Warning: Permanently added '[localhost]:51621' (ED25519) to the list of known hosts.
2026/01/12 21:55:13 parsed 1 programs
syzkaller login: [ 83.444003][ T5333] cgroup: Unknown subsys name 'net'
[ 83.514169][ T5333] cgroup: Unknown subsys name 'cpuset'
[ 83.520174][ T5333] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 85.266049][ T5333] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 85.992203][ T79] ODEBUG: Out of memory. ODEBUG disabled
[ 90.775630][ T5348] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 91.530216][ T948] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 91.533971][ T948] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 91.586082][ T948] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 91.589818][ T948] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 91.806578][ T785] cfg80211: failed to load regulatory.db
[ 93.790895][ T5382] chnl_net:caif_netlink_parms(): no params data found
[ 93.951457][ T5382] bridge0: port 1(bridge_slave_0) entered blocking state
[ 93.955464][ T5382] bridge0: port 1(bridge_slave_0) entered disabled state
[ 93.959072][ T5382] bridge_slave_0: entered allmulticast mode
[ 93.968587][ T5382] bridge_slave_0: entered promiscuous mode
[ 93.979601][ T5382] bridge0: port 2(bridge_slave_1) entered blocking state
[ 93.982846][ T5382] bridge0: port 2(bridge_slave_1) entered disabled state
[ 93.986084][ T5382] bridge_slave_1: entered allmulticast mode
[ 94.000262][ T5382] bridge_slave_1: entered promiscuous mode
[ 94.050772][ T5382] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 94.070216][ T5382] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 94.109750][ T5382] team0: Port device team_slave_0 added
[ 94.120126][ T5382] team0: Port device team_slave_1 added
[ 94.163771][ T5382] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 94.166756][ T5382] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 94.188792][ T5382] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 94.208641][ T5382] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 94.211530][ T5382] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 94.228671][ T5382] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 94.297115][ T5382] hsr_slave_0: entered promiscuous mode
[ 94.309485][ T5382] hsr_slave_1: entered promiscuous mode
[ 94.466219][ T5382] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 94.474009][ T5382] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 94.479633][ T5382] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 94.485814][ T5382] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 94.507538][ T5382] bridge0: port 2(bridge_slave_1) entered blocking state
[ 94.510524][ T5382] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 94.513965][ T5382] bridge0: port 1(bridge_slave_0) entered blocking state
[ 94.517198][ T5382] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 94.567651][ T5382] 8021q: adding VLAN 0 to HW filter on device bond0
[ 94.579906][ T948] bridge0: port 1(bridge_slave_0) entered disabled state
[ 94.584479][ T948] bridge0: port 2(bridge_slave_1) entered disabled state
[ 94.595539][ T5382] 8021q: adding VLAN 0 to HW filter on device team0
[ 94.603194][ T948] bridge0: port 1(bridge_slave_0) entered blocking state
[ 94.606455][ T948] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 94.615300][ T948] bridge0: port 2(bridge_slave_1) entered blocking state
[ 94.618429][ T948] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 94.776274][ T5382] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 94.814339][ T5382] veth0_vlan: entered promiscuous mode
[ 94.824735][ T5382] veth1_vlan: entered promiscuous mode
[ 94.854978][ T5382] veth0_macvtap: entered promiscuous mode
[ 94.863556][ T5382] veth1_macvtap: entered promiscuous mode
[ 94.878176][ T5382] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 94.890810][ T5382] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 94.902046][ T948] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 94.912605][ T948] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 94.916522][ T948] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 94.934467][ T948] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 95.200332][ T4687] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 95.204810][ T4687] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 95.207807][ T4687] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 95.211787][ T4687] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 95.215212][ T4687] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 95.234530][ T3656] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 95.303029][ T3656] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 95.349778][ T3656] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 95.411106][ T3656] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 97.824647][ T3656] bridge_slave_1: left allmulticast mode
[ 97.827158][ T3656] bridge_slave_1: left promiscuous mode
[ 97.859679][ T3656] bridge0: port 2(bridge_slave_1) entered disabled state
[ 97.874486][ T3656] bridge_slave_0: left allmulticast mode
[ 97.876784][ T3656] bridge_slave_0: left promiscuous mode
[ 97.899824][ T3656] bridge0: port 1(bridge_slave_0) entered disabled state
