Warning: Permanently added '[localhost]:23777' (ED25519) to the list of known hosts.
2025/10/20 00:56:12 parsed 1 programs
syzkaller login: [ 84.074490][ T5314] cgroup: Unknown subsys name 'net'
[ 84.131813][ T5314] cgroup: Unknown subsys name 'cpuset'
[ 84.137422][ T5314] cgroup: Unknown subsys name 'rlimit'
[ 85.762684][ T5314] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 90.231540][ T5327] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 91.044487][ T1045] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 91.048041][ T1045] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 91.102581][ T1045] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 91.106120][ T1045] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 91.311314][ T47] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 91.317520][ T47] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 91.321026][ T47] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 91.324804][ T47] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 91.330437][ T47] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 91.872257][ T10] cfg80211: failed to load regulatory.db
[ 95.499829][ T5395] chnl_net:caif_netlink_parms(): no params data found
[ 95.590761][ T5395] bridge0: port 1(bridge_slave_0) entered blocking state
[ 95.594067][ T5395] bridge0: port 1(bridge_slave_0) entered disabled state
[ 95.596990][ T5395] bridge_slave_0: entered allmulticast mode
[ 95.600775][ T5395] bridge_slave_0: entered promiscuous mode
[ 95.606713][ T5395] bridge0: port 2(bridge_slave_1) entered blocking state
[ 95.610645][ T5395] bridge0: port 2(bridge_slave_1) entered disabled state
[ 95.614496][ T5395] bridge_slave_1: entered allmulticast mode
[ 95.619844][ T5395] bridge_slave_1: entered promiscuous mode
[ 95.640728][ T5395] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 95.647805][ T5395] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 95.670005][ T5395] team0: Port device team_slave_0 added
[ 95.675872][ T5395] team0: Port device team_slave_1 added
[ 95.697266][ T5395] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 95.700442][ T5395] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 95.711868][ T5395] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 95.718766][ T5395] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 95.721589][ T5395] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 95.732883][ T5395] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 95.788756][ T5395] hsr_slave_0: entered promiscuous mode
[ 95.792442][ T5395] hsr_slave_1: entered promiscuous mode
[ 96.060979][ T5395] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 96.081006][ T5395] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 96.096553][ T5395] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 96.106716][ T5395] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 96.159953][ T5395] bridge0: port 2(bridge_slave_1) entered blocking state
[ 96.163147][ T5395] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 96.167174][ T5395] bridge0: port 1(bridge_slave_0) entered blocking state
[ 96.170302][ T5395] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 96.238797][ T5395] 8021q: adding VLAN 0 to HW filter on device bond0
[ 96.252971][ T43] bridge0: port 1(bridge_slave_0) entered disabled state
[ 96.257890][ T43] bridge0: port 2(bridge_slave_1) entered disabled state
[ 96.270814][ T5395] 8021q: adding VLAN 0 to HW filter on device team0
[ 96.281423][ T43] bridge0: port 1(bridge_slave_0) entered blocking state
[ 96.284584][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 96.313063][ T43] bridge0: port 2(bridge_slave_1) entered blocking state
[ 96.316085][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 96.676193][ T5395] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 96.750099][ T5395] veth0_vlan: entered promiscuous mode
