Warning: Permanently added '[localhost]:14412' (ED25519) to the list of known hosts.
2026/04/27 07:09:48 parsed 1 programs
syzkaller login: [ 63.500032][ T5615] cgroup: Unknown subsys name 'net'
[ 63.590026][ T5615] cgroup: Unknown subsys name 'cpuset'
[ 63.596383][ T5615] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 65.686935][ T5615] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 68.837939][ T5627] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 68.885584][ T184] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 68.898032][ T184] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 68.983532][ T71] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 69.000419][ T71] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 70.602149][ T5699] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 70.606765][ T5699] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 70.611102][ T5699] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 70.613879][ T5699] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 70.617962][ T5699] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 71.098090][ T5679] bridge0: port 1(bridge_slave_0) entered blocking state
[ 71.100706][ T5679] bridge0: port 1(bridge_slave_0) entered disabled state
[ 71.104522][ T5679] bridge_slave_0: entered allmulticast mode
[ 71.113600][ T5679] bridge_slave_0: entered promiscuous mode
[ 71.123324][ T5679] bridge0: port 2(bridge_slave_1) entered blocking state
[ 71.125787][ T5679] bridge0: port 2(bridge_slave_1) entered disabled state
[ 71.127955][ T5679] bridge_slave_1: entered allmulticast mode
[ 71.130642][ T5679] bridge_slave_1: entered promiscuous mode
[ 71.148784][ T5679] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 71.153761][ T5679] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 71.171413][ T5679] team0: Port device team_slave_0 added
[ 71.174506][ T5679] team0: Port device team_slave_1 added
[ 71.189867][ T5679] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 71.191885][ T5679] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 71.199444][ T5679] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 71.204733][ T5679] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 71.206801][ T5679] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 71.214231][ T5679] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 71.248945][ T5679] hsr_slave_0: entered promiscuous mode
[ 71.251275][ T5679] hsr_slave_1: entered promiscuous mode
[ 71.418061][ T5679] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 71.440720][ T5679] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[ 71.443683][ T5679] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 71.448659][ T5679] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[ 71.451398][ T5679] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 71.456358][ T5679] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[ 71.460610][ T5679] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 71.467055][ T5679] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[ 71.493230][ T5679] bridge0: port 2(bridge_slave_1) entered blocking state
[ 71.495893][ T5679] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 71.498397][ T5679] bridge0: port 1(bridge_slave_0) entered blocking state
[ 71.500454][ T5679] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 71.540155][ T5679] 8021q: adding VLAN 0 to HW filter on device bond0
[ 71.551437][ T71] bridge0: port 1(bridge_slave_0) entered disabled state
[ 71.554444][ T71] bridge0: port 2(bridge_slave_1) entered disabled state
[ 71.563586][ T5679] 8021q: adding VLAN 0 to HW filter on device team0
[ 71.570247][ T71] bridge0: port 1(bridge_slave_0) entered blocking state
[ 71.572327][ T71] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 71.587496][ T71] bridge0: port 2(bridge_slave_1) entered blocking state
