Warning: Permanently added '[localhost]:27935' (ED25519) to the list of known hosts.
2025/09/23 04:04:07 parsed 1 programs
syzkaller login: [   73.023268][ T5851] cgroup: Unknown subsys name 'net'
[   73.115272][ T5851] cgroup: Unknown subsys name 'cpuset'
[   73.119160][ T5851] cgroup: Unknown subsys name 'rlimit'
[   74.908767][ T5851] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   76.938430][ T5857] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   78.284649][ T5908] chnl_net:caif_netlink_parms(): no params data found
[   78.338972][ T5908] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.341327][ T5908] bridge0: port 1(bridge_slave_0) entered disabled state
[   78.344615][ T5908] bridge_slave_0: entered allmulticast mode
[   78.347521][ T5908] bridge_slave_0: entered promiscuous mode
[   78.355104][ T5908] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.357619][ T5908] bridge0: port 2(bridge_slave_1) entered disabled state
[   78.360037][ T5908] bridge_slave_1: entered allmulticast mode
[   78.362927][ T5908] bridge_slave_1: entered promiscuous mode
[   78.380619][ T5908] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   78.385972][ T5908] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   78.402948][ T5908] team0: Port device team_slave_0 added
[   78.406225][ T5908] team0: Port device team_slave_1 added
[   78.423569][ T5908] batman_adv: batadv0: Adding interface: batadv_slave_0
[   78.425963][ T5908] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.434513][ T5908] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   78.439335][ T5908] batman_adv: batadv0: Adding interface: batadv_slave_1
[   78.441691][ T5908] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.450269][ T5908] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   78.475330][ T5908] hsr_slave_0: entered promiscuous mode
[   78.478113][ T5908] hsr_slave_1: entered promiscuous mode
[   78.569705][ T5908] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   78.575662][ T5908] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   78.580143][ T5908] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   78.585600][ T5908] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   78.603700][ T5908] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.606391][ T5908] bridge0: port 2(bridge_slave_1) entered forwarding state
[   78.609561][ T5908] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.612328][ T5908] bridge0: port 1(bridge_slave_0) entered forwarding state
[   78.648443][ T5908] 8021q: adding VLAN 0 to HW filter on device bond0
[   78.660401][ T4911] bridge0: port 1(bridge_slave_0) entered disabled state
[   78.663578][ T4911] bridge0: port 2(bridge_slave_1) entered disabled state
[   78.671453][ T5908] 8021q: adding VLAN 0 to HW filter on device team0
[   78.677631][ T4911] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.679978][ T4911] bridge0: port 1(bridge_slave_0) entered forwarding state
[   78.687993][ T4911] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.690679][ T4911] bridge0: port 2(bridge_slave_1) entered forwarding state
[   78.796553][ T5908] 8021q: adding VLAN 0 to HW filter on device batadv0
[   78.818688][ T5908] veth0_vlan: entered promiscuous mode
[   78.824361][ T5908] veth1_vlan: entered promiscuous mode
[   78.838671][ T5908] veth0_macvtap: entered promiscuous mode
[   78.843243][ T5908] veth1_macvtap: entered promiscuous mode
[   78.851931][ T5908] batman_adv: batadv0: Interface activated: batadv_slave_0
[   78.858548][ T5908] batman_adv: batadv0: Interface activated: batadv_slave_1
