Warning: Permanently added '[localhost]:19788' (ED25519) to the list of known hosts.
2026/06/03 03:43:01 parsed 1 programs
syzkaller login: [ 73.078704][ T5623] cgroup: Unknown subsys name 'net'
[ 73.202153][ T5623] cgroup: Unknown subsys name 'cpuset'
[ 73.208511][ T5623] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 75.527791][ T5623] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 76.899892][ T1383] ieee802154 phy0 wpan0: encryption failed: -22
[ 76.902877][ T1383] ieee802154 phy1 wpan1: encryption failed: -22
[ 78.466375][ T5634] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 78.835774][ T5660] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 78.840791][ T5660] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 78.844553][ T5660] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 78.849353][ T5660] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 78.852659][ T5660] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 79.018383][ T5636] bridge0: port 1(bridge_slave_0) entered blocking state
[ 79.023798][ T5636] bridge0: port 1(bridge_slave_0) entered disabled state
[ 79.027183][ T5636] bridge_slave_0: entered allmulticast mode
[ 79.030169][ T5636] bridge_slave_0: entered promiscuous mode
[ 79.047446][ T5636] bridge0: port 2(bridge_slave_1) entered blocking state
[ 79.049762][ T5636] bridge0: port 2(bridge_slave_1) entered disabled state
[ 79.051828][ T5636] bridge_slave_1: entered allmulticast mode
[ 79.054425][ T5636] bridge_slave_1: entered promiscuous mode
[ 79.093038][ T5636] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 79.099325][ T5636] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 79.275157][ T5636] team0: Port device team_slave_0 added
[ 79.284711][ T5636] team0: Port device team_slave_1 added
[ 79.369518][ T5636] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 79.372915][ T5636] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 79.383486][ T5636] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 79.401772][ T5636] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 79.404631][ T5636] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 79.414986][ T5636] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 79.545739][ T5636] hsr_slave_0: entered promiscuous mode
[ 79.555132][ T5636] hsr_slave_1: entered promiscuous mode
[ 80.078253][ T426] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 80.085495][ T426] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 80.172772][ T426] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 80.183205][ T426] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 80.192528][ T5636] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 80.223518][ T5636] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[ 80.231591][ T5636] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 80.252085][ T5636] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[ 80.273346][ T5636] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 80.299226][ T5636] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[ 80.313765][ T5636] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 80.341086][ T5636] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[ 80.705012][ T5636] 8021q: adding VLAN 0 to HW filter on device bond0
[ 80.890319][ T5636] 8021q: adding VLAN 0 to HW filter on device team0
[ 80.962761][ T81] bridge0: port 1(bridge_slave_0) entered blocking state
[ 80.965423][ T81] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 81.000330][ T426] bridge0: port 2(bridge_slave_1) entered blocking state
[ 81.003243][ T426] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 81.831934][ T5636] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 81.903496][ T5636] veth0_vlan: entered promiscuous mode
[ 81.910901][ T5636] veth1_vlan: entered promiscuous mode
