Warning: Permanently added '[localhost]:18069' (ED25519) to the list of known hosts.
2025/09/28 10:52:35 parsed 1 programs
syzkaller login: [ 84.268182][ T5347] cgroup: Unknown subsys name 'net'
[ 84.337415][ T5347] cgroup: Unknown subsys name 'cpuset'
[ 84.343238][ T5347] cgroup: Unknown subsys name 'rlimit'
[ 85.963742][ T5347] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 89.851791][ T5361] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 90.016461][ T5369] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 90.022205][ T5369] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 90.025730][ T5369] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 90.029888][ T5369] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 90.034021][ T5369] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 91.864138][ T54] cfg80211: failed to load regulatory.db
[ 92.937541][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 92.941647][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 92.975048][ T1048] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 92.978416][ T1048] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 93.967701][ T5428] chnl_net:caif_netlink_parms(): no params data found
[ 94.036531][ T5428] bridge0: port 1(bridge_slave_0) entered blocking state
[ 94.040472][ T5428] bridge0: port 1(bridge_slave_0) entered disabled state
[ 94.043473][ T5428] bridge_slave_0: entered allmulticast mode
[ 94.047111][ T5428] bridge_slave_0: entered promiscuous mode
[ 94.053327][ T5428] bridge0: port 2(bridge_slave_1) entered blocking state
[ 94.056294][ T5428] bridge0: port 2(bridge_slave_1) entered disabled state
[ 94.059227][ T5428] bridge_slave_1: entered allmulticast mode
[ 94.063555][ T5428] bridge_slave_1: entered promiscuous mode
[ 94.087805][ T5428] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 94.094925][ T5428] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 94.116681][ T5428] team0: Port device team_slave_0 added
[ 94.121457][ T5428] team0: Port device team_slave_1 added
[ 94.143507][ T5428] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 94.146468][ T5428] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 94.158073][ T5428] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 94.165302][ T5428] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 94.168129][ T5428] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 94.180440][ T5428] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 94.214709][ T5428] hsr_slave_0: entered promiscuous mode
[ 94.217861][ T5428] hsr_slave_1: entered promiscuous mode
[ 94.367269][ T5428] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 94.378033][ T5428] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 94.384856][ T5428] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 94.392660][ T5428] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 94.425831][ T5428] bridge0: port 2(bridge_slave_1) entered blocking state
[ 94.429115][ T5428] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 94.433061][ T5428] bridge0: port 1(bridge_slave_0) entered blocking state
[ 94.436115][ T5428] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 94.496528][ T5428] 8021q: adding VLAN 0 to HW filter on device bond0
[ 94.510869][ T1048] bridge0: port 1(bridge_slave_0) entered disabled state
[ 94.515591][ T1048] bridge0: port 2(bridge_slave_1) entered disabled state
[ 94.528404][ T5428] 8021q: adding VLAN 0 to HW filter on device team0
[ 94.541757][ T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 94.545108][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 94.553525][ T1048] bridge0: port 2(bridge_slave_1) entered blocking state
[ 94.556542][ T1048] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 94.754219][ T5428] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 94.794670][ T5428] veth0_vlan: entered promiscuous mode
[ 94.804135][ T5428] veth1_vlan: entered promiscuous mode
[ 94.830228][ T5428] veth0_macvtap: entered promiscuous mode
[ 94.836892][ T5428] veth1_macvtap: entered promiscuous mode
[ 94.854442][ T5428] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 94.866594][ T5428] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 94.876727][ T1037] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 94.896078][ T1037] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 94.903528][ T1037] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 94.925269][ T1037] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 95.033285][ T1037] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 95.081337][ T1037] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 95.135423][ T1037] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 95.238598][ T1037] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/09/28 10:52:49 executed programs: 0
[ 95.755782][ T4703] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 95.761162][ T4703] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 95.764802][ T4703] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 95.768378][ T4703] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 95.773144][ T4703] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 95.953087][ T5458] chnl_net:caif_netlink_parms(): no params data found
