Warning: Permanently added '[localhost]:54238' (ED25519) to the list of known hosts.
syzkaller login: [ 90.655696][ T5103] cgroup: Unknown subsys name 'net'
[ 90.759127][ T5103] cgroup: Unknown subsys name 'rlimit'
executing program
executing program
executing program
executing program
executing program
executing program
[ 91.777468][ T8] cfg80211: failed to load regulatory.db
[ 93.047407][ T5134] loop0: detected capacity change from 0 to 32768
executing program
[ 93.292070][ T5136] lmLogOpen: exit(-6)
executing program
executing program
executing program
executing program
executing program
[ 94.950310][ T5148] loop0: detected capacity change from 0 to 32768
executing program
executing program
executing program
[ 95.183125][ T5148] ==================================================================
[ 95.186074][ T5148] BUG: KASAN: slab-use-after-free in __mutex_lock+0xfe/0xd70
[ 95.188801][ T5148] Read of size 8 at addr ffff8880463af4b0 by task syz-executor336/5148
[ 95.192564][ T5148]
[ 95.193482][ T5148] CPU: 0 UID: 0 PID: 5148 Comm: syz-executor336 Not tainted 6.11.0-rc7-syzkaller-00149-g0babf683783d #0
[ 95.197689][ T5148] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 95.201450][ T5148] Call Trace:
[ 95.202681][ T5148]
[ 95.203758][ T5148] dump_stack_lvl+0x241/0x360
[ 95.205579][ T5148] ? __pfx_dump_stack_lvl+0x10/0x10
[ 95.207594][ T5148] ? __pfx__printk+0x10/0x10
[ 95.209347][ T5148] ? _printk+0xd5/0x120
[ 95.211006][ T5148] ? __virt_addr_valid+0x183/0x530
[ 95.213210][ T5148] ? __virt_addr_valid+0x183/0x530
[ 95.215673][ T5148] print_report+0x169/0x550
[ 95.217568][ T5148] ? __virt_addr_valid+0x183/0x530
[ 95.219538][ T5148] ? __virt_addr_valid+0x183/0x530
[ 95.221474][ T5148] ? __virt_addr_valid+0x45f/0x530
[ 95.223403][ T5148] ? __phys_addr+0xba/0x170
[ 95.225108][ T5148] ? __mutex_lock+0xfe/0xd70
[ 95.226874][ T5148] kasan_report+0x143/0x180
[ 95.228610][ T5148] ? __mutex_lock+0xfe/0xd70
[ 95.230379][ T5148] __mutex_lock+0xfe/0xd70
[ 95.232018][ T5148] ? lock_metapage+0x2fa/0x370
[ 95.233738][ T5148] ? dbFreeBits+0x7ea/0xd90
[ 95.235428][ T5148] ? __pfx___mutex_lock+0x10/0x10
[ 95.237436][ T5148] ? dbJoin+0x255/0x310
[ 95.239058][ T5148] dbFreeBits+0x7ea/0xd90
[ 95.240663][ T5148] dbFree+0x35b/0x680
[ 95.242209][ T5148] dbDiscardAG+0x8a9/0xa20
[ 95.243651][ T5148] ? __pfx_dbDiscardAG+0x10/0x10
[ 95.245442][ T5148] ? __pfx_lock_release+0x10/0x10
[ 95.247243][ T5148] jfs_ioc_trim+0x433/0x670
[ 95.249102][ T5148] jfs_ioctl+0x2d0/0x3e0
[ 95.250755][ T5148] ? __pfx_jfs_ioctl+0x10/0x10
[ 95.252499][ T5148] ? __fget_files+0x29/0x470
[ 95.254240][ T5148] ? bpf_lsm_file_ioctl+0x9/0x10
[ 95.256089][ T5148] ? security_file_ioctl+0x87/0xb0
[ 95.258035][ T5148] ? __pfx_jfs_ioctl+0x10/0x10
[ 95.259885][ T5148] __se_sys_ioctl+0xfc/0x170
[ 95.261636][ T5148] do_syscall_64+0xf3/0x230
[ 95.263355][ T5148] ? clear_bhb_loop+0x35/0x90
[ 95.265138][ T5148] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 95.267245][ T5148] RIP: 0033:0x7fb137376dc9
