Warning: Permanently added '10.128.0.139' (ED25519) to the list of known hosts.
2025/11/29 00:52:14 parsed 1 programs
syzkaller login: [ 64.634984][ T5786] cgroup: Unknown subsys name 'net'
[ 64.814439][ T5786] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 66.202853][ T5786] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 69.586139][ T5826] chnl_net:caif_netlink_parms(): no params data found
[ 69.661284][ T1085] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 69.670475][ T1085] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 69.841643][ T204] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 69.850497][ T204] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 69.870694][ T5826] bridge0: port 1(bridge_slave_0) entered blocking state
[ 69.878654][ T5826] bridge0: port 1(bridge_slave_0) entered disabled state
[ 69.885820][ T5826] bridge_slave_0: entered allmulticast mode
[ 69.893455][ T5826] bridge_slave_0: entered promiscuous mode
[ 69.906608][ T5826] bridge0: port 2(bridge_slave_1) entered blocking state
[ 69.915194][ T5826] bridge0: port 2(bridge_slave_1) entered disabled state
[ 69.922497][ T5826] bridge_slave_1: entered allmulticast mode
[ 69.929737][ T5826] bridge_slave_1: entered promiscuous mode
[ 69.993261][ T5826] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 70.006467][ T5826] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 70.219520][ T5826] team0: Port device team_slave_0 added
[ 70.267417][ T5826] team0: Port device team_slave_1 added
[ 70.335814][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 70.356735][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 70.383769][ T5826] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 70.409962][ T5861] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 70.420576][ T5861] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 70.433557][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 70.447284][ T5861] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 70.452733][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 70.480510][ T5826] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 70.492390][ T5861] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 70.504888][ T5861] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 70.515732][ T5861] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 70.645868][ T5826] hsr_slave_0: entered promiscuous mode
[ 70.653427][ T5826] hsr_slave_1: entered promiscuous mode
[ 71.218850][ T5826] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 71.234879][ T5826] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 71.248728][ T5826] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 71.261271][ T5826] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 71.374497][ T5826] 8021q: adding VLAN 0 to HW filter on device bond0
[ 71.413012][ T5826] 8021q: adding VLAN 0 to HW filter on device team0
[ 71.443084][ T2964] bridge0: port 1(bridge_slave_0) entered blocking state
[ 71.450508][ T2964] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 71.504213][ T2964] bridge0: port 2(bridge_slave_1) entered blocking state
[ 71.511456][ T2964] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 71.585085][ T1285] ieee802154 phy0 wpan0: encryption failed: -22
[ 71.592762][ T1285] ieee802154 phy1 wpan1: encryption failed: -22
[ 71.825990][ T5826] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 71.929271][ T5826] veth0_vlan: entered promiscuous mode
[ 71.941618][ T5826] veth1_vlan: entered promiscuous mode
[ 71.990145][ T5826] veth0_macvtap: entered promiscuous mode
[ 71.998978][ T5826] veth1_macvtap: entered promiscuous mode
[ 72.038331][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 72.054886][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 72.082213][ T5826] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 72.091363][ T5826] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 72.100131][ T5826] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 72.108851][ T5826] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