[ 96.022613][ T5458] bridge0: port 1(bridge_slave_0) entered blocking state
[ 96.027296][ T5458] bridge0: port 1(bridge_slave_0) entered disabled state
[ 96.032098][ T5458] bridge_slave_0: entered allmulticast mode
[ 96.036035][ T5458] bridge_slave_0: entered promiscuous mode
[ 96.043126][ T5458] bridge0: port 2(bridge_slave_1) entered blocking state
[ 96.046115][ T5458] bridge0: port 2(bridge_slave_1) entered disabled state
[ 96.049290][ T5458] bridge_slave_1: entered allmulticast mode
[ 96.062775][ T5458] bridge_slave_1: entered promiscuous mode
[ 96.121561][ T5458] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 96.127856][ T5458] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 96.191120][ T5458] team0: Port device team_slave_0 added
[ 96.200729][ T5458] team0: Port device team_slave_1 added
[ 96.245858][ T5458] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 96.261582][ T5458] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 96.279705][ T5458] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 96.300931][ T5458] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 96.303821][ T5458] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 96.330193][ T5458] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 96.397656][ T5458] hsr_slave_0: entered promiscuous mode
[ 96.410595][ T5458] hsr_slave_1: entered promiscuous mode
[ 96.413474][ T5458] debugfs: 'hsr0' already exists in 'hsr'
[ 96.415875][ T5458] Cannot create hsr debugfs directory
[ 97.741074][ T1037] bridge_slave_1: left allmulticast mode
[ 97.745690][ T1037] bridge_slave_1: left promiscuous mode
[ 97.748802][ T1037] bridge0: port 2(bridge_slave_1) entered disabled state
[ 97.769976][ T1037] bridge_slave_0: left allmulticast mode
[ 97.772329][ T1037] bridge_slave_0: left promiscuous mode
[ 97.774668][ T1037] bridge0: port 1(bridge_slave_0) entered disabled state
[ 97.783060][ T4703] Bluetooth: hci0: command tx timeout
[ 98.159187][ T1037] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 98.165403][ T1037] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 98.171719][ T1037] bond0 (unregistering): Released all slaves
[ 98.263210][ T1037] hsr_slave_0: left promiscuous mode
[ 98.276221][ T1037] hsr_slave_1: left promiscuous mode
[ 98.278911][ T1037] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 98.290541][ T1037] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 98.300853][ T1037] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 98.304178][ T1037] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 98.327252][ T1037] veth1_macvtap: left promiscuous mode
[ 98.348084][ T1037] veth0_macvtap: left promiscuous mode
[ 98.351701][ T1037] veth1_vlan: left promiscuous mode
[ 98.353955][ T1037] veth0_vlan: left promiscuous mode
[ 98.767539][ T1037] team0 (unregistering): Port device team_slave_1 removed
[ 98.786463][ T1037] team0 (unregistering): Port device team_slave_0 removed
[ 99.243521][ T5458] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 99.275027][ T5458] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 99.301543][ T5458] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 99.309070][ T5458] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 99.658132][ T5458] 8021q: adding VLAN 0 to HW filter on device bond0
[ 99.703308][ T5458] 8021q: adding VLAN 0 to HW filter on device team0
[ 99.726715][ T1037] bridge0: port 1(bridge_slave_0) entered blocking state
[ 99.729886][ T1037] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 99.751554][ T1037] bridge0: port 2(bridge_slave_1) entered blocking state
[ 99.754594][ T1037] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 99.862895][ T4703] Bluetooth: hci0: command tx timeout
[ 100.026128][ T5458] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 100.064284][ T5458] veth0_vlan: entered promiscuous mode
[ 100.074147][ T5458] veth1_vlan: entered promiscuous mode
[ 100.101554][ T5458] veth0_macvtap: entered promiscuous mode
[ 100.107143][ T5458] veth1_macvtap: entered promiscuous mode
[ 100.122059][ T5458] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 100.133572][ T5458] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 100.144071][ T1037] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 100.153500][ T1037] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 100.157228][ T1037] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 100.171252][ T1037] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 100.224212][ T3083] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 100.227474][ T3083] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 100.268755][ T1037] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 100.275448][ T1037] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 100.507696][ T5501] loop0: detected capacity change from 0 to 32768
[ 100.517087][ T5501] =======================================================
[ 100.517087][ T5501] WARNING: The mand mount option has been deprecated and
[ 100.517087][ T5501] and is ignored by this kernel. Remove the mand
[ 100.517087][ T5501] option from the mount to silence this warning.
