:
[ 99.360595][ T5491] kasan_save_track+0x3e/0x80
[ 99.362643][ T5491] __kasan_kmalloc+0x93/0xb0
[ 99.364584][ T5491] __kvmalloc_node_noprof+0x30d/0x5f0
[ 99.366845][ T5491] xlog_do_recovery_pass+0x106/0xc30
[ 99.369057][ T5491] xlog_verify_head+0x136/0x440
[ 99.371125][ T5491] xlog_find_tail+0x5ca/0x840
[ 99.373068][ T5491] xlog_recover+0x4b/0x3e0
[ 99.374979][ T5491] xfs_log_mount+0x253/0x3e0
[ 99.376912][ T5491] xfs_mountfs+0xe5e/0x2330
[ 99.378852][ T5491] xfs_fs_fill_super+0x11b3/0x1600
[ 99.381002][ T5491] get_tree_bdev_flags+0x40e/0x4d0
[ 99.383185][ T5491] vfs_get_tree+0x92/0x2b0
[ 99.385039][ T5491] do_new_mount+0x2a2/0x9e0
[ 99.386932][ T5491] __se_sys_mount+0x317/0x410
[ 99.388788][ T5491] do_syscall_64+0xfa/0x3b0
[ 99.391120][ T5491] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 99.393656][ T5491]
[ 99.394707][ T5491] The buggy address belongs to the object at ffff88804011a000
[ 99.394707][ T5491] which belongs to the cache kmalloc-512 of size 512
[ 99.400628][ T5491] The buggy address is located 0 bytes to the right of
[ 99.400628][ T5491] allocated 512-byte region [ffff88804011a000, ffff88804011a200)
[ 99.406794][ T5491]
[ 99.407861][ T5491] The buggy address belongs to the physical page:
[ 99.410647][ T5491] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4011a
[ 99.414407][ T5491] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 99.417998][ T5491] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff)
[ 99.421254][ T5491] page_type: f5(slab)
[ 99.423042][ T5491] raw: 04fff00000000040 ffff88801a841c80 dead000000000100 dead000000000122
[ 99.426637][ T5491] raw: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000
[ 99.430184][ T5491] head: 04fff00000000040 ffff88801a841c80 dead000000000100 dead000000000122
[ 99.433868][ T5491] head: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000
[ 99.437460][ T5491] head: 04fff00000000001 ffffea0001004681 00000000ffffffff 00000000ffffffff
[ 99.441004][ T5491] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[ 99.444646][ T5491] page dumped because: kasan: bad access detected
[ 99.447238][ T5491] page_owner tracks the page as allocated
[ 99.449586][ T5491] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5132, tgid 5132 (udevd), ts 57912479790, free_ts 56447589597
[ 99.457873][ T5491] post_alloc_hook+0x240/0x2a0
[ 99.459795][ T5491] get_page_from_freelist+0x21e4/0x22c0
[ 99.462088][ T5491] __alloc_frozen_pages_noprof+0x181/0x370
[ 99.464563][ T5491] alloc_pages_mpol+0x232/0x4a0
[ 99.466624][ T5491] allocate_slab+0x8a/0x370
[ 99.468529][ T5491] ___slab_alloc+0xbeb/0x1420
[ 99.470576][ T5491] __kmalloc_cache_noprof+0x296/0x3d0
[ 99.472816][ T5491] kernfs_fop_open+0x397/0xca0
[ 99.474912][ T5491] do_dentry_open+0x950/0x13f0
[ 99.476961][ T5491] vfs_open+0x3b/0x340
[ 99.478749][ T5491] path_openat+0x2ee5/0x3830
[ 99.480746][ T5491] do_filp_open+0x1fa/0x410
[ 99.482729][ T5491] do_sys_openat2+0x121/0x1c0
[ 99.484776][ T5491] __x64_sys_openat+0x138/0x170
[ 99.486831][ T5491] do_syscall_64+0xfa/0x3b0
[ 99.488693][ T5491] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 99.491248][ T5491] page last free pid 5100 tgid 5100 stack trace:
[ 99.493959][ T5491] __free_frozen_pages+0xbc4/0xd30