[ 71.590249][ T71] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 71.795386][ T5679] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 71.826517][ T5679] veth0_vlan: entered promiscuous mode
[ 71.833094][ T5679] veth1_vlan: entered promiscuous mode
[ 71.857084][ T5679] veth0_macvtap: entered promiscuous mode
[ 71.861237][ T5679] veth1_macvtap: entered promiscuous mode
[ 71.874913][ T5679] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 71.883354][ T5679] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 71.892508][ T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 71.899214][ T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 71.903103][ T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 71.907562][ T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
2026/04/27 07:09:59 executed programs: 0
[ 72.042857][ T5699] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 72.048422][ T5699] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 72.053863][ T5699] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 72.067045][ T5699] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 72.072834][ T5744] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 72.073684][ T5001] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 72.084301][ T5001] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 72.089192][ T5001] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 72.094264][ T5001] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 72.097974][ T55] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 72.122149][ T5001] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 72.128680][ T5001] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 72.131648][ T5001] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 72.134746][ T5001] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 72.138357][ T5001] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 72.435060][ T5469] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 72.508170][ T5469] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 72.580265][ T5469] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 72.886705][ T5741] bridge0: port 1(bridge_slave_0) entered blocking state
[ 72.888730][ T5741] bridge0: port 1(bridge_slave_0) entered disabled state
[ 72.890656][ T5741] bridge_slave_0: entered allmulticast mode
[ 72.892982][ T5741] bridge_slave_0: entered promiscuous mode
[ 72.917671][ T5741] bridge0: port 2(bridge_slave_1) entered blocking state
[ 72.919953][ T5741] bridge0: port 2(bridge_slave_1) entered disabled state
[ 72.922161][ T5741] bridge_slave_1: entered allmulticast mode
[ 72.924813][ T5741] bridge_slave_1: entered promiscuous mode
[ 72.961114][ T5743] bridge0: port 1(bridge_slave_0) entered blocking state
[ 72.963366][ T5743] bridge0: port 1(bridge_slave_0) entered disabled state
[ 72.965550][ T5743] bridge_slave_0: entered allmulticast mode
[ 72.968057][ T5743] bridge_slave_0: entered promiscuous mode
[ 72.981840][ T5741] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 72.986710][ T5741] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 72.990106][ T5743] bridge0: port 2(bridge_slave_1) entered blocking state
[ 72.992297][ T5743] bridge0: port 2(bridge_slave_1) entered disabled state
[ 72.994430][ T5743] bridge_slave_1: entered allmulticast mode
[ 72.997324][ T5743] bridge_slave_1: entered promiscuous mode
[ 73.008749][ T5747] bridge0: port 1(bridge_slave_0) entered blocking state
[ 73.010971][ T5747] bridge0: port 1(bridge_slave_0) entered disabled state
[ 73.013131][ T5747] bridge_slave_0: entered allmulticast mode
[ 73.016978][ T5747] bridge_slave_0: entered promiscuous mode
[ 73.047666][ T5747] bridge0: port 2(bridge_slave_1) entered blocking state
[ 73.050395][ T5747] bridge0: port 2(bridge_slave_1) entered disabled state
[ 73.052712][ T5747] bridge_slave_1: entered allmulticast mode
[ 73.055427][ T5747] bridge_slave_1: entered promiscuous mode