[ 100.517087][ T5501] =======================================================
[ 100.568535][ T5501] JBD2: Ignoring recovery information on journal
[ 100.631437][ T5501] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[ 100.693983][ T5501] (syz.0.17,5501,0):ocfs2_check_set_options:1244 ERROR: Invalid heartbeat mount options
[ 100.719949][ T5501] loop0: detected capacity change from 32768 to 32767
[ 100.734453][ T5501] OCFS2: ERROR (device loop0): int ocfs2_validate_dx_root(struct super_block *, struct buffer_head *): Dir Index Root # 74 has bad signature XDIR01
[ 100.750961][ T5501] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[ 100.755246][ T5501] OCFS2: File system is now read-only.
[ 100.757601][ T5501] (syz.0.17,5501,0):ocfs2_find_entry_dx:1037 ERROR: status = -30
[ 100.779609][ T5501] ==================================================================
[ 100.783132][ T5501] BUG: KASAN: use-after-free in ocfs2_dx_dir_lookup_rec+0x1eb/0x7f0
[ 100.786621][ T5501] Read of size 4 at addr ffff88804cddc2c0 by task syz.0.17/5501
[ 100.790802][ T5501]
[ 100.791931][ T5501] CPU: 0 UID: 0 PID: 5501 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)
[ 100.791951][ T5501] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 100.791958][ T5501] Call Trace:
[ 100.791966][ T5501]
[ 100.791972][ T5501] dump_stack_lvl+0x189/0x250
[ 100.791988][ T5501] ? __kasan_check_byte+0x12/0x40
[ 100.792002][ T5501] ? __pfx_dump_stack_lvl+0x10/0x10
[ 100.792012][ T5501] ? lock_release+0x4b/0x3e0
[ 100.792027][ T5501] ? __virt_addr_valid+0x4a5/0x5c0
[ 100.792042][ T5501] print_report+0xca/0x240
[ 100.792052][ T5501] ? ocfs2_dx_dir_lookup_rec+0x1eb/0x7f0
[ 100.792063][ T5501] kasan_report+0x118/0x150
[ 100.792075][ T5501] ? ocfs2_dx_dir_lookup_rec+0x1eb/0x7f0
[ 100.792087][ T5501] ocfs2_dx_dir_lookup_rec+0x1eb/0x7f0
[ 100.792101][ T5501] ? __pfx_ocfs2_dx_dir_lookup_rec+0x10/0x10
[ 100.792113][ T5501] ? ocfs2_dx_dir_name_hash+0x229/0xaf0
[ 100.792125][ T5501] ? __asan_memcpy+0x40/0x70
[ 100.792135][ T5501] ? ocfs2_dx_dir_name_hash+0x9ba/0xaf0
[ 100.792147][ T5501] ocfs2_dx_dir_lookup+0xdb/0x520
[ 100.792158][ T5501] ? __pfx_ocfs2_dx_dir_lookup+0x10/0x10
[ 100.792166][ T5501] ? rcu_is_watching+0x15/0xb0
[ 100.792172][ T5501] ? ocfs2_buffer_cached+0x42a/0x8d0
[ 100.792187][ T5501] ocfs2_find_entry+0x1004/0x2000
[ 100.792198][ T5501] ? tick_nohz_tick_stopped+0x86/0xb0
[ 100.792210][ T5501] ? __pfx_ocfs2_validate_inode_block+0x10/0x10
[ 100.792222][ T5501] ? __pfx_ocfs2_find_entry+0x10/0x10
[ 100.792232][ T5501] ? __pfx_ocfs2_read_blocks+0x10/0x10
[ 100.792244][ T5501] ? __lock_acquire+0xab9/0xd20
[ 100.792259][ T5501] ? ocfs2_read_inode_block+0x11d/0x190
[ 100.792268][ T5501] ? __pfx_ocfs2_read_inode_block+0x10/0x10
[ 100.792278][ T5501] ? do_raw_spin_unlock+0x4d/0x240
[ 100.792290][ T5501] ? ocfs2_inode_lock_full_nested+0xabe/0x1b40
[ 100.792300][ T5501] ? rcu_is_watching+0x15/0xb0
[ 100.792311][ T5501] ? __pfx_ocfs2_inode_lock_full_nested+0x10/0x10
[ 100.792324][ T5501] ocfs2_check_dir_for_entry+0x14c/0x3f0
[ 100.792337][ T5501] ? __pfx_ocfs2_check_dir_for_entry+0x10/0x10
[ 100.792348][ T5501] ? kasan_save_free_info+0x46/0x50
