Warning: Permanently added '[localhost]:30575' (ED25519) to the list of known hosts.
2025/07/23 20:47:23 ignoring optional flag "sandboxArg"="0"
2025/07/23 20:47:24 parsed 1 programs
syzkaller login: [ 89.429528][ T5328] cgroup: Unknown subsys name 'net'
[ 89.505710][ T5328] cgroup: Unknown subsys name 'cpuset'
[ 89.523240][ T5328] cgroup: Unknown subsys name 'rlimit'
[ 91.223474][ T5328] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 91.774406][ T10] cfg80211: failed to load regulatory.db
[ 95.156029][ T5344] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 95.475391][ T5349] chnl_net:caif_netlink_parms(): no params data found
[ 95.545015][ T5349] bridge0: port 1(bridge_slave_0) entered blocking state
[ 95.548831][ T5349] bridge0: port 1(bridge_slave_0) entered disabled state
[ 95.553138][ T5349] bridge_slave_0: entered allmulticast mode
[ 95.556839][ T5349] bridge_slave_0: entered promiscuous mode
[ 95.563152][ T5349] bridge0: port 2(bridge_slave_1) entered blocking state
[ 95.566276][ T5349] bridge0: port 2(bridge_slave_1) entered disabled state
[ 95.569582][ T5349] bridge_slave_1: entered allmulticast mode
[ 95.573742][ T5349] bridge_slave_1: entered promiscuous mode
[ 95.600268][ T5349] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 95.607599][ T5349] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 95.633950][ T5349] team0: Port device team_slave_0 added
[ 95.638999][ T5349] team0: Port device team_slave_1 added
[ 95.662697][ T5349] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 95.666064][ T5349] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 95.677901][ T5349] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 95.685679][ T5349] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 95.688966][ T5349] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 95.700525][ T5349] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 95.737130][ T5349] hsr_slave_0: entered promiscuous mode
[ 95.740652][ T5349] hsr_slave_1: entered promiscuous mode
[ 95.930550][ T5349] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 95.941798][ T5349] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 95.948648][ T5349] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 95.958905][ T5349] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 95.994997][ T5349] bridge0: port 2(bridge_slave_1) entered blocking state
[ 95.998446][ T5349] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 96.002642][ T5349] bridge0: port 1(bridge_slave_0) entered blocking state
[ 96.005644][ T5349] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 96.076754][ T5349] 8021q: adding VLAN 0 to HW filter on device bond0
[ 96.094893][ T38] bridge0: port 1(bridge_slave_0) entered disabled state
[ 96.099852][ T38] bridge0: port 2(bridge_slave_1) entered disabled state
[ 96.118075][ T5349] 8021q: adding VLAN 0 to HW filter on device team0
[ 96.128283][ T38] bridge0: port 1(bridge_slave_0) entered blocking state
[ 96.131691][ T38] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 96.147647][ T38] bridge0: port 2(bridge_slave_1) entered blocking state
[ 96.150957][ T38] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 96.343428][ T5349] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 96.389211][ T5349] veth0_vlan: entered promiscuous mode
[ 96.401919][ T5349] veth1_vlan: entered promiscuous mode
[ 96.429322][ T5349] veth0_macvtap: entered promiscuous mode
[ 96.436895][ T5349] veth1_macvtap: entered promiscuous mode