[ 96.768980][ T5395] veth1_vlan: entered promiscuous mode
[ 96.820061][ T5395] veth0_macvtap: entered promiscuous mode
[ 96.838853][ T5395] veth1_macvtap: entered promiscuous mode
[ 96.860376][ T5395] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 96.878511][ T5395] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 96.903279][ T43] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 96.931650][ T43] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 96.937015][ T43] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 96.940991][ T43] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 97.187459][ T1045] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 97.277273][ T1045] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 97.347635][ T1045] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 97.398456][ T1045] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/10/20 00:56:29 executed programs: 0
[ 98.081460][ T4670] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 98.086339][ T4670] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 98.089889][ T4670] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 98.093571][ T4670] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 98.102297][ T4670] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 98.410997][ T5420] chnl_net:caif_netlink_parms(): no params data found
[ 98.548591][ T5420] bridge0: port 1(bridge_slave_0) entered blocking state
[ 98.551858][ T5420] bridge0: port 1(bridge_slave_0) entered disabled state
[ 98.556749][ T5420] bridge_slave_0: entered allmulticast mode
[ 98.565311][ T5420] bridge_slave_0: entered promiscuous mode
[ 98.570517][ T5420] bridge0: port 2(bridge_slave_1) entered blocking state
[ 98.575843][ T5420] bridge0: port 2(bridge_slave_1) entered disabled state
[ 98.578970][ T5420] bridge_slave_1: entered allmulticast mode
[ 98.595412][ T5420] bridge_slave_1: entered promiscuous mode
[ 98.640193][ T5420] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 98.656962][ T5420] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 98.706839][ T5420] team0: Port device team_slave_0 added
[ 98.711439][ T5420] team0: Port device team_slave_1 added
[ 98.753254][ T5420] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 98.765858][ T5420] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 98.785368][ T5420] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 98.796302][ T5420] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 98.799272][ T5420] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 98.825293][ T5420] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 98.898629][ T5420] hsr_slave_0: entered promiscuous mode
[ 98.901638][ T5420] hsr_slave_1: entered promiscuous mode
[ 98.904553][ T5420] debugfs: 'hsr0' already exists in 'hsr'
[ 98.907709][ T5420] Cannot create hsr debugfs directory
[ 99.138973][ T1045] bridge_slave_1: left allmulticast mode
[ 99.141622][ T1045] bridge_slave_1: left promiscuous mode
[ 99.144765][ T1045] bridge0: port 2(bridge_slave_1) entered disabled state
[ 99.162946][ T1045] bridge_slave_0: left allmulticast mode
[ 99.166579][ T1045] bridge_slave_0: left promiscuous mode
[ 99.178269][ T1045] bridge0: port 1(bridge_slave_0) entered disabled state
[ 99.574688][ T1045] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 99.581452][ T1045] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 99.586726][ T1045] bond0 (unregistering): Released all slaves
[ 99.760189][ T1045] hsr_slave_0: left promiscuous mode
[ 99.763177][ T1045] hsr_slave_1: left promiscuous mode
[ 99.773161][ T1045] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 99.785319][ T1045] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 99.791761][ T1045] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 99.799793][ T1045] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 99.828405][ T1045] veth1_macvtap: left promiscuous mode