[   78.865862][ T5912] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   78.869627][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   78.873412][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   78.878310][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   78.979922][ T5237] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   78.984459][ T5237] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   78.988007][ T5237] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   78.989253][ T5912] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   78.996052][ T5237] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   78.999959][ T5237] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   79.040459][ T5912] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   79.118503][ T5912] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   79.190099][ T1089] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   79.196407][ T1089] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   79.215691][ T5912] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   79.226996][ T1088] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   79.230109][ T1088] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/09/23 04:04:16 executed programs: 0
[   79.847921][   T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   79.852556][   T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   79.855994][   T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   79.859743][   T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   79.864676][   T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   79.966075][ T5952] chnl_net:caif_netlink_parms(): no params data found
[   80.014347][ T5952] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.016823][ T5952] bridge0: port 1(bridge_slave_0) entered disabled state
[   80.019071][ T5952] bridge_slave_0: entered allmulticast mode
[   80.021778][ T5952] bridge_slave_0: entered promiscuous mode
[   80.026005][ T5952] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.028352][ T5952] bridge0: port 2(bridge_slave_1) entered disabled state
[   80.030645][ T5952] bridge_slave_1: entered allmulticast mode
[   80.033941][ T5952] bridge_slave_1: entered promiscuous mode
[   80.053146][ T5952] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   80.057557][ T5952] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   80.075738][ T5952] team0: Port device team_slave_0 added
[   80.078887][ T5952] team0: Port device team_slave_1 added
[   80.095009][ T5952] batman_adv: batadv0: Adding interface: batadv_slave_0
[   80.097309][ T5952] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   80.106152][ T5952] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   80.110378][ T5952] batman_adv: batadv0: Adding interface: batadv_slave_1
[   80.112784][ T5952] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   80.121881][ T5952] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   80.147676][ T5952] hsr_slave_0: entered promiscuous mode
[   80.150074][ T5952] hsr_slave_1: entered promiscuous mode
[   80.152946][ T5952] debugfs: 'hsr0' already exists in 'hsr'
[   80.155093][ T5952] Cannot create hsr debugfs directory
[   81.173339][  T790] cfg80211: failed to load regulatory.db
[   81.893111][   T54] Bluetooth: hci0: command tx timeout
[   82.420928][ T5912] bridge_slave_1: left allmulticast mode
[   82.423257][ T5912] bridge_slave_1: left promiscuous mode
[   82.425597][ T5912] bridge0: port 2(bridge_slave_1) entered disabled state
[   82.430732][ T5912] bridge_slave_0: left allmulticast mode
[   82.435544][ T5912] bridge_slave_0: left promiscuous mode
[   82.437685][ T5912] bridge0: port 1(bridge_slave_0) entered disabled state
[   82.659511][ T5912] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   82.664322][ T5912] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   82.667777][ T5912] bond0 (unregistering): Released all slaves
[   82.770557][ T5912] hsr_slave_0: left promiscuous mode
[   82.783032][ T5912] hsr_slave_1: left promiscuous mode
[   82.786080][ T5912] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   82.789233][ T5912] batman_adv: batadv0: Removing interface: batadv_slave_0
[   82.794917][ T5912] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   82.798094][ T5912] batman_adv: batadv0: Removing interface: batadv_slave_1
[   82.819035][ T5912] veth1_macvtap: left promiscuous mode
[   82.821482][ T5912] veth0_macvtap: left promiscuous mode
