[  138.086368][ T1305] ieee802154 phy0 wpan0: encryption failed: -22
[  138.089651][ T1305] ieee802154 phy1 wpan1: encryption failed: -22
Warning: Permanently added '[localhost]:33977' (ED25519) to the list of known hosts.
2024/08/30 06:24:29 ignoring optional flag "sandboxArg"="0"
2024/08/30 06:24:30 parsed 1 programs
[  162.966636][ T5395] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  168.483953][   T30] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  168.487078][   T30] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  168.521852][   T30] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  168.525303][   T30] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  170.039801][ T5424] chnl_net:caif_netlink_parms(): no params data found
[  170.159255][ T5424] bridge0: port 1(bridge_slave_0) entered blocking state
[  170.162274][ T5424] bridge0: port 1(bridge_slave_0) entered disabled state
[  170.174052][ T5424] bridge_slave_0: entered allmulticast mode
[  170.177957][ T5424] bridge_slave_0: entered promiscuous mode
[  170.185243][ T5424] bridge0: port 2(bridge_slave_1) entered blocking state
[  170.188206][ T5424] bridge0: port 2(bridge_slave_1) entered disabled state
[  170.191993][ T5424] bridge_slave_1: entered allmulticast mode
[  170.213874][ T5424] bridge_slave_1: entered promiscuous mode
[  170.248306][ T5424] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  170.265477][ T5424] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  170.327047][ T5424] team0: Port device team_slave_0 added
[  170.331369][ T5424] team0: Port device team_slave_1 added
[  170.374797][ T5424] batman_adv: batadv0: Adding interface: batadv_slave_0
[  170.378373][ T5424] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  170.403945][ T5424] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  170.414745][ T5424] batman_adv: batadv0: Adding interface: batadv_slave_1
[  170.417396][ T5424] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  170.443747][ T5424] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  170.502126][ T5424] hsr_slave_0: entered promiscuous mode
[  170.515172][ T5424] hsr_slave_1: entered promiscuous mode
[  171.398804][ T5424] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  171.426542][ T5424] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  171.438777][ T5424] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  171.459776][ T5424] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  171.630935][ T5424] 8021q: adding VLAN 0 to HW filter on device bond0
[  171.681668][ T5424] 8021q: adding VLAN 0 to HW filter on device team0
[  171.698568][   T30] bridge0: port 1(bridge_slave_0) entered blocking state
[  171.701325][   T30] bridge0: port 1(bridge_slave_0) entered forwarding state
[  171.735112][   T30] bridge0: port 2(bridge_slave_1) entered blocking state
[  171.738008][   T30] bridge0: port 2(bridge_slave_1) entered forwarding state
[  171.802153][ T5424] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  172.195479][ T5424] 8021q: adding VLAN 0 to HW filter on device batadv0
[  172.278645][ T5424] veth0_vlan: entered promiscuous mode
[  172.306201][ T5424] veth1_vlan: entered promiscuous mode
[  172.362186][ T5424] veth0_macvtap: entered promiscuous mode
[  172.387056][ T5424] veth1_macvtap: entered promiscuous mode
[  172.423189][ T5424] batman_adv: batadv0: Interface activated: batadv_slave_0
[  172.465192][ T5424] batman_adv: batadv0: Interface activated: batadv_slave_1