[ 81.935526][ T5636] veth0_macvtap: entered promiscuous mode
[ 81.945724][ T5636] veth1_macvtap: entered promiscuous mode
[ 81.980115][ T5636] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 81.993276][ T5636] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 82.012881][ T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 82.019078][ T13] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 82.104846][ T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 82.128230][ T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
2026/06/03 03:43:13 executed programs: 0
[ 82.504803][ T5006] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 82.511694][ T5006] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 82.515840][ T5006] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 82.524579][ T5006] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 82.531802][ T5006] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 82.555627][ T53] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 82.560492][ T5755] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 82.562109][ T5757] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 82.571577][ T5755] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 82.572157][ T5757] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 82.582149][ T5757] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 82.591465][ T5755] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 82.594248][ T5757] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 82.594993][ T5755] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 82.600244][ T5757] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 82.932770][ T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 83.447096][ T5749] bridge0: port 1(bridge_slave_0) entered blocking state
[ 83.450008][ T5749] bridge0: port 1(bridge_slave_0) entered disabled state
[ 83.452267][ T5749] bridge_slave_0: entered allmulticast mode
[ 83.455034][ T5749] bridge_slave_0: entered promiscuous mode
[ 83.459195][ T5749] bridge0: port 2(bridge_slave_1) entered blocking state
[ 83.461531][ T5749] bridge0: port 2(bridge_slave_1) entered disabled state
[ 83.463859][ T5749] bridge_slave_1: entered allmulticast mode
[ 83.466696][ T5749] bridge_slave_1: entered promiscuous mode
[ 83.489006][ T5750] bridge0: port 1(bridge_slave_0) entered blocking state
[ 83.492217][ T5750] bridge0: port 1(bridge_slave_0) entered disabled state
[ 83.495318][ T5750] bridge_slave_0: entered allmulticast mode
[ 83.499653][ T5750] bridge_slave_0: entered promiscuous mode
[ 83.528401][ T5749] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 83.532098][ T5750] bridge0: port 2(bridge_slave_1) entered blocking state
[ 83.535632][ T5750] bridge0: port 2(bridge_slave_1) entered disabled state
[ 83.539617][ T5750] bridge_slave_1: entered allmulticast mode
[ 83.545751][ T5750] bridge_slave_1: entered promiscuous mode
[ 83.562250][ T5749] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 83.580748][ T5752] bridge0: port 1(bridge_slave_0) entered blocking state
[ 83.583500][ T5752] bridge0: port 1(bridge_slave_0) entered disabled state
[ 83.585660][ T5752] bridge_slave_0: entered allmulticast mode
[ 83.589080][ T5752] bridge_slave_0: entered promiscuous mode
[ 83.618381][ T5752] bridge0: port 2(bridge_slave_1) entered blocking state
[ 83.621226][ T5752] bridge0: port 2(bridge_slave_1) entered disabled state
[ 83.624271][ T5752] bridge_slave_1: entered allmulticast mode
[ 83.628544][ T5752] bridge_slave_1: entered promiscuous mode
[ 83.633698][ T5749] team0: Port device team_slave_0 added
[ 83.639577][ T5750] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 83.657699][ T5749] team0: Port device team_slave_1 added