[ 100.792363][ T5501] ocfs2_mknod+0x697/0x2050
[ 100.792380][ T5501] ? __pfx_ocfs2_mknod+0x10/0x10
[ 100.792393][ T5501] ? __pfx_ocfs2_find_entry+0x10/0x10
[ 100.792404][ T5501] ? __lock_acquire+0xab9/0xd20
[ 100.792423][ T5501] ? look_up_lock_class+0x74/0x170
[ 100.792483][ T5501] ? register_lock_class+0x51/0x320
[ 100.792497][ T5501] ? __lock_acquire+0xab9/0xd20
[ 100.792510][ T5501] ? __lock_acquire+0xab9/0xd20
[ 100.792524][ T5501] ? do_raw_spin_lock+0x121/0x290
[ 100.792537][ T5501] ? do_raw_spin_unlock+0x4d/0x240
[ 100.792549][ T5501] ? rcu_is_watching+0x15/0xb0
[ 100.792557][ T5501] ? ocfs2_lookup+0x5b9/0x9b0
[ 100.792571][ T5501] ocfs2_create+0x1a5/0x440
[ 100.792585][ T5501] ? __pfx_ocfs2_lookup+0x10/0x10
[ 100.792598][ T5501] ? from_kgid+0x1b0/0x650
[ 100.792612][ T5501] ? __pfx_ocfs2_create+0x10/0x10
[ 100.792624][ T5501] ? HAS_UNMAPPED_ID+0x11a/0x180
[ 100.792638][ T5501] ? inode_permission+0x149/0x470
[ 100.792651][ T5501] ? __pfx_ocfs2_permission+0x10/0x10
[ 100.792663][ T5501] ? bpf_lsm_inode_create+0x9/0x20
[ 100.792677][ T5501] ? __pfx_ocfs2_create+0x10/0x10
[ 100.792689][ T5501] path_openat+0x14f4/0x3830
[ 100.792699][ T5501] ? arch_stack_walk+0xfc/0x150
[ 100.792716][ T5501] ? __pfx_path_openat+0x10/0x10
[ 100.792726][ T5501] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 100.792738][ T5501] do_filp_open+0x1fa/0x410
[ 100.792750][ T5501] ? __lock_acquire+0xab9/0xd20
[ 100.792763][ T5501] ? __pfx_do_filp_open+0x10/0x10
[ 100.792776][ T5501] ? _raw_spin_unlock+0x28/0x50
[ 100.792790][ T5501] ? alloc_fd+0x64c/0x6c0
[ 100.792804][ T5501] do_sys_openat2+0x121/0x1c0
[ 100.792820][ T5501] ? __se_sys_futex+0x36f/0x400
[ 100.792831][ T5501] ? __pfx_do_sys_openat2+0x10/0x10
[ 100.792847][ T5501] ? __pfx___se_sys_futex+0x10/0x10
[ 100.792859][ T5501] ? rcu_is_watching+0x15/0xb0
[ 100.792869][ T5501] __x64_sys_openat+0x138/0x170
[ 100.792878][ T5501] do_syscall_64+0xfa/0x3b0
[ 100.792890][ T5501] ? lockdep_hardirqs_on+0x9c/0x150
[ 100.792899][ T5501] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 100.792908][ T5501] ? clear_bhb_loop+0x60/0xb0
[ 100.792919][ T5501] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 100.792928][ T5501] RIP: 0033:0x7f01a478eec9
[ 100.792940][ T5501] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 100.792954][ T5501] RSP: 002b:00007ffe14ee92e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 100.792966][ T5501] RAX: ffffffffffffffda RBX: 00007f01a49e5fa0 RCX: 00007f01a478eec9
[ 100.792973][ T5501] RDX: 0000000000105042 RSI: 0000200000000080 RDI: ffffffffffffff9c
[ 100.792980][ T5501] RBP: 00007f01a4811f91 R08: 0000000000000000 R09: 0000000000000000
[ 100.792986][ T5501] R10: 00000000000001ff R11: 0000000000000246 R12: 0000000000000000
[ 100.792992][ T5501] R13: 00007f01a49e5fa0 R14: 00007f01a49e5fa0 R15: 0000000000000004
[ 100.793002][ T5501]
[ 100.793006][ T5501]
[ 100.999199][ T5501] The buggy address belongs to the physical page:
[ 101.001993][ T5501] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x7f45e8d66 pfn:0x4cddc
[ 101.005967][ T5501] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[ 101.009148][ T5501] raw: 04fff00000000000 ffffea0001337748 ffffea00013376c8 0000000000000000