2025/11/29 00:52:23 executed programs: 0
[ 72.322213][ T5103] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 72.334089][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 72.346259][ T5899] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 72.355205][ T5899] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 72.363188][ T5899] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 72.371360][ T5899] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 72.378970][ T5899] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 72.388546][ T5903] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 72.396561][ T5899] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 72.401191][ T5903] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 72.414006][ T5899] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[ 72.433801][ T5899] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 72.496599][ T5903] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 72.506562][ T5903] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 72.515436][ T5903] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 72.527891][ T5861] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 72.538533][ T5861] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 72.547899][ T5861] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[ 72.555317][ T5861] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 72.565016][ T5861] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 72.577840][ T5899] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 72.588462][ T5899] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 72.599045][ T5899] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[ 72.607176][ T5899] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 73.197715][ T5897] chnl_net:caif_netlink_parms(): no params data found
[ 73.230548][ T5896] chnl_net:caif_netlink_parms(): no params data found
[ 73.288182][ T5905] chnl_net:caif_netlink_parms(): no params data found
[ 73.403231][ T5897] bridge0: port 1(bridge_slave_0) entered blocking state
[ 73.411353][ T5897] bridge0: port 1(bridge_slave_0) entered disabled state
[ 73.418803][ T5897] bridge_slave_0: entered allmulticast mode
[ 73.425510][ T5897] bridge_slave_0: entered promiscuous mode
[ 73.436747][ T5904] chnl_net:caif_netlink_parms(): no params data found
[ 73.479341][ T5897] bridge0: port 2(bridge_slave_1) entered blocking state
[ 73.486512][ T5897] bridge0: port 2(bridge_slave_1) entered disabled state
[ 73.494071][ T5897] bridge_slave_1: entered allmulticast mode
[ 73.501514][ T5897] bridge_slave_1: entered promiscuous mode
[ 73.565322][ T5905] bridge0: port 1(bridge_slave_0) entered blocking state
[ 73.572893][ T5905] bridge0: port 1(bridge_slave_0) entered disabled state
[ 73.580249][ T5905] bridge_slave_0: entered allmulticast mode
[ 73.587204][ T5905] bridge_slave_0: entered promiscuous mode
[ 73.612983][ T5897] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 73.636497][ T5896] bridge0: port 1(bridge_slave_0) entered blocking state
[ 73.643968][ T5896] bridge0: port 1(bridge_slave_0) entered disabled state
[ 73.651239][ T5896] bridge_slave_0: entered allmulticast mode
[ 73.659299][ T5896] bridge_slave_0: entered promiscuous mode
[ 73.668125][ T5896] bridge0: port 2(bridge_slave_1) entered blocking state
[ 73.675291][ T5896] bridge0: port 2(bridge_slave_1) entered disabled state
[ 73.682916][ T5896] bridge_slave_1: entered allmulticast mode
[ 73.693348][ T5896] bridge_slave_1: entered promiscuous mode
[ 73.700949][ T5905] bridge0: port 2(bridge_slave_1) entered blocking state
[ 73.709079][ T5905] bridge0: port 2(bridge_slave_1) entered disabled state
[ 73.716236][ T5905] bridge_slave_1: entered allmulticast mode
[ 73.723754][ T5905] bridge_slave_1: entered promiscuous mode
