Warning: Permanently added '[localhost]:31284' (ED25519) to the list of known hosts.
[   71.404298][ T1415] ieee802154 phy0 wpan0: encryption failed: -22
[   71.406610][ T1415] ieee802154 phy1 wpan1: encryption failed: -22
2025/02/24 09:31:40 ignoring optional flag "sandboxArg"="0"
2025/02/24 09:31:41 parsed 1 programs
[   74.780582][   T40] kauditd_printk_skb: 28 callbacks suppressed
[   74.780595][   T40] audit: type=1400 audit(1740389503.215:143): avc:  denied  { unlink } for  pid=6196 comm="syz-executor" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   75.583324][ T6196] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   77.555847][   T40] audit: type=1401 audit(1740389505.995:144): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
[   77.718878][ T6012] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   77.727592][ T6012] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   77.733575][ T6012] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   77.737214][ T6012] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   77.741229][ T6012] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   77.748900][ T6012] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   79.149133][ T6308] chnl_net:caif_netlink_parms(): no params data found
[   79.209669][ T6308] bridge0: port 1(bridge_slave_0) entered blocking state
[   79.212088][ T6308] bridge0: port 1(bridge_slave_0) entered disabled state
[   79.214235][ T6308] bridge_slave_0: entered allmulticast mode
[   79.216466][ T6308] bridge_slave_0: entered promiscuous mode
[   79.219300][ T6308] bridge0: port 2(bridge_slave_1) entered blocking state
[   79.221830][ T6308] bridge0: port 2(bridge_slave_1) entered disabled state
[   79.224836][ T6308] bridge_slave_1: entered allmulticast mode
[   79.229308][ T6308] bridge_slave_1: entered promiscuous mode
[   79.263867][ T6308] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   79.270217][ T6308] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   79.303474][ T6308] team0: Port device team_slave_0 added
[   79.307423][ T6308] team0: Port device team_slave_1 added
[   79.338658][ T6308] batman_adv: batadv0: Adding interface: batadv_slave_0
[   79.343044][ T6308] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   79.352978][ T6308] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   79.358969][ T6308] batman_adv: batadv0: Adding interface: batadv_slave_1
[   79.363230][ T6308] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   79.374014][ T6308] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   79.413220][ T6308] hsr_slave_0: entered promiscuous mode
[   79.416101][ T6308] hsr_slave_1: entered promiscuous mode
[   79.892886][ T6308] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   79.896205][ T6308] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   79.900402][ T6308] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   79.903876][ T6308] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   79.937582][ T6308] 8021q: adding VLAN 0 to HW filter on device bond0
[   79.954905][ T6308] 8021q: adding VLAN 0 to HW filter on device team0
[   79.959311][ T1054] bridge0: port 1(bridge_slave_0) entered blocking state
[   79.962147][ T1054] bridge0: port 1(bridge_slave_0) entered forwarding state
[   79.970539][ T1054] bridge0: port 2(bridge_slave_1) entered blocking state
[   79.972701][ T1054] bridge0: port 2(bridge_slave_1) entered forwarding state
[   80.068264][ T6308] 8021q: adding VLAN 0 to HW filter on device batadv0
[   80.094165][ T6308] veth0_vlan: entered promiscuous mode
[   80.104603][ T6308] veth1_vlan: entered promiscuous mode
[   80.123758][ T6308] veth0_macvtap: entered promiscuous mode
[   80.128583][ T6308] veth1_macvtap: entered promiscuous mode
[   80.139813][ T6308] batman_adv: batadv0: Interface activated: batadv_slave_0
[   80.147803][ T6308] batman_adv: batadv0: Interface activated: batadv_slave_1