[ 99.496129][ T5491] __slab_free+0x303/0x3c0
[ 99.498015][ T5491] qlist_free_all+0x97/0x140
[ 99.499940][ T5491] kasan_quarantine_reduce+0x148/0x160
[ 99.502269][ T5491] __kasan_slab_alloc+0x22/0x80
[ 99.504273][ T5491] __kmalloc_noprof+0x224/0x4f0
[ 99.506266][ T5491] tomoyo_realpath_from_path+0xe3/0x5d0
[ 99.508564][ T5491] tomoyo_path_perm+0x213/0x4b0
[ 99.510658][ T5491] security_inode_getattr+0x12f/0x330
[ 99.512812][ T5491] __x64_sys_newfstat+0xfc/0x200
[ 99.514911][ T5491] do_syscall_64+0xfa/0x3b0
[ 99.516784][ T5491] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 99.519315][ T5491]
[ 99.520437][ T5491] Memory state around the buggy address:
[ 99.523061][ T5491] ffff88804011a100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 99.526431][ T5491] ffff88804011a180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 99.529814][ T5491] >ffff88804011a200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 99.533343][ T5491] ^
[ 99.535268][ T5491] ffff88804011a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 99.538568][ T5491] ffff88804011a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 99.541837][ T5491] ==================================================================
[ 99.554520][ T4705] Bluetooth: hci0: command tx timeout
[ 99.572741][ T5491] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 99.575784][ T5491] CPU: 0 UID: 0 PID: 5491 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)
[ 99.579611][ T5491] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 99.584275][ T5491] Call Trace:
[ 99.585767][ T5491]
[ 99.587002][ T5491] dump_stack_lvl+0x99/0x250
[ 99.588922][ T5491] ? __asan_memcpy+0x40/0x70
[ 99.590972][ T5491] ? __pfx_dump_stack_lvl+0x10/0x10
[ 99.593199][ T5491] ? __pfx__printk+0x10/0x10
[ 99.595262][ T5491] vpanic+0x281/0x750
[ 99.596950][ T5491] ? preempt_schedule+0xae/0xc0
[ 99.599030][ T5491] ? __pfx_vpanic+0x10/0x10
[ 99.600954][ T5491] ? preempt_schedule_common+0x83/0xd0
[ 99.603263][ T5491] ? preempt_schedule+0xae/0xc0
[ 99.605351][ T5491] ? __pfx_preempt_schedule+0x10/0x10
[ 99.607702][ T5491] panic+0xb9/0xc0
[ 99.609292][ T5491] ? __pfx_panic+0x10/0x10
[ 99.611126][ T5491] ? _raw_spin_unlock_irqrestore+0xfd/0x110
[ 99.613521][ T5491] ? crc32c+0xd0/0x460
[ 99.615252][ T5491] check_panic_on_warn+0x89/0xb0
[ 99.617299][ T5491] ? crc32c+0xd0/0x460
[ 99.618992][ T5491] end_report+0x78/0x160
[ 99.620659][ T5491] kasan_report+0x129/0x150
[ 99.622605][ T5491] ? crc32c+0xd0/0x460
[ 99.624331][ T5491] crc32c+0xd0/0x460
[ 99.626095][ T5491] ? xlog_cksum+0x6b/0xf0
[ 99.627899][ T5491] xlog_cksum+0x92/0xf0
[ 99.629608][ T5491] xlog_recover_process+0x7a/0x1f0
[ 99.631819][ T5491] xlog_do_recovery_pass+0x9cd/0xc30
[ 99.634246][ T5491] ? __pfx_xlog_do_recovery_pass+0x10/0x10
[ 99.636868][ T5491] ? xlog_verify_head+0xf2/0x440
[ 99.639158][ T5491] xlog_verify_head+0x136/0x440
[ 99.641776][ T5491] xlog_find_tail+0x5ca/0x840
[ 99.644304][ T5491] xlog_recover+0x4b/0x3e0
[ 99.646468][ T5491] xfs_log_mount+0x253/0x3e0
[ 99.648512][ T5491] xfs_mountfs+0xe5e/0x2330
[ 99.650585][ T5491] ? __pfx_xfs_mountfs+0x10/0x10
[ 99.652761][ T5491] ? trace_xfs_inode_timestamp_range+0x84/0x200
[ 99.655794][ T5491] xfs_fs_fill_super+0x11b3/0x1600