[ 73.743615][ T5897] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 73.828769][ T5904] bridge0: port 1(bridge_slave_0) entered blocking state
[ 73.835882][ T5904] bridge0: port 1(bridge_slave_0) entered disabled state
[ 73.843431][ T5904] bridge_slave_0: entered allmulticast mode
[ 73.850249][ T5904] bridge_slave_0: entered promiscuous mode
[ 73.874065][ T5896] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 73.886528][ T5896] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 73.900826][ T5905] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 73.913400][ T5897] team0: Port device team_slave_0 added
[ 73.922478][ T5897] team0: Port device team_slave_1 added
[ 73.929853][ T5904] bridge0: port 2(bridge_slave_1) entered blocking state
[ 73.937342][ T5904] bridge0: port 2(bridge_slave_1) entered disabled state
[ 73.944491][ T5904] bridge_slave_1: entered allmulticast mode
[ 73.951324][ T5904] bridge_slave_1: entered promiscuous mode
[ 73.989268][ T41] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 74.005070][ T5905] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 74.046129][ T5897] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 74.053344][ T5897] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 74.079996][ T5897] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 74.127569][ T5905] team0: Port device team_slave_0 added
[ 74.134350][ T5897] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 74.141726][ T5897] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 74.168041][ T5897] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 74.182267][ T5904] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 74.197342][ T5904] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 74.209665][ T5896] team0: Port device team_slave_0 added
[ 74.229628][ T5905] team0: Port device team_slave_1 added
[ 74.265456][ T5896] team0: Port device team_slave_1 added
[ 74.296504][ T5905] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 74.304576][ T5905] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 74.331339][ T5905] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 74.372666][ T5904] team0: Port device team_slave_0 added
[ 74.391802][ T5905] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 74.399182][ T5905] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 74.426107][ T5905] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 74.447782][ T5896] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 74.454881][ T5896] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 74.481857][ T5899] Bluetooth: hci1: command tx timeout
[ 74.482571][ T5896] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 74.488552][ T5103] Bluetooth: hci0: command tx timeout
[ 74.507310][ T5904] team0: Port device team_slave_1 added
[ 74.515772][ T5897] hsr_slave_0: entered promiscuous mode
[ 74.522405][ T5897] hsr_slave_1: entered promiscuous mode
[ 74.528653][ T5897] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 74.536435][ T5897] Cannot create hsr debugfs directory
[ 74.566847][ T5896] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 74.573896][ T5896] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 74.600893][ T5896] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 74.616838][ T5103] Bluetooth: hci2: command tx timeout
[ 74.648565][ T5905] hsr_slave_0: entered promiscuous mode
[ 74.654737][ T5905] hsr_slave_1: entered promiscuous mode
[ 74.661361][ T5905] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 74.669398][ T5905] Cannot create hsr debugfs directory
[ 74.693743][ T5904] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 74.701071][ T5103] Bluetooth: hci3: command tx timeout