[ 95.268944][ T5148] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 95.276139][ T5148] RSP: 002b:00007fb137323218 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 95.279145][ T5148] RAX: ffffffffffffffda RBX: 00007fb1373fe708 RCX: 00007fb137376dc9
[ 95.282094][ T5148] RDX: 0000000020000080 RSI: 00000000c0185879 RDI: 0000000000000005
[ 95.284947][ T5148] RBP: 00007fb1373fe700 R08: 0000000000000000 R09: 0000000000000000
[ 95.287752][ T5148] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb1373ca3f4
[ 95.290691][ T5148] R13: 00007fb1373c4052 R14: 00007fb1373c4062 R15: c21418431439518c
[ 95.293731][ T5148]
[ 95.294926][ T5148]
[ 95.295847][ T5148] Allocated by task 5148:
[ 95.297521][ T5148] kasan_save_track+0x3f/0x80
[ 95.299285][ T5148] __kasan_kmalloc+0x98/0xb0
[ 95.300996][ T5148] __kmalloc_cache_noprof+0x19c/0x2c0
[ 95.302947][ T5148] dbMount+0x58/0x9b0
[ 95.304446][ T5148] jfs_mount+0x1e0/0x830
[ 95.306042][ T5148] jfs_fill_super+0x59c/0xc50
[ 95.307830][ T5148] mount_bdev+0x20a/0x2d0
[ 95.309520][ T5148] legacy_get_tree+0xee/0x190
[ 95.311255][ T5148] vfs_get_tree+0x90/0x2b0
[ 95.313047][ T5148] do_new_mount+0x2be/0xb40
[ 95.314579][ T5148] __se_sys_mount+0x2d6/0x3c0
[ 95.316338][ T5148] do_syscall_64+0xf3/0x230
[ 95.318014][ T5148] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 95.320132][ T5148]
[ 95.321088][ T5148] Freed by task 5151:
[ 95.322592][ T5148] kasan_save_track+0x3f/0x80
[ 95.324320][ T5148] kasan_save_free_info+0x40/0x50
[ 95.326160][ T5148] poison_slab_object+0xe0/0x150
[ 95.327937][ T5148] __kasan_slab_free+0x37/0x60
[ 95.329816][ T5148] kfree+0x149/0x360
[ 95.331263][ T5148] dbUnmount+0x11d/0x190
[ 95.332807][ T5148] jfs_mount_rw+0x4ac/0x6a0
[ 95.334440][ T5148] jfs_remount+0x3d1/0x6b0
[ 95.336091][ T5148] reconfigure_super+0x445/0x880
[ 95.338175][ T5148] path_mount+0xc22/0xfa0
[ 95.340091][ T5148] __se_sys_mount+0x2d6/0x3c0
[ 95.341913][ T5148] do_syscall_64+0xf3/0x230
[ 95.343574][ T5148] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 95.345840][ T5148]
[ 95.346786][ T5148] The buggy address belongs to the object at ffff8880463af000
[ 95.346786][ T5148] which belongs to the cache kmalloc-2k of size 2048
[ 95.352139][ T5148] The buggy address is located 1200 bytes inside of
[ 95.352139][ T5148] freed 2048-byte region [ffff8880463af000, ffff8880463af800)
[ 95.357359][ T5148]
[ 95.358293][ T5148] The buggy address belongs to the physical page:
[ 95.360790][ T5148] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x463a8
[ 95.364026][ T5148] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 95.367171][ T5148] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff)
[ 95.370025][ T5148] page_type: 0xfdffffff(slab)
[ 95.371784][ T5148] raw: 04fff00000000040 ffff88801ac42000 dead000000000122 0000000000000000
[ 95.374899][ T5148] raw: 0000000000000000 0000000000080008 00000001fdffffff 0000000000000000
[ 95.378002][ T5148] head: 04fff00000000040 ffff88801ac42000 dead000000000122 0000000000000000
[ 95.381208][ T5148] head: 0000000000000000 0000000000080008 00000001fdffffff 0000000000000000
[ 95.384492][ T5148] head: 04fff00000000003 ffffea000118ea01 ffffffffffffffff 0000000000000000