[ 96.455669][ T5349] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 96.465781][ T5349] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 96.474490][ T5349] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 96.478350][ T5349] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 96.484654][ T5349] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 96.488847][ T5349] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 96.665975][ T38] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 96.725001][ T38] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 96.765502][ T38] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 96.806516][ T38] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 97.256086][ T5386] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 97.260332][ T5386] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 97.264759][ T5386] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 97.268880][ T45] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 97.274059][ T45] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 97.593515][ T1035] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 97.596843][ T1035] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 97.636461][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 97.639590][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 99.199807][ T38] bridge_slave_1: left allmulticast mode
[ 99.212057][ T38] bridge_slave_1: left promiscuous mode
[ 99.215498][ T38] bridge0: port 2(bridge_slave_1) entered disabled state
[ 99.225152][ T38] bridge_slave_0: left allmulticast mode
[ 99.228291][ T38] bridge_slave_0: left promiscuous mode
[ 99.241646][ T38] bridge0: port 1(bridge_slave_0) entered disabled state
[ 99.642932][ T38] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 99.649282][ T38] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 99.654761][ T38] bond0 (unregistering): Released all slaves
[ 99.771696][ T38] hsr_slave_0: left promiscuous mode
[ 99.787158][ T38] hsr_slave_1: left promiscuous mode
[ 99.790689][ T38] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 99.795304][ T38] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 99.832704][ T38] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 99.835844][ T38] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 99.874047][ T38] veth1_macvtap: left promiscuous mode
[ 99.876756][ T38] veth0_macvtap: left promiscuous mode
[ 99.879142][ T38] veth1_vlan: left promiscuous mode
[ 99.901089][ T38] veth0_vlan: left promiscuous mode
[ 100.322797][ T38] team0 (unregistering): Port device team_slave_1 removed
[ 100.341290][ T38] team0 (unregistering): Port device team_slave_0 removed
2025/07/23 20:47:42 executed programs: 0
[ 104.123289][ T4684] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 104.127499][ T4684] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 104.132234][ T4684] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 104.136035][ T4684] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 104.140294][ T4684] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 104.504839][ T5478] chnl_net:caif_netlink_parms(): no params data found
[ 104.632866][ T5478] bridge0: port 1(bridge_slave_0) entered blocking state
[ 104.642315][ T5478] bridge0: port 1(bridge_slave_0) entered disabled state
[ 104.645431][ T5478] bridge_slave_0: entered allmulticast mode
[ 104.651828][ T5478] bridge_slave_0: entered promiscuous mode
[ 104.672207][ T5478] bridge0: port 2(bridge_slave_1) entered blocking state
[ 104.675760][ T5478] bridge0: port 2(bridge_slave_1) entered disabled state
[ 104.678890][ T5478] bridge_slave_1: entered allmulticast mode
[ 104.694188][ T5478] bridge_slave_1: entered promiscuous mode
[ 104.755340][ T5478] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 104.764509][ T5478] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 104.825290][ T5478] team0: Port device team_slave_0 added
[ 104.834431][ T5478] team0: Port device team_slave_1 added
[ 104.881672][ T5478] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 104.884835][ T5478] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 104.902141][ T5478] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 104.923484][ T5478] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 104.926299][ T5478] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 104.951320][ T5478] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 105.012504][ T5478] hsr_slave_0: entered promiscuous mode
[ 105.015631][ T5478] hsr_slave_1: entered promiscuous mode