[ 74.701480][ T5904] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 74.735620][ T5904] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 74.748718][ T5904] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 74.755689][ T5904] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 74.783871][ T5904] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 74.911767][ T5904] hsr_slave_0: entered promiscuous mode
[ 74.919194][ T5904] hsr_slave_1: entered promiscuous mode
[ 74.925257][ T5904] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 74.933575][ T5904] Cannot create hsr debugfs directory
[ 74.961209][ T5896] hsr_slave_0: entered promiscuous mode
[ 74.967583][ T5896] hsr_slave_1: entered promiscuous mode
[ 74.973554][ T5896] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 74.984082][ T5896] Cannot create hsr debugfs directory
[ 75.308742][ T5905] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 75.318982][ T5905] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 75.329571][ T5905] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 75.341276][ T5905] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 75.409433][ T5905] 8021q: adding VLAN 0 to HW filter on device bond0
[ 75.434178][ T5905] 8021q: adding VLAN 0 to HW filter on device team0
[ 75.449016][ T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 75.456102][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 75.470254][ T204] bridge0: port 2(bridge_slave_1) entered blocking state
[ 75.477421][ T204] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 75.639027][ T5905] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 75.680077][ T5905] veth0_vlan: entered promiscuous mode
[ 75.692965][ T5905] veth1_vlan: entered promiscuous mode
[ 75.721503][ T5905] veth0_macvtap: entered promiscuous mode
[ 75.730680][ T5905] veth1_macvtap: entered promiscuous mode
[ 75.748890][ T5905] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 75.759791][ T5905] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 75.772769][ T5905] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 75.784703][ T5905] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 75.795291][ T5905] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 75.807696][ T5905] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 75.822959][ T5905] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 75.832404][ T5905] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 75.842046][ T5905] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 75.850910][ T5905] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 75.921864][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 75.934058][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 75.957649][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 75.965493][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 76.018896][ T5946] syz.3.20[5946]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[ 76.090779][ T41] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 76.230115][ T5946] loop3: detected capacity change from 0 to 32768
[ 76.260120][ T5946] syz.3.20: attempt to access beyond end of device
[ 76.260120][ T5946] loop3: rw=1, sector=4701696, nr_sectors = 8 limit=32768
[ 76.273862][ T5946] metapage_write_end_io: I/O error
[ 76.279972][ T5946] ERROR: (device loop3): diWrite: ixpxd invalid
[ 76.279972][ T5946]
[ 76.289736][ T5946] ERROR: (device loop3): remounting filesystem as read-only
[ 76.298062][ T5946] ERROR: (device loop3): txCommit:
[ 76.298062][ T5946]
[ 76.311821][ T5946] blkno = 8f7c0, nblocks = 1
[ 76.321163][ T5946] ERROR: (device loop3): dbUpdatePMap: blocks are outside the map
[ 76.321163][ T5946]
[ 76.331681][ T5946] ERROR: (device loop3): remounting filesystem as read-only
[ 76.339468][ T5946] BUG: Bad page state in process syz.3.20 pfn:75b8a
[ 76.348296][ T5946] page:ffffea0001d6e280 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1a pfn:0x75b8a
[ 76.362849][ T5946] flags: 0xfff0000000820d(locked|referenced|uptodate|workingset|private|node=0|zone=1|lastcpupid=0x7ff)
[ 76.375526][ T5946] page_type: 0xffffffff()