[ 73.065956][ T5741] team0: Port device team_slave_0 added
[ 73.070698][ T5741] team0: Port device team_slave_1 added
[ 73.075347][ T5743] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 73.081424][ T5743] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 73.110350][ T5747] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 73.116467][ T5747] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 73.152055][ T5741] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 73.154602][ T5741] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 73.162118][ T5741] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 73.168668][ T5743] team0: Port device team_slave_0 added
[ 73.172905][ T5747] team0: Port device team_slave_0 added
[ 73.176395][ T5741] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 73.179077][ T5741] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 73.187830][ T5741] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 73.193330][ T5743] team0: Port device team_slave_1 added
[ 73.197317][ T5747] team0: Port device team_slave_1 added
[ 73.241636][ T5743] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 73.243657][ T5743] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 73.252187][ T5743] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 73.257162][ T5747] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 73.259265][ T5747] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 73.267137][ T5747] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 73.273808][ T5747] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 73.276668][ T5747] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 73.284076][ T5747] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 73.298689][ T5743] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 73.301266][ T5743] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 73.309998][ T5743] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 73.336916][ T5741] hsr_slave_0: entered promiscuous mode
[ 73.340079][ T5741] hsr_slave_1: entered promiscuous mode
[ 73.342614][ T5741] debugfs: 'hsr0' already exists in 'hsr'
[ 73.344766][ T5741] Cannot create hsr debugfs directory
[ 73.385032][ T5747] hsr_slave_0: entered promiscuous mode
[ 73.388069][ T5747] hsr_slave_1: entered promiscuous mode
[ 73.390472][ T5747] debugfs: 'hsr0' already exists in 'hsr'
[ 73.392521][ T5747] Cannot create hsr debugfs directory
[ 73.411262][ T5743] hsr_slave_0: entered promiscuous mode
[ 73.413560][ T5743] hsr_slave_1: entered promiscuous mode
[ 73.415920][ T5743] debugfs: 'hsr0' already exists in 'hsr'
[ 73.417716][ T5743] Cannot create hsr debugfs directory
[ 73.713677][ T5741] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 73.719284][ T5741] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[ 73.722020][ T5741] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 73.726109][ T5741] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[ 73.728704][ T5741] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 73.733306][ T5741] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[ 73.737479][ T5741] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 73.741308][ T5741] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[ 73.796513][ T5741] 8021q: adding VLAN 0 to HW filter on device bond0
[ 73.813133][ T5741] 8021q: adding VLAN 0 to HW filter on device team0
[ 73.819878][ T71] bridge0: port 1(bridge_slave_0) entered blocking state
[ 73.822057][ T71] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 73.833159][ T71] bridge0: port 2(bridge_slave_1) entered blocking state
[ 73.835963][ T71] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 73.932170][ T5469] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 74.069423][ T5741] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 74.097327][ T5741] veth0_vlan: entered promiscuous mode
[ 74.102942][ T5741] veth1_vlan: entered promiscuous mode