[   80.153497][ T6308] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   80.156912][ T6308] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   80.160587][ T6308] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   80.163965][ T6308] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   80.255290][   T11] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   80.299633][   T39] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   80.302739][   T39] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   80.319365][   T39] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   80.321751][   T39] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   80.332211][   T11] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   80.390795][   T11] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   80.442207][   T11] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/02/24 09:31:49 executed programs: 0
[   80.807445][ T5288] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   80.813074][ T5288] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   80.816633][ T5288] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   80.822123][ T5288] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   80.828277][ T5288] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   80.832510][ T5288] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   80.950826][ T6399] chnl_net:caif_netlink_parms(): no params data found
[   81.027617][ T6399] bridge0: port 1(bridge_slave_0) entered blocking state
[   81.029798][ T6399] bridge0: port 1(bridge_slave_0) entered disabled state
[   81.032092][ T6399] bridge_slave_0: entered allmulticast mode
[   81.035360][ T6399] bridge_slave_0: entered promiscuous mode
[   81.038603][ T6399] bridge0: port 2(bridge_slave_1) entered blocking state
[   81.042028][ T6399] bridge0: port 2(bridge_slave_1) entered disabled state
[   81.044211][ T6399] bridge_slave_1: entered allmulticast mode
[   81.046583][ T6399] bridge_slave_1: entered promiscuous mode
[   81.072470][ T6399] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   81.076265][ T6399] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   81.098908][ T6399] team0: Port device team_slave_0 added
[   81.103073][ T6399] team0: Port device team_slave_1 added
[   81.128411][ T6399] batman_adv: batadv0: Adding interface: batadv_slave_0
[   81.131452][ T6399] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   81.138934][ T6399] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   81.144009][ T6399] batman_adv: batadv0: Adding interface: batadv_slave_1
[   81.146108][ T6399] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   81.153705][ T6399] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   81.179182][ T6399] hsr_slave_0: entered promiscuous mode
[   81.181346][ T6399] hsr_slave_1: entered promiscuous mode
[   81.183379][ T6399] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   81.185832][ T6399] Cannot create hsr debugfs directory
[   81.642731][   T30] cfg80211: failed to load regulatory.db
[   82.840694][ T5288] Bluetooth: hci0: command tx timeout
[   83.891190][   T11] bridge_slave_1: left allmulticast mode
[   83.893090][   T11] bridge_slave_1: left promiscuous mode
[   83.894941][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[   83.898466][   T11] bridge_slave_0: left allmulticast mode
[   83.900204][   T11] bridge_slave_0: left promiscuous mode
[   83.902305][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[   84.113131][   T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   84.117540][   T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   84.121351][   T11] bond0 (unregistering): Released all slaves
[   84.282081][   T11] hsr_slave_0: left promiscuous mode
[   84.284297][   T11] hsr_slave_1: left promiscuous mode
[   84.286511][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   84.289285][   T11] batman_adv: batadv0: Removing interface: batadv_slave_0
[   84.292692][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   84.294977][   T11] batman_adv: batadv0: Removing interface: batadv_slave_1
[   84.306777][   T11] veth1_macvtap: left promiscuous mode
[   84.308473][   T11] veth0_macvtap: left promiscuous mode
[   84.310136][   T11] veth1_vlan: left promiscuous mode
[   84.312684][   T11] veth0_vlan: left promiscuous mode
[   84.770514][   T11] team0 (unregistering): Port device team_slave_1 removed
[   84.825014][   T11] team0 (unregistering): Port device team_slave_0 removed
[   84.923904][ T5288] Bluetooth: hci0: command tx timeout
[   85.433605][ T6399] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   85.437188][ T6399] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   85.441103][ T6399] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   85.444390][ T6399] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   85.492506][ T6399] 8021q: adding VLAN 0 to HW filter on device bond0