[ 99.830702][ T1045] veth0_macvtap: left promiscuous mode
[ 99.833066][ T1045] veth1_vlan: left promiscuous mode
[ 99.846177][ T1045] veth0_vlan: left promiscuous mode
[ 100.179740][ T47] Bluetooth: hci0: command tx timeout
[ 100.377550][ T1045] team0 (unregistering): Port device team_slave_1 removed
[ 100.406645][ T1045] team0 (unregistering): Port device team_slave_0 removed
[ 101.000707][ T5420] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 101.025989][ T5420] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 101.039624][ T5420] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 101.056618][ T5420] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 101.253501][ T5420] 8021q: adding VLAN 0 to HW filter on device bond0
[ 101.306821][ T5420] 8021q: adding VLAN 0 to HW filter on device team0
[ 101.320916][ T1045] bridge0: port 1(bridge_slave_0) entered blocking state
[ 101.324068][ T1045] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 101.343302][ T1045] bridge0: port 2(bridge_slave_1) entered blocking state
[ 101.346394][ T1045] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 101.664538][ T5420] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 101.731253][ T5420] veth0_vlan: entered promiscuous mode
[ 101.738833][ T5420] veth1_vlan: entered promiscuous mode
[ 101.764109][ T5420] veth0_macvtap: entered promiscuous mode
[ 101.771229][ T5420] veth1_macvtap: entered promiscuous mode
[ 101.790208][ T5420] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 101.799286][ T5420] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 101.807432][ T1045] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 101.812525][ T1045] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 101.819183][ T1045] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 101.823001][ T1045] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 101.927217][ T1045] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 101.930549][ T1045] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 101.963823][ T1098] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 101.968132][ T1098] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 102.257364][ T47] Bluetooth: hci0: command tx timeout
[ 102.388717][ T5463] loop0: detected capacity change from 0 to 32768
[ 102.424648][ T5463] ==================================================================
[ 102.428167][ T5463] BUG: KASAN: slab-use-after-free in diWrite+0x1209/0x1f40
[ 102.431749][ T5463] Write of size 32 at addr ffff8880116490c0 by task syz.0.17/5463
[ 102.436374][ T5463]
[ 102.437428][ T5463] CPU: 0 UID: 0 PID: 5463 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)
[ 102.437449][ T5463] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 102.437456][ T5463] Call Trace:
[ 102.437464][ T5463]
[ 102.437469][ T5463] dump_stack_lvl+0x189/0x250
[ 102.437485][ T5463] ? __virt_addr_valid+0x1c8/0x5c0
[ 102.437497][ T5463] ? rcu_is_watching+0x15/0xb0
[ 102.437512][ T5463] ? __pfx_dump_stack_lvl+0x10/0x10
[ 102.437522][ T5463] ? rcu_is_watching+0x15/0xb0
[ 102.437535][ T5463] ? lock_release+0x4b/0x3e0
[ 102.437548][ T5463] ? _raw_spin_lock_irqsave+0xb3/0xf0
[ 102.437611][ T5463] ? __virt_addr_valid+0x1c8/0x5c0
[ 102.437622][ T5463] ? __virt_addr_valid+0x4a5/0x5c0
[ 102.437633][ T5463] print_report+0xca/0x240
[ 102.437646][ T5463] ? diWrite+0x1209/0x1f40
[ 102.437654][ T5463] kasan_report+0x118/0x150
[ 102.437662][ T5463] ? diWrite+0x1209/0x1f40
[ 102.437670][ T5463] kasan_check_range+0x2b0/0x2c0
[ 102.437678][ T5463] ? diWrite+0x1209/0x1f40
[ 102.437685][ T5463] __asan_memcpy+0x40/0x70
[ 102.437695][ T5463] diWrite+0x1209/0x1f40
[ 102.437709][ T5463] txCommit+0x852/0x5430
[ 102.437723][ T5463] ? txLock+0xaf3/0x1cb0
[ 102.437735][ T5463] ? __pfx_txCommit+0x10/0x10