[  172.483357][ T5424] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  172.514404][ T5424] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  172.517904][ T5424] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  172.521235][ T5424] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  172.932316][   T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  173.085089][   T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  173.174979][   T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  175.136854][   T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  177.304686][   T12] bridge_slave_1: left allmulticast mode
[  177.306857][   T12] bridge_slave_1: left promiscuous mode
[  177.309027][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  177.325781][   T12] bridge_slave_0: left allmulticast mode
[  177.327970][   T12] bridge_slave_0: left promiscuous mode
[  177.370667][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  177.516672][   T48] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  177.521327][   T48] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  177.526641][   T48] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  177.530482][   T48] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  177.537590][   T48] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  177.554546][   T48] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  178.029632][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  178.047486][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  178.055984][   T12] bond0 (unregistering): Released all slaves
[  178.157895][   T12] hsr_slave_0: left promiscuous mode
[  178.175125][   T12] hsr_slave_1: left promiscuous mode
[  178.191334][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  178.203850][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  178.214904][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  178.217611][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  178.241529][   T12] veth1_macvtap: left promiscuous mode
[  178.254851][   T12] veth0_macvtap: left promiscuous mode
[  178.272879][   T12] veth1_vlan: left promiscuous mode
[  178.284286][   T12] veth0_vlan: left promiscuous mode
[  178.975060][   T12] team0 (unregistering): Port device team_slave_1 removed
[  179.058231][   T12] team0 (unregistering): Port device team_slave_0 removed
[  179.604748][   T48] Bluetooth: hci0: command tx timeout
2024/08/30 06:24:57 executed programs: 0
[  180.085819][ T4531] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  180.090525][ T4531] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  180.094710][ T4531] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  180.098817][ T4531] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  180.103532][ T4531] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  180.108260][ T4531] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  181.390893][ T5573] chnl_net:caif_netlink_parms(): no params data found
[  181.746070][ T5573] bridge0: port 1(bridge_slave_0) entered blocking state
[  181.754636][ T5573] bridge0: port 1(bridge_slave_0) entered disabled state
[  181.757584][ T5573] bridge_slave_0: entered allmulticast mode
[  181.760942][ T5573] bridge_slave_0: entered promiscuous mode
[  181.798998][ T5573] bridge0: port 2(bridge_slave_1) entered blocking state
[  181.801984][ T5573] bridge0: port 2(bridge_slave_1) entered disabled state
[  181.824724][ T5573] bridge_slave_1: entered allmulticast mode
[  181.828946][ T5573] bridge_slave_1: entered promiscuous mode
[  181.927619][ T5573] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  181.954930][ T5573] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  182.054057][ T5573] team0: Port device team_slave_0 added
[  182.058910][ T5573] team0: Port device team_slave_1 added
[  182.165274][ T4531] Bluetooth: hci1: command tx timeout
[  182.170205][ T5573] batman_adv: batadv0: Adding interface: batadv_slave_0