[ 98.429144][ T3656] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 98.441578][ T3656] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 98.446211][ T3656] bond0 (unregistering): Released all slaves
[ 98.541871][ T3656] hsr_slave_0: left promiscuous mode
[ 98.544721][ T3656] hsr_slave_1: left promiscuous mode
[ 98.556927][ T3656] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 98.574064][ T3656] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 98.583006][ T3656] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 98.585935][ T3656] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 98.624666][ T3656] veth1_macvtap: left promiscuous mode
[ 98.627500][ T3656] veth0_macvtap: left promiscuous mode
[ 98.644196][ T3656] veth1_vlan: left promiscuous mode
[ 98.646808][ T3656] veth0_vlan: left promiscuous mode
[ 99.122796][ T3656] team0 (unregistering): Port device team_slave_1 removed
[ 99.151139][ T3656] team0 (unregistering): Port device team_slave_0 removed
2026/01/12 21:55:33 executed programs: 0
[ 101.145231][ T47] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 101.149288][ T47] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 101.152482][ T47] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 101.155995][ T47] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 101.159802][ T47] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 101.334900][ T5476] chnl_net:caif_netlink_parms(): no params data found
[ 101.429689][ T5476] bridge0: port 1(bridge_slave_0) entered blocking state
[ 101.432820][ T5476] bridge0: port 1(bridge_slave_0) entered disabled state
[ 101.436015][ T5476] bridge_slave_0: entered allmulticast mode
[ 101.440316][ T5476] bridge_slave_0: entered promiscuous mode
[ 101.444818][ T5476] bridge0: port 2(bridge_slave_1) entered blocking state
[ 101.448007][ T5476] bridge0: port 2(bridge_slave_1) entered disabled state
[ 101.451390][ T5476] bridge_slave_1: entered allmulticast mode
[ 101.455208][ T5476] bridge_slave_1: entered promiscuous mode
[ 101.479779][ T5476] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 101.485860][ T5476] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 101.507294][ T5476] team0: Port device team_slave_0 added
[ 101.511800][ T5476] team0: Port device team_slave_1 added
[ 101.532983][ T5476] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 101.536682][ T5476] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 101.548995][ T5476] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 101.556106][ T5476] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 101.559617][ T5476] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 101.571453][ T5476] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 101.602677][ T5476] hsr_slave_0: entered promiscuous mode
[ 101.605866][ T5476] hsr_slave_1: entered promiscuous mode
[ 102.111834][ T5476] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 102.132457][ T5476] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 102.152812][ T5476] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 102.173356][ T5476] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 102.210817][ T5476] bridge0: port 2(bridge_slave_1) entered blocking state
[ 102.214129][ T5476] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 102.217569][ T5476] bridge0: port 1(bridge_slave_0) entered blocking state
[ 102.220724][ T5476] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 102.322625][ T5476] 8021q: adding VLAN 0 to HW filter on device bond0
[ 102.345668][ T77] bridge0: port 1(bridge_slave_0) entered disabled state
[ 102.350323][ T77] bridge0: port 2(bridge_slave_1) entered disabled state
[ 102.371250][ T5476] 8021q: adding VLAN 0 to HW filter on device team0
[ 102.390241][ T948] bridge0: port 1(bridge_slave_0) entered blocking state
[ 102.393313][ T948] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 102.412536][ T948] bridge0: port 2(bridge_slave_1) entered blocking state
[ 102.415645][ T948] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 102.729637][ T5476] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 102.790531][ T5476] veth0_vlan: entered promiscuous mode
[ 102.808597][ T5476] veth1_vlan: entered promiscuous mode
[ 102.858840][ T5476] veth0_macvtap: entered promiscuous mode
[ 102.863631][ T5476] veth1_macvtap: entered promiscuous mode
[ 102.885548][ T5476] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 102.902602][ T5476] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 102.931913][ T3469] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 102.946097][ T3469] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 102.961742][ T3469] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 102.965655][ T3469] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 103.034076][ T3656] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 103.037510][ T3656] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 103.092169][ T3656] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 103.095426][ T3656] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 103.240789][ T47] Bluetooth: hci0: command tx timeout
[ 103.614190][ T5522] loop0: detected capacity change from 0 to 32768
[ 103.727255][ T5522] XFS (loop0): Mounting V5 Filesystem ca7e2101-b8f1-4838-8e2d-7637b90620e6
[ 103.782557][ T5522] XFS (loop0): Log size 624 blocks too small, minimum size is 816 blocks
[ 103.795046][ T5522] XFS (loop0): AAIEEE! Log failed size checks. Abort!