[ 101.012887][ T5501] raw: 00000007f45e8d66 0000000000000000 00000000ffffffff 0000000000000000
[ 101.016555][ T5501] page dumped because: kasan: bad access detected
[ 101.019387][ T5501] page_owner tracks the page as freed
[ 101.021629][ T5501] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|__GFP_COMP), pid 5347, tgid 5347 (syz-executor), ts 83789570758, free_ts 89515838215
[ 101.028693][ T5501] post_alloc_hook+0x240/0x2a0
[ 101.030702][ T5501] get_page_from_freelist+0x21e4/0x22c0
[ 101.033201][ T5501] __alloc_frozen_pages_noprof+0x181/0x370
[ 101.036164][ T5501] alloc_pages_mpol+0x232/0x4a0
[ 101.038729][ T5501] vma_alloc_folio_noprof+0xe4/0x200
[ 101.041470][ T5501] folio_prealloc+0x30/0x180
[ 101.043722][ T5501] __handle_mm_fault+0x2ab9/0x5440
[ 101.045918][ T5501] handle_mm_fault+0x40a/0x8e0
[ 101.047866][ T5501] do_user_addr_fault+0xa81/0x1390
[ 101.049969][ T5501] exc_page_fault+0x76/0xf0
[ 101.051775][ T5501] asm_exc_page_fault+0x26/0x30
[ 101.053495][ T5501] page last free pid 5347 tgid 5347 stack trace:
[ 101.055729][ T5501] free_unref_folios+0xdbd/0x1520
[ 101.057518][ T5501] folios_put_refs+0x559/0x640
[ 101.059168][ T5501] free_pages_and_swap_cache+0x277/0x520
[ 101.061568][ T5501] tlb_flush_mmu+0x3a0/0x680
[ 101.063620][ T5501] tlb_finish_mmu+0xc3/0x1d0
[ 101.065550][ T5501] vms_clear_ptes+0x42c/0x540
[ 101.067547][ T5501] vms_complete_munmap_vmas+0x206/0x8a0
[ 101.069883][ T5501] do_vmi_align_munmap+0x358/0x420
[ 101.072476][ T5501] do_vmi_munmap+0x253/0x2e0
[ 101.074785][ T5501] __vm_munmap+0x23b/0x3d0
[ 101.076831][ T5501] __x64_sys_munmap+0x60/0x70
[ 101.078811][ T5501] do_syscall_64+0xfa/0x3b0
[ 101.080762][ T5501] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 101.083097][ T5501]
[ 101.084114][ T5501] Memory state around the buggy address:
[ 101.086378][ T5501] ffff88804cddc180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 101.089497][ T5501] ffff88804cddc200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 101.093025][ T5501] >ffff88804cddc280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 101.096396][ T5501] ^
[ 101.098909][ T5501] ffff88804cddc300: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 101.102107][ T5501] ffff88804cddc380: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 101.105243][ T5501] ==================================================================
[ 101.152884][ T5501] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 101.156832][ T5501] CPU: 0 UID: 0 PID: 5501 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)
[ 101.161462][ T5501] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 101.166737][ T5501] Call Trace:
[ 101.168433][ T5501]
[ 101.169932][ T5501] dump_stack_lvl+0x99/0x250
[ 101.172249][ T5501] ? __asan_memcpy+0x40/0x70
[ 101.174362][ T5501] ? __pfx_dump_stack_lvl+0x10/0x10
[ 101.176442][ T5501] ? __pfx__printk+0x10/0x10
[ 101.178313][ T5501] vpanic+0x281/0x750
[ 101.179903][ T5501] ? preempt_schedule+0xae/0xc0
[ 101.181897][ T5501] ? __pfx_vpanic+0x10/0x10
[ 101.183735][ T5501] ? preempt_schedule_common+0x83/0xd0
[ 101.185873][ T5501] ? preempt_schedule+0xae/0xc0
[ 101.187880][ T5501] ? __pfx_preempt_schedule+0x10/0x10