[  182.173083][ T5573] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  182.227519][ T5573] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  182.246613][ T5573] batman_adv: batadv0: Adding interface: batadv_slave_1
[  182.249818][ T5573] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  182.293762][ T5573] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  182.436181][ T5573] hsr_slave_0: entered promiscuous mode
[  182.474136][ T5573] hsr_slave_1: entered promiscuous mode
[  183.087750][ T5573] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  183.127479][ T5573] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  183.138275][ T5573] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  183.166712][ T5573] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  183.406491][ T5573] 8021q: adding VLAN 0 to HW filter on device bond0
[  183.442630][ T5573] 8021q: adding VLAN 0 to HW filter on device team0
[  183.484573][ T1032] bridge0: port 1(bridge_slave_0) entered blocking state
[  183.487713][ T1032] bridge0: port 1(bridge_slave_0) entered forwarding state
[  183.511775][   T41] bridge0: port 2(bridge_slave_1) entered blocking state
[  183.514710][   T41] bridge0: port 2(bridge_slave_1) entered forwarding state
[  183.592768][ T5573] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  183.634703][ T5573] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  184.016276][ T5573] 8021q: adding VLAN 0 to HW filter on device batadv0
[  184.136905][ T5573] veth0_vlan: entered promiscuous mode
[  184.176057][ T5573] veth1_vlan: entered promiscuous mode
[  184.243926][ T4531] Bluetooth: hci1: command tx timeout
[  184.259277][ T5573] veth0_macvtap: entered promiscuous mode
[  184.289702][ T5573] veth1_macvtap: entered promiscuous mode
[  184.328594][ T5573] batman_adv: batadv0: Interface activated: batadv_slave_0
[  184.363511][ T5573] batman_adv: batadv0: Interface activated: batadv_slave_1
[  184.386371][ T5573] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  184.389670][ T5573] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  184.406644][ T5573] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  184.409972][ T5573] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  184.552598][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  184.557181][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  184.612635][ T1032] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  184.616324][ T1032] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  185.137090][ T5628] loop0: detected capacity change from 0 to 32768
[  185.246778][ T5628] JBD2: Ignoring recovery information on journal
[  185.299167][ T5628] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  185.340457][   T24] audit: type=1800 audit(1724999103.124:2): pid=5628 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.15" name="file1" dev="loop0" ino=16946 res=0 errno=0
[  185.387556][ T5573] ocfs2: Unmounting device (7,0) on (node local)
2024/08/30 06:25:03 executed programs: 3
[  186.026105][ T5632] loop0: detected capacity change from 0 to 32768
[  186.055082][ T5632] JBD2: Ignoring recovery information on journal
[  186.119773][ T5632] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  186.129203][   T24] audit: type=1800 audit(1724999103.914:3): pid=5632 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.16" name="file1" dev="loop0" ino=16946 res=0 errno=0
[  186.172027][ T5573] ocfs2: Unmounting device (7,0) on (node local)
[  186.325692][ T4531] Bluetooth: hci1: command tx timeout
[  186.885663][ T5636] loop0: detected capacity change from 0 to 32768
[  186.943452][ T5636] JBD2: Ignoring recovery information on journal