[ 105.656627][ T5478] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 105.672804][ T5478] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 105.683985][ T5478] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 105.703593][ T5478] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 105.853703][ T5478] 8021q: adding VLAN 0 to HW filter on device bond0
[ 105.878193][ T5478] 8021q: adding VLAN 0 to HW filter on device team0
[ 105.904547][ T38] bridge0: port 1(bridge_slave_0) entered blocking state
[ 105.907972][ T38] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 105.930399][ T38] bridge0: port 2(bridge_slave_1) entered blocking state
[ 105.933745][ T38] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 106.172962][ T4684] Bluetooth: hci0: command tx timeout
[ 106.293320][ T5478] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 106.366104][ T5478] veth0_vlan: entered promiscuous mode
[ 106.384285][ T5478] veth1_vlan: entered promiscuous mode
[ 106.436011][ T5478] veth0_macvtap: entered promiscuous mode
[ 106.452630][ T5478] veth1_macvtap: entered promiscuous mode
[ 106.480679][ T5478] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 106.504540][ T5478] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 106.522893][ T5478] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 106.526807][ T5478] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 106.530622][ T5478] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 106.552476][ T5478] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 106.673260][ T38] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.676571][ T38] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 106.733967][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.737584][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 107.539664][ T5533] loop0: detected capacity change from 0 to 32768
[ 107.594096][ T5533] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[ 107.597923][ T5533] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[ 107.704250][ T5533] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[ 107.725750][ T5366] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[ 107.728714][ T5366] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[ 107.854875][ T5366] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 126ms
[ 107.877020][ T5366] gfs2: fsid=syz:syz.0: jid=0: Done
[ 107.879925][ T5533] gfs2: fsid=syz:syz.0: first mount done, others may mount
[ 107.912919][ T5533] gfs2: fsid=syz:syz.0: can't lock local "qc" file: -28
[ 108.253641][ T4684] Bluetooth: hci0: command tx timeout
[ 108.773821][ T5553] loop0: detected capacity change from 0 to 32768
[ 108.793715][ T5553] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[ 108.815019][ T5553] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[ 108.840183][ T5553] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[ 108.855308][ T5366] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[ 108.858216][ T5366] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[ 108.953482][ T5366] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 95ms
[ 108.972824][ T5366] gfs2: fsid=syz:syz.0: jid=0: Done
[ 108.975246][ T5553] gfs2: fsid=syz:syz.0: first mount done, others may mount
[ 108.992390][ T5553] gfs2: fsid=syz:syz.0: can't lock local "qc" file: -28
2025/07/23 20:47:47 executed programs: 4
[ 109.742463][ T5568] loop0: detected capacity change from 0 to 32768
[ 109.776479][ T5568] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[ 109.780070][ T5568] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[ 109.814641][ T5568] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[ 109.833620][ T5366] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[ 109.836318][ T5366] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[ 109.913593][ T5366] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 77ms
[ 109.924862][ T5366] gfs2: fsid=syz:syz.0: jid=0: Done
[ 109.927589][ T5568] gfs2: fsid=syz:syz.0: first mount done, others may mount
[ 109.947060][ T5568] gfs2: fsid=syz:syz.0: can't lock local "qc" file: -28