[   85.502568][ T6399] 8021q: adding VLAN 0 to HW filter on device team0
[   85.507375][ T1236] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.509930][ T1236] bridge0: port 1(bridge_slave_0) entered forwarding state
[   85.516655][ T1236] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.519042][ T1236] bridge0: port 2(bridge_slave_1) entered forwarding state
[   85.618462][ T6399] 8021q: adding VLAN 0 to HW filter on device batadv0
[   85.635993][ T6399] veth0_vlan: entered promiscuous mode
[   85.640064][ T6399] veth1_vlan: entered promiscuous mode
[   85.688965][ T6399] veth0_macvtap: entered promiscuous mode
[   85.694393][ T6399] veth1_macvtap: entered promiscuous mode
[   85.705191][ T6399] batman_adv: batadv0: Interface activated: batadv_slave_0
[   85.712537][ T6399] batman_adv: batadv0: Interface activated: batadv_slave_1
[   85.717869][ T6399] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   85.721483][ T6399] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   85.724930][ T6399] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   85.728435][ T6399] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   85.757188][ T1174] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   85.759590][ T1174] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   85.780717][ T1054] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   85.784021][ T1054] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/02/24 09:31:54 executed programs: 2
[   85.834762][   T40] audit: type=1400 audit(1740389514.275:145): avc:  denied  { mount } for  pid=6505 comm="syz.0.16" name="/" dev="9p" ino=27656491 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[   85.843881][   T40] audit: type=1400 audit(1740389514.275:146): avc:  denied  { write } for  pid=6505 comm="syz.0.16" name="/" dev="9p" ino=27656491 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   85.852992][   T40] audit: type=1400 audit(1740389514.275:147): avc:  denied  { add_name } for  pid=6505 comm="syz.0.16" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   85.861847][   T40] audit: type=1400 audit(1740389514.275:148): avc:  denied  { create } for  pid=6505 comm="syz.0.16" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   85.870708][   T40] audit: type=1400 audit(1740389514.275:149): avc:  denied  { associate } for  pid=6505 comm="syz.0.16" name="file0" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[   85.879947][   T40] audit: type=1400 audit(1740389514.305:150): avc:  denied  { read write } for  pid=6505 comm="syz.0.16" name="file0" dev="9p" ino=27656492 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   85.889574][   T40] audit: type=1400 audit(1740389514.305:151): avc:  denied  { open } for  pid=6505 comm="syz.0.16" path="/0/bus/file0" dev="9p" ino=27656492 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   85.899199][   T40] audit: type=1400 audit(1740389514.325:152): avc:  denied  { append } for  pid=6505 comm="syz.0.16" name="file0" dev="9p" ino=27656492 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   85.918398][ T6506] netfs: Couldn't get user pages (rc=-14)
[   85.931044][ T6506] ==================================================================
[   85.934319][ T6506] BUG: KASAN: slab-use-after-free in io_submit_one+0x4e5/0x1da0
[   85.937417][ T6506] Write of size 4 at addr ffff888031ff00c8 by task syz.0.16/6506
[   85.942494][ T6506] 
[   85.943483][ T6506] CPU: 3 UID: 0 PID: 6506 Comm: syz.0.16 Not tainted 6.14.0-rc4-syzkaller-gd082ecbc71e9 #0
[   85.943503][ T6506] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   85.943514][ T6506] Call Trace:
[   85.943572][ T6506]  <TASK>
[   85.943580][ T6506]  dump_stack_lvl+0x116/0x1f0
[   85.943606][ T6506]  print_report+0xc3/0x670
[   85.943625][ T6506]  ? __virt_addr_valid+0x5e/0x590
[   85.943643][ T6506]  ? __phys_addr+0xc6/0x150
[   85.943662][ T6506]  kasan_report+0xd9/0x110
[   85.943679][ T6506]  ? io_submit_one+0x4e5/0x1da0
[   85.943704][ T6506]  ? io_submit_one+0x4e5/0x1da0
[   85.943729][ T6506]  kasan_check_range+0xef/0x1a0
[   85.943751][ T6506]  io_submit_one+0x4e5/0x1da0
[   85.943778][ T6506]  ? __pfx_io_submit_one+0x10/0x10