[ 74.121608][ T5741] veth0_macvtap: entered promiscuous mode
[ 74.127588][ T5741] veth1_macvtap: entered promiscuous mode
[ 74.136332][ T5001] Bluetooth: hci2: command tx timeout
[ 74.136338][ T5699] Bluetooth: hci1: command tx timeout
[ 74.140665][ T5741] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 74.147204][ T5741] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 74.155029][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 74.158423][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 74.161523][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 74.164502][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 74.215651][ T5699] Bluetooth: hci3: command tx timeout
[ 74.217619][ T3406] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 74.217867][ T3406] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 74.251350][ T47] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 74.254650][ T47] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 74.290183][ T5813] =======================================================
[ 74.290183][ T5813] WARNING: The mand mount option has been deprecated and
[ 74.290183][ T5813] and is ignored by this kernel. Remove the mand
[ 74.290183][ T5813] option from the mount to silence this warning.
[ 74.290183][ T5813] =======================================================
[ 74.304765][ T5813] overlayfs: "xino" feature enabled using 3 upper inode bits.
[ 74.311716][ T5813] ==================================================================
[ 74.314129][ T5813] BUG: KASAN: slab-out-of-bounds in _raw_spin_lock_irqsave+0x40/0x60
[ 74.316449][ T5813] Read of size 1 at addr ffff8881b594c150 by task syz.0.17/5813
[ 74.319166][ T5813]
[ 74.320205][ T5813] CPU: 1 UID: 0 PID: 5813 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)
[ 74.320215][ T5813] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 74.320222][ T5813] Call Trace:
[ 74.320226][ T5813]
[ 74.320230][ T5813] dump_stack_lvl+0xe8/0x150
[ 74.320244][ T5813] print_address_description+0x55/0x1e0
[ 74.320253][ T5813] ? _raw_spin_lock_irqsave+0x40/0x60
[ 74.320261][ T5813] print_report+0x58/0x70
[ 74.320268][ T5813] kasan_report+0x117/0x150
[ 74.320281][ T5813] ? _raw_spin_lock_irqsave+0x40/0x60
[ 74.320290][ T5813] ? complete+0x28/0x1b0
[ 74.320300][ T5813] __kasan_check_byte+0x2a/0x40
[ 74.320311][ T5813] lock_acquire+0x84/0x350
[ 74.320321][ T5813] ? rcu_is_watching+0x15/0xb0
[ 74.320332][ T5813] _raw_spin_lock_irqsave+0x40/0x60
[ 74.320339][ T5813] ? complete+0x28/0x1b0
[ 74.320348][ T5813] complete+0x28/0x1b0
[ 74.320358][ T5813] __dentry_kill+0x552/0x690
[ 74.320367][ T5813] ? finish_dput+0xad/0x480
[ 74.320376][ T5813] finish_dput+0xc9/0x480
[ 74.320385][ T5813] ovl_cache_update+0x68e/0xc30
[ 74.320397][ T5813] ? __pfx_ovl_cache_update+0x10/0x10
[ 74.320407][ T5813] ? ovl_dir_read_merged+0x416/0x520
[ 74.320416][ T5813] ? __pfx_ovl_dir_read_merged+0x10/0x10
[ 74.320425][ T5813] ? __pfx_ovl_fill_merge+0x10/0x10
[ 74.320435][ T5813] ? filldir64+0x452/0x640
[ 74.320443][ T5813] ovl_iterate+0x686/0x21a0
[ 74.320454][ T5813] ? check_path+0x21/0x40
[ 74.320463][ T5813] ? check_noncircular+0xda/0x150
[ 74.320472][ T5813] ? __pfx_ovl_iterate+0x10/0x10
[ 74.320480][ T5813] ? lockdep_unlock+0x5d/0xd0
[ 74.320487][ T5813] ? __lock_acquire+0x146e/0x2cf0
[ 74.320495][ T5813] ? add_lock_to_list+0xc7/0x100
[ 74.320507][ T5813] ? wrap_directory_iterator+0x5a/0xe0
[ 74.320519][ T5813] ? wrap_directory_iterator+0x5a/0xe0
[ 74.320532][ T5813] ? down_write+0x16d/0x200
[ 74.320542][ T5813] ? __pfx_down_write+0x10/0x10
[ 74.320551][ T5813] ? wrap_directory_iterator+0x52/0xe0
[ 74.320562][ T5813] ? __pfx_ovl_iterate+0x10/0x10
[ 74.320570][ T5813] wrap_directory_iterator+0x96/0xe0
[ 74.320582][ T5813] iterate_dir+0x399/0x570
[ 74.320593][ T5813] __se_sys_getdents64+0xf1/0x280
[ 74.320601][ T5813] ? __pfx___se_sys_getdents64+0x10/0x10