[ 83.686582][ T5750] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 83.732449][ T5752] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 83.750667][ T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 83.760409][ T5749] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 83.763337][ T5749] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 83.774189][ T5749] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 83.781500][ T5749] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 83.784317][ T5749] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 83.795561][ T5749] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 83.815196][ T5752] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 83.830957][ T5750] team0: Port device team_slave_0 added
[ 83.869059][ T5750] team0: Port device team_slave_1 added
[ 83.890624][ T5752] team0: Port device team_slave_0 added
[ 83.911070][ T5750] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 83.913442][ T5750] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 83.923796][ T5750] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 83.929452][ T5752] team0: Port device team_slave_1 added
[ 83.941764][ T5749] hsr_slave_0: entered promiscuous mode
[ 83.945015][ T5749] hsr_slave_1: entered promiscuous mode
[ 83.950693][ T5749] debugfs: 'hsr0' already exists in 'hsr'
[ 83.953540][ T5749] Cannot create hsr debugfs directory
[ 83.956346][ T5750] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 83.959325][ T5750] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 83.968421][ T5750] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 84.020068][ T5752] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 84.022305][ T5752] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 84.030977][ T5752] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 84.072004][ T5752] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 84.075674][ T5752] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 84.085625][ T5752] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 84.110291][ T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 84.129688][ T5750] hsr_slave_0: entered promiscuous mode
[ 84.132913][ T5750] hsr_slave_1: entered promiscuous mode
[ 84.135808][ T5750] debugfs: 'hsr0' already exists in 'hsr'
[ 84.138623][ T5750] Cannot create hsr debugfs directory
[ 84.261799][ T5752] hsr_slave_0: entered promiscuous mode
[ 84.264862][ T5752] hsr_slave_1: entered promiscuous mode
[ 84.268327][ T5752] debugfs: 'hsr0' already exists in 'hsr'
[ 84.270719][ T5752] Cannot create hsr debugfs directory
[ 84.345103][ T12] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 84.588313][ T5757] Bluetooth: hci0: command tx timeout
[ 84.634148][ T12] bridge_slave_1: left allmulticast mode
[ 84.637148][ T12] bridge_slave_1: left promiscuous mode
[ 84.640909][ T12] bridge0: port 2(bridge_slave_1) entered disabled state
[ 84.650901][ T12] bridge_slave_0: left allmulticast mode
[ 84.653094][ T12] bridge_slave_0: left promiscuous mode
[ 84.655316][ T12] bridge0: port 1(bridge_slave_0) entered disabled state
[ 84.667821][ T5006] Bluetooth: hci2: command tx timeout
[ 84.670891][ T5757] Bluetooth: hci1: command tx timeout
[ 84.904972][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 84.912571][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 84.917945][ T12] bond0 (unregistering): Released all slaves
[ 85.064540][ T12] hsr_slave_0: left promiscuous mode
[ 85.068172][ T12] hsr_slave_1: left promiscuous mode
[ 85.070801][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 85.073603][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 85.078071][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 85.080779][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 85.092602][ T12] veth1_macvtap: left promiscuous mode
[ 85.095574][ T12] veth0_macvtap: left promiscuous mode
[ 85.099909][ T12] veth1_vlan: left promiscuous mode
[ 85.102102][ T12] veth0_vlan: left promiscuous mode