[ 76.383981][ T5946] raw: 00fff0000000820d dead000000000100 dead000000000122 0000000000000000
[ 76.393268][ T5946] raw: 000000000000001a ffff88807cab50f8 00000000ffffffff 0000000000000000
[ 76.402409][ T5946] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[ 76.409973][ T5946] page_owner tracks the page as allocated
[ 76.416097][ T5946] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x140c40(GFP_NOFS|__GFP_COMP|__GFP_HARDWALL), pid 5946, tgid 5945 (syz.3.20), ts 76306058871, free_ts 75963255326
[ 76.434742][ T5946] post_alloc_hook+0x1cd/0x210
[ 76.445455][ T5946] get_page_from_freelist+0x195c/0x19f0
[ 76.452286][ T5946] __alloc_pages+0x1e3/0x460
[ 76.459757][ T5946] folio_alloc+0x1e/0x30
[ 76.464087][ T5946] filemap_alloc_folio+0xdf/0x470
[ 76.469203][ T5946] do_read_cache_folio+0x36c/0x7e0
[ 76.474323][ T5946] do_read_cache_page+0x32/0x250
[ 76.479410][ T5946] __get_metapage+0x31a/0xfa0
[ 76.484104][ T5946] diReadSpecial+0x25b/0x710
[ 76.488898][ T5946] duplicateIXtree+0x10e/0x480
[ 76.493685][ T5946] diAllocAG+0x1795/0x1de0
[ 76.498255][ T5946] diAlloc+0x1d5/0x1660
[ 76.502419][ T5946] ialloc+0x8c/0x950
[ 76.506300][ T5946] jfs_mkdir+0x191/0xa30
[ 76.510689][ T5946] vfs_mkdir+0x296/0x440
[ 76.514947][ T5946] do_mkdirat+0x1d4/0x440
[ 76.519459][ T5946] page last free stack trace:
[ 76.524135][ T5946] free_unref_page_prepare+0x7ce/0x8e0
[ 76.529661][ T5946] free_unref_page+0x32/0x2e0
[ 76.534353][ T5946] __unfreeze_partials+0x1cf/0x210
[ 76.540726][ T5946] put_cpu_partial+0x17c/0x250
[ 76.545528][ T5946] __slab_free+0x31d/0x410
[ 76.547310][ T5899] Bluetooth: hci1: command tx timeout
[ 76.550154][ T5103] Bluetooth: hci0: command tx timeout
[ 76.556208][ T5946] qlist_free_all+0x75/0xe0
[ 76.565618][ T5946] kasan_quarantine_reduce+0x143/0x160
[ 76.571171][ T5946] __kasan_slab_alloc+0x22/0x80
[ 76.576032][ T5946] slab_post_alloc_hook+0x6e/0x4d0
[ 76.581290][ T5946] kmem_cache_alloc_lru+0x115/0x2e0
[ 76.586545][ T5946] sock_alloc_inode+0x28/0xc0
[ 76.591276][ T5946] new_inode_pseudo+0x63/0x1d0
[ 76.596043][ T5946] __sock_create+0x12d/0x940
[ 76.600728][ T5946] __sys_socket+0xd7/0x1a0
[ 76.605159][ T5946] __x64_sys_socket+0x7a/0x90
[ 76.609922][ T5946] do_syscall_64+0x55/0xb0
[ 76.615112][ T5946] Modules linked in:
[ 76.619627][ T5946] CPU: 1 PID: 5946 Comm: syz.3.20 Not tainted syzkaller #0
[ 76.626856][ T5946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 76.636941][ T5946] Call Trace:
[ 76.640235][ T5946]
[ 76.643161][ T5946] dump_stack_lvl+0x16c/0x230
[ 76.647855][ T5946] ? show_regs_print_info+0x20/0x20
[ 76.653064][ T5946] ? swiotlb_print_info+0x70/0x70
[ 76.658099][ T5946] ? dump_page+0xba7/0x14d0
[ 76.662610][ T5946] bad_page+0x14b/0x170
[ 76.666763][ T5946] free_unref_page_prepare+0x887/0x8e0
[ 76.672237][ T5946] free_unref_page+0x32/0x2e0
[ 76.676933][ T5946] ? __folio_put+0xef/0x210
[ 76.681438][ T5946] txUnlock+0x27e/0xcb0
[ 76.685588][ T5946] txCommit+0x4dbd/0x5250
[ 76.689944][ T5946] ? txLinelock+0x160/0x160
[ 76.694456][ T5946] ? do_raw_spin_unlock+0x121/0x230
[ 76.699664][ T5946] duplicateIXtree+0x293/0x480
[ 76.704446][ T5946] ? flush_metapage+0x40/0x40
[ 76.709145][ T5946] ? do_raw_spin_unlock+0x121/0x230
[ 76.714367][ T5946] ? _raw_spin_unlock+0x28/0x40
[ 76.719233][ T5946] ? txEnd+0x2a9/0x520
[ 76.723323][ T5946] diAllocAG+0x1795/0x1de0
[ 76.727777][ T5946] ? diNewExt+0x3120/0x3120
[ 76.732292][ T5946] ? dbNextAG+0x52e/0x640
[ 76.736624][ T5946] ? __lock_acquire+0x7c80/0x7c80
[ 76.741650][ T5946] diAlloc+0x1d5/0x1660
[ 76.745812][ T5946] ? do_raw_spin_unlock+0x121/0x230
[ 76.751010][ T5946] ? _raw_spin_unlock+0x28/0x40
[ 76.755854][ T5946] ? new_inode+0x19e/0x1b0
[ 76.760268][ T5946] ialloc+0x8c/0x950
[ 76.764158][ T5946] jfs_mkdir+0x191/0xa30
[ 76.768398][ T5946] ? jfs_symlink+0xe50/0xe50
[ 76.773022][ T5946] ? make_vfsuid+0x51/0xb0
[ 76.777457][ T5946] ? generic_permission+0x1f3/0x590