[ 110.333890][ T4684] Bluetooth: hci0: command tx timeout
[ 110.666619][ T5586] loop0: detected capacity change from 0 to 32768
[ 110.683750][ T5586] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[ 110.687454][ T5586] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[ 110.708833][ T5586] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[ 110.720295][ T10] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[ 110.724314][ T10] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[ 110.794094][ T10] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 69ms
[ 110.798811][ T10] gfs2: fsid=syz:syz.0: jid=0: Done
[ 110.801672][ T5586] gfs2: fsid=syz:syz.0: first mount done, others may mount
[ 110.807456][ T5586] gfs2: fsid=syz:syz.0: can't lock local "qc" file: -28
[ 111.260674][ T5595] loop0: detected capacity change from 0 to 32768
[ 111.275865][ T5595] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[ 111.296019][ T5595] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[ 111.317586][ T5595] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[ 111.333090][ T4776] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[ 111.336223][ T4776] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[ 111.388568][ T4776] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 52ms
[ 111.394556][ T4776] gfs2: fsid=syz:syz.0: jid=0: Done
[ 111.397005][ T5595] gfs2: fsid=syz:syz.0: first mount done, others may mount
[ 111.405490][ T5595] gfs2: fsid=syz:syz.0: can't lock local "qc" file: -28
[ 111.818472][ T5598] loop0: detected capacity change from 0 to 32768
[ 111.834744][ T5598] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[ 111.838727][ T5598] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[ 111.867004][ T5598] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[ 111.879453][ T4776] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[ 111.886017][ T4776] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[ 111.948896][ T4776] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 62ms
[ 111.954060][ T4776] gfs2: fsid=syz:syz.0: jid=0: Done
[ 111.956351][ T5598] gfs2: fsid=syz:syz.0: first mount done, others may mount
[ 111.964163][ T5598] gfs2: fsid=syz:syz.0: can't lock local "qc" file: -28
[ 111.994905][ C0] ==================================================================
[ 111.998838][ C0] BUG: KASAN: slab-use-after-free in gfs2_qd_dealloc+0x81/0xe0
[ 112.002337][ C0] Write of size 4 at addr ffff888036404a80 by task pool_workqueue_/3
[ 112.007158][ C0]
[ 112.008316][ C0] CPU: 0 UID: 0 PID: 3 Comm: pool_workqueue_ Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full)
[ 112.008331][ C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 112.008339][ C0] Call Trace:
[ 112.008347][ C0]
[ 112.008354][ C0] dump_stack_lvl+0x189/0x250
[ 112.008374][ C0] ? __kasan_check_byte+0x12/0x40
[ 112.008389][ C0] ? __pfx_dump_stack_lvl+0x10/0x10
[ 112.008403][ C0] ? lock_release+0x4b/0x3e0
[ 112.008418][ C0] ? __virt_addr_valid+0x4a5/0x5c0
[ 112.008434][ C0] print_report+0xca/0x230
[ 112.008445][ C0] ? gfs2_qd_dealloc+0x81/0xe0
[ 112.008459][ C0] kasan_report+0x118/0x150
[ 112.008474][ C0] ? gfs2_qd_dealloc+0x81/0xe0
[ 112.008489][ C0] ? rcu_core+0xc34/0x1710
[ 112.008502][ C0] kasan_check_range+0x2b0/0x2c0
[ 112.008515][ C0] ? __pfx_gfs2_qd_dealloc+0x10/0x10
[ 112.008528][ C0] ? rcu_core+0xc34/0x1710
[ 112.008539][ C0] gfs2_qd_dealloc+0x81/0xe0
[ 112.008553][ C0] rcu_core+0xca5/0x1710
[ 112.008570][ C0] ? __pfx_rcu_core+0x10/0x10
[ 112.008584][ C0] ? __pfx_tmigr_handle_remote+0x10/0x10
[ 112.008597][ C0] ? seqcount_lockdep_reader_access+0x15f/0x1c0
[ 112.008618][ C0] handle_softirqs+0x286/0x870
[ 112.008639][ C0] ? __irq_exit_rcu+0xca/0x1f0
[ 112.008653][ C0] ? __pfx_handle_softirqs+0x10/0x10
[ 112.008669][ C0] __irq_exit_rcu+0xca/0x1f0
[ 112.008681][ C0] ? __pfx___irq_exit_rcu+0x10/0x10
[ 112.008696][ C0] irq_exit_rcu+0x9/0x30
[ 112.008707][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0
[ 112.008781][ C0]
[ 112.008786][ C0]