[ 74.320607][ T5813] ? __pfx_filldir64+0x10/0x10
[ 74.320614][ T5813] ? rcu_is_watching+0x15/0xb0
[ 74.320624][ T5813] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 74.320632][ T5813] do_syscall_64+0x15f/0xf80
[ 74.320641][ T5813] ? trace_irq_disable+0x3b/0x140
[ 74.320654][ T5813] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 74.320662][ T5813] RIP: 0033:0x7f9dc399cdd9
[ 74.320671][ T5813] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 74.320678][ T5813] RSP: 002b:00007f9dc48de028 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 74.320687][ T5813] RAX: ffffffffffffffda RBX: 00007f9dc3c15fa0 RCX: 00007f9dc399cdd9
[ 74.320693][ T5813] RDX: 0000000000001000 RSI: 0000200000000400 RDI: 0000000000000003
[ 74.320698][ T5813] RBP: 00007f9dc3a32d69 R08: 0000000000000000 R09: 0000000000000000
[ 74.320703][ T5813] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 74.320708][ T5813] R13: 00007f9dc3c16038 R14: 00007f9dc3c15fa0 R15: 00007ffdf71c5aa8
[ 74.320716][ T5813]
[ 74.320719][ T5813]
[ 74.421653][ T5813] Allocated by task 5813:
[ 74.423120][ T5813] kasan_save_track+0x3e/0x80
[ 74.424601][ T5813] __kasan_slab_alloc+0x6c/0x80
[ 74.425973][ T5813] kmem_cache_alloc_lru_noprof+0x2b8/0x640
[ 74.427585][ T5813] __d_alloc+0x37/0x6f0
[ 74.428777][ T5813] __d_alloc_parallel+0xe3/0x1660
[ 74.430195][ T5813] ovl_cache_update+0x2c4/0xc30
[ 74.431564][ T5813] ovl_iterate+0x686/0x21a0
[ 74.432837][ T5813] wrap_directory_iterator+0x96/0xe0
[ 74.434326][ T5813] iterate_dir+0x399/0x570
[ 74.435543][ T5813] __se_sys_getdents64+0xf1/0x280
[ 74.436936][ T5813] do_syscall_64+0x15f/0xf80
[ 74.438225][ T5813] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 74.439887][ T5813]
[ 74.440546][ T5813] Last potentially related work creation:
[ 74.442167][ T5813] kasan_save_stack+0x3e/0x60
[ 74.443888][ T5813] kasan_record_aux_stack+0xbd/0xd0
[ 74.445749][ T5813] call_rcu+0xee/0x890
[ 74.447252][ T5813] __dentry_kill+0x4a9/0x690
[ 74.448913][ T5813] finish_dput+0xc9/0x480
[ 74.450451][ T5813] ovl_cache_update+0x68e/0xc30
[ 74.452182][ T5813] ovl_iterate+0x686/0x21a0
[ 74.453780][ T5813] wrap_directory_iterator+0x96/0xe0
[ 74.455661][ T5813] iterate_dir+0x399/0x570
[ 74.457264][ T5813] __se_sys_getdents64+0xf1/0x280
[ 74.459098][ T5813] do_syscall_64+0x15f/0xf80
[ 74.460747][ T5813] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 74.462861][ T5813]
[ 74.463731][ T5813] The buggy address belongs to the object at ffff8881b594c000
[ 74.463731][ T5813] which belongs to the cache dentry of size 312
[ 74.468335][ T5813] The buggy address is located 24 bytes to the right of
[ 74.468335][ T5813] allocated 312-byte region [ffff8881b594c000, ffff8881b594c138)
[ 74.473389][ T5813]
[ 74.474271][ T5813] The buggy address belongs to the physical page:
[ 74.476533][ T5813] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1b594c
[ 74.479726][ T5813] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 74.482636][ T5813] memcg:ffff8881b594ded9
[ 74.484155][ T5813] flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff)
[ 74.486850][ T5813] page_type: f5(slab)
[ 74.488256][ T5813] raw: 057ff00000000040 ffff88816041a140 dead000000000100 dead000000000122
[ 74.491356][ T5813] raw: 0000000000000000 0000000800150015 00000000f5000000 ffff8881b594ded9
[ 74.494439][ T5813] head: 057ff00000000040 ffff88816041a140 dead000000000100 dead000000000122
[ 74.497501][ T5813] head: 0000000000000000 0000000800150015 00000000f5000000 ffff8881b594ded9
[ 74.500525][ T5813] head: 057ff00000000001 ffffffffffffff81 00000000ffffffff 00000000ffffffff
[ 74.503594][ T5813] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[ 74.506551][ T5813] page dumped because: kasan: bad access detected
[ 74.508569][ T5813] page_owner tracks the page as allocated
[ 74.510214][ T5813] page last allocated via order 1, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5813, tgid 5812 (syz.0.17), ts 74310503158, free_ts 68548113228