[ 95.387720][ T5148] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[ 95.390877][ T5148] page dumped because: kasan: bad access detected
[ 95.393369][ T5148] page_owner tracks the page as allocated
[ 95.395546][ T5148] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 913, tgid 913 (kworker/0:3), ts 92407426887, free_ts 0
[ 95.404373][ T5148] post_alloc_hook+0x1f3/0x230
[ 95.406227][ T5148] get_page_from_freelist+0x2e4c/0x2f10
[ 95.408345][ T5148] __alloc_pages_noprof+0x256/0x6c0
[ 95.410553][ T5148] alloc_slab_page+0x5f/0x120
[ 95.412407][ T5148] allocate_slab+0x5a/0x2f0
[ 95.414188][ T5148] ___slab_alloc+0xcd1/0x14b0
[ 95.416013][ T5148] __slab_alloc+0x58/0xa0
[ 95.417749][ T5148] __kmalloc_node_track_caller_noprof+0x281/0x440
[ 95.420116][ T5148] kmalloc_reserve+0x111/0x2a0
[ 95.421973][ T5148] __alloc_skb+0x1f3/0x440
[ 95.423775][ T5148] alloc_skb_with_frags+0xc3/0x770
[ 95.425756][ T5148] sock_alloc_send_pskb+0x91a/0xa60
[ 95.427834][ T5148] mld_newpack+0x1c3/0xa90
[ 95.429562][ T5148] add_grec+0x1492/0x19a0
[ 95.431217][ T5148] mld_send_initial_cr+0x228/0x4b0
[ 95.433084][ T5148] mld_dad_work+0x44/0x500
[ 95.434754][ T5148] page_owner free stack trace missing
[ 95.436617][ T5148]
[ 95.437541][ T5148] Memory state around the buggy address:
[ 95.439604][ T5148] ffff8880463af380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 95.442628][ T5148] ffff8880463af400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 95.445755][ T5148] >ffff8880463af480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 95.448870][ T5148] ^
[ 95.451113][ T5148] ffff8880463af500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 95.454311][ T5148] ffff8880463af580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 95.457321][ T5148] ==================================================================
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[ 97.116490][ T5151] lmLogOpen: exit(-6)
[ 97.135447][ T5148] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 97.138206][ T5148] CPU: 0 UID: 0 PID: 5148 Comm: syz-executor336 Not tainted 6.11.0-rc7-syzkaller-00149-g0babf683783d #0
[ 97.142184][ T5148] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 97.146273][ T5148] Call Trace:
[ 97.147655][ T5148]
[ 97.148877][ T5148] dump_stack_lvl+0x241/0x360
[ 97.150745][ T5148] ? __pfx_dump_stack_lvl+0x10/0x10
[ 97.152686][ T5148] ? __pfx__printk+0x10/0x10
[ 97.154422][ T5148] ? preempt_schedule+0xe1/0xf0
[ 97.156177][ T5148] ? vscnprintf+0x5d/0x90
[ 97.157845][ T5148] panic+0x349/0x860
[ 97.159251][ T5148] ? check_panic_on_warn+0x21/0xb0
[ 97.161106][ T5148] ? __pfx_panic+0x10/0x10
[ 97.162666][ T5148] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 97.164666][ T5148] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 97.166974][ T5148] ? print_report+0x502/0x550
[ 97.168686][ T5148] check_panic_on_warn+0x86/0xb0
[ 97.170563][ T5148] ? __mutex_lock+0xfe/0xd70
[ 97.172111][ T5148] end_report+0x77/0x160
[ 97.173643][ T5148] kasan_report+0x154/0x180
[ 97.175327][ T5148] ? __mutex_lock+0xfe/0xd70
[ 97.177035][ T5148] __mutex_lock+0xfe/0xd70
[ 97.178678][ T5148] ? lock_metapage+0x2fa/0x370