[ 112.008790][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 112.008804][ C0] RIP: 0010:lockdep_unregister_key+0x2c5/0x310
[ 112.008818][ C0] Code: 65 48 8b 05 3d 20 02 11 48 3b 44 24 10 0f 84 26 fe ff ff e8 fd 17 d1 09 e8 28 19 d1 09 41 f7 c7 00 02 00 00 74 bd fb 40 84 ed <75> bc eb cd 90 0f 0b 90 e9 19 ff ff ff 90 0f 0b 90 e9 2a ff ff ff
[ 112.008828][ C0] RSP: 0018:ffffc90000157c00 EFLAGS: 00000246
[ 112.008841][ C0] RAX: de469ecdd1056e00 RBX: ffff8880408f6538 RCX: de469ecdd1056e00
[ 112.008849][ C0] RDX: ffffffff93643318 RSI: ffffffff8d9ace67 RDI: ffffffff8be29ec0
[ 112.008858][ C0] RBP: ffff8880408f6500 R08: 0000000000000000 R09: ffffffff81ab49a8
[ 112.008866][ C0] R10: dffffc0000000000 R11: fffffbfff1f43f5f R12: 0000000000000000
[ 112.008874][ C0] R13: 0000000000001000 R14: 0000000000000001 R15: 0000000000000202
[ 112.008883][ C0] ? __is_module_percpu_address+0x28/0x3f0
[ 112.008903][ C0] pwq_release_workfn+0x6d5/0x870
[ 112.008920][ C0] kthread_worker_fn+0x504/0xb60
[ 112.008963][ C0] ? kthread_worker_fn+0xe4/0xb60
[ 112.008979][ C0] ? __pfx_pwq_release_workfn+0x10/0x10
[ 112.008993][ C0] kthread+0x70e/0x8a0
[ 112.009009][ C0] ? __pfx_kthread_worker_fn+0x10/0x10
[ 112.009024][ C0] ? __pfx_kthread+0x10/0x10
[ 112.009039][ C0] ? _raw_spin_unlock_irq+0x23/0x50
[ 112.009057][ C0] ? lockdep_hardirqs_on+0x9c/0x150
[ 112.009067][ C0] ? __pfx_kthread+0x10/0x10
[ 112.009083][ C0] ret_from_fork+0x3fc/0x770
[ 112.009097][ C0] ? __pfx_ret_from_fork+0x10/0x10
[ 112.009111][ C0] ? __pfx_kthread+0x10/0x10
[ 112.009126][ C0] ret_from_fork_asm+0x1a/0x30
[ 112.009146][ C0]
[ 112.009151][ C0]
[ 112.147095][ C0] Allocated by task 5598:
[ 112.148880][ C0] kasan_save_track+0x3e/0x80
[ 112.150763][ C0] __kasan_kmalloc+0x93/0xb0
[ 112.152963][ C0] __kmalloc_cache_noprof+0x230/0x3d0
[ 112.155289][ C0] gfs2_fill_super+0x11c/0x20e0
[ 112.157351][ C0] get_tree_bdev_flags+0x40b/0x4d0
[ 112.159485][ C0] gfs2_get_tree+0x51/0x1e0
[ 112.161448][ C0] vfs_get_tree+0x92/0x2b0
[ 112.163420][ C0] do_new_mount+0x24a/0xa40
[ 112.165455][ C0] __se_sys_mount+0x317/0x410
[ 112.167539][ C0] do_syscall_64+0xfa/0x3b0
[ 112.169564][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 112.172116][ C0]
[ 112.173179][ C0] Freed by task 5598:
[ 112.174830][ C0] kasan_save_track+0x3e/0x80
[ 112.176857][ C0] kasan_save_free_info+0x46/0x50
[ 112.178977][ C0] __kasan_slab_free+0x62/0x70
[ 112.181048][ C0] kfree+0x18e/0x440
[ 112.182714][ C0] gfs2_fill_super+0x153d/0x20e0
[ 112.184807][ C0] get_tree_bdev_flags+0x40b/0x4d0
[ 112.187125][ C0] gfs2_get_tree+0x51/0x1e0
[ 112.188976][ C0] vfs_get_tree+0x92/0x2b0
[ 112.190941][ C0] do_new_mount+0x24a/0xa40
[ 112.193003][ C0] __se_sys_mount+0x317/0x410
[ 112.195114][ C0] do_syscall_64+0xfa/0x3b0
[ 112.197232][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 112.199884][ C0]
[ 112.200978][ C0] The buggy address belongs to the object at ffff888036404000
[ 112.200978][ C0] which belongs to the cache kmalloc-8k of size 8192
[ 112.207431][ C0] The buggy address is located 2688 bytes inside of
[ 112.207431][ C0] freed 8192-byte region [ffff888036404000, ffff888036406000)
[ 112.213475][ C0]
[ 112.214560][ C0] The buggy address belongs to the physical page:
[ 112.217348][ C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x36400
[ 112.221265][ C0] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 112.225033][ C0] anon flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff)
[ 112.228591][ C0] page_type: f5(slab)
[ 112.230407][ C0] raw: 04fff00000000040 ffff88801a442280 0000000000000000 0000000000000001
[ 112.234392][ C0] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[ 112.237997][ C0] head: 04fff00000000040 ffff88801a442280 0000000000000000 0000000000000001
[ 112.241618][ C0] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[ 112.245413][ C0] head: 04fff00000000003 ffffea0000d90001 00000000ffffffff 00000000ffffffff
[ 112.249169][ C0] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[ 112.252808][ C0] page dumped because: kasan: bad access detected
[ 112.255726][ C0] page_owner tracks the page as allocated