[  186.994535][ T5636] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  187.020316][   T24] audit: type=1800 audit(1724999104.814:4): pid=5636 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.17" name="file1" dev="loop0" ino=16946 res=0 errno=0
[  187.034741][ T5573] ocfs2: Unmounting device (7,0) on (node local)
[  187.667282][ T5640] loop0: detected capacity change from 0 to 32768
[  187.709049][ T5640] JBD2: Ignoring recovery information on journal
[  187.777590][ T5640] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  187.800203][   T24] audit: type=1800 audit(1724999105.584:5): pid=5640 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.18" name="file1" dev="loop0" ino=16946 res=0 errno=0
[  187.824798][ T5573] ocfs2: Unmounting device (7,0) on (node local)
[  188.404222][ T4531] Bluetooth: hci1: command tx timeout
[  188.523452][ T5644] loop0: detected capacity change from 0 to 32768
[  188.591240][ T5644] JBD2: Ignoring recovery information on journal
[  188.639898][ T5644] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  188.659600][   T24] audit: type=1800 audit(1724999106.444:6): pid=5644 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.19" name="file1" dev="loop0" ino=16946 res=0 errno=0
[  188.697708][ T5573] ocfs2: Unmounting device (7,0) on (node local)
[  189.426278][ T5648] loop0: detected capacity change from 0 to 32768
[  189.462632][ T5648] JBD2: Ignoring recovery information on journal
[  189.528292][ T5648] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  189.547216][   T24] audit: type=1800 audit(1724999107.334:7): pid=5648 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.20" name="file1" dev="loop0" ino=16946 res=0 errno=0
[  189.574018][ T5573] ocfs2: Unmounting device (7,0) on (node local)
[  190.261031][ T5652] loop0: detected capacity change from 0 to 32768
[  190.308712][ T5652] JBD2: Ignoring recovery information on journal
[  190.360222][ T5652] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  190.383237][   T24] audit: type=1800 audit(1724999108.164:8): pid=5652 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.21" name="file1" dev="loop0" ino=16946 res=0 errno=0
[  190.408661][ T5573] ocfs2: Unmounting device (7,0) on (node local)
2024/08/30 06:25:08 executed programs: 9
[  191.125797][ T5656] loop0: detected capacity change from 0 to 32768
[  191.156184][ T5656] JBD2: Ignoring recovery information on journal
[  191.217838][ T5656] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  191.239936][   T24] audit: type=1800 audit(1724999109.024:9): pid=5656 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.22" name="file1" dev="loop0" ino=16946 res=0 errno=0
[  191.265803][ T5573] ocfs2: Unmounting device (7,0) on (node local)
[  191.987493][ T5660] loop0: detected capacity change from 0 to 32768
[  192.044077][ T5660] JBD2: Ignoring recovery information on journal
[  192.087693][ T5660] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  192.104346][ T5660] ==================================================================
[  192.107676][ T5660] BUG: KASAN: use-after-free in ocfs2_search_dirblock+0x26b/0x830
[  192.111267][ T5660] Read of size 1 at addr ffff888013018982 by task syz.0.23/5660
[  192.115748][ T5660] 
[  192.116882][ T5660] CPU: 0 UID: 0 PID: 5660 Comm: syz.0.23 Not tainted 6.11.0-rc5-syzkaller-00176-g20371ba12063 #0
[  192.121086][ T5660] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  192.125214][ T5660] Call Trace:
[  192.126564][ T5660]  <TASK>
[  192.127751][ T5660]  dump_stack_lvl+0x241/0x360
[  192.129835][ T5660]  ? __pfx_dump_stack_lvl+0x10/0x10
[  192.132076][ T5660]  ? __pfx__printk+0x10/0x10
[  192.134708][ T5660]  ? _printk+0xd5/0x120