[   82.825035][ T5912] veth1_vlan: left promiscuous mode
[   82.827372][ T5912] veth0_vlan: left promiscuous mode
[   83.031410][ T5912] team0 (unregistering): Port device team_slave_1 removed
[   83.046786][ T5912] team0 (unregistering): Port device team_slave_0 removed
[   83.340703][ T5952] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   83.357308][ T5952] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   83.371397][ T5952] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   83.379029][ T5952] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   83.436351][ T5952] 8021q: adding VLAN 0 to HW filter on device bond0
[   83.446999][ T5952] 8021q: adding VLAN 0 to HW filter on device team0
[   83.451872][ T1089] bridge0: port 1(bridge_slave_0) entered blocking state
[   83.454249][ T1089] bridge0: port 1(bridge_slave_0) entered forwarding state
[   83.463678][ T1089] bridge0: port 2(bridge_slave_1) entered blocking state
[   83.465900][ T1089] bridge0: port 2(bridge_slave_1) entered forwarding state
[   83.604909][ T5952] 8021q: adding VLAN 0 to HW filter on device batadv0
[   83.630303][ T5952] veth0_vlan: entered promiscuous mode
[   83.636998][ T5952] veth1_vlan: entered promiscuous mode
[   83.664069][ T5952] veth0_macvtap: entered promiscuous mode
[   83.668831][ T5952] veth1_macvtap: entered promiscuous mode
[   83.678199][ T5952] batman_adv: batadv0: Interface activated: batadv_slave_0
[   83.711463][ T5952] batman_adv: batadv0: Interface activated: batadv_slave_1
[   83.717405][ T5863] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   83.720883][ T5863] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   83.724001][ T5863] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   83.727519][ T5863] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   83.786051][ T1089] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   83.788642][ T1089] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   83.812014][ T1089] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   83.815291][ T1089] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   83.849716][ T5984] loop0: detected capacity change from 0 to 512
[   83.869923][ T5984] EXT4-fs: Ignoring removed i_version option
[   83.876355][ T5984] EXT4-fs: Ignoring removed bh option
[   83.899751][ T5984] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   83.905672][ T5984] ext4 filesystem being mounted at /0/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   83.913573][ T5984] ==================================================================
[   83.916103][ T5984] BUG: KASAN: slab-out-of-bounds in ext4_inode_journal_mode+0x7b/0x480
[   83.918684][ T5984] Read of size 8 at addr ffff88801cefc378 by task syz.0.17/5984
[   83.921898][ T5984] 
[   83.922699][ T5984] CPU: 0 UID: 0 PID: 5984 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) 
[   83.922709][ T5984] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   83.922713][ T5984] Call Trace:
[   83.922717][ T5984]  <TASK>
[   83.922721][ T5984]  dump_stack_lvl+0x189/0x250
[   83.922732][ T5984]  ? __virt_addr_valid+0x1c8/0x5c0
[   83.922749][ T5984]  ? rcu_is_watching+0x15/0xb0
[   83.922757][ T5984]  ? __pfx_dump_stack_lvl+0x10/0x10
[   83.922765][ T5984]  ? rcu_is_watching+0x15/0xb0
[   83.922771][ T5984]  ? lock_release+0x4b/0x3e0
[   83.922781][ T5984]  ? _raw_spin_lock_irqsave+0xb3/0xf0
[   83.922789][ T5984]  ? __virt_addr_valid+0x1c8/0x5c0
[   83.922797][ T5984]  ? __virt_addr_valid+0x4a5/0x5c0
[   83.922805][ T5984]  print_report+0xca/0x240
[   83.922812][ T5984]  ? ext4_inode_journal_mode+0x7b/0x480
[   83.922823][ T5984]  kasan_report+0x118/0x150
[   83.922834][ T5984]  ? ext4_inode_journal_mode+0x7b/0x480
[   83.922844][ T5984]  ext4_inode_journal_mode+0x7b/0x480
[   83.922854][ T5984]  ext4_move_extents+0x2bb/0x3630
[   83.922864][ T5984]  ? is_bpf_text_address+0x26/0x2b0
[   83.922881][ T5984]  ? __lock_acquire+0xab9/0xd20
[   83.922890][ T5984]  ? __pfx_ext4_move_extents+0x10/0x10
[   83.922898][ T5984]  ? rcu_read_lock_any_held+0xb3/0x120