[ 74.516667][ T5813] post_alloc_hook+0x231/0x280
[ 74.518072][ T5813] get_page_from_freelist+0x24ba/0x2540
[ 74.519635][ T5813] __alloc_frozen_pages_noprof+0x18d/0x380
[ 74.521303][ T5813] allocate_slab+0x77/0x660
[ 74.522599][ T5813] refill_objects+0x339/0x3d0
[ 74.523954][ T5813] __pcs_replace_empty_main+0x321/0x720
[ 74.525558][ T5813] kmem_cache_alloc_lru_noprof+0x37c/0x640
[ 74.527234][ T5813] __d_alloc+0x37/0x6f0
[ 74.528422][ T5813] __d_alloc_parallel+0xe3/0x1660
[ 74.529871][ T5813] ovl_cache_update+0x2c4/0xc30
[ 74.531380][ T5813] ovl_iterate+0x686/0x21a0
[ 74.532872][ T5813] wrap_directory_iterator+0x96/0xe0
[ 74.534614][ T5813] iterate_dir+0x399/0x570
[ 74.535943][ T5813] __se_sys_getdents64+0xf1/0x280
[ 74.537396][ T5813] do_syscall_64+0x15f/0xf80
[ 74.538808][ T5813] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 74.540520][ T5813] page last free pid 5615 tgid 5615 stack trace:
[ 74.542322][ T5813] free_unref_folios+0xcec/0x1480
[ 74.543773][ T5813] folios_put_refs+0x9ff/0xb40
[ 74.545157][ T5813] free_pages_and_swap_cache+0x2b9/0x490
[ 74.546773][ T5813] tlb_flush_mmu+0x6d3/0xa30
[ 74.548182][ T5813] tlb_finish_mmu+0xf9/0x230
[ 74.549520][ T5813] unmap_region+0x2a5/0x330
[ 74.550825][ T5813] vms_complete_munmap_vmas+0x493/0xc60
[ 74.552388][ T5813] do_vmi_align_munmap+0x3b7/0x4b0
[ 74.553845][ T5813] do_vmi_munmap+0x252/0x2d0
[ 74.555153][ T5813] __vm_munmap+0x22c/0x3d0
[ 74.556421][ T5813] __x64_sys_munmap+0x60/0x70
[ 74.557806][ T5813] do_syscall_64+0x15f/0xf80
[ 74.559119][ T5813] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 74.560738][ T5813]
[ 74.561401][ T5813] Memory state around the buggy address:
[ 74.562983][ T5813] ffff8881b594c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 74.565255][ T5813] ffff8881b594c080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 74.567432][ T5813] >ffff8881b594c100: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc 00
[ 74.569684][ T5813] ^
[ 74.571510][ T5813] ffff8881b594c180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 74.573769][ T5813] ffff8881b594c200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 74.576380][ T5813] ==================================================================
[ 74.578888][ T5813] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 74.581006][ T5813] CPU: 1 UID: 0 PID: 5813 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)
[ 74.584031][ T5813] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 74.586851][ T5813] Call Trace:
[ 74.587968][ T5813]
[ 74.588885][ T5813] vpanic+0x56c/0xa60
[ 74.590132][ T5813] ? __pfx_vpanic+0x10/0x10
[ 74.591518][ T5813] panic+0xc5/0xd0
[ 74.592608][ T5813] ? __pfx_panic+0x10/0x10
[ 74.594254][ T5813] ? _raw_spin_lock_irqsave+0x40/0x60
[ 74.596116][ T5813] ? rcu_is_watching+0x15/0xb0
[ 74.597659][ T5813] ? _raw_spin_lock_irqsave+0x40/0x60
[ 74.599405][ T5813] ? _raw_spin_lock_irqsave+0x40/0x60
[ 74.600926][ T5813] check_panic_on_warn+0x89/0xb0
[ 74.602383][ T5813] ? _raw_spin_lock_irqsave+0x40/0x60
[ 74.603960][ T5813] end_report+0x73/0x170
[ 74.605274][ T5813] ? _raw_spin_lock_irqsave+0x40/0x60
[ 74.606979][ T5813] kasan_report+0x128/0x150
[ 74.608443][ T5813] ? _raw_spin_lock_irqsave+0x40/0x60
[ 74.610262][ T5813] ? complete+0x28/0x1b0
[ 74.611818][ T5813] __kasan_check_byte+0x2a/0x40
[ 74.613465][ T5813] lock_acquire+0x84/0x350
[ 74.614910][ T5813] ? rcu_is_watching+0x15/0xb0
[ 74.616303][ T5813] _raw_spin_lock_irqsave+0x40/0x60
[ 74.617833][ T5813] ? complete+0x28/0x1b0
[ 74.619225][ T5813] complete+0x28/0x1b0
[ 74.620472][ T5813] __dentry_kill+0x552/0x690
[ 74.621828][ T5813] ? finish_dput+0xad/0x480
[ 74.623131][ T5813] finish_dput+0xc9/0x480
[ 74.624420][ T5813] ovl_cache_update+0x68e/0xc30
[ 74.626033][ T5813] ? __pfx_ovl_cache_update+0x10/0x10
[ 74.627580][ T5813] ? ovl_dir_read_merged+0x416/0x520