[ 112.258183][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5553, tgid 5553 (syz.0.17), ts 108777604926, free_ts 108757444960
[ 112.266626][ C0] post_alloc_hook+0x240/0x2a0
[ 112.268795][ C0] get_page_from_freelist+0x21e4/0x22c0
[ 112.271344][ C0] __alloc_frozen_pages_noprof+0x181/0x370
[ 112.273984][ C0] alloc_pages_mpol+0x232/0x4a0
[ 112.276180][ C0] allocate_slab+0x8a/0x3b0
[ 112.278175][ C0] ___slab_alloc+0xbfc/0x1480
[ 112.280325][ C0] __kmalloc_cache_noprof+0x296/0x3d0
[ 112.282769][ C0] gfs2_fill_super+0x11c/0x20e0
[ 112.284920][ C0] get_tree_bdev_flags+0x40b/0x4d0
[ 112.287257][ C0] gfs2_get_tree+0x51/0x1e0
[ 112.289220][ C0] vfs_get_tree+0x92/0x2b0
[ 112.291094][ C0] do_new_mount+0x24a/0xa40
[ 112.293102][ C0] __se_sys_mount+0x317/0x410
[ 112.295142][ C0] do_syscall_64+0xfa/0x3b0
[ 112.297128][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 112.299671][ C0] page last free pid 5562 tgid 5562 stack trace:
[ 112.302356][ C0] __free_frozen_pages+0xc71/0xe70
[ 112.304534][ C0] __put_partials+0x161/0x1c0
[ 112.306658][ C0] put_cpu_partial+0x17c/0x250
[ 112.308714][ C0] __slab_free+0x2f7/0x400
[ 112.310618][ C0] qlist_free_all+0x97/0x140
[ 112.312531][ C0] kasan_quarantine_reduce+0x148/0x160
[ 112.315174][ C0] __kasan_slab_alloc+0x22/0x80
[ 112.317443][ C0] kmem_cache_alloc_noprof+0x1c1/0x3c0
[ 112.319739][ C0] vm_area_alloc+0x24/0x140
[ 112.321736][ C0] mmap_region+0xcc7/0x1f30
[ 112.323700][ C0] do_mmap+0xc45/0x10d0
[ 112.326048][ C0] vm_mmap_pgoff+0x31b/0x4c0
[ 112.328558][ C0] ksys_mmap_pgoff+0x51f/0x760
[ 112.331204][ C0] do_syscall_64+0xfa/0x3b0
[ 112.333235][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 112.335833][ C0]
[ 112.336913][ C0] Memory state around the buggy address:
[ 112.339421][ C0] ffff888036404980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 112.342881][ C0] ffff888036404a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 112.346294][ C0] >ffff888036404a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 112.349699][ C0] ^
[ 112.351315][ C0] ffff888036404b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 112.354767][ C0] ffff888036404b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 112.358131][ C0] ==================================================================
[ 112.361699][ C0] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 112.364975][ C0] CPU: 0 UID: 0 PID: 3 Comm: pool_workqueue_ Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full)
[ 112.370316][ C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 112.374499][ C0] Call Trace:
[ 112.376004][ C0]
[ 112.377391][ C0] dump_stack_lvl+0x99/0x250
[ 112.379642][ C0] ? __asan_memcpy+0x40/0x70
[ 112.381756][ C0] ? __pfx_dump_stack_lvl+0x10/0x10
[ 112.384046][ C0] ? __pfx__printk+0x10/0x10
[ 112.386198][ C0] panic+0x2db/0x790
[ 112.387959][ C0] ? __pfx_panic+0x10/0x10
[ 112.389937][ C0] ? _raw_spin_unlock_irqrestore+0xa8/0x110
[ 112.392487][ C0] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 112.395182][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 112.398293][ C0] ? print_memory_metadata+0x314/0x400
[ 112.400724][ C0] ? gfs2_qd_dealloc+0x81/0xe0
[ 112.402798][ C0] check_panic_on_warn+0x89/0xb0
[ 112.405186][ C0] ? gfs2_qd_dealloc+0x81/0xe0
[ 112.407553][ C0] end_report+0x78/0x160
[ 112.409497][ C0] kasan_report+0x129/0x150
[ 112.411557][ C0] ? gfs2_qd_dealloc+0x81/0xe0
[ 112.413746][ C0] ? rcu_core+0xc34/0x1710
[ 112.415749][ C0] kasan_check_range+0x2b0/0x2c0
[ 112.417988][ C0] ? __pfx_gfs2_qd_dealloc+0x10/0x10
[ 112.420303][ C0] ? rcu_core+0xc34/0x1710
[ 112.422175][ C0] gfs2_qd_dealloc+0x81/0xe0
[ 112.424227][ C0] rcu_core+0xca5/0x1710
[ 112.426415][ C0] ? __pfx_rcu_core+0x10/0x10
[ 112.428774][ C0] ? __pfx_tmigr_handle_remote+0x10/0x10
[ 112.431256][ C0] ? seqcount_lockdep_reader_access+0x15f/0x1c0
[ 112.433874][ C0] handle_softirqs+0x286/0x870
[ 112.435784][ C0] ? __irq_exit_rcu+0xca/0x1f0
[ 112.437944][ C0] ? __pfx_handle_softirqs+0x10/0x10
[ 112.440288][ C0] __irq_exit_rcu+0xca/0x1f0
[ 112.442417][ C0] ? __pfx___irq_exit_rcu+0x10/0x10