[ 99.658072][ T5491] get_tree_bdev_flags+0x40e/0x4d0
[ 99.660303][ T5491] ? __pfx_xfs_fs_fill_super+0x10/0x10
[ 99.662702][ T5491] ? __pfx_get_tree_bdev_flags+0x10/0x10
[ 99.665103][ T5491] vfs_get_tree+0x92/0x2b0
[ 99.667131][ T5491] do_new_mount+0x2a2/0x9e0
[ 99.669102][ T5491] ? __pfx_do_new_mount+0x10/0x10
[ 99.671251][ T5491] ? path_mount+0x61c/0xfe0
[ 99.673003][ T5491] ? user_path_at+0x44/0x60
[ 99.674986][ T5491] __se_sys_mount+0x317/0x410
[ 99.676989][ T5491] ? __pfx___se_sys_mount+0x10/0x10
[ 99.679129][ T5491] ? do_syscall_64+0xbe/0x3b0
[ 99.681093][ T5491] ? __x64_sys_mount+0x20/0xc0
[ 99.683054][ T5491] do_syscall_64+0xfa/0x3b0
[ 99.685089][ T5491] ? lockdep_hardirqs_on+0x9c/0x150
[ 99.687445][ T5491] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 99.689941][ T5491] ? clear_bhb_loop+0x60/0xb0
[ 99.692074][ T5491] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 99.694621][ T5491] RIP: 0033:0x7f43f919066a
[ 99.696502][ T5491] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 99.704262][ T5491] RSP: 002b:00007ffd215a5eb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 99.707745][ T5491] RAX: ffffffffffffffda RBX: 00007ffd215a5f40 RCX: 00007f43f919066a
[ 99.711028][ T5491] RDX: 0000200000000500 RSI: 0000200000000200 RDI: 00007ffd215a5f00
[ 99.714306][ T5491] RBP: 0000200000000500 R08: 00007ffd215a5f40 R09: 0000000002218a5d
[ 99.717606][ T5491] R10: 0000000002218a5d R11: 0000000000000246 R12: 0000200000000200
[ 99.721054][ T5491] R13: 00007ffd215a5f00 R14: 0000000000009706 R15: 0000200000000100
[ 99.724528][ T5491]
[ 99.726207][ T5491] Kernel Offset: disabled
[ 99.728025][ T5491] Rebooting in 86400 seconds..
VM DIAGNOSIS:
18:36:10 Registers:
info registers vcpu 0
CPU#0
RAX=0000000000000069 RBX=0000000000000069 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc9000298ef10
R8 =ffff888033f38237 R9 =1ffff110067e7046 R10=dffffc0000000000 R11=ffffffff85513c60
R12=dffffc0000000000 R13=ffffffff99d0e8e1 R14=ffffffff9a003860 R15=0000000000000000
RIP=ffffffff85513cdc RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 000055557791a500 ffffffff 00c00000
GS =0000 ffff88808d007000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007fc7951909c0 CR3=000000004dedf000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000080040001 Opmask01=0000000000000fff Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd215a6360 0000003000000018
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd215a64e6
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd215a64e6 00007ffd215a64ec
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f43f9212fbe
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f43f9212fcb
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f43f9212fc5
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f43f9212fd9
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f43f921305f
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f43f921313d
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0063696e61703d73 726f727265006f72 2d746e756f6d6572 3d73726f72726500
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00464c4b44551856 574a575740004a57 08514b504a484057 1856574a57574000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000