[   83.922906][ T5984]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[   83.922914][ T5984]  ? sb_start_write+0x114/0x1c0
[   83.922922][ T5984]  ? mnt_want_write_file+0x164/0x200
[   83.922930][ T5984]  ext4_ioctl+0x26a7/0x33c0
[   83.922938][ T5984]  ? __kasan_slab_free+0x5b/0x80
[   83.922946][ T5984]  ? kfree+0x18e/0x440
[   83.922954][ T5984]  ? tomoyo_path_number_perm+0x47a/0x5a0
[   83.922965][ T5984]  ? __pfx_ext4_ioctl+0x10/0x10
[   83.922974][ T5984]  ? file_ioctl+0x22d/0x780
[   83.922983][ T5984]  ? __pfx_file_ioctl+0x10/0x10
[   83.922992][ T5984]  ? kasan_quarantine_put+0xdd/0x220
[   83.923001][ T5984]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[   83.923010][ T5984]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[   83.923020][ T5984]  ? do_vfs_ioctl+0xb33/0x1430
[   83.923028][ T5984]  ? __pfx_do_vfs_ioctl+0x10/0x10
[   83.923037][ T5984]  ? do_futex+0x395/0x420
[   83.923045][ T5984]  ? lockdep_hardirqs_on+0x9c/0x150
[   83.923055][ T5984]  ? __se_sys_futex+0x36f/0x400
[   83.923063][ T5984]  ? exc_page_fault+0x76/0xf0
[   83.923070][ T5984]  ? __pfx___se_sys_futex+0x10/0x10
[   83.923078][ T5984]  ? bpf_lsm_file_ioctl+0x9/0x20
[   83.923087][ T5984]  ? __pfx_ext4_ioctl+0x10/0x10
[   83.923095][ T5984]  __se_sys_ioctl+0xfc/0x170
[   83.923103][ T5984]  do_syscall_64+0xfa/0x3b0
[   83.923128][ T5984]  ? lockdep_hardirqs_on+0x9c/0x150
[   83.923137][ T5984]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   83.923144][ T5984]  ? exc_page_fault+0x9f/0xf0
[   83.923150][ T5984]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   83.923157][ T5984] RIP: 0033:0x7f6a6678ec29
[   83.923165][ T5984] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   83.923171][ T5984] RSP: 002b:00007ffea3688b38 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   83.923180][ T5984] RAX: ffffffffffffffda RBX: 00007f6a669d5fa0 RCX: 00007f6a6678ec29
[   83.923185][ T5984] RDX: 0000200000000040 RSI: 00000000c028660f RDI: 0000000000000004
[   83.923189][ T5984] RBP: 00007f6a66811e41 R08: 0000000000000000 R09: 0000000000000000
[   83.923193][ T5984] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   83.923197][ T5984] R13: 00007f6a669d5fa0 R14: 00007f6a669d5fa0 R15: 0000000000000003
[   83.923204][ T5984]  </TASK>
[   83.923207][ T5984] 
[   84.041825][ T5984] Allocated by task 1:
[   84.043556][ T5984]  kasan_save_track+0x3e/0x80
[   84.045156][ T5984]  __kasan_kmalloc+0x93/0xb0
[   84.046751][ T5984]  __kmalloc_cache_noprof+0x230/0x3d0
[   84.048998][ T5984]  shmem_fill_super+0xc8/0x1190
[   84.050833][ T5984]  get_tree_nodev+0xbb/0x150
[   84.052646][ T5984]  vfs_get_tree+0x92/0x2b0
[   84.054426][ T5984]  vfs_kern_mount+0xbe/0x160
[   84.056138][ T5984]  devtmpfs_init+0x98/0x330
[   84.057660][ T5984]  driver_init+0x15/0x60
[   84.059028][ T5984]  do_basic_setup+0xf/0x70
[   84.060468][ T5984]  kernel_init_freeable+0x334/0x4b0
[   84.062421][ T5984]  kernel_init+0x1d/0x1d0
[   84.063902][ T5984]  ret_from_fork+0x439/0x7d0
[   84.065427][ T5984]  ret_from_fork_asm+0x1a/0x30
[   84.067108][ T5984] 
[   84.068081][ T5984] The buggy address belongs to the object at ffff88801cefc000
[   84.068081][ T5984]  which belongs to the cache kmalloc-512 of size 512
[   84.073095][ T5984] The buggy address is located 544 bytes to the right of
[   84.073095][ T5984]  allocated 344-byte region [ffff88801cefc000, ffff88801cefc158)
[   84.078386][ T5984] 
[   84.079315][ T5984] The buggy address belongs to the physical page:
[   84.081694][ T5984] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1cefc
[   84.084957][ T5984] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   84.087668][ T5984] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[   84.090098][ T5984] page_type: f5(slab)
[   84.091415][ T5984] raw: 00fff00000000040 ffff88801a441c80 dead000000000122 0000000000000000
[   84.094088][ T5984] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[   84.096795][ T5984] head: 00fff00000000040 ffff88801a441c80 dead000000000122 0000000000000000