[ 103.806000][ T5522] XFS (loop0): log mount failed
[ 104.033094][ T5522] loop0: detected capacity change from 0 to 128
[ 104.061719][ T5522] =======================================================
[ 104.061719][ T5522] WARNING: The mand mount option has been deprecated and
[ 104.061719][ T5522] and is ignored by this kernel. Remove the mand
[ 104.061719][ T5522] option from the mount to silence this warning.
[ 104.061719][ T5522] =======================================================
[ 104.113591][ T5522] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[ 104.125628][ T5522] hpfs: filesystem error: improperly stopped
[ 104.130823][ T5522] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[ 104.134083][ T5522] hpfs: You really don't want any checks? You are crazy...
[ 104.141453][ T5522] hpfs: hpfs_map_sector(): read error
[ 104.144311][ T5522] hpfs: code page support is disabled
[ 104.147657][ T5522] hpfs: filesystem error: map_dirent: not a directory
[ 104.151403][ T5522]
[ 104.152511][ T5522] hpfs: hpfs_map_4sectors(): unaligned read
[ 104.154855][ T5522] hpfs: filesystem error: unable to find root dir
[ 104.164526][ T5522] ==================================================================
[ 104.168040][ T5522] BUG: KASAN: use-after-free in hpfs_bplus_lookup+0x4dc/0x860
[ 104.171362][ T5522] Read of size 4 at addr ffff8880542b2004 by task syz.0.17/5522
[ 104.175589][ T5522]
[ 104.176728][ T5522] CPU: 0 UID: 0 PID: 5522 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)
[ 104.176742][ T5522] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 104.176748][ T5522] Call Trace:
[ 104.176756][ T5522]
[ 104.176762][ T5522] dump_stack_lvl+0xe8/0x150
[ 104.176780][ T5522] print_report+0xca/0x240
[ 104.176791][ T5522] ? hpfs_bplus_lookup+0x4dc/0x860
[ 104.176802][ T5522] kasan_report+0x118/0x150
[ 104.176813][ T5522] ? hpfs_bplus_lookup+0x4dc/0x860
[ 104.176824][ T5522] hpfs_bplus_lookup+0x4dc/0x860
[ 104.176837][ T5522] ? __pfx_hpfs_bplus_lookup+0x10/0x10
[ 104.176847][ T5522] ? hpfs_get_block+0x98/0x6e0
[ 104.176860][ T5522] hpfs_bmap+0x22a/0x4d0
[ 104.176872][ T5522] ? __pfx_hpfs_bmap+0x10/0x10
[ 104.176884][ T5522] ? __page_table_check_zero+0x6a/0x3e0
[ 104.176898][ T5522] hpfs_get_block+0xa8/0x6e0
[ 104.176911][ T5522] do_mpage_readpage+0x822/0x1990
[ 104.176928][ T5522] mpage_readahead+0x3b0/0x790
[ 104.176945][ T5522] ? __pfx_mpage_readahead+0x10/0x10
[ 104.176957][ T5522] ? __pfx_hpfs_get_block+0x10/0x10
[ 104.176970][ T5522] ? blk_start_plug+0x6f/0x1b0
[ 104.176981][ T5522] read_pages+0x17a/0x580
[ 104.176996][ T5522] ? __pfx_read_pages+0x10/0x10
[ 104.177010][ T5522] ? filemap_add_folio+0x35f/0x540
[ 104.177023][ T5522] page_cache_ra_unbounded+0x750/0x990
[ 104.177040][ T5522] filemap_get_pages+0x468/0x1dc0