[ 112.444791][ C0] irq_exit_rcu+0x9/0x30
[ 112.446829][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0
[ 112.449467][ C0]
[ 112.450916][ C0]
[ 112.452292][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 112.454900][ C0] RIP: 0010:lockdep_unregister_key+0x2c5/0x310
[ 112.457521][ C0] Code: 65 48 8b 05 3d 20 02 11 48 3b 44 24 10 0f 84 26 fe ff ff e8 fd 17 d1 09 e8 28 19 d1 09 41 f7 c7 00 02 00 00 74 bd fb 40 84 ed <75> bc eb cd 90 0f 0b 90 e9 19 ff ff ff 90 0f 0b 90 e9 2a ff ff ff
[ 112.465527][ C0] RSP: 0018:ffffc90000157c00 EFLAGS: 00000246
[ 112.468281][ C0] RAX: de469ecdd1056e00 RBX: ffff8880408f6538 RCX: de469ecdd1056e00
[ 112.471726][ C0] RDX: ffffffff93643318 RSI: ffffffff8d9ace67 RDI: ffffffff8be29ec0
[ 112.475119][ C0] RBP: ffff8880408f6500 R08: 0000000000000000 R09: ffffffff81ab49a8
[ 112.478330][ C0] R10: dffffc0000000000 R11: fffffbfff1f43f5f R12: 0000000000000000
[ 112.481824][ C0] R13: 0000000000001000 R14: 0000000000000001 R15: 0000000000000202
[ 112.485148][ C0] ? __is_module_percpu_address+0x28/0x3f0
[ 112.487686][ C0] pwq_release_workfn+0x6d5/0x870
[ 112.489991][ C0] kthread_worker_fn+0x504/0xb60
[ 112.492305][ C0] ? kthread_worker_fn+0xe4/0xb60
[ 112.494660][ C0] ? __pfx_pwq_release_workfn+0x10/0x10
[ 112.497061][ C0] kthread+0x70e/0x8a0
[ 112.498810][ C0] ? __pfx_kthread_worker_fn+0x10/0x10
[ 112.501258][ C0] ? __pfx_kthread+0x10/0x10
[ 112.503174][ C0] ? _raw_spin_unlock_irq+0x23/0x50
[ 112.505581][ C0] ? lockdep_hardirqs_on+0x9c/0x150
[ 112.507953][ C0] ? __pfx_kthread+0x10/0x10
[ 112.509934][ C0] ret_from_fork+0x3fc/0x770
[ 112.512206][ C0] ? __pfx_ret_from_fork+0x10/0x10
[ 112.514657][ C0] ? __pfx_kthread+0x10/0x10
[ 112.516740][ C0] ret_from_fork_asm+0x1a/0x30
[ 112.518916][ C0]
[ 112.520698][ C0] Kernel Offset: disabled
[ 112.522689][ C0] Rebooting in 86400 seconds..
VM DIAGNOSIS:
20:47:50 Registers:
info registers vcpu 0
CPU#0
RAX=000000000000007a RBX=000000000000007a RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc90000007490
R8 =ffff888033e50237 R9 =1ffff110067ca046 R10=dffffc0000000000 R11=ffffffff8547a7e0
R12=dffffc0000000000 R13=ffffffff99afc8a3 R14=ffffffff99e01700 R15=0000000000000000
RIP=ffffffff8547a85c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88808d218000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007efea3e4a000 CR3=0000000011a2d000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000fe040000 Opmask01=0000000000000411 Opmask02=0000000001fbffff Opmask03=0000000000000000
Opmask04=00000000ffffffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 372f6b636f6c622f 7665642f7379732f
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 303a372f6b636f6c 622f7665642f7379
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005577972871d0
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffccc10a220
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00ff000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000000ff00
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffff00 ffffffffffffffff
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7300313d00000000 0000001065746e69 5f00303a372f6b63 6f6c622f7665642f
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0a565c560a000a56 50470a565c560a00 0a484051565c5647 50560a565c560a00
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 697377685f313132 303863616d2f6c61 75747269762f7365 63697665642f7379
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 003a756b733a302e 30312d3533712d63 707276633a317463 3a554d45516e7663
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3a302e30312d3533 712d63707276703a 29393030322c3948 43492b3533512843
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 50647261646e6174 536e703a554d4551 6e76733a302e3072 623a343130322f31
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 302f343064623a31 2b32316f70627e32 2d332e36312e312d 6e61696265642d33
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00414132302c3841 32302c344132302c 314132302c323832 302c463532302c44
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000