[ 102.437749][ T5463] ? rcu_is_watching+0x15/0xb0
[ 102.437763][ T5463] ? __mark_inode_dirty+0x3d2/0xe10
[ 102.437778][ T5463] add_missing_indices+0x8ce/0xce0
[ 102.437795][ T5463] ? __pfx_add_missing_indices+0x10/0x10
[ 102.437810][ T5463] ? alloc_pages_noprof+0xbe/0x190
[ 102.437823][ T5463] jfs_readdir+0x1d8f/0x3ae0
[ 102.437837][ T5463] ? lockdep_unlock+0x30/0x120
[ 102.437855][ T5463] ? __pfx_jfs_readdir+0x10/0x10
[ 102.437873][ T5463] ? down_write+0x162/0x1f0
[ 102.437885][ T5463] ? __pfx_down_write+0x10/0x10
[ 102.437896][ T5463] ? wrap_directory_iterator+0x52/0xe0
[ 102.437912][ T5463] ? __pfx_jfs_readdir+0x10/0x10
[ 102.437926][ T5463] wrap_directory_iterator+0x96/0xe0
[ 102.437941][ T5463] iterate_dir+0x399/0x570
[ 102.437954][ T5463] __se_sys_getdents64+0xe4/0x260
[ 102.437969][ T5463] ? __pfx___se_sys_getdents64+0x10/0x10
[ 102.437982][ T5463] ? __pfx_filldir64+0x10/0x10
[ 102.437999][ T5463] ? do_syscall_64+0xbe/0xfa0
[ 102.438009][ T5463] do_syscall_64+0xfa/0xfa0
[ 102.438022][ T5463] ? lockdep_hardirqs_on+0x9c/0x150
[ 102.438031][ T5463] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 102.438041][ T5463] ? clear_bhb_loop+0x60/0xb0
[ 102.438059][ T5463] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 102.438069][ T5463] RIP: 0033:0x7fb3f698efc9
[ 102.438080][ T5463] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 102.438090][ T5463] RSP: 002b:00007ffd4c487568 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 102.438104][ T5463] RAX: ffffffffffffffda RBX: 00007fb3f6be5fa0 RCX: 00007fb3f698efc9
[ 102.438111][ T5463] RDX: 0000000000001000 RSI: 0000200000000f80 RDI: 0000000000000005
[ 102.438118][ T5463] RBP: 00007fb3f6a11f91 R08: 0000000000000000 R09: 0000000000000000
[ 102.438124][ T5463] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 102.438131][ T5463] R13: 00007fb3f6be5fa0 R14: 00007fb3f6be5fa0 R15: 0000000000000003
[ 102.438142][ T5463]
[ 102.438146][ T5463]
[ 102.571427][ T5463] Allocated by task 5459:
[ 102.573260][ T5463] kasan_save_track+0x3e/0x80
[ 102.575236][ T5463] __kasan_slab_alloc+0x6c/0x80
[ 102.577340][ T5463] kmem_cache_alloc_from_sheaf_noprof+0x9c/0x160
[ 102.579998][ T5463] mas_commit_b_node+0x8c4/0x1090
[ 102.582223][ T5463] mas_wr_store_entry+0x51d/0x2790
[ 102.584481][ T5463] mas_store_prealloc+0xaf2/0x1030
[ 102.586597][ T5463] vma_complete+0x224/0xae0
[ 102.588675][ T5463] __split_vma+0x8a6/0xa00
[ 102.590604][ T5463] vma_modify+0x13b3/0x1970
[ 102.592572][ T5463] vma_modify_flags+0x1e8/0x230
[ 102.594578][ T5463] mprotect_fixup+0x407/0x9c0
[ 102.596643][ T5463] do_mprotect_pkey+0x8c5/0xcd0
[ 102.598800][ T5463] __x64_sys_mprotect+0x80/0x90
[ 102.600885][ T5463] do_syscall_64+0xfa/0xfa0
[ 102.602874][ T5463] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 102.605584][ T5463]
[ 102.606699][ T5463] Freed by task 5459:
[ 102.608552][ T5463] kasan_save_track+0x3e/0x80
[ 102.610673][ T5463] __kasan_save_free_info+0x46/0x50
[ 102.612979][ T5463] __kasan_slab_free+0x5c/0x80
[ 102.615120][ T5463] kmem_cache_free_bulk+0x1e7/0xdb0
[ 102.617227][ T5463] mt_destroy_walk+0x144/0x7e0
[ 102.619351][ T5463] __mt_destroy+0x1c2/0x280
[ 102.621379][ T5463] exit_mmap+0x696/0xb40
[ 102.623167][ T5463] __mmput+0x118/0x430
[ 102.624928][ T5463] exit_mm+0x1da/0x2c0
[ 102.626711][ T5463] do_exit+0x648/0x2300
[ 102.628580][ T5463] do_group_exit+0x21c/0x2d0
[ 102.630587][ T5463] __x64_sys_exit_group+0x3f/0x40
[ 102.632799][ T5463] x64_sys_call+0x21f7/0x2200
[ 102.634832][ T5463] do_syscall_64+0xfa/0xfa0
[ 102.636775][ T5463] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 102.639893][ T5463]
[ 102.641183][ T5463] The buggy address belongs to the object at ffff888011649000
[ 102.641183][ T5463] which belongs to the cache maple_node of size 256
[ 102.646707][ T5463] The buggy address is located 192 bytes inside of