[  192.137030][ T5660]  ? __virt_addr_valid+0x183/0x530
[  192.139114][ T5660]  ? __virt_addr_valid+0x183/0x530
[  192.141178][ T5660]  print_report+0x169/0x550
[  192.142969][ T5660]  ? __virt_addr_valid+0x183/0x530
[  192.144979][ T5660]  ? __virt_addr_valid+0x183/0x530
[  192.147061][ T5660]  ? __virt_addr_valid+0x45f/0x530
[  192.149109][ T5660]  ? __phys_addr+0xba/0x170
[  192.151049][ T5660]  ? ocfs2_search_dirblock+0x26b/0x830
[  192.153499][ T5660]  kasan_report+0x143/0x180
[  192.155584][ T5660]  ? ocfs2_search_dirblock+0x26b/0x830
[  192.158003][ T5660]  ocfs2_search_dirblock+0x26b/0x830
[  192.160347][ T5660]  ? ocfs2_read_inode_block+0x14c/0x1e0
[  192.162615][ T5660]  ? __pfx_ocfs2_search_dirblock+0x10/0x10
[  192.165042][ T5660]  ? validate_chain+0x11e/0x5900
[  192.166960][ T5660]  ocfs2_find_entry+0x1169/0x2780
[  192.169108][ T5660]  ? mark_lock+0x9a/0x350
[  192.171019][ T5660]  ? __lock_acquire+0x137a/0x2040
[  192.173174][ T5660]  ? __pfx_ocfs2_find_entry+0x10/0x10
[  192.175518][ T5660]  ? __pfx_lock_acquire+0x10/0x10
[  192.177652][ T5660]  ? ocfs2_inode_lock_full_nested+0x17b/0x1c10
[  192.180173][ T5660]  ? __pfx_lock_release+0x10/0x10
[  192.182210][ T5660]  ? do_raw_spin_lock+0x14f/0x370
[  192.184323][ T5660]  ? do_raw_spin_unlock+0x58/0x8b0
[  192.186547][ T5660]  ? _raw_spin_unlock+0x28/0x50
[  192.188658][ T5660]  ? ocfs2_inode_lock_full_nested+0xb2f/0x1c10
[  192.191224][ T5660]  ? __pfx_ocfs2_inode_lock_full_nested+0x10/0x10
[  192.193817][ T5660]  ocfs2_find_files_on_disk+0xff/0x360
[  192.195963][ T5660]  ocfs2_lookup_ino_from_name+0xb1/0x1e0
[  192.198304][ T5660]  ? __pfx_ocfs2_lookup_ino_from_name+0x10/0x10
[  192.201152][ T5660]  ocfs2_lookup+0x292/0xa60
[  192.203516][ T5660]  ? __pfx_ocfs2_lookup+0x10/0x10
[  192.205793][ T5660]  ? from_kgid+0x1a7/0x730
[  192.207662][ T5660]  ? make_vfsgid+0x46/0x90
[  192.209421][ T5660]  ? HAS_UNMAPPED_ID+0xf9/0x150
[  192.211346][ T5660]  ? inode_permission+0xff/0x460
[  192.213224][ T5660]  ? __pfx_ocfs2_permission+0x10/0x10
[  192.215295][ T5660]  ? bpf_lsm_inode_create+0x9/0x10
[  192.217313][ T5660]  ? security_inode_create+0xc2/0x110
[  192.219553][ T5660]  ? __pfx_ocfs2_lookup+0x10/0x10
[  192.221912][ T5660]  path_openat+0x11cc/0x3470
[  192.224077][ T5660]  ? __pfx_path_openat+0x10/0x10
[  192.226103][ T5660]  do_filp_open+0x235/0x490
[  192.227853][ T5660]  ? __pfx_do_filp_open+0x10/0x10
[  192.229795][ T5660]  ? _raw_spin_unlock+0x28/0x50
[  192.231726][ T5660]  ? alloc_fd+0x5a1/0x640
[  192.233502][ T5660]  do_sys_openat2+0x13e/0x1d0
[  192.235700][ T5660]  ? __pfx_do_sys_openat2+0x10/0x10
[  192.238350][ T5660]  __x64_sys_openat+0x247/0x2a0
[  192.240511][ T5660]  ? __pfx___x64_sys_openat+0x10/0x10
[  192.242596][ T5660]  ? do_syscall_64+0x100/0x230
[  192.244391][ T5660]  ? do_syscall_64+0xb6/0x230
[  192.246184][ T5660]  do_syscall_64+0xf3/0x230
[  192.247931][ T5660]  ? clear_bhb_loop+0x35/0x90
[  192.249847][ T5660]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  192.252406][ T5660] RIP: 0033:0x7fbe703799b9
[  192.254875][ T5660] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  192.263189][ T5660] RSP: 002b:00007fbe711d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  192.266421][ T5660] RAX: ffffffffffffffda RBX: 00007fbe70515f80 RCX: 00007fbe703799b9
[  192.269377][ T5660] RDX: 0000000000105042 RSI: 0000000020000080 RDI: ffffffffffffff9c
[  192.272630][ T5660] RBP: 00007fbe703e78d8 R08: 0000000000000000 R09: 0000000000000000
[  192.276480][ T5660] R10: 00000000000001ff R11: 0000000000000246 R12: 0000000000000000
[  192.280176][ T5660] R13: 0000000000000000 R14: 00007fbe70515f80 R15: 00007ffc94104a68
[  192.283205][ T5660]  </TASK>