[ 76.782667][ T5946] ? inode_permission+0xf3/0x480
[ 76.787601][ T5946] ? bpf_lsm_inode_mkdir+0x9/0x10
[ 76.792792][ T5946] ? security_inode_mkdir+0xb7/0x100
[ 76.798095][ T5946] vfs_mkdir+0x296/0x440
[ 76.802354][ T5946] do_mkdirat+0x1d4/0x440
[ 76.806692][ T5946] ? vfs_mkdir+0x440/0x440
[ 76.811119][ T5946] __x64_sys_mkdirat+0x89/0xa0
[ 76.815886][ T5946] do_syscall_64+0x55/0xb0
[ 76.820295][ T5946] ? clear_bhb_loop+0x40/0x90
[ 76.824968][ T5946] ? clear_bhb_loop+0x40/0x90
[ 76.829645][ T5946] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 76.835544][ T5946] RIP: 0033:0x7f1698f8f749
[ 76.839976][ T5946] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 76.859585][ T5946] RSP: 002b:00007f1699e3d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[ 76.867994][ T5946] RAX: ffffffffffffffda RBX: 00007f16991e5fa0 RCX: 00007f1698f8f749
[ 76.875972][ T5946] RDX: 0000000000000000 RSI: 0000200000000840 RDI: ffffffffffffff9c
[ 76.883932][ T5946] RBP: 00007f1699013f91 R08: 0000000000000000 R09: 0000000000000000
[ 76.891898][ T5946] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 76.899887][ T5946] R13: 00007f16991e6038 R14: 00007f16991e5fa0 R15: 00007fff83350ba8
[ 76.907864][ T5946]
[ 76.915131][ T5103] Bluetooth: hci2: command tx timeout
[ 76.921139][ T5103] Bluetooth: hci3: command tx timeout
[ 76.928195][ T5946] Disabling lock debugging due to kernel taint
[ 76.934371][ T5946] page:ffffea0001d6e280 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1a pfn:0x75b8a
[ 76.946439][ T5946] flags: 0xfff0000000820d(locked|referenced|uptodate|workingset|private|node=0|zone=1|lastcpupid=0x7ff)
[ 76.957812][ T5946] page_type: 0xffffffff()
[ 76.962603][ T5946] raw: 00fff0000000820d dead000000000100 dead000000000122 0000000000000000
[ 76.971295][ T5946] raw: 000000000000001a ffff88807cab50f8 00000000ffffffff 0000000000000000
[ 76.979923][ T5946] page dumped because: VM_BUG_ON_FOLIO(((unsigned int) folio_ref_count(folio) + 127u <= 127u))
[ 76.990335][ T5946] page_owner tracks the page as allocated
[ 76.996049][ T5946] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x140c40(GFP_NOFS|__GFP_COMP|__GFP_HARDWALL), pid 5946, tgid 5945 (syz.3.20), ts 76306058871, free_ts 75963255326
[ 77.015769][ T5946] post_alloc_hook+0x1cd/0x210
[ 77.021707][ T5946] get_page_from_freelist+0x195c/0x19f0
[ 77.027359][ T5946] __alloc_pages+0x1e3/0x460
[ 77.031967][ T5946] folio_alloc+0x1e/0x30
[ 77.036227][ T5946] filemap_alloc_folio+0xdf/0x470
[ 77.041335][ T5946] do_read_cache_folio+0x36c/0x7e0
[ 77.046453][ T5946] do_read_cache_page+0x32/0x250
[ 77.051473][ T5946] __get_metapage+0x31a/0xfa0
[ 77.056155][ T5946] diReadSpecial+0x25b/0x710
[ 77.060777][ T5946] duplicateIXtree+0x10e/0x480
[ 77.066054][ T5946] diAllocAG+0x1795/0x1de0
[ 77.070545][ T5946] diAlloc+0x1d5/0x1660
[ 77.074708][ T5946] ialloc+0x8c/0x950
[ 77.078674][ T5946] jfs_mkdir+0x191/0xa30
[ 77.082928][ T5946] vfs_mkdir+0x296/0x440
[ 77.088262][ T5946] do_mkdirat+0x1d4/0x440
[ 77.092662][ T5946] page last free stack trace:
[ 77.097366][ T5946] free_unref_page_prepare+0x7ce/0x8e0
[ 77.102849][ T5946] free_unref_page+0x32/0x2e0
[ 77.107565][ T5946] __unfreeze_partials+0x1cf/0x210
[ 77.112683][ T5946] put_cpu_partial+0x17c/0x250
[ 77.117469][ T5946] __slab_free+0x31d/0x410
[ 77.121887][ T5946] qlist_free_all+0x75/0xe0
[ 77.126371][ T5946] kasan_quarantine_reduce+0x143/0x160
[ 77.131900][ T5946] __kasan_slab_alloc+0x22/0x80
[ 77.136793][ T5946] slab_post_alloc_hook+0x6e/0x4d0
[ 77.141900][ T5946] kmem_cache_alloc_lru+0x115/0x2e0
[ 77.147116][ T5946] sock_alloc_inode+0x28/0xc0
[ 77.151790][ T5946] new_inode_pseudo+0x63/0x1d0
[ 77.156538][ T5946] __sock_create+0x12d/0x940
[ 77.161156][ T5946] __sys_socket+0xd7/0x1a0
[ 77.165590][ T5946] __x64_sys_socket+0x7a/0x90
[ 77.170616][ T5946] do_syscall_64+0x55/0xb0
[ 77.175312][ T5946] ------------[ cut here ]------------
[ 77.181305][ T5946] kernel BUG at include/linux/mm.h:1458!