[ 101.190233][ T5501] panic+0xb9/0xc0
[ 101.191911][ T5501] ? __pfx_panic+0x10/0x10
[ 101.193777][ T5501] ? _raw_spin_unlock_irqrestore+0xfd/0x110
[ 101.196314][ T5501] ? ocfs2_dx_dir_lookup_rec+0x1eb/0x7f0
[ 101.198615][ T5501] check_panic_on_warn+0x89/0xb0
[ 101.200673][ T5501] ? ocfs2_dx_dir_lookup_rec+0x1eb/0x7f0
[ 101.202975][ T5501] end_report+0x78/0x160
[ 101.204847][ T5501] kasan_report+0x129/0x150
[ 101.206825][ T5501] ? ocfs2_dx_dir_lookup_rec+0x1eb/0x7f0
[ 101.209298][ T5501] ocfs2_dx_dir_lookup_rec+0x1eb/0x7f0
[ 101.211694][ T5501] ? __pfx_ocfs2_dx_dir_lookup_rec+0x10/0x10
[ 101.214275][ T5501] ? ocfs2_dx_dir_name_hash+0x229/0xaf0
[ 101.216604][ T5501] ? __asan_memcpy+0x40/0x70
[ 101.218562][ T5501] ? ocfs2_dx_dir_name_hash+0x9ba/0xaf0
[ 101.220801][ T5501] ocfs2_dx_dir_lookup+0xdb/0x520
[ 101.222744][ T5501] ? __pfx_ocfs2_dx_dir_lookup+0x10/0x10
[ 101.225088][ T5501] ? rcu_is_watching+0x15/0xb0
[ 101.227209][ T5501] ? ocfs2_buffer_cached+0x42a/0x8d0
[ 101.229223][ T5501] ocfs2_find_entry+0x1004/0x2000
[ 101.231295][ T5501] ? tick_nohz_tick_stopped+0x86/0xb0
[ 101.233674][ T5501] ? __pfx_ocfs2_validate_inode_block+0x10/0x10
[ 101.236313][ T5501] ? __pfx_ocfs2_find_entry+0x10/0x10
[ 101.238451][ T5501] ? __pfx_ocfs2_read_blocks+0x10/0x10
[ 101.240751][ T5501] ? __lock_acquire+0xab9/0xd20
[ 101.242800][ T5501] ? ocfs2_read_inode_block+0x11d/0x190
[ 101.244818][ T5501] ? __pfx_ocfs2_read_inode_block+0x10/0x10
[ 101.247191][ T5501] ? do_raw_spin_unlock+0x4d/0x240
[ 101.249265][ T5501] ? ocfs2_inode_lock_full_nested+0xabe/0x1b40
[ 101.251599][ T5501] ? rcu_is_watching+0x15/0xb0
[ 101.253494][ T5501] ? __pfx_ocfs2_inode_lock_full_nested+0x10/0x10
[ 101.255909][ T5501] ocfs2_check_dir_for_entry+0x14c/0x3f0
[ 101.258146][ T5501] ? __pfx_ocfs2_check_dir_for_entry+0x10/0x10
[ 101.260515][ T5501] ? kasan_save_free_info+0x46/0x50
[ 101.262673][ T5501] ocfs2_mknod+0x697/0x2050
[ 101.264508][ T5501] ? __pfx_ocfs2_mknod+0x10/0x10
[ 101.266413][ T5501] ? __pfx_ocfs2_find_entry+0x10/0x10
[ 101.268513][ T5501] ? __lock_acquire+0xab9/0xd20
[ 101.270489][ T5501] ? look_up_lock_class+0x74/0x170
[ 101.272377][ T5501] ? register_lock_class+0x51/0x320
[ 101.274476][ T5501] ? __lock_acquire+0xab9/0xd20
[ 101.276550][ T5501] ? __lock_acquire+0xab9/0xd20
[ 101.278591][ T5501] ? do_raw_spin_lock+0x121/0x290
[ 101.280798][ T5501] ? do_raw_spin_unlock+0x4d/0x240
[ 101.282990][ T5501] ? rcu_is_watching+0x15/0xb0
[ 101.284983][ T5501] ? ocfs2_lookup+0x5b9/0x9b0
[ 101.286913][ T5501] ocfs2_create+0x1a5/0x440
[ 101.288847][ T5501] ? __pfx_ocfs2_lookup+0x10/0x10
[ 101.291022][ T5501] ? from_kgid+0x1b0/0x650
[ 101.292812][ T5501] ? __pfx_ocfs2_create+0x10/0x10
[ 101.294886][ T5501] ? HAS_UNMAPPED_ID+0x11a/0x180
[ 101.297006][ T5501] ? inode_permission+0x149/0x470
[ 101.299023][ T5501] ? __pfx_ocfs2_permission+0x10/0x10
[ 101.301310][ T5501] ? bpf_lsm_inode_create+0x9/0x20
[ 101.303462][ T5501] ? __pfx_ocfs2_create+0x10/0x10
[ 101.305573][ T5501] path_openat+0x14f4/0x3830
[ 101.307574][ T5501] ? arch_stack_walk+0xfc/0x150
[ 101.309666][ T5501] ? __pfx_path_openat+0x10/0x10
[ 101.311765][ T5501] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 101.314264][ T5501] do_filp_open+0x1fa/0x410