[  192.284413][ T5660] 
[  192.285375][ T5660] The buggy address belongs to the physical page:
[  192.287837][ T5660] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xc1 pfn:0x13018
[  192.291356][ T5660] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  192.294483][ T5660] page_type: 0xbfffffff(buddy)
[  192.296781][ T5660] raw: 00fff00000000000 ffffea00004b0608 ffffea00004c4008 0000000000000000
[  192.300665][ T5660] raw: 00000000000000c1 0000000000000003 00000000bfffffff 0000000000000000
[  192.303977][ T5660] page dumped because: kasan: bad access detected
[  192.306465][ T5660] page_owner tracks the page as freed
[  192.308595][ T5660] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 5636, tgid 5635 (syz.0.17), ts 186620786534, free_ts 187078904810
[  192.317501][ T5660]  post_alloc_hook+0x1f3/0x230
[  192.319783][ T5660]  get_page_from_freelist+0x2e4c/0x2f10
[  192.321986][ T5660]  __alloc_pages_noprof+0x256/0x6c0
[  192.324007][ T5660]  alloc_pages_mpol_noprof+0x3e8/0x680
[  192.326158][ T5660]  folio_alloc_mpol_noprof+0x36/0x50
[  192.328269][ T5660]  shmem_alloc_and_add_folio+0x2cf/0x14f0
[  192.330560][ T5660]  shmem_get_folio_gfp+0x8dc/0x2370
[  192.332558][ T5660]  shmem_write_begin+0x170/0x4d0
[  192.334516][ T5660]  generic_perform_write+0x399/0x840
[  192.336953][ T5660]  shmem_file_write_iter+0xfc/0x120
[  192.339759][ T5660]  vfs_write+0xa72/0xc90
[  192.341701][ T5660]  ksys_write+0x1a0/0x2c0
[  192.343488][ T5660]  do_syscall_64+0xf3/0x230
[  192.345288][ T5660]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  192.347649][ T5660] page last free pid 5573 tgid 5573 stack trace:
[  192.350175][ T5660]  free_unref_folios+0x103a/0x1b00
[  192.352350][ T5660]  folios_put_refs+0x76e/0x860
[  192.354566][ T5660]  shmem_undo_range+0x6de/0x1df0
[  192.357118][ T5660]  shmem_evict_inode+0x29b/0xa80
[  192.359318][ T5660]  evict+0x532/0x950
[  192.360893][ T5660]  __dentry_kill+0x20d/0x630
[  192.362699][ T5660]  dput+0x19f/0x2b0
[  192.364187][ T5660]  __fput+0x5f8/0x8a0
[  192.365869][ T5660]  task_work_run+0x24f/0x310
[  192.367997][ T5660]  syscall_exit_to_user_mode+0x168/0x370
[  192.370706][ T5660]  do_syscall_64+0x100/0x230
[  192.372605][ T5660]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  192.374947][ T5660] 
[  192.375925][ T5660] Memory state around the buggy address:
[  192.378281][ T5660]  ffff888013018880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  192.382174][ T5660]  ffff888013018900: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  192.385626][ T5660] >ffff888013018980: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  192.388606][ T5660]                    ^
[  192.390184][ T5660]  ffff888013018a00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  192.393304][ T5660]  ffff888013018a80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  192.396432][ T5660] ==================================================================
[  192.725599][ T5660] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  192.728639][ T5660] CPU: 0 UID: 0 PID: 5660 Comm: syz.0.23 Not tainted 6.11.0-rc5-syzkaller-00176-g20371ba12063 #0
[  192.733417][ T5660] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  192.738290][ T5660] Call Trace:
[  192.739694][ T5660]  <TASK>
[  192.740910][ T5660]  dump_stack_lvl+0x241/0x360
[  192.742608][ T5660]  ? __pfx_dump_stack_lvl+0x10/0x10
[  192.744562][ T5660]  ? __pfx__printk+0x10/0x10
[  192.746355][ T5660]  ? preempt_schedule+0xe1/0xf0
[  192.748251][ T5660]  ? vscnprintf+0x5d/0x90
[  192.750107][ T5660]  panic+0x349/0x860
[  192.751880][ T5660]  ? check_panic_on_warn+0x21/0xb0
[  192.754501][ T5660]  ? __pfx_panic+0x10/0x10