[ 74.629096][ T5813] ? __pfx_ovl_dir_read_merged+0x10/0x10
[ 74.630733][ T5813] ? __pfx_ovl_fill_merge+0x10/0x10
[ 74.632394][ T5813] ? filldir64+0x452/0x640
[ 74.633813][ T5813] ovl_iterate+0x686/0x21a0
[ 74.635134][ T5813] ? check_path+0x21/0x40
[ 74.636411][ T5813] ? check_noncircular+0xda/0x150
[ 74.638162][ T5813] ? __pfx_ovl_iterate+0x10/0x10
[ 74.639686][ T5813] ? lockdep_unlock+0x5d/0xd0
[ 74.641168][ T5813] ? __lock_acquire+0x146e/0x2cf0
[ 74.642670][ T5813] ? add_lock_to_list+0xc7/0x100
[ 74.644085][ T5813] ? wrap_directory_iterator+0x5a/0xe0
[ 74.645835][ T5813] ? wrap_directory_iterator+0x5a/0xe0
[ 74.647614][ T5813] ? down_write+0x16d/0x200
[ 74.649162][ T5813] ? __pfx_down_write+0x10/0x10
[ 74.650815][ T5813] ? wrap_directory_iterator+0x52/0xe0
[ 74.652534][ T5813] ? __pfx_ovl_iterate+0x10/0x10
[ 74.653980][ T5813] wrap_directory_iterator+0x96/0xe0
[ 74.655523][ T5813] iterate_dir+0x399/0x570
[ 74.657021][ T5813] __se_sys_getdents64+0xf1/0x280
[ 74.658843][ T5813] ? __pfx___se_sys_getdents64+0x10/0x10
[ 74.660821][ T5813] ? __pfx_filldir64+0x10/0x10
[ 74.662198][ T5813] ? rcu_is_watching+0x15/0xb0
[ 74.663541][ T5813] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 74.665279][ T5813] do_syscall_64+0x15f/0xf80
[ 74.666642][ T5813] ? trace_irq_disable+0x3b/0x140
[ 74.668480][ T5813] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 74.670641][ T5813] RIP: 0033:0x7f9dc399cdd9
[ 74.672334][ T5813] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 74.679478][ T5813] RSP: 002b:00007f9dc48de028 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 74.682486][ T5813] RAX: ffffffffffffffda RBX: 00007f9dc3c15fa0 RCX: 00007f9dc399cdd9
[ 74.685343][ T5813] RDX: 0000000000001000 RSI: 0000200000000400 RDI: 0000000000000003
[ 74.688185][ T5813] RBP: 00007f9dc3a32d69 R08: 0000000000000000 R09: 0000000000000000
[ 74.691184][ T5813] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 74.694070][ T5813] R13: 00007f9dc3c16038 R14: 00007f9dc3c15fa0 R15: 00007ffdf71c5aa8
[ 74.697027][ T5813]
[ 74.698859][ T5813] Kernel Offset: disabled
[ 74.700466][ T5813] Rebooting in 86400 seconds..
VM DIAGNOSIS:
07:10:01 Registers:
info registers vcpu 0
CPU#0
RAX=00000000000d8b99 RBX=ffffffff819a815a RCX=0000000080000001 RDX=0000000000000001
RSI=ffffffff8dfa3980 RDI=ffffffff8c28a9e0 RBP=ffffffff8e607eb0 RSP=ffffffff8e607dc0
R8 =ffff8881210339db R9 =1ffff1102420673b R10=dffffc0000000000 R11=ffffed102420673c
R12=0000000000000000 R13=1ffffffff1cd25d8 R14=0000000000000000 R15=1ffffffff1cd25d8
RIP=ffffffff8ba7b12f RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88818dc93000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007ffe44aefff8 CR3=000000017305a000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 00000000000000ff XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=0000000000007291 0000000000002231
XMM06=0000000000000000 0000000000000000 XMM07=0000000000000000 0000000000000000
XMM08=ffffffffffff0000 ffffffffffff0000 XMM09=0000000000007291 0000000000003231
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1
CPU#1
RAX=0000000000000020 RBX=0000000000000020 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc90003c06fd0
R8 =ffff8881073f8237 R9 =1ffff11020e7f046 R10=dffffc0000000000 R11=ffffffff854482e0
R12=dffffc0000000000 R13=ffffffff9a4839b0 R14=ffffffff9a79c660 R15=0000000000000000
RIP=ffffffff8544835c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f9dc48de6c0 ffffffff 00c00000
GS =0000 ffff8882a9293000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000048000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=0000200000001000 CR3=000000016fcee000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 0000000000000000 XMM05=0000000000000000 0000000000000000
XMM06=0000000000000000 0000000000000000 XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 0000000000000000 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000