[ 101.316198][ T5501] ? __lock_acquire+0xab9/0xd20
[ 101.318271][ T5501] ? __pfx_do_filp_open+0x10/0x10
[ 101.320798][ T5501] ? _raw_spin_unlock+0x28/0x50
[ 101.323272][ T5501] ? alloc_fd+0x64c/0x6c0
[ 101.325100][ T5501] do_sys_openat2+0x121/0x1c0
[ 101.327079][ T5501] ? __se_sys_futex+0x36f/0x400
[ 101.329234][ T5501] ? __pfx_do_sys_openat2+0x10/0x10
[ 101.331539][ T5501] ? __pfx___se_sys_futex+0x10/0x10
[ 101.333587][ T5501] ? rcu_is_watching+0x15/0xb0
[ 101.335501][ T5501] __x64_sys_openat+0x138/0x170
[ 101.337239][ T5501] do_syscall_64+0xfa/0x3b0
[ 101.339055][ T5501] ? lockdep_hardirqs_on+0x9c/0x150
[ 101.341133][ T5501] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 101.343632][ T5501] ? clear_bhb_loop+0x60/0xb0
[ 101.345578][ T5501] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 101.348006][ T5501] RIP: 0033:0x7f01a478eec9
[ 101.349871][ T5501] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 101.357657][ T5501] RSP: 002b:00007ffe14ee92e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 101.361068][ T5501] RAX: ffffffffffffffda RBX: 00007f01a49e5fa0 RCX: 00007f01a478eec9
[ 101.364232][ T5501] RDX: 0000000000105042 RSI: 0000200000000080 RDI: ffffffffffffff9c
[ 101.367495][ T5501] RBP: 00007f01a4811f91 R08: 0000000000000000 R09: 0000000000000000
[ 101.370671][ T5501] R10: 00000000000001ff R11: 0000000000000246 R12: 0000000000000000
[ 101.373823][ T5501] R13: 00007f01a49e5fa0 R14: 00007f01a49e5fa0 R15: 0000000000000004
[ 101.377081][ T5501]
[ 101.378686][ T5501] Kernel Offset: disabled
[ 101.380518][ T5501] Rebooting in 86400 seconds..
VM DIAGNOSIS:
10:52:54 Registers:
info registers vcpu 0
CPU#0
RAX=0000000000000069 RBX=0000000000000069 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc900028ee610
R8 =ffff888034190237 R9 =1ffff11006832046 R10=dffffc0000000000 R11=ffffffff85515270
R12=dffffc0000000000 R13=ffffffff99d0e8e1 R14=ffffffff9a003860 R15=0000000000000000
RIP=ffffffff855152ec RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00005555716eb500 ffffffff 00c00000
GS =0000 ffff88808d007000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007f5699b9b000 CR3=000000004fb06000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000080040001 Opmask01=0000000000000fff Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe14ee95c0 0000003000000018
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe14ee9746
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe14ee9746 00007ffe14ee974c
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f01a4812fbe
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f01a4812fcb
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f01a4812fc5
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f01a4812fd9
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f01a481305f
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f01a481313d
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0063696e61703d73 726f727265006f72 2d746e756f6d6572 3d73726f72726500
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00464c4b44551856 574a575740004a57 08514b504a484057 1856574a57574000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000