[   84.099543][ T5984] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[   84.102950][ T5984] head: 00fff00000000002 ffffea000073bf01 00000000ffffffff 00000000ffffffff
[   84.106377][ T5984] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   84.109226][ T5984] page dumped because: kasan: bad access detected
[   84.111476][ T5984] page_owner tracks the page as allocated
[   84.113355][ T5984] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 1877776345, free_ts 0
[   84.119496][ T5984]  post_alloc_hook+0x240/0x2a0
[   84.121140][ T5984]  get_page_from_freelist+0x21e4/0x22c0
[   84.122916][ T5984]  __alloc_frozen_pages_noprof+0x181/0x370
[   84.124781][ T5984]  alloc_pages_mpol+0x232/0x4a0
[   84.126403][ T5984]  allocate_slab+0x8a/0x370
[   84.127933][ T5984]  ___slab_alloc+0xbeb/0x1420
[   84.129504][ T5984]  __kmalloc_cache_noprof+0x296/0x3d0
[   84.131550][ T5984]  shmem_fill_super+0xc8/0x1190
[   84.133169][ T5984]  get_tree_nodev+0xbb/0x150
[   84.134687][ T5984]  vfs_get_tree+0x92/0x2b0
[   84.136183][ T5984]  vfs_kern_mount+0xbe/0x160
[   84.137703][ T5984]  devtmpfs_init+0x98/0x330
[   84.139190][ T5984]  driver_init+0x15/0x60
[   84.140605][ T5984]  do_basic_setup+0xf/0x70
[   84.142056][ T5984]  kernel_init_freeable+0x334/0x4b0
[   84.143770][ T5984]  kernel_init+0x1d/0x1d0
[   84.145201][ T5984] page_owner free stack trace missing
[   84.146907][ T5984] 
[   84.147700][ T5984] Memory state around the buggy address:
[   84.149524][ T5984]  ffff88801cefc200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   84.152137][ T5984]  ffff88801cefc280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   84.154742][ T5984] >ffff88801cefc300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   84.157269][ T5984]                                                                 ^
[   84.159716][ T5984]  ffff88801cefc380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   84.162327][ T5984]  ffff88801cefc400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   84.164889][ T5984] ==================================================================
[   84.169826][   T54] Bluetooth: hci0: command tx timeout
[   84.179746][ T5984] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   84.182162][ T5984] CPU: 0 UID: 0 PID: 5984 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) 
[   84.185011][ T5984] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   84.188277][ T5984] Call Trace:
[   84.189393][ T5984]  <TASK>
[   84.190429][ T5984]  dump_stack_lvl+0x99/0x250
[   84.192028][ T5984]  ? __asan_memcpy+0x40/0x70
[   84.193506][ T5984]  ? __pfx_dump_stack_lvl+0x10/0x10
[   84.195175][ T5984]  ? __pfx__printk+0x10/0x10
[   84.196653][ T5984]  vpanic+0x281/0x750
[   84.197936][ T5984]  ? preempt_schedule+0xae/0xc0
[   84.199518][ T5984]  ? __pfx_vpanic+0x10/0x10
[   84.200993][ T5984]  ? preempt_schedule_common+0x83/0xd0
[   84.202732][ T5984]  ? preempt_schedule+0xae/0xc0
[   84.204295][ T5984]  ? __pfx_preempt_schedule+0x10/0x10
[   84.206010][ T5984]  panic+0xb9/0xc0
[   84.207410][ T5984]  ? __pfx_panic+0x10/0x10
[   84.209052][ T5984]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[   84.211357][ T5984]  ? is_module_address+0x17/0xf0
[   84.212960][ T5984]  ? ext4_inode_journal_mode+0x7b/0x480
[   84.214749][ T5984]  check_panic_on_warn+0x89/0xb0
[   84.216430][ T5984]  ? ext4_inode_journal_mode+0x7b/0x480
[   84.218211][ T5984]  end_report+0x78/0x160
[   84.219747][ T5984]  kasan_report+0x129/0x150
[   84.221327][ T5984]  ? ext4_inode_journal_mode+0x7b/0x480
[   84.223269][ T5984]  ext4_inode_journal_mode+0x7b/0x480
[   84.224981][ T5984]  ext4_move_extents+0x2bb/0x3630
[   84.226599][ T5984]  ? is_bpf_text_address+0x26/0x2b0
[   84.228323][ T5984]  ? __lock_acquire+0xab9/0xd20
[   84.229890][ T5984]  ? __pfx_ext4_move_extents+0x10/0x10
[   84.231759][ T5984]  ? rcu_read_lock_any_held+0xb3/0x120
[   84.233516][ T5984]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[   84.235451][ T5984]  ? sb_start_write+0x114/0x1c0