[ 102.646707][ T5463] freed 256-byte region [ffff888011649000, ffff888011649100)
[ 102.652801][ T5463]
[ 102.653945][ T5463] The buggy address belongs to the physical page:
[ 102.656823][ T5463] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11649
[ 102.660788][ T5463] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 102.663542][ T5463] page_type: f5(slab)
[ 102.665216][ T5463] raw: 00fff00000000000 ffff88801a44bc80 ffffea000048b140 dead000000000006
[ 102.668630][ T5463] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[ 102.672019][ T5463] page dumped because: kasan: bad access detected
[ 102.674694][ T5463] page_owner tracks the page as allocated
[ 102.677220][ T5463] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5439, tgid 5439 (cmp), ts 99838073156, free_ts 99825541722
[ 102.684847][ T5463] post_alloc_hook+0x240/0x2a0
[ 102.687064][ T5463] get_page_from_freelist+0x2365/0x2440
[ 102.689571][ T5463] __alloc_frozen_pages_noprof+0x181/0x370
[ 102.692160][ T5463] alloc_pages_mpol+0x232/0x4a0
[ 102.694294][ T5463] allocate_slab+0x96/0x3a0
[ 102.696223][ T5463] ___slab_alloc+0xe94/0x18a0
[ 102.698359][ T5463] __kmem_cache_alloc_bulk+0x1e2/0x590
[ 102.700715][ T5463] kmem_cache_prefill_sheaf+0x295/0x450
[ 102.702965][ T5463] mas_alloc_nodes+0x1c2/0x350
[ 102.705027][ T5463] mas_preallocate+0x2e0/0x670
[ 102.707169][ T5463] mmap_region+0xf24/0x2110
[ 102.709261][ T5463] do_mmap+0xc45/0x10d0
[ 102.711028][ T5463] vm_mmap_pgoff+0x2a6/0x4d0
[ 102.713070][ T5463] ksys_mmap_pgoff+0x51f/0x760
[ 102.715190][ T5463] do_syscall_64+0xfa/0xfa0
[ 102.717108][ T5463] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 102.719661][ T5463] page last free pid 15 tgid 15 stack trace:
[ 102.722250][ T5463] __free_frozen_pages+0xbc4/0xd30
[ 102.724499][ T5463] rcu_core+0xcab/0x1770
[ 102.726296][ T5463] handle_softirqs+0x286/0x870
[ 102.728395][ T5463] run_ksoftirqd+0x9b/0x100
[ 102.730365][ T5463] smpboot_thread_fn+0x542/0xa60
[ 102.732522][ T5463] kthread+0x711/0x8a0
[ 102.734358][ T5463] ret_from_fork+0x4bc/0x870
[ 102.736378][ T5463] ret_from_fork_asm+0x1a/0x30
[ 102.738387][ T5463]
[ 102.739426][ T5463] Memory state around the buggy address:
[ 102.741719][ T5463] ffff888011648f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 102.745189][ T5463] ffff888011649000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 102.748759][ T5463] >ffff888011649080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 102.752133][ T5463] ^
[ 102.754840][ T5463] ffff888011649100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 102.758143][ T5463] ffff888011649180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 102.761549][ T5463] ==================================================================
[ 102.830155][ T5463] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 102.833295][ T5463] CPU: 0 UID: 0 PID: 5463 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)
[ 102.837066][ T5463] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 102.841583][ T5463] Call Trace:
[ 102.843055][ T5463]
[ 102.844393][ T5463] dump_stack_lvl+0x99/0x250
[ 102.846460][ T5463] ? __asan_memcpy+0x40/0x70
[ 102.848592][ T5463] ? __pfx_dump_stack_lvl+0x10/0x10
[ 102.850873][ T5463] ? __pfx__printk+0x10/0x10
[ 102.852954][ T5463] vpanic+0x237/0x6d0
[ 102.854695][ T5463] ? __pfx_vpanic+0x10/0x10
[ 102.856660][ T5463] ? preempt_schedule+0xae/0xc0
[ 102.858795][ T5463] ? __pfx_preempt_schedule+0x10/0x10
[ 102.861094][ T5463] panic+0xb9/0xc0
[ 102.862757][ T5463] ? __pfx_panic+0x10/0x10
[ 102.864725][ T5463] ? _raw_spin_unlock_irqrestore+0xfd/0x110
[ 102.867309][ T5463] ? is_module_address+0x17/0xf0
[ 102.869411][ T5463] ? diWrite+0x1209/0x1f40
[ 102.871266][ T5463] check_panic_on_warn+0x89/0xb0
[ 102.873470][ T5463] ? diWrite+0x1209/0x1f40
[ 102.875395][ T5463] end_report+0x78/0x160
[ 102.877391][ T5463] kasan_report+0x129/0x150