[ 77.187502][ T5946] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[ 77.193577][ T5946] CPU: 0 PID: 5946 Comm: syz.3.20 Tainted: G B syzkaller #0
[ 77.202233][ T5946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 77.212290][ T5946] RIP: 0010:put_metapage+0x253/0x340
[ 77.217561][ T5946] Code: 38 c1 0f 8c 32 ff ff ff 4c 89 ef e8 07 1a dd fe e9 25 ff ff ff e8 5d ab 85 fe 48 8b 3c 24 48 c7 c6 00 f8 e3 8a e8 0d 80 c5 fe <0f> 0b f3 0f 1e fa 4c 8b 2c 24 4c 89 ee 48 81 e6 ff 0f 00 00 31 ff
[ 77.237151][ T5946] RSP: 0018:ffffc90003587560 EFLAGS: 00010246
[ 77.243205][ T5946] RAX: 803f9364bb11a000 RBX: ffff88807cab50f8 RCX: 803f9364bb11a000
[ 77.251164][ T5946] RDX: 0000000000000000 RSI: ffffffff8afc6f20 RDI: ffffffff8afc6ee0
[ 77.259118][ T5946] RBP: 000000000000007f R08: ffffffff8e4a8e2f R09: 1ffffffff1c951c5
[ 77.267069][ T5946] R10: dffffc0000000000 R11: fffffbfff1c951c6 R12: ffff88807cab5120
[ 77.275030][ T5946] R13: ffffea0001d6e2b4 R14: 1ffff1100f956a24 R15: 1ffff1100f956a31
[ 77.282991][ T5946] FS: 00007f1699e3d6c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
[ 77.291902][ T5946] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 77.298467][ T5946] CR2: 00007fbf4a163000 CR3: 0000000028bea000 CR4: 00000000003506f0
[ 77.306426][ T5946] Call Trace:
[ 77.309689][ T5946]
[ 77.312608][ T5946] txUnlock+0x427/0xcb0
[ 77.316811][ T5946] txCommit+0x4dbd/0x5250
[ 77.321126][ T5946] ? txLinelock+0x160/0x160
[ 77.325607][ T5946] ? do_raw_spin_unlock+0x121/0x230
[ 77.330793][ T5946] duplicateIXtree+0x293/0x480
[ 77.335540][ T5946] ? flush_metapage+0x40/0x40
[ 77.340224][ T5946] ? do_raw_spin_unlock+0x121/0x230
[ 77.345407][ T5946] ? _raw_spin_unlock+0x28/0x40
[ 77.350242][ T5946] ? txEnd+0x2a9/0x520
[ 77.354292][ T5946] diAllocAG+0x1795/0x1de0
[ 77.358696][ T5946] ? diNewExt+0x3120/0x3120
[ 77.363182][ T5946] ? dbNextAG+0x52e/0x640
[ 77.367493][ T5946] ? __lock_acquire+0x7c80/0x7c80
[ 77.372501][ T5946] diAlloc+0x1d5/0x1660
[ 77.376716][ T5946] ? do_raw_spin_unlock+0x121/0x230
[ 77.381901][ T5946] ? _raw_spin_unlock+0x28/0x40
[ 77.386735][ T5946] ? new_inode+0x19e/0x1b0
[ 77.391133][ T5946] ialloc+0x8c/0x950
[ 77.395008][ T5946] jfs_mkdir+0x191/0xa30
[ 77.399241][ T5946] ? jfs_symlink+0xe50/0xe50
[ 77.403822][ T5946] ? make_vfsuid+0x51/0xb0
[ 77.408224][ T5946] ? generic_permission+0x1f3/0x590
[ 77.413426][ T5946] ? inode_permission+0xf3/0x480
[ 77.418354][ T5946] ? bpf_lsm_inode_mkdir+0x9/0x10