[   84.237005][ T5984]  ? mnt_want_write_file+0x164/0x200
[   84.238752][ T5984]  ext4_ioctl+0x26a7/0x33c0
[   84.240268][ T5984]  ? __kasan_slab_free+0x5b/0x80
[   84.241901][ T5984]  ? kfree+0x18e/0x440
[   84.243248][ T5984]  ? tomoyo_path_number_perm+0x47a/0x5a0
[   84.245046][ T5984]  ? __pfx_ext4_ioctl+0x10/0x10
[   84.246611][ T5984]  ? file_ioctl+0x22d/0x780
[   84.248136][ T5984]  ? __pfx_file_ioctl+0x10/0x10
[   84.249715][ T5984]  ? kasan_quarantine_put+0xdd/0x220
[   84.251413][ T5984]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[   84.253243][ T5984]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[   84.255033][ T5984]  ? do_vfs_ioctl+0xb33/0x1430
[   84.256568][ T5984]  ? __pfx_do_vfs_ioctl+0x10/0x10
[   84.258177][ T5984]  ? do_futex+0x395/0x420
[   84.259571][ T5984]  ? lockdep_hardirqs_on+0x9c/0x150
[   84.261279][ T5984]  ? __se_sys_futex+0x36f/0x400
[   84.262835][ T5984]  ? exc_page_fault+0x76/0xf0
[   84.264348][ T5984]  ? __pfx___se_sys_futex+0x10/0x10
[   84.266003][ T5984]  ? bpf_lsm_file_ioctl+0x9/0x20
[   84.267582][ T5984]  ? __pfx_ext4_ioctl+0x10/0x10
[   84.269161][ T5984]  __se_sys_ioctl+0xfc/0x170
[   84.270684][ T5984]  do_syscall_64+0xfa/0x3b0
[   84.272160][ T5984]  ? lockdep_hardirqs_on+0x9c/0x150
[   84.273829][ T5984]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.275848][ T5984]  ? exc_page_fault+0x9f/0xf0
[   84.277400][ T5984]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.279293][ T5984] RIP: 0033:0x7f6a6678ec29
[   84.280738][ T5984] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   84.286895][ T5984] RSP: 002b:00007ffea3688b38 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   84.289636][ T5984] RAX: ffffffffffffffda RBX: 00007f6a669d5fa0 RCX: 00007f6a6678ec29
[   84.292179][ T5984] RDX: 0000200000000040 RSI: 00000000c028660f RDI: 0000000000000004
[   84.294690][ T5984] RBP: 00007f6a66811e41 R08: 0000000000000000 R09: 0000000000000000
[   84.297218][ T5984] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   84.299729][ T5984] R13: 00007f6a669d5fa0 R14: 00007f6a669d5fa0 R15: 0000000000000003
[   84.302389][ T5984]  </TASK>
[   84.304201][ T5984] Kernel Offset: disabled
[   84.305789][ T5984] Rebooting in 86400 seconds..

VM DIAGNOSIS:
04:04:20  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000038 RBX=0000000000000038 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc90002d7ef30
R8 =ffff888106628237 R9 =1ffff11020cc5046 R10=dffffc0000000000 R11=ffffffff854fcd20
R12=dffffc0000000000 R13=ffffffff99b038f5 R14=ffffffff99df8460 R15=0000000000000000
RIP=ffffffff854fcd9c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 000055556e731500 ffffffff 00c00000
GS =0000 ffff8880b8612000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000200000002000 CR3=0000000108144000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=ffffffffffffffff ffffff0000000000
XMM02=ffffffffffffffff ffffffffffffffff XMM03=ffffffffffffffff ffffffffffffffff
XMM04=0000000000000000 0000000000000000 XMM05=0000000000000000 00007ffea36881e0
XMM06=00007ffea36881e0 00007ffea3688060 XMM07=00007ffea36880a0 00007ffea3688080
XMM08=0000000000000000 0000000000000000 XMM09=0000000000000000 00007f6a66812fed
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=539ab3d242748f00 RBX=ffffffff819683f8 RCX=539ab3d242748f00 RDX=0000000000000001
RSI=ffffffff8d9bae67 RDI=ffffffff8be34380 RBP=ffffc90000177f20 RSP=ffffc90000177de0
R8 =ffff888136632f9b R9 =1ffff11026cc65f3 R10=dffffc0000000000 R11=ffffed1026cc65f4
R12=ffffffff8fa3b830 R13=0000000000000001 R14=0000000000000001 R15=1ffff110200d5000
RIP=ffffffff8b7a73f3 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c12000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007ffdd677da58 CR3=0000000105d94000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=0000000000000000 00007f6a66812e7b
XMM06=0000000000000000 00007f6a66812e75 XMM07=0000000000000000 00007f6a66812e89
XMM08=0000000000000000 00007f6a66812f0f XMM09=0000000000000000 00007f6a66812fed
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000