[ 97.180377][ T5148] ? dbFreeBits+0x7ea/0xd90
[ 97.182056][ T5148] ? __pfx___mutex_lock+0x10/0x10
[ 97.183818][ T5148] ? dbJoin+0x255/0x310
[ 97.185282][ T5148] dbFreeBits+0x7ea/0xd90
[ 97.186762][ T5148] dbFree+0x35b/0x680
[ 97.188087][ T5148] dbDiscardAG+0x8a9/0xa20
[ 97.189563][ T5148] ? __pfx_dbDiscardAG+0x10/0x10
[ 97.191227][ T5148] ? __pfx_lock_release+0x10/0x10
[ 97.193005][ T5148] jfs_ioc_trim+0x433/0x670
[ 97.194646][ T5148] jfs_ioctl+0x2d0/0x3e0
[ 97.196217][ T5148] ? __pfx_jfs_ioctl+0x10/0x10
[ 97.198055][ T5148] ? __fget_files+0x29/0x470
[ 97.199786][ T5148] ? bpf_lsm_file_ioctl+0x9/0x10
[ 97.201480][ T5148] ? security_file_ioctl+0x87/0xb0
[ 97.203238][ T5148] ? __pfx_jfs_ioctl+0x10/0x10
[ 97.204901][ T5148] __se_sys_ioctl+0xfc/0x170
[ 97.206522][ T5148] do_syscall_64+0xf3/0x230
[ 97.207925][ T5148] ? clear_bhb_loop+0x35/0x90
[ 97.209324][ T5148] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 97.211284][ T5148] RIP: 0033:0x7fb137376dc9
[ 97.212811][ T5148] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 97.219743][ T5148] RSP: 002b:00007fb137323218 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 97.222905][ T5148] RAX: ffffffffffffffda RBX: 00007fb1373fe708 RCX: 00007fb137376dc9
[ 97.225769][ T5148] RDX: 0000000020000080 RSI: 00000000c0185879 RDI: 0000000000000005
[ 97.228318][ T5148] RBP: 00007fb1373fe700 R08: 0000000000000000 R09: 0000000000000000
[ 97.231027][ T5148] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb1373ca3f4
[ 97.233364][ T5148] R13: 00007fb1373c4052 R14: 00007fb1373c4062 R15: c21418431439518c
[ 97.235883][ T5148]
[ 97.237037][ T5148] Kernel Offset: disabled
[ 97.238345][ T5148] Rebooting in 86400 seconds..
VM DIAGNOSIS:
07:11:23 Registers:
info registers vcpu 0
CPU#0
RAX=0000000000000073 RBX=ffffffff9a668f40 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=0000000000000000 RSP=ffffc90002edf170
R8 =ffffffff8540aeeb R9 =1ffff11003dc3046 R10=dffffc0000000000 R11=ffffffff8540aea0
R12=dffffc0000000000 R13=0000000000000073 R14=0000000000000073 R15=00000000000003f8
RIP=ffffffff8540af1e RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fb1373236c0 ffffffff 00c00000
GS =0000 ffff88801fe00000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007fb12f0d3000 CR3=0000000035a74000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000040401 Opmask01=0000000000000fff Opmask02=00000000fff7ffff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffedc47cb60 0000003000000018
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffff0f0e0d0c
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb1373c41ca
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb1373c41a2
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb1373c41b2
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000100000001 0000000b00000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6e756f6d65723d73 726f727265003036 36396f7369007265 6c6c616b7a797300
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4b504a4840571856 574a575740001513 131c4a564c005740 4949444e5f5c5600
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000