[   85.943802][ T6506]  ? __might_fault+0x13b/0x190
[   85.943825][ T6506]  ? lock_acquire+0x2f/0xb0
[   85.943848][ T6506]  ? __might_fault+0xe3/0x190
[   85.943870][ T6506]  ? __x64_sys_io_submit+0x1b2/0x340
[   85.943893][ T6506]  __x64_sys_io_submit+0x1b2/0x340
[   85.943919][ T6506]  ? __pfx___x64_sys_io_submit+0x10/0x10
[   85.943948][ T6506]  do_syscall_64+0xcd/0x250
[   85.943969][ T6506]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.943993][ T6506] RIP: 0033:0x7fbee8f8cde9
[   85.944008][ T6506] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   85.944024][ T6506] RSP: 002b:00007fbee9e38038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[   85.944055][ T6506] RAX: ffffffffffffffda RBX: 00007fbee91a5fa0 RCX: 00007fbee8f8cde9
[   85.944067][ T6506] RDX: 00004000000002c0 RSI: 0000000000000001 RDI: 00007fbee9e17000
[   85.944077][ T6506] RBP: 00007fbee900e2a0 R08: 0000000000000000 R09: 0000000000000000
[   85.944087][ T6506] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.944097][ T6506] R13: 0000000000000000 R14: 00007fbee91a5fa0 R15: 00007ffecb0d58e8
[   85.944113][ T6506]  </TASK>
[   85.944118][ T6506] 
[   86.019206][ T6506] Allocated by task 6506:
[   86.020955][ T6506]  kasan_save_stack+0x33/0x60
[   86.022910][ T6506]  kasan_save_track+0x14/0x30
[   86.024844][ T6506]  __kasan_slab_alloc+0x89/0x90
[   86.027035][ T6506]  kmem_cache_alloc_noprof+0x226/0x3d0
[   86.029283][ T6506]  io_submit_one+0x123/0x1da0
[   86.031281][ T6506]  __x64_sys_io_submit+0x1b2/0x340
[   86.033377][ T6506]  do_syscall_64+0xcd/0x250
[   86.035244][ T6506]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.037572][ T6506] 
[   86.038579][ T6506] Freed by task 6506:
[   86.040213][ T6506]  kasan_save_stack+0x33/0x60
[   86.042161][ T6506]  kasan_save_track+0x14/0x30
[   86.044115][ T6506]  kasan_save_free_info+0x3b/0x60
[   86.046380][ T6506]  __kasan_slab_free+0x51/0x70
[   86.048385][ T6506]  kmem_cache_free+0x2e2/0x4d0
[   86.050297][ T6506]  aio_complete_rw+0x3ec/0x7b0
[   86.052317][ T6506]  netfs_read_collection+0x30ae/0x3cb0
[   86.054529][ T6506]  netfs_wait_for_pause+0x31c/0x3e0
[   86.056633][ T6506]  netfs_unbuffered_read_iter_locked+0xb50/0x1610
[   86.059275][ T6506]  netfs_unbuffered_read_iter+0xc5/0x100
[   86.061566][ T6506]  v9fs_file_read_iter+0xbf/0x100
[   86.063651][ T6506]  aio_read+0x313/0x4e0
[   86.065265][ T6506]  io_submit_one+0x1580/0x1da0
[   86.067370][ T6506]  __x64_sys_io_submit+0x1b2/0x340
[   86.069568][ T6506]  do_syscall_64+0xcd/0x250
[   86.071465][ T6506]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.074302][ T6506] 
[   86.075398][ T6506] The buggy address belongs to the object at ffff888031ff0000
[   86.075398][ T6506]  which belongs to the cache aio_kiocb of size 216
[   86.080933][ T6506] The buggy address is located 200 bytes inside of
[   86.080933][ T6506]  freed 216-byte region [ffff888031ff0000, ffff888031ff00d8)
[   86.086311][ T6506] 
[   86.087391][ T6506] The buggy address belongs to the physical page:
[   86.089963][ T6506] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x31ff0
[   86.093324][ T6506] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   86.096976][ T6506] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[   86.100104][ T6506] page_type: f5(slab)
[   86.101729][ T6506] raw: 00fff00000000040 ffff8881012c1040 dead000000000122 0000000000000000
[   86.105170][ T6506] raw: 0000000000000000 0000000080190019 00000000f5000000 0000000000000000
[   86.108504][ T6506] head: 00fff00000000040 ffff8881012c1040 dead000000000122 0000000000000000
[   86.112058][ T6506] head: 0000000000000000 0000000080190019 00000000f5000000 0000000000000000
[   86.115684][ T6506] head: 00fff00000000001 ffffea0000c7fc01 ffffffffffffffff 0000000000000000
[   86.119049][ T6506] head: ffff888000000002 0000000000000000 00000000ffffffff 0000000000000000
[   86.122379][ T6506] page dumped because: kasan: bad access detected
[   86.124776][ T6506] page_owner tracks the page as allocated
[   86.127050][ T6506] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 6506, tgid 6505 (syz.0.16), ts 85923701896, free_ts 79057581684
[   86.135662][ T6506]  post_alloc_hook+0x181/0x1b0
[   86.137676][ T6506]  get_page_from_freelist+0xfce/0x2f80
[   86.139862][ T6506]  __alloc_frozen_pages_noprof+0x221/0x2470
[   86.142231][ T6506]  alloc_pages_mpol+0x1fc/0x540
[   86.144158][ T6506]  new_slab+0x23d/0x330
[   86.145935][ T6506]  ___slab_alloc+0xc5d/0x1720
[   86.148110][ T6506]  __slab_alloc.constprop.0+0x56/0xb0
[   86.150325][ T6506]  kmem_cache_alloc_noprof+0xfa/0x3d0
[   86.152606][ T6506]  io_submit_one+0x123/0x1da0
[   86.154717][ T6506]  __x64_sys_io_submit+0x1b2/0x340
[   86.156884][ T6506]  do_syscall_64+0xcd/0x250
[   86.158742][ T6506]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.161170][ T6506] page last free pid 6302 tgid 6302 stack trace:
[   86.163747][ T6506]  free_frozen_pages+0x6db/0xfb0
[   86.165770][ T6506]  vfree+0x174/0x950
[   86.167414][ T6506]  kcov_put+0x2a/0x40
[   86.169059][ T6506]  kcov_close+0xd/0x20
[   86.170821][ T6506]  __fput+0x3ff/0xb70
[   86.172480][ T6506]  task_work_run+0x14e/0x250
[   86.174533][ T6506]  do_exit+0xad8/0x2d70
[   86.176248][ T6506]  do_group_exit+0xd3/0x2a0
[   86.177580][ T6506]  get_signal+0x24ed/0x26c0
[   86.179179][ T6506]  arch_do_signal_or_restart+0x90/0x7e0
[   86.181293][ T6506]  syscall_exit_to_user_mode+0x150/0x2a0
[   86.183465][ T6506]  do_syscall_64+0xda/0x250
[   86.185244][ T6506]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.187854][ T6506] 
[   86.188856][ T6506] Memory state around the buggy address:
[   86.191311][ T6506]  ffff888031feff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   86.194402][ T6506]  ffff888031ff0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   86.197426][ T6506] >ffff888031ff0080: fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc
[   86.200062][ T6506]                                               ^
[   86.201913][ T6506]  ffff888031ff0100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   86.204969][ T6506]  ffff888031ff0180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   86.208219][ T6506] ==================================================================
[   86.213315][ T6506] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   86.216455][ T6506] CPU: 3 UID: 0 PID: 6506 Comm: syz.0.16 Not tainted 6.14.0-rc4-syzkaller-gd082ecbc71e9 #0
[   86.220477][ T6506] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   86.224850][ T6506] Call Trace:
[   86.226300][ T6506]  <TASK>
[   86.227632][ T6506]  dump_stack_lvl+0x3d/0x1f0
[   86.229589][ T6506]  panic+0x71d/0x800
[   86.231389][ T6506]  ? __pfx_panic+0x10/0x10
[   86.233245][ T6506]  ? irqentry_exit+0x3b/0x90
[   86.235389][ T6506]  ? lockdep_hardirqs_on+0x7c/0x110
[   86.237516][ T6506]  ? preempt_schedule_thunk+0x1a/0x30
[   86.239730][ T6506]  ? preempt_schedule_common+0x44/0xc0
[   86.241939][ T6506]  ? check_panic_on_warn+0x1f/0xb0
[   86.244044][ T6506]  check_panic_on_warn+0xab/0xb0
[   86.246101][ T6506]  end_report+0x117/0x180
[   86.247904][ T6506]  kasan_report+0xe9/0x110
[   86.249677][ T6506]  ? io_submit_one+0x4e5/0x1da0
[   86.251799][ T6506]  ? io_submit_one+0x4e5/0x1da0
[   86.253844][ T6506]  kasan_check_range+0xef/0x1a0
[   86.256094][ T6506]  io_submit_one+0x4e5/0x1da0
[   86.258158][ T6506]  ? __pfx_io_submit_one+0x10/0x10
[   86.260324][ T6506]  ? __might_fault+0x13b/0x190
[   86.262117][ T6506]  ? lock_acquire+0x2f/0xb0
[   86.263955][ T6506]  ? __might_fault+0xe3/0x190
[   86.265844][ T6506]  ? __x64_sys_io_submit+0x1b2/0x340
[   86.268145][ T6506]  __x64_sys_io_submit+0x1b2/0x340
[   86.270342][ T6506]  ? __pfx___x64_sys_io_submit+0x10/0x10
[   86.272851][ T6506]  do_syscall_64+0xcd/0x250
[   86.274890][ T6506]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.277329][ T6506] RIP: 0033:0x7fbee8f8cde9
[   86.279198][ T6506] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   86.286923][ T6506] RSP: 002b:00007fbee9e38038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[   86.290570][ T6506] RAX: ffffffffffffffda RBX: 00007fbee91a5fa0 RCX: 00007fbee8f8cde9
[   86.293576][ T6506] RDX: 00004000000002c0 RSI: 0000000000000001 RDI: 00007fbee9e17000
[   86.296779][ T6506] RBP: 00007fbee900e2a0 R08: 0000000000000000 R09: 0000000000000000
[   86.299983][ T6506] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   86.303135][ T6506] R13: 0000000000000000 R14: 00007fbee91a5fa0 R15: 00007ffecb0d58e8
[   86.306354][ T6506]  </TASK>
[   86.308469][ T6506] Kernel Offset: disabled
[   86.310180][ T6506] Rebooting in 86400 seconds..