[ 102.879318][ T5463] ? diWrite+0x1209/0x1f40
[ 102.881347][ T5463] kasan_check_range+0x2b0/0x2c0
[ 102.883882][ T5463] ? diWrite+0x1209/0x1f40
[ 102.885795][ T5463] __asan_memcpy+0x40/0x70
[ 102.887676][ T5463] diWrite+0x1209/0x1f40
[ 102.889525][ T5463] txCommit+0x852/0x5430
[ 102.891368][ T5463] ? txLock+0xaf3/0x1cb0
[ 102.893305][ T5463] ? __pfx_txCommit+0x10/0x10
[ 102.895349][ T5463] ? rcu_is_watching+0x15/0xb0
[ 102.897582][ T5463] ? __mark_inode_dirty+0x3d2/0xe10
[ 102.899872][ T5463] add_missing_indices+0x8ce/0xce0
[ 102.901934][ T5463] ? __pfx_add_missing_indices+0x10/0x10
[ 102.904129][ T5463] ? alloc_pages_noprof+0xbe/0x190
[ 102.906118][ T5463] jfs_readdir+0x1d8f/0x3ae0
[ 102.907991][ T5463] ? lockdep_unlock+0x30/0x120
[ 102.909884][ T5463] ? __pfx_jfs_readdir+0x10/0x10
[ 102.911787][ T5463] ? down_write+0x162/0x1f0
[ 102.913602][ T5463] ? __pfx_down_write+0x10/0x10
[ 102.915560][ T5463] ? wrap_directory_iterator+0x52/0xe0
[ 102.917783][ T5463] ? __pfx_jfs_readdir+0x10/0x10
[ 102.920108][ T5463] wrap_directory_iterator+0x96/0xe0
[ 102.922226][ T5463] iterate_dir+0x399/0x570
[ 102.923817][ T5463] __se_sys_getdents64+0xe4/0x260
[ 102.925866][ T5463] ? __pfx___se_sys_getdents64+0x10/0x10
[ 102.928197][ T5463] ? __pfx_filldir64+0x10/0x10
[ 102.930015][ T5463] ? do_syscall_64+0xbe/0xfa0
[ 102.932078][ T5463] do_syscall_64+0xfa/0xfa0
[ 102.934090][ T5463] ? lockdep_hardirqs_on+0x9c/0x150
[ 102.936334][ T5463] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 102.939174][ T5463] ? clear_bhb_loop+0x60/0xb0
[ 102.941280][ T5463] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 102.943764][ T5463] RIP: 0033:0x7fb3f698efc9
[ 102.945685][ T5463] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 102.953773][ T5463] RSP: 002b:00007ffd4c487568 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 102.957378][ T5463] RAX: ffffffffffffffda RBX: 00007fb3f6be5fa0 RCX: 00007fb3f698efc9
[ 102.960956][ T5463] RDX: 0000000000001000 RSI: 0000200000000f80 RDI: 0000000000000005
[ 102.964736][ T5463] RBP: 00007fb3f6a11f91 R08: 0000000000000000 R09: 0000000000000000
[ 102.968265][ T5463] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 102.971615][ T5463] R13: 00007fb3f6be5fa0 R14: 00007fb3f6be5fa0 R15: 0000000000000003
[ 102.974996][ T5463]
[ 102.976629][ T5463] Kernel Offset: disabled
[ 102.978518][ T5463] Rebooting in 86400 seconds..
VM DIAGNOSIS:
00:56:33 Registers:
info registers vcpu 0
CPU#0
RAX=0000000000000020 RBX=0000000000000020 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc90002a7ef30
R8 =ffff888033c88237 R9 =1ffff11006791046 R10=dffffc0000000000 R11=ffffffff851e0990
R12=dffffc0000000000 R13=ffffffff99a12900 R14=ffffffff99d26400 R15=0000000000000000
RIP=ffffffff851e0a0c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 000055558487d500 ffffffff 00c00000
GS =0000 ffff88808d302000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007fcf0e75c000 CR3=0000000058cf8000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000ffffffff Opmask01=0000000000000000 Opmask02=000000000000003f Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd4c486ad0 00007ffd4c486ab0
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd4c486c10 00007ffd4c486a90
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd4c486ad0
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd4c486c10
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd4c486c10 00007ffd4c486a90
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd4c486ad0 00007ffd4c486ab0
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb3f6a1307c
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb3f6a1315a
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0073657479625f6e 695f65676173752e 647673722e424d32 2e626c7465677568
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000500060006
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000