[ 77.423357][ T5946] ? security_inode_mkdir+0xb7/0x100
[ 77.428627][ T5946] vfs_mkdir+0x296/0x440
[ 77.432852][ T5946] do_mkdirat+0x1d4/0x440
[ 77.437167][ T5946] ? vfs_mkdir+0x440/0x440
[ 77.441569][ T5946] __x64_sys_mkdirat+0x89/0xa0
[ 77.446317][ T5946] do_syscall_64+0x55/0xb0
[ 77.450718][ T5946] ? clear_bhb_loop+0x40/0x90
[ 77.455382][ T5946] ? clear_bhb_loop+0x40/0x90
[ 77.460037][ T5946] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 77.465908][ T5946] RIP: 0033:0x7f1698f8f749
[ 77.470306][ T5946] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 77.489902][ T5946] RSP: 002b:00007f1699e3d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[ 77.498311][ T5946] RAX: ffffffffffffffda RBX: 00007f16991e5fa0 RCX: 00007f1698f8f749
[ 77.506280][ T5946] RDX: 0000000000000000 RSI: 0000200000000840 RDI: ffffffffffffff9c
[ 77.514237][ T5946] RBP: 00007f1699013f91 R08: 0000000000000000 R09: 0000000000000000
[ 77.522191][ T5946] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 77.530165][ T5946] R13: 00007f16991e6038 R14: 00007f16991e5fa0 R15: 00007fff83350ba8
[ 77.538128][ T5946]
[ 77.541128][ T5946] Modules linked in:
[ 77.549122][ T5946] ---[ end trace 0000000000000000 ]---
[ 77.554607][ T5946] RIP: 0010:put_metapage+0x253/0x340
[ 77.556379][ T41] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 77.560255][ T5946] Code: 38 c1 0f 8c 32 ff ff ff 4c 89 ef e8 07 1a dd fe e9 25 ff ff ff e8 5d ab 85 fe 48 8b 3c 24 48 c7 c6 00 f8 e3 8a e8 0d 80 c5 fe <0f> 0b f3 0f 1e fa 4c 8b 2c 24 4c 89 ee 48 81 e6 ff 0f 00 00 31 ff
[ 77.560270][ T5946] RSP: 0018:ffffc90003587560 EFLAGS: 00010246
[ 77.597295][ T5946] RAX: 803f9364bb11a000 RBX: ffff88807cab50f8 RCX: 803f9364bb11a000
[ 77.605304][ T5946] RDX: 0000000000000000 RSI: ffffffff8afc6f20 RDI: ffffffff8afc6ee0
[ 77.613643][ T5946] RBP: 000000000000007f R08: ffffffff8e4a8e2f R09: 1ffffffff1c951c5
[ 77.621732][ T5946] R10: dffffc0000000000 R11: fffffbfff1c951c6 R12: ffff88807cab5120
[ 77.630409][ T5946] R13: ffffea0001d6e2b4 R14: 1ffff1100f956a24 R15: 1ffff1100f956a31
[ 77.638503][ T5946] FS: 00007f1699e3d6c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
[ 77.647479][ T5946] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 77.654080][ T5946] CR2: 00007fbf4a163000 CR3: 0000000028bea000 CR4: 00000000003506f0
[ 77.662706][ T5946] Kernel panic - not syncing: Fatal exception
[ 77.669031][ T5946] Kernel Offset: disabled
[ 77.673341][ T5946] Rebooting in 86400 seconds..