[  192.756800][ T5660]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[  192.759182][ T5660]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  192.761642][ T5660]  ? print_report+0x502/0x550
[  192.763501][ T5660]  check_panic_on_warn+0x86/0xb0
[  192.765382][ T5660]  ? ocfs2_search_dirblock+0x26b/0x830
[  192.767635][ T5660]  end_report+0x77/0x160
[  192.769490][ T5660]  kasan_report+0x154/0x180
[  192.771500][ T5660]  ? ocfs2_search_dirblock+0x26b/0x830
[  192.773803][ T5660]  ocfs2_search_dirblock+0x26b/0x830
[  192.775857][ T5660]  ? ocfs2_read_inode_block+0x14c/0x1e0
[  192.778069][ T5660]  ? __pfx_ocfs2_search_dirblock+0x10/0x10
[  192.780442][ T5660]  ? validate_chain+0x11e/0x5900
[  192.782584][ T5660]  ocfs2_find_entry+0x1169/0x2780
[  192.785201][ T5660]  ? mark_lock+0x9a/0x350
[  192.787237][ T5660]  ? __lock_acquire+0x137a/0x2040
[  192.789429][ T5660]  ? __pfx_ocfs2_find_entry+0x10/0x10
[  192.791485][ T5660]  ? __pfx_lock_acquire+0x10/0x10
[  192.793462][ T5660]  ? ocfs2_inode_lock_full_nested+0x17b/0x1c10
[  192.795786][ T5660]  ? __pfx_lock_release+0x10/0x10
[  192.797786][ T5660]  ? do_raw_spin_lock+0x14f/0x370
[  192.799825][ T5660]  ? do_raw_spin_unlock+0x58/0x8b0
[  192.802120][ T5660]  ? _raw_spin_unlock+0x28/0x50
[  192.804555][ T5660]  ? ocfs2_inode_lock_full_nested+0xb2f/0x1c10
[  192.807455][ T5660]  ? __pfx_ocfs2_inode_lock_full_nested+0x10/0x10
[  192.810136][ T5660]  ocfs2_find_files_on_disk+0xff/0x360
[  192.812216][ T5660]  ocfs2_lookup_ino_from_name+0xb1/0x1e0
[  192.814429][ T5660]  ? __pfx_ocfs2_lookup_ino_from_name+0x10/0x10
[  192.816842][ T5660]  ocfs2_lookup+0x292/0xa60
[  192.818600][ T5660]  ? __pfx_ocfs2_lookup+0x10/0x10
[  192.820551][ T5660]  ? from_kgid+0x1a7/0x730
[  192.822520][ T5660]  ? make_vfsgid+0x46/0x90
[  192.824585][ T5660]  ? HAS_UNMAPPED_ID+0xf9/0x150
[  192.827079][ T5660]  ? inode_permission+0xff/0x460
[  192.829261][ T5660]  ? __pfx_ocfs2_permission+0x10/0x10
[  192.831365][ T5660]  ? bpf_lsm_inode_create+0x9/0x10
[  192.833310][ T5660]  ? security_inode_create+0xc2/0x110
[  192.835392][ T5660]  ? __pfx_ocfs2_lookup+0x10/0x10
[  192.837354][ T5660]  path_openat+0x11cc/0x3470
[  192.839254][ T5660]  ? __pfx_path_openat+0x10/0x10
[  192.841189][ T5660]  do_filp_open+0x235/0x490
[  192.843704][ T5660]  ? __pfx_do_filp_open+0x10/0x10
[  192.846079][ T5660]  ? _raw_spin_unlock+0x28/0x50
[  192.848031][ T5660]  ? alloc_fd+0x5a1/0x640
[  192.849659][ T5660]  do_sys_openat2+0x13e/0x1d0
[  192.851429][ T5660]  ? __pfx_do_sys_openat2+0x10/0x10
[  192.853369][ T5660]  __x64_sys_openat+0x247/0x2a0
[  192.855270][ T5660]  ? __pfx___x64_sys_openat+0x10/0x10
[  192.858250][ T5660]  ? do_syscall_64+0x100/0x230
[  192.860821][ T5660]  ? do_syscall_64+0xb6/0x230
[  192.862938][ T5660]  do_syscall_64+0xf3/0x230
[  192.864698][ T5660]  ? clear_bhb_loop+0x35/0x90
[  192.866544][ T5660]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  192.868818][ T5660] RIP: 0033:0x7fbe703799b9
[  192.870600][ T5660] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  192.878220][ T5660] RSP: 002b:00007fbe711d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  192.882304][ T5660] RAX: ffffffffffffffda RBX: 00007fbe70515f80 RCX: 00007fbe703799b9
[  192.885552][ T5660] RDX: 0000000000105042 RSI: 0000000020000080 RDI: ffffffffffffff9c
[  192.888514][ T5660] RBP: 00007fbe703e78d8 R08: 0000000000000000 R09: 0000000000000000
[  192.891589][ T5660] R10: 00000000000001ff R11: 0000000000000246 R12: 0000000000000000
[  192.895063][ T5660] R13: 0000000000000000 R14: 00007fbe70515f80 R15: 00007ffc94104a68
[  192.898774][ T5660]  </TASK>
[  192.900422][ T5660] Kernel Offset: disabled
[  192.902132][ T5660] Rebooting in 86400 seconds..