[ 104.177053][ T5522] ? __lock_acquire+0x6b6/0x2cf0
[ 104.177067][ T5522] ? __pfx_filemap_get_pages+0x10/0x10
[ 104.177081][ T5522] ? unwind_next_frame+0xa5/0x23d0
[ 104.177096][ T5522] filemap_read+0x3f6/0x11a0
[ 104.177110][ T5522] ? kernel_text_address+0xa5/0xe0
[ 104.177124][ T5522] ? __kernel_text_address+0xd/0x40
[ 104.177137][ T5522] ? __pfx_filemap_read+0x10/0x10
[ 104.177155][ T5522] ? generic_file_read_iter+0x8f/0x510
[ 104.177167][ T5522] ? __asan_memset+0x22/0x50
[ 104.177180][ T5522] ? iov_iter_kvec+0xb8/0x180
[ 104.177188][ T5522] __kernel_read+0x4cf/0x960
[ 104.177203][ T5522] ? __pfx___kernel_read+0x10/0x10
[ 104.177221][ T5522] integrity_kernel_read+0x89/0xd0
[ 104.177233][ T5522] ? __pfx_integrity_kernel_read+0x10/0x10
[ 104.177243][ T5522] ? __kmalloc_cache_noprof+0x3e2/0x700
[ 104.177255][ T5522] ? ima_calc_file_hash+0x820/0x16f0
[ 104.177263][ T5522] ? __asan_memcpy+0x40/0x70
[ 104.177272][ T5522] ima_calc_file_hash+0x85e/0x16f0
[ 104.177281][ T5522] ? unwind_next_frame+0xa5/0x23d0
[ 104.177289][ T5522] ? __pfx_ima_calc_file_hash+0x10/0x10
[ 104.177302][ T5522] ? arch_stack_walk+0xfc/0x150
[ 104.177310][ T5522] ? look_up_lock_class+0x57/0x110
[ 104.177358][ T5522] ? register_lock_class+0x31/0x2e0
[ 104.177364][ T5522] ? __lock_acquire+0x6b6/0x2cf0
[ 104.177370][ T5522] ? make_vfsgid+0x49/0xa0
[ 104.177379][ T5522] ? generic_fillattr+0x63d/0x9a0
[ 104.177387][ T5522] ima_collect_measurement+0x428/0x8f0
[ 104.177398][ T5522] ? __pfx_ima_collect_measurement+0x10/0x10
[ 104.177408][ T5522] ? trace_contention_end+0x39/0x100
[ 104.177416][ T5522] ? __mutex_lock+0x335/0x1350
[ 104.177426][ T5522] ? __pfx_ima_get_hash_algo+0x10/0x10
[ 104.177435][ T5522] process_measurement+0x111e/0x1a70
[ 104.177445][ T5522] ? __pfx_process_measurement+0x10/0x10
[ 104.177453][ T5522] ? tomoyo_check_open_permission+0x325/0x3b0
[ 104.177464][ T5522] ? tomoyo_check_open_permission+0x16a/0x3b0
[ 104.177479][ T5522] ima_file_check+0xd9/0x130
[ 104.177488][ T5522] ? __pfx_ima_file_check+0x10/0x10
[ 104.177497][ T5522] security_file_post_open+0xbb/0x290
[ 104.177507][ T5522] path_openat+0x3456/0x3dd0
[ 104.177518][ T5522] ? __pfx_stack_trace_save+0x10/0x10
[ 104.177530][ T5522] ? kmem_cache_alloc_noprof+0x37d/0x710
[ 104.177537][ T5522] ? getname_flags+0xb8/0x540
[ 104.177543][ T5522] ? __pfx_path_openat+0x10/0x10
[ 104.177551][ T5522] ? __lock_acquire+0x6b6/0x2cf0
[ 104.177559][ T5522] do_filp_open+0x1fa/0x410
[ 104.177567][ T5522] ? __pfx_do_filp_open+0x10/0x10
[ 104.177578][ T5522] ? _raw_spin_unlock+0x28/0x50
[ 104.177586][ T5522] ? alloc_fd+0x64c/0x6c0
[ 104.177594][ T5522] do_sys_openat2+0x121/0x200
[ 104.177601][ T5522] ? __se_sys_futex+0x36f/0x400
[ 104.177608][ T5522] ? __pfx_do_sys_openat2+0x10/0x10