[ 85.313589][ T12] team0 (unregistering): Port device team_slave_1 removed
[ 85.327441][ T12] team0 (unregistering): Port device team_slave_0 removed
[ 85.456210][ T5749] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 85.476227][ T5749] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[ 85.492329][ T5749] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 85.507193][ T5749] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[ 85.542194][ T5749] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 85.569110][ T5749] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[ 85.595888][ T5749] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 85.615932][ T5749] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[ 85.696849][ T5750] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 85.732983][ T5750] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[ 85.740095][ T5750] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 85.749170][ T5750] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[ 85.752718][ T5750] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 85.765396][ T5750] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[ 85.771040][ T5363] 8021q: adding VLAN 0 to HW filter on device eth1
[ 85.795964][ T5750] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 85.802340][ T5750] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[ 85.955902][ T5749] 8021q: adding VLAN 0 to HW filter on device bond0
[ 86.020978][ T5749] 8021q: adding VLAN 0 to HW filter on device team0
[ 86.080495][ T4022] bridge0: port 1(bridge_slave_0) entered blocking state
[ 86.083600][ T4022] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 86.104254][ T5750] 8021q: adding VLAN 0 to HW filter on device bond0
[ 86.110108][ T4022] bridge0: port 2(bridge_slave_1) entered blocking state
[ 86.113211][ T4022] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 86.163692][ T5750] 8021q: adding VLAN 0 to HW filter on device team0
[ 86.227286][ T4022] bridge0: port 1(bridge_slave_0) entered blocking state
[ 86.230331][ T4022] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 86.250733][ T4022] bridge0: port 2(bridge_slave_1) entered blocking state
[ 86.253649][ T4022] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 86.355755][ T5752] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 86.371973][ T5752] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[ 86.380707][ T5752] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 86.392908][ T5752] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[ 86.406120][ T5752] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 86.420249][ T5752] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[ 86.425074][ T5752] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 86.435401][ T5752] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[ 86.635678][ T5752] 8021q: adding VLAN 0 to HW filter on device bond0
[ 86.657153][ T5757] Bluetooth: hci0: command tx timeout
[ 86.674911][ T5752] 8021q: adding VLAN 0 to HW filter on device team0
[ 86.690708][ T62] bridge0: port 1(bridge_slave_0) entered blocking state
[ 86.693378][ T62] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 86.717671][ T81] bridge0: port 2(bridge_slave_1) entered blocking state
[ 86.720622][ T81] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 86.747155][ T5757] Bluetooth: hci1: command tx timeout
[ 86.749405][ T5006] Bluetooth: hci2: command tx timeout
[ 86.835777][ T5749] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 86.904753][ T5749] veth0_vlan: entered promiscuous mode
[ 86.916455][ T5749] veth1_vlan: entered promiscuous mode
[ 86.959244][ T5749] veth0_macvtap: entered promiscuous mode
[ 86.965676][ T5749] veth1_macvtap: entered promiscuous mode
[ 86.992869][ T5749] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 87.008338][ T5749] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 87.023224][ T5750] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 87.041999][ T5492] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 87.057633][ T5492] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 87.065774][ T5492] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 87.072453][ T5492] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 87.211541][ T5750] veth0_vlan: entered promiscuous mode
[ 87.233849][ T81] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 87.238230][ T5752] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 87.246439][ T81] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 87.276419][ T5750] veth1_vlan: entered promiscuous mode
[ 87.302771][ T83] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 87.310789][ T83] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 87.362504][ T5750] veth0_macvtap: entered promiscuous mode
[ 87.374287][ T5752] veth0_vlan: entered promiscuous mode
[ 87.386249][ T5750] veth1_macvtap: entered promiscuous mode
[ 87.405051][ T5752] veth1_vlan: entered promiscuous mode
[ 87.417468][ T5750] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 87.421686][ T5875] ==================================================================
[ 87.424038][ T5875] BUG: KASAN: double-free in mempool_free+0xec/0x130
[ 87.425959][ T5875] Free of addr ffff888177994400 by task syz.0.17/5875
[ 87.428584][ T5875]
[ 87.429977][ T5875] CPU: 1 UID: 0 PID: 5875 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)
[ 87.429993][ T5875] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 87.430002][ T5875] Call Trace:
[ 87.430008][ T5875]
[ 87.430016][ T5875] dump_stack_lvl+0xe8/0x150
[ 87.430033][ T5875] print_address_description+0x55/0x1e0
[ 87.430048][ T5875] print_report+0x58/0x70
[ 87.430058][ T5875] ? mempool_free+0xec/0x130
[ 87.430070][ T5875] kasan_report_invalid_free+0xea/0x110
[ 87.430090][ T5875] ? mempool_free+0xec/0x130
[ 87.430103][ T5875] ? mempool_free+0xec/0x130
[ 87.430116][ T5875] __kasan_slab_pre_free+0x104/0x120
[ 87.430134][ T5875] ? mempool_free+0xec/0x130
[ 87.430413][ T5875] kmem_cache_free+0x130/0x650
[ 87.430461][ T5875] ? __pfx_mempool_free_slab+0x10/0x10
[ 87.430476][ T5875] mempool_free+0xec/0x130
[ 87.430488][ T5875] ? __pfx_mempool_free+0x10/0x10
[ 87.430501][ T5875] ? __pfx_mempool_free_slab+0x10/0x10
[ 87.430513][ T5875] ? mempool_free+0xec/0x130
[ 87.430525][ T5875] ? __pfx_mempool_free+0x10/0x10
[ 87.430538][ T5875] bio_free+0x1e9/0x330
[ 87.430558][ T5875] __blkdev_direct_IO+0xd89/0xf40
[ 87.430583][ T5875] ? __pfx___blkdev_direct_IO+0x10/0x10
[ 87.430603][ T5875] ? iov_npages+0x24a/0x290
[ 87.430619][ T5875] blkdev_direct_IO+0x121a/0x1790
[ 87.430640][ T5875] ? __pfx_blkdev_direct_IO+0x10/0x10
[ 87.430657][ T5875] ? aa_file_perm+0x192/0x15e0
[ 87.430670][ T5875] ? aa_file_perm+0x50e/0x15e0
[ 87.430681][ T5875] ? aa_file_perm+0x192/0x15e0
[ 87.430695][ T5875] ? __futex_wait+0x1fc/0x420
[ 87.430712][ T5875] ? __futex_wait+0x371/0x420
[ 87.430729][ T5875] ? __pfx_aa_file_perm+0x10/0x10
[ 87.430741][ T5875] ? kiocb_write_and_wait+0x14d/0x1b0
[ 87.430759][ T5875] blkdev_read_iter+0x23d/0x440
[ 87.430778][ T5875] do_iter_readv_writev+0x619/0x8c0
[ 87.430797][ T5875] ? __pfx_do_iter_readv_writev+0x10/0x10
[ 87.430817][ T5875] ? bpf_lsm_file_permission+0x9/0x20
[ 87.430834][ T5875] ? security_file_permission+0x75/0x260
[ 87.430850][ T5875] ? rw_verify_area+0x2a6/0x4d0
[ 87.430867][ T5875] vfs_readv+0x288/0x840
[ 87.430884][ T5875] ? __pfx_vfs_readv+0x10/0x10
[ 87.430901][ T5875] ? __fget_files+0x2a/0x420
[ 87.430923][ T5875] ? __fget_files+0x3a0/0x420
[ 87.430938][ T5875] ? __fget_files+0x2a/0x420
[ 87.430954][ T5875] __se_sys_preadv2+0x184/0x2a0
[ 87.430968][ T5875] ? __pfx___se_sys_preadv2+0x10/0x10
[ 87.430982][ T5875] ? __x64_sys_preadv2+0x20/0xc0
[ 87.430993][ T5875] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 87.431006][ T5875] do_syscall_64+0x174/0x580
[ 87.431020][ T5875] ? trace_irq_disable+0x3b/0x140
[ 87.431040][ T5875] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 87.431053][ T5875] RIP: 0033:0x7f125c99ce59
[ 87.431067][ T5875] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 87.431077][ T5875] RSP: 002b:00007f125d829028 EFLAGS: 00000246 ORIG_RAX: 0000000000000147
[ 87.431092][ T5875] RAX: ffffffffffffffda RBX: 00007f125cc15fa0 RCX: 00007f125c99ce59
[ 87.431101][ T5875] RDX: 0000000000000005 RSI: 0000200000000080 RDI: 0000000000000003
[ 87.431110][ T5875] RBP: 00007f125ca32d6f R08: 0000000000000000 R09: 000000000000001f
[ 87.431118][ T5875] R10: 0000000000002000 R11: 0000000000000246 R12: 0000000000000000
[ 87.431126][ T5875] R13: 00007f125cc16038 R14: 00007f125cc15fa0 R15: 00007fff02d2e3e8
[ 87.431140][ T5875]
[ 87.431145][ T5875]
[ 87.551715][ T5875] Allocated by task 5875:
[ 87.553371][ T5875] kasan_save_track+0x3e/0x80
[ 87.555207][ T5875] __kasan_slab_alloc+0x6c/0x80
[ 87.557072][ T5875] kmem_cache_alloc_noprof+0x2bc/0x650
[ 87.559002][ T5875] bio_alloc_bioset+0x599/0xc90
[ 87.560506][ T5875] __blkdev_direct_IO+0x294/0xf40
[ 87.562000][ T5875] blkdev_direct_IO+0x121a/0x1790
[ 87.563625][ T5875] blkdev_read_iter+0x23d/0x440
[ 87.565128][ T5875] do_iter_readv_writev+0x619/0x8c0
[ 87.567130][ T5875] vfs_readv+0x288/0x840
[ 87.568689][ T5875] __se_sys_preadv2+0x184/0x2a0
[ 87.570266][ T5875] do_syscall_64+0x174/0x580
[ 87.571756][ T5875] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 87.573799][ T5875]
[ 87.574702][ T5875] Freed by task 5875:
[ 87.576224][ T5875] kasan_save_track+0x3e/0x80
[ 87.578048][ T5875] kasan_save_free_info+0x46/0x50
[ 87.579918][ T5875] __kasan_slab_free+0x5c/0x80
[ 87.581737][ T5875] kmem_cache_free+0x182/0x650
[ 87.583548][ T5875] mempool_free+0xec/0x130
[ 87.585160][ T5875] bio_free+0x1e9/0x330
[ 87.586645][ T5875] __blkdev_direct_IO+0xd6e/0xf40
[ 87.588535][ T5875] blkdev_direct_IO+0x121a/0x1790
[ 87.590474][ T5875] blkdev_read_iter+0x23d/0x440
[ 87.592273][ T5875] do_iter_readv_writev+0x619/0x8c0
[ 87.594206][ T5875] vfs_readv+0x288/0x840
[ 87.595822][ T5875] __se_sys_preadv2+0x184/0x2a0
[ 87.597717][ T5875] do_syscall_64+0x174/0x580
[ 87.599474][ T5875] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 87.601679][ T5875]
[ 87.602574][ T5875] The buggy address belongs to the object at ffff888177994400
[ 87.602574][ T5875] which belongs to the cache biovec-max of size 4096
[ 87.607612][ T5875] The buggy address is located 0 bytes inside of
[ 87.607612][ T5875] 4096-byte region [ffff888177994400, ffff888177995400)
[ 87.612325][ T5875]
[ 87.613242][ T5875] The buggy address belongs to the physical page:
[ 87.615453][ T5875] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888177990000 pfn:0x177990
[ 87.618559][ T5875] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 87.621702][ T5875] flags: 0x57ff00000000240(workingset|head|node=1|zone=2|lastcpupid=0x7ff)
[ 87.624475][ T5875] page_type: f5(slab)
[ 87.625799][ T5875] raw: 057ff00000000240 ffff8881604148c0 ffff8881622adc48 ffffea0005de5010
[ 87.628392][ T5875] raw: ffff888177990000 0000000800070003 00000000f5000000 0000000000000000
[ 87.630926][ T5875] head: 057ff00000000240 ffff8881604148c0 ffff8881622adc48 ffffea0005de5010
[ 87.633538][ T5875] head: ffff888177990000 0000000800070003 00000000f5000000 0000000000000000
[ 87.636121][ T5875] head: 057ff00000000003 fffffffffffffe01 00000000ffffffff 00000000ffffffff
[ 87.638609][ T5875] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[ 87.641128][ T5875] page dumped because: kasan: bad access detected
[ 87.643031][ T5875] page_owner tracks the page as allocated
[ 87.644717][ T5875] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5065, tgid 5065 (udevd), ts 29098398773, free_ts 24434603765
[ 87.650122][ T5875] post_alloc_hook+0x22d/0x280
[ 87.651644][ T5875] get_page_from_freelist+0x2593/0x2610
[ 87.653399][ T5875] __alloc_frozen_pages_noprof+0x18d/0x380
[ 87.655322][ T5875] allocate_slab+0x77/0x660
[ 87.656722][ T5875] refill_objects+0x339/0x3d0
[ 87.658141][ T5875] __pcs_replace_empty_main+0x321/0x720
[ 87.659816][ T5875] kmem_cache_alloc_noprof+0x37d/0x650
[ 87.661495][ T5875] bio_alloc_bioset+0x599/0xc90
[ 87.663208][ T5875] ext4_mpage_readpages+0x13b5/0x1f30
[ 87.665147][ T5875] read_pages+0x193/0x5a0
[ 87.666678][ T5875] page_cache_ra_unbounded+0x794/0xa10
[ 87.668576][ T5875] page_cache_ra_order+0xae4/0xe80
[ 87.670027][ T5875] filemap_get_pages+0x897/0x1ef0
[ 87.671835][ T5875] filemap_read+0x447/0x1230
[ 87.673490][ T5875] __kernel_read+0x504/0x9b0
[ 87.675226][ T5875] integrity_kernel_read+0x89/0xd0
[ 87.677154][ T5875] page last free pid 10 tgid 10 stack trace:
[ 87.679376][ T5875] __free_frozen_pages+0xc1c/0xd30
[ 87.681295][ T5875] vfree+0x1d1/0x2f0
[ 87.682627][ T5875] delayed_vfree_work+0x55/0x80
[ 87.684053][ T5875] process_scheduled_works+0xb5d/0x1860
[ 87.685777][ T5875] worker_thread+0xa53/0xfc0
[ 87.687665][ T5875] kthread+0x389/0x470
[ 87.689191][ T5875] ret_from_fork+0x514/0xb70
[ 87.690659][ T5875] ret_from_fork_asm+0x1a/0x30
[ 87.692301][ T5875]
[ 87.693091][ T5875] Memory state around the buggy address:
[ 87.695064][ T5875] ffff888177994300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 87.697643][ T5875] ffff888177994380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 87.700106][ T5875] >ffff888177994400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 87.702547][ T5875] ^
[ 87.703776][ T5875] ffff888177994480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 87.706394][ T5875] ffff888177994500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 87.708856][ T5875] ==================================================================
[ 87.716220][ T5875] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 87.718692][ T5875] CPU: 1 UID: 0 PID: 5875 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)
[ 87.721552][ T5875] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 87.724672][ T5875] Call Trace:
[ 87.725716][ T5875]
[ 87.726651][ T5875] vpanic+0x56c/0xa60
[ 87.728169][ T5875] ? __pfx_vpanic+0x10/0x10
[ 87.729726][ T5875] ? __pfx___schedule+0x10/0x10
[ 87.731280][ T5875] panic+0xc5/0xd0
[ 87.732348][ T5875] ? __pfx_panic+0x10/0x10
[ 87.733653][ T5875] ? preempt_schedule_common+0x82/0xd0
[ 87.735314][ T5875] check_panic_on_warn+0x89/0xb0
[ 87.736857][ T5875] end_report+0x73/0x170
[ 87.738135][ T5875] ? mempool_free+0xec/0x130
[ 87.739537][ T5875] kasan_report_invalid_free+0xfa/0x110
[ 87.741198][ T5875] ? mempool_free+0xec/0x130
[ 87.742640][ T5875] ? mempool_free+0xec/0x130
[ 87.744082][ T5875] __kasan_slab_pre_free+0x104/0x120
[ 87.745719][ T5875] ? mempool_free+0xec/0x130
[ 87.747157][ T5875] kmem_cache_free+0x130/0x650
[ 87.748670][ T5875] ? __pfx_mempool_free_slab+0x10/0x10
[ 87.750451][ T5875] mempool_free+0xec/0x130
[ 87.752083][ T5875] ? __pfx_mempool_free+0x10/0x10
[ 87.753832][ T5875] ? __pfx_mempool_free_slab+0x10/0x10
[ 87.755632][ T5875] ? mempool_free+0xec/0x130
[ 87.757119][ T5875] ? __pfx_mempool_free+0x10/0x10
[ 87.758760][ T5875] bio_free+0x1e9/0x330
[ 87.760327][ T5875] __blkdev_direct_IO+0xd89/0xf40
[ 87.761916][ T5875] ? __pfx___blkdev_direct_IO+0x10/0x10
[ 87.763658][ T5875] ? iov_npages+0x24a/0x290
[ 87.765158][ T5875] blkdev_direct_IO+0x121a/0x1790
[ 87.766668][ T5875] ? __pfx_blkdev_direct_IO+0x10/0x10
[ 87.768441][ T5875] ? aa_file_perm+0x192/0x15e0
[ 87.770161][ T5875] ? aa_file_perm+0x50e/0x15e0
[ 87.771881][ T5875] ? aa_file_perm+0x192/0x15e0
[ 87.773655][ T5875] ? __futex_wait+0x1fc/0x420
[ 87.775377][ T5875] ? __futex_wait+0x371/0x420
[ 87.777063][ T5875] ? __pfx_aa_file_perm+0x10/0x10
[ 87.778974][ T5875] ? kiocb_write_and_wait+0x14d/0x1b0
[ 87.780990][ T5875] blkdev_read_iter+0x23d/0x440
[ 87.782868][ T5875] do_iter_readv_writev+0x619/0x8c0
[ 87.784715][ T5875] ? __pfx_do_iter_readv_writev+0x10/0x10
[ 87.786952][ T5875] ? bpf_lsm_file_permission+0x9/0x20
[ 87.789054][ T5875] ? security_file_permission+0x75/0x260
[ 87.791356][ T5875] ? rw_verify_area+0x2a6/0x4d0
[ 87.793198][ T5875] vfs_readv+0x288/0x840
[ 87.794869][ T5875] ? __pfx_vfs_readv+0x10/0x10
[ 87.796588][ T5875] ? __fget_files+0x2a/0x420
[ 87.798043][ T5875] ? __fget_files+0x3a0/0x420
[ 87.799461][ T5875] ? __fget_files+0x2a/0x420
[ 87.800810][ T5875] __se_sys_preadv2+0x184/0x2a0
[ 87.802707][ T5875] ? __pfx___se_sys_preadv2+0x10/0x10
[ 87.804829][ T5875] ? __x64_sys_preadv2+0x20/0xc0
[ 87.806779][ T5875] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 87.809230][ T5875] do_syscall_64+0x174/0x580
[ 87.811064][ T5875] ? trace_irq_disable+0x3b/0x140
[ 87.812671][ T5875] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 87.814340][ T5875] RIP: 0033:0x7f125c99ce59
[ 87.815752][ T5875] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 87.822150][ T5875] RSP: 002b:00007f125d829028 EFLAGS: 00000246 ORIG_RAX: 0000000000000147
[ 87.824674][ T5875] RAX: ffffffffffffffda RBX: 00007f125cc15fa0 RCX: 00007f125c99ce59
[ 87.827075][ T5875] RDX: 0000000000000005 RSI: 0000200000000080 RDI: 0000000000000003
[ 87.829493][ T5875] RBP: 00007f125ca32d6f R08: 0000000000000000 R09: 000000000000001f
[ 87.831888][ T5875] R10: 0000000000002000 R11: 0000000000000246 R12: 0000000000000000
[ 87.834384][ T5875] R13: 00007f125cc16038 R14: 00007f125cc15fa0 R15: 00007fff02d2e3e8
[ 87.836944][ T5875]
[ 87.838518][ T5875] Kernel Offset: disabled
[ 87.839892][ T5875] Rebooting in 86400 seconds..
VM DIAGNOSIS:
03:43:18 Registers:
info registers vcpu 0
CPU#0
RAX=ffffffff96cdfc58 RBX=00000000000003fd RCX=00000000000002d3 RDX=ffffffff96c3ad58
RSI=ffff888102acc850 RDI=00000000000003fd RBP=ff4f6c343f9aebe8 RSP=ffffc900000f6b80
R8 =ffffc900000f6b48 R9 =0000000000000020 R10=0000000000000003 R11=ffffffff81a21250
R12=ffffffff96c40cb8 R13=ffffffff93e14be0 R14=ffff888102acbb80 R15=00000000000002d2
RIP=ffffffff81a1c158 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88818dc9c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007f125ca4f156 CR3=0000000176ae2000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 00000000000000ff XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=0000000000003730 0000000000003231
XMM06=0000000000000000 0000000000000000 XMM07=0000000000000000 0000000000000000
XMM08=ffffffffffff0000 ffffffffffff0000 XMM09=0000000000003761 0000000000003231
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1
CPU#1
RAX=0000000000000002 RBX=0000000000000000 RCX=0000000000000001 RDX=ffffffff8ba3559f
RSI=ffffffff90175050 RDI=0000000000000000 RBP=ffffffff8bcfe3c6 RSP=ffffc9000362e748
R8 =ffff88816927bb80 R9 =0000000000000001 R10=0000000000000003 R11=0000000000000000
R12=ffffc9000362e8c0 R13=ffffc9000362e818 R14=0000000000000800 R15=ffffffff8bcfe3c6
RIP=ffffffff81c5bca1 RFL=00000093 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f125d8296c0 ffffffff 00c00000
GS =0000 ffff8882a929c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000048000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b33e63fff CR3=00000001767dc000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=ffffffffffffffff ffffffffffffffff
XMM02=0000000000000000 0000000000000000 XMM03=ffffffffffffffff ffffffffffffffff
XMM04=0000000000000000 00000000000000ff XMM05=0000000000000000 0000000000000000
XMM06=0000000000000000 000000524f525245 XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 00524f5252450040 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000