Warning: Permanently added '[localhost]:61479' (ED25519) to the list of known hosts.
2025/05/17 15:26:42 ignoring optional flag "sandboxArg"="0"
2025/05/17 15:26:42 ignoring optional flag "type"="qemu"
2025/05/17 15:26:43 parsed 1 programs
[  124.151175][ T5596] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  127.262361][ T4659] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  127.266628][ T4659] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  127.270359][ T4659] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  127.275370][ T4659] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  127.278954][ T4659] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  128.894945][ T5647] chnl_net:caif_netlink_parms(): no params data found
[  128.958979][ T5647] bridge0: port 1(bridge_slave_0) entered blocking state
[  128.962924][ T5647] bridge0: port 1(bridge_slave_0) entered disabled state
[  128.966217][ T5647] bridge_slave_0: entered allmulticast mode
[  128.970174][ T5647] bridge_slave_0: entered promiscuous mode
[  128.975429][ T5647] bridge0: port 2(bridge_slave_1) entered blocking state
[  128.978666][ T5647] bridge0: port 2(bridge_slave_1) entered disabled state
[  128.983262][ T5647] bridge_slave_1: entered allmulticast mode
[  128.987332][ T5647] bridge_slave_1: entered promiscuous mode
[  129.013127][ T5647] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  129.019441][ T5647] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  129.046124][ T5647] team0: Port device team_slave_0 added
[  129.051282][ T5647] team0: Port device team_slave_1 added
[  129.075575][ T5647] batman_adv: batadv0: Adding interface: batadv_slave_0
[  129.078684][ T5647] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  129.091033][ T5647] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  129.098132][ T5647] batman_adv: batadv0: Adding interface: batadv_slave_1
[  129.101259][ T5647] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  129.116586][ T5647] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  129.150461][ T5647] hsr_slave_0: entered promiscuous mode
[  129.155262][ T5647] hsr_slave_1: entered promiscuous mode
[  129.775518][ T5647] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  129.795530][ T5647] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  129.803952][ T5647] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  129.813401][ T5647] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  129.855115][ T5647] bridge0: port 2(bridge_slave_1) entered blocking state
[  129.858247][ T5647] bridge0: port 2(bridge_slave_1) entered forwarding state
[  129.861559][ T5647] bridge0: port 1(bridge_slave_0) entered blocking state
[  129.864772][ T5647] bridge0: port 1(bridge_slave_0) entered forwarding state
[  129.903615][ T1045] bridge0: port 1(bridge_slave_0) entered disabled state
[  129.913745][ T1045] bridge0: port 2(bridge_slave_1) entered disabled state
[  130.006770][ T5647] 8021q: adding VLAN 0 to HW filter on device bond0
[  130.038355][ T5647] 8021q: adding VLAN 0 to HW filter on device team0
[  130.074745][ T1045] bridge0: port 1(bridge_slave_0) entered blocking state
[  130.077935][ T1045] bridge0: port 1(bridge_slave_0) entered forwarding state
[  130.083377][ T1045] bridge0: port 2(bridge_slave_1) entered blocking state
[  130.086569][ T1045] bridge0: port 2(bridge_slave_1) entered forwarding state
[  130.164871][ T5647] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  130.463088][ T5647] 8021q: adding VLAN 0 to HW filter on device batadv0
[  130.535768][ T5647] veth0_vlan: entered promiscuous mode
[  130.553649][ T5647] veth1_vlan: entered promiscuous mode
[  130.614558][ T5647] veth0_macvtap: entered promiscuous mode
[  130.621184][ T5647] veth1_macvtap: entered promiscuous mode
[  130.661113][ T5647] batman_adv: batadv0: Interface activated: batadv_slave_0
[  130.689541][ T5647] batman_adv: batadv0: Interface activated: batadv_slave_1
[  130.709526][ T5647] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  130.723252][ T5647] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  130.727177][ T5647] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  130.731083][ T5647] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  130.968729][ T1045] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  132.088671][ T1045] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  132.489249][ T1033] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  132.497064][ T1033] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  132.555186][ T1150] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  132.559383][ T1150] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  133.021569][ T1045] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/05/17 15:26:57 executed programs: 0
[  133.316678][ T5395] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  133.320693][ T5395] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  133.325339][ T5395] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  133.329522][ T5395] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  133.332945][ T5395] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  133.566453][ T1045] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  133.832353][ T1045] bridge_slave_1: left allmulticast mode
[  133.834800][ T1045] bridge_slave_1: left promiscuous mode
[  133.837395][ T1045] bridge0: port 2(bridge_slave_1) entered disabled state
[  133.866041][ T1045] bridge_slave_0: left allmulticast mode
[  133.868618][ T1045] bridge_slave_0: left promiscuous mode
[  133.871166][ T1045] bridge0: port 1(bridge_slave_0) entered disabled state
[  134.358197][ T1045] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  134.375338][ T1045] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  134.383643][ T1045] bond0 (unregistering): Released all slaves
[  134.409260][ T5747] chnl_net:caif_netlink_parms(): no params data found
[  134.472270][ T1045] hsr_slave_0: left promiscuous mode
[  134.475930][ T1045] hsr_slave_1: left promiscuous mode
[  134.479343][ T1045] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  134.492930][ T1045] batman_adv: batadv0: Removing interface: batadv_slave_0
[  134.496597][ T1045] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  134.499902][ T1045] batman_adv: batadv0: Removing interface: batadv_slave_1
[  134.526238][ T1045] veth1_macvtap: left promiscuous mode
[  134.528654][ T1045] veth0_macvtap: left promiscuous mode
[  134.531020][ T1045] veth1_vlan: left promiscuous mode
[  134.552289][ T1045] veth0_vlan: left promiscuous mode
[  134.836159][ T1045] team0 (unregistering): Port device team_slave_1 removed
[  134.857368][ T1045] team0 (unregistering): Port device team_slave_0 removed
[  135.224997][ T5747] bridge0: port 1(bridge_slave_0) entered blocking state
[  135.228163][ T5747] bridge0: port 1(bridge_slave_0) entered disabled state
[  135.231290][ T5747] bridge_slave_0: entered allmulticast mode
[  135.258098][ T5747] bridge_slave_0: entered promiscuous mode
[  135.273631][ T5747] bridge0: port 2(bridge_slave_1) entered blocking state
[  135.276849][ T5747] bridge0: port 2(bridge_slave_1) entered disabled state
[  135.280117][ T5747] bridge_slave_1: entered allmulticast mode
[  135.295997][ T5747] bridge_slave_1: entered promiscuous mode
[  135.346074][ T5395] Bluetooth: hci0: command tx timeout
[  135.373011][ T5747] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  135.379203][ T5747] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  135.868347][ T5747] team0: Port device team_slave_0 added
[  135.895496][ T5747] team0: Port device team_slave_1 added
[  135.969619][ T5747] batman_adv: batadv0: Adding interface: batadv_slave_0
[  135.994133][ T5747] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  136.034439][ T5747] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  136.090856][ T5747] batman_adv: batadv0: Adding interface: batadv_slave_1
[  136.099659][ T5747] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  136.147732][ T5747] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  136.255325][ T5747] hsr_slave_0: entered promiscuous mode
[  136.258379][ T5747] hsr_slave_1: entered promiscuous mode
[  136.866298][ T5747] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  136.882927][ T5747] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  136.903898][ T5747] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  136.910556][ T5747] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  137.058835][ T5747] 8021q: adding VLAN 0 to HW filter on device bond0
[  137.090228][ T5747] 8021q: adding VLAN 0 to HW filter on device team0
[  137.109227][ T1033] bridge0: port 1(bridge_slave_0) entered blocking state
[  137.112555][ T1033] bridge0: port 1(bridge_slave_0) entered forwarding state
[  137.128975][ T1033] bridge0: port 2(bridge_slave_1) entered blocking state
[  137.132202][ T1033] bridge0: port 2(bridge_slave_1) entered forwarding state
[  137.423373][ T5395] Bluetooth: hci0: command tx timeout
[  137.488551][ T5747] 8021q: adding VLAN 0 to HW filter on device batadv0
[  137.561603][ T5747] veth0_vlan: entered promiscuous mode
[  137.577641][ T5747] veth1_vlan: entered promiscuous mode
[  137.625783][ T5747] veth0_macvtap: entered promiscuous mode
[  137.648044][ T5747] veth1_macvtap: entered promiscuous mode
[  137.679575][ T5747] batman_adv: batadv0: Interface activated: batadv_slave_0
[  137.697223][ T5747] batman_adv: batadv0: Interface activated: batadv_slave_1
[  137.713122][ T5747] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  137.716781][ T5747] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  137.720374][ T5747] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  137.743577][ T5747] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  137.877878][ T1045] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  137.881358][ T1045] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  137.908467][ T1314] ieee802154 phy0 wpan0: encryption failed: -22
[  137.911463][ T1314] ieee802154 phy1 wpan1: encryption failed: -22
[  137.949436][ T1033] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  137.954808][ T1033] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  138.496755][ T5816] loop0: detected capacity change from 0 to 32768
[  138.514209][ T5816] =======================================================
[  138.514209][ T5816] WARNING: The mand mount option has been deprecated and
[  138.514209][ T5816]          and is ignored by this kernel. Remove the mand
[  138.514209][ T5816]          option from the mount to silence this warning.
[  138.514209][ T5816] =======================================================
[  138.652978][ T5816] JBD2: Ignoring recovery information on journal
[  138.726819][ T5816] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  138.766477][   T25] audit: type=1804 audit(1747495622.844:2): pid=5816 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.15" name="/newroot/0/file1/bus" dev="loop0" ino=17058 res=1 errno=0
[  138.786584][ T5816] OCFS2: ERROR (device loop0): int ocfs2_validate_gd_self(struct super_block *, struct buffer_head *, int): Group descriptor #0 has bad signature 
[  138.813683][ T5816] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[  138.818177][ T5816] OCFS2: File system is now read-only.
[  138.823828][ T5816] (syz.0.15,5816,0):ocfs2_search_chain:1817 ERROR: status = -30
[  138.835342][ T5816] (syz.0.15,5816,0):ocfs2_search_chain:1940 ERROR: status = -30
[  138.843513][ T5816] (syz.0.15,5816,0):ocfs2_claim_suballoc_bits:2010 ERROR: status = -30
[  138.852366][ T5816] (syz.0.15,5816,0):ocfs2_claim_suballoc_bits:2063 ERROR: status = -30
[  138.862952][ T5816] (syz.0.15,5816,0):ocfs2_claim_metadata:2088 ERROR: status = -30
[  138.880059][ T5816] (syz.0.15,5816,0):ocfs2_claim_metadata:2101 ERROR: status = -30
[  138.890211][ T5816] (syz.0.15,5816,0):ocfs2_create_refcount_tree:595 ERROR: status = -30
[  138.900644][ T5816] (syz.0.15,5816,0):ocfs2_reflink_remap_blocks:4648 ERROR: status = -30
[  138.910667][ T5816] (syz.0.15,5816,0):ocfs2_remap_file_range:2747 ERROR: status = -30
[  138.954030][ T5747] ocfs2: Unmounting device (7,0) on (node local)
2025/05/17 15:27:03 executed programs: 3
[  139.502494][ T5395] Bluetooth: hci0: command tx timeout
[  139.579630][ T5835] loop0: detected capacity change from 0 to 32768
[  139.608136][ T5835] JBD2: Ignoring recovery information on journal
[  139.668344][ T5835] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  139.686811][   T25] audit: type=1804 audit(1747495623.764:3): pid=5835 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.16" name="/newroot/1/file1/bus" dev="loop0" ino=17058 res=1 errno=0
[  139.700600][ T5835] ==================================================================
[  139.704098][ T5835] BUG: KASAN: use-after-free in ocfs2_claim_suballoc_bits+0x8b2/0x2450
[  139.707616][ T5835] Read of size 4 at addr ffff888054df2000 by task syz.0.16/5835
[  139.711900][ T5835] 
[  139.713017][ T5835] CPU: 0 UID: 0 PID: 5835 Comm: syz.0.16 Not tainted 6.15.0-rc6-syzkaller-00278-g172a9d94339c #0 PREEMPT(full) 
[  139.713032][ T5835] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  139.713039][ T5835] Call Trace:
[  139.713046][ T5835]  <TASK>
[  139.713052][ T5835]  dump_stack_lvl+0x189/0x250
[  139.713071][ T5835]  ? __virt_addr_valid+0x18c/0x540
[  139.713086][ T5835]  ? rcu_is_watching+0x15/0xb0
[  139.713095][ T5835]  ? __kasan_check_byte+0x12/0x40
[  139.713109][ T5835]  ? __pfx_dump_stack_lvl+0x10/0x10
[  139.713123][ T5835]  ? rcu_is_watching+0x15/0xb0
[  139.713132][ T5835]  ? lock_release+0x4b/0x3e0
[  139.713148][ T5835]  ? __virt_addr_valid+0x18c/0x540
[  139.713163][ T5835]  ? __virt_addr_valid+0x469/0x540
[  139.713177][ T5835]  print_report+0xb4/0x290
[  139.713191][ T5835]  ? ocfs2_claim_suballoc_bits+0x8b2/0x2450
[  139.713207][ T5835]  kasan_report+0x118/0x150
[  139.713223][ T5835]  ? ocfs2_claim_suballoc_bits+0x8b2/0x2450
[  139.713240][ T5835]  ocfs2_claim_suballoc_bits+0x8b2/0x2450
[  139.713260][ T5835]  ? __pfx_ocfs2_claim_suballoc_bits+0x10/0x10
[  139.713276][ T5835]  ? __ocfs2_journal_access+0x621/0x820
[  139.713295][ T5835]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  139.713361][ T5835]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  139.713375][ T5835]  ? jbd2_write_access_granted+0x69/0x310
[  139.713389][ T5835]  ? jbd2_write_access_granted+0x69/0x310
[  139.713400][ T5835]  ocfs2_claim_metadata+0x178/0x4c0
[  139.713417][ T5835]  ? __pfx_ocfs2_claim_metadata+0x10/0x10
[  139.713433][ T5835]  ? __pfx_ocfs2_start_trans+0x10/0x10
[  139.713450][ T5835]  ? ocfs2_metadata_cache_get_super+0x43/0x80
[  139.713464][ T5835]  ? ocfs2_inode_cache_get_super+0xd/0x40
[  139.713479][ T5835]  ocfs2_create_refcount_tree+0x54f/0x1250
[  139.713497][ T5835]  ? __pfx_ocfs2_create_refcount_tree+0x10/0x10
[  139.713516][ T5835]  ? find_get_entries+0x688/0x7f0
[  139.713527][ T5835]  ? find_get_entries+0xfe/0x7f0
[  139.713538][ T5835]  ? __pfx_find_get_entries+0x10/0x10
[  139.713549][ T5835]  ? __filemap_get_folio+0x9a6/0xaf0
[  139.713558][ T5835]  ? seqcount_lockdep_reader_access+0x123/0x1c0
[  139.713573][ T5835]  ocfs2_reflink_remap_blocks+0x2ea/0x1930
[  139.713592][ T5835]  ? __pfx_truncate_inode_pages_range+0x10/0x10
[  139.713606][ T5835]  ? __pfx_ocfs2_reflink_remap_blocks+0x10/0x10
[  139.713627][ T5835]  ? __lock_acquire+0xaac/0xd20
[  139.713647][ T5835]  ? down_write+0x162/0x1f0
[  139.713662][ T5835]  ? __pfx_down_write+0x10/0x10
[  139.713677][ T5835]  ? generic_remap_file_range_prep+0x3e/0x60
[  139.713689][ T5835]  ocfs2_remap_file_range+0x4b7/0x730
[  139.713703][ T5835]  ? __pfx_ocfs2_remap_file_range+0x10/0x10
[  139.713717][ T5835]  ? rcu_read_lock_any_held+0xb3/0x120
[  139.713727][ T5835]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  139.713740][ T5835]  ? __pfx_ocfs2_remap_file_range+0x10/0x10
[  139.713752][ T5835]  vfs_copy_file_range+0xd53/0x1310
[  139.713771][ T5835]  ? __pfx_vfs_copy_file_range+0x10/0x10
[  139.713788][ T5835]  __se_sys_copy_file_range+0x319/0x460
[  139.713804][ T5835]  ? __pfx___se_sys_copy_file_range+0x10/0x10
[  139.713821][ T5835]  ? __x64_sys_copy_file_range+0x21/0xf0
[  139.713836][ T5835]  do_syscall_64+0xf6/0x210
[  139.713862][ T5835]  ? clear_bhb_loop+0x60/0xb0
[  139.713875][ T5835]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.713886][ T5835] RIP: 0033:0x7fe10f579e79
[  139.713898][ T5835] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  139.713912][ T5835] RSP: 002b:00007fe1102c8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000146
[  139.713924][ T5835] RAX: ffffffffffffffda RBX: 00007fe10f715f80 RCX: 00007fe10f579e79
[  139.713933][ T5835] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000006
[  139.713939][ T5835] RBP: 00007fe10f5e7916 R08: 0000000000000006 R09: 0000000000000000
[  139.713946][ T5835] R10: 00000000200000c0 R11: 0000000000000246 R12: 0000000000000000
[  139.713952][ T5835] R13: 0000000000000000 R14: 00007fe10f715f80 R15: 00007fff3f17af28
[  139.713962][ T5835]  </TASK>
[  139.713966][ T5835] 
[  139.879946][ T5835] The buggy address belongs to the physical page:
[  139.882681][ T5835] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x7f90f9284 pfn:0x54df2
[  139.886569][ T5835] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  139.889620][ T5835] raw: 04fff00000000000 ffffea0001537c08 ffffea0001537d08 0000000000000000
[  139.893217][ T5835] raw: 00000007f90f9284 0000000000000000 00000000ffffffff 0000000000000000
[  139.896730][ T5835] page dumped because: kasan: bad access detected
[  139.899452][ T5835] page_owner tracks the page as freed
[  139.901712][ T5835] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|__GFP_COMP), pid 5611, tgid 5611 (udevd), ts 139605041910, free_ts 139673269558
[  139.909122][ T5835]  post_alloc_hook+0x1d8/0x230
[  139.911124][ T5835]  get_page_from_freelist+0x21ce/0x22b0
[  139.913465][ T5835]  __alloc_frozen_pages_noprof+0x181/0x370
[  139.915918][ T5835]  alloc_pages_mpol+0x232/0x4a0
[  139.918008][ T5835]  vma_alloc_folio_noprof+0xe4/0x200
[  139.920330][ T5835]  folio_prealloc+0x30/0x180
[  139.922296][ T5835]  __handle_mm_fault+0x2b28/0x5380
[  139.924460][ T5835]  handle_mm_fault+0x3f6/0x8c0
[  139.926511][ T5835]  do_user_addr_fault+0x764/0x1390
[  139.928705][ T5835]  exc_page_fault+0x68/0x110
[  139.930689][ T5835]  asm_exc_page_fault+0x26/0x30
[  139.932797][ T5835] page last free pid 5611 tgid 5611 stack trace:
[  139.935471][ T5835]  free_unref_folios+0xb81/0x14a0
[  139.937635][ T5835]  folios_put_refs+0x559/0x640
[  139.939749][ T5835]  free_pages_and_swap_cache+0x4be/0x520
[  139.942150][ T5835]  tlb_flush_mmu+0x3a0/0x680
[  139.944119][ T5835]  tlb_finish_mmu+0xc3/0x1d0
[  139.946095][ T5835]  vms_clear_ptes+0x42c/0x540
[  139.948112][ T5835]  vms_complete_munmap_vmas+0x206/0x8a0
[  139.950481][ T5835]  do_vmi_align_munmap+0x358/0x420
[  139.952653][ T5835]  do_vmi_munmap+0x253/0x2e0
[  139.954617][ T5835]  __vm_munmap+0x23b/0x3d0
[  139.956573][ T5835]  __x64_sys_munmap+0x60/0x70
[  139.958610][ T5835]  do_syscall_64+0xf6/0x210
[  139.960566][ T5835]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.963061][ T5835] 
[  139.964098][ T5835] Memory state around the buggy address:
[  139.966517][ T5835]  ffff888054df1f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  139.969944][ T5835]  ffff888054df1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  139.973299][ T5835] >ffff888054df2000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  139.976754][ T5835]                    ^
[  139.978543][ T5835]  ffff888054df2080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  139.981966][ T5835]  ffff888054df2100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  139.985266][ T5835] ==================================================================
[  140.003760][ T5835] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  140.006720][ T5835] CPU: 0 UID: 0 PID: 5835 Comm: syz.0.16 Not tainted 6.15.0-rc6-syzkaller-00278-g172a9d94339c #0 PREEMPT(full) 
[  140.011649][ T5835] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  140.016232][ T5835] Call Trace:
[  140.017684][ T5835]  <TASK>
[  140.019023][ T5835]  dump_stack_lvl+0x99/0x250
[  140.021075][ T5835]  ? __asan_memcpy+0x40/0x70
[  140.023013][ T5835]  ? __pfx_dump_stack_lvl+0x10/0x10
[  140.025251][ T5835]  ? __pfx__printk+0x10/0x10
[  140.027226][ T5835]  panic+0x2db/0x790
[  140.028961][ T5835]  ? __pfx_panic+0x10/0x10
[  140.030867][ T5835]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  140.033326][ T5835]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  140.035964][ T5835]  ? print_memory_metadata+0x314/0x400
[  140.038240][ T5835]  ? ocfs2_claim_suballoc_bits+0x8b2/0x2450
[  140.040823][ T5835]  check_panic_on_warn+0x89/0xb0
[  140.042898][ T5835]  ? ocfs2_claim_suballoc_bits+0x8b2/0x2450
[  140.045520][ T5835]  end_report+0x78/0x160
[  140.047377][ T5835]  kasan_report+0x129/0x150
[  140.049395][ T5835]  ? ocfs2_claim_suballoc_bits+0x8b2/0x2450
[  140.051915][ T5835]  ocfs2_claim_suballoc_bits+0x8b2/0x2450
[  140.054346][ T5835]  ? __pfx_ocfs2_claim_suballoc_bits+0x10/0x10
[  140.057013][ T5835]  ? __ocfs2_journal_access+0x621/0x820
[  140.059460][ T5835]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  140.061871][ T5835]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  140.064410][ T5835]  ? jbd2_write_access_granted+0x69/0x310
[  140.066825][ T5835]  ? jbd2_write_access_granted+0x69/0x310
[  140.069271][ T5835]  ocfs2_claim_metadata+0x178/0x4c0
[  140.071488][ T5835]  ? __pfx_ocfs2_claim_metadata+0x10/0x10
[  140.073945][ T5835]  ? __pfx_ocfs2_start_trans+0x10/0x10
[  140.076278][ T5835]  ? ocfs2_metadata_cache_get_super+0x43/0x80
[  140.078927][ T5835]  ? ocfs2_inode_cache_get_super+0xd/0x40
[  140.081402][ T5835]  ocfs2_create_refcount_tree+0x54f/0x1250
[  140.083914][ T5835]  ? __pfx_ocfs2_create_refcount_tree+0x10/0x10
[  140.086563][ T5835]  ? find_get_entries+0x688/0x7f0
[  140.088693][ T5835]  ? find_get_entries+0xfe/0x7f0
[  140.090774][ T5835]  ? __pfx_find_get_entries+0x10/0x10
[  140.093045][ T5835]  ? __filemap_get_folio+0x9a6/0xaf0
[  140.095226][ T5835]  ? seqcount_lockdep_reader_access+0x123/0x1c0
[  140.097893][ T5835]  ocfs2_reflink_remap_blocks+0x2ea/0x1930
[  140.100467][ T5835]  ? __pfx_truncate_inode_pages_range+0x10/0x10
[  140.103120][ T5835]  ? __pfx_ocfs2_reflink_remap_blocks+0x10/0x10
[  140.105810][ T5835]  ? __lock_acquire+0xaac/0xd20
[  140.107894][ T5835]  ? down_write+0x162/0x1f0
[  140.109793][ T5835]  ? __pfx_down_write+0x10/0x10
[  140.111790][ T5835]  ? generic_remap_file_range_prep+0x3e/0x60
[  140.114315][ T5835]  ocfs2_remap_file_range+0x4b7/0x730
[  140.116653][ T5835]  ? __pfx_ocfs2_remap_file_range+0x10/0x10
[  140.119169][ T5835]  ? rcu_read_lock_any_held+0xb3/0x120
[  140.121518][ T5835]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  140.124137][ T5835]  ? __pfx_ocfs2_remap_file_range+0x10/0x10
[  140.126764][ T5835]  vfs_copy_file_range+0xd53/0x1310
[  140.129095][ T5835]  ? __pfx_vfs_copy_file_range+0x10/0x10
[  140.131382][ T5835]  __se_sys_copy_file_range+0x319/0x460
[  140.133691][ T5835]  ? __pfx___se_sys_copy_file_range+0x10/0x10
[  140.136229][ T5835]  ? __x64_sys_copy_file_range+0x21/0xf0
[  140.138707][ T5835]  do_syscall_64+0xf6/0x210
[  140.140772][ T5835]  ? clear_bhb_loop+0x60/0xb0
[  140.142802][ T5835]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.145301][ T5835] RIP: 0033:0x7fe10f579e79
[  140.147212][ T5835] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  140.155068][ T5835] RSP: 002b:00007fe1102c8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000146
[  140.158488][ T5835] RAX: ffffffffffffffda RBX: 00007fe10f715f80 RCX: 00007fe10f579e79
[  140.161698][ T5835] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000006
[  140.164978][ T5835] RBP: 00007fe10f5e7916 R08: 0000000000000006 R09: 0000000000000000
[  140.168263][ T5835] R10: 00000000200000c0 R11: 0000000000000246 R12: 0000000000000000
[  140.171574][ T5835] R13: 0000000000000000 R14: 00007fe10f715f80 R15: 00007fff3f17af28
[  140.174913][ T5835]  </TASK>
[  140.176567][ T5835] Kernel Offset: disabled
[  140.178373][ T5835] Rebooting in 86400 seconds..