[ 104.177614][ T5522] ? exc_page_fault+0x71/0xd0
[ 104.177623][ T5522] ? __pfx___se_sys_futex+0x10/0x10
[ 104.177631][ T5522] __x64_sys_openat+0x138/0x170
[ 104.177639][ T5522] do_syscall_64+0xec/0xf80
[ 104.177645][ T5522] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 104.177652][ T5522] ? trace_irq_disable+0x37/0x100
[ 104.177660][ T5522] ? clear_bhb_loop+0x60/0xb0
[ 104.177666][ T5522] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 104.177673][ T5522] RIP: 0033:0x7f3531d8f7c9
[ 104.177682][ T5522] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 104.177688][ T5522] RSP: 002b:00007ffddd0e1878 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 104.177696][ T5522] RAX: ffffffffffffffda RBX: 00007f3531fe5fa0 RCX: 00007f3531d8f7c9
[ 104.177701][ T5522] RDX: 0000000000000000 RSI: 0000200000004280 RDI: ffffffffffffff9c
[ 104.177705][ T5522] RBP: 00007f3531e13f91 R08: 0000000000000000 R09: 0000000000000000
[ 104.177709][ T5522] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 104.177714][ T5522] R13: 00007f3531fe5fa0 R14: 00007f3531fe5fa0 R15: 0000000000000004
[ 104.177724][ T5522]
[ 104.177727][ T5522]
[ 104.383149][ T5522] The buggy address belongs to the physical page:
[ 104.385464][ T5522] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x1cc pfn:0x542b2
[ 104.388923][ T5522] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[ 104.391770][ T5522] page_type: f0(buddy)
[ 104.393393][ T5522] raw: 04fff00000000000 ffffea000150a708 ffffea0001578c88 0000000000000000
[ 104.397112][ T5522] raw: 00000000000001cc 0000000000000001 00000000f0000000 0000000000000000
[ 104.400934][ T5522] page dumped because: kasan: bad access detected
[ 104.403787][ T5522] page_owner tracks the page as freed
[ 104.406149][ T5522] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 5533, tgid 5533 (rm), ts 103711309142, free_ts 103747002555
[ 104.413622][ T5522] post_alloc_hook+0x234/0x290
[ 104.415762][ T5522] get_page_from_freelist+0x24e0/0x2580
[ 104.418190][ T5522] __alloc_frozen_pages_noprof+0x181/0x370
[ 104.420766][ T5522] alloc_pages_mpol+0x232/0x4a0
[ 104.422889][ T5522] vma_alloc_folio_noprof+0xe4/0x200
[ 104.425251][ T5522] folio_prealloc+0x30/0x180
[ 104.427343][ T5522] do_wp_page+0x1231/0x5810
[ 104.429426][ T5522] handle_mm_fault+0x14c5/0x32b0
[ 104.431620][ T5522] do_user_addr_fault+0xa7c/0x1380
[ 104.433883][ T5522] exc_page_fault+0x71/0xd0
[ 104.435926][ T5522] asm_exc_page_fault+0x26/0x30
[ 104.437995][ T5522] page last free pid 5434 tgid 5434 stack trace:
[ 104.440769][ T5522] free_unref_folios+0xdb3/0x14f0
[ 104.442770][ T5522] folios_put_refs+0x584/0x670
[ 104.444834][ T5522] folio_batch_move_lru+0x39b/0x420
[ 104.446937][ T5522] lru_add_drain_cpu+0xb8/0x7b0
[ 104.449054][ T5522] lru_add_drain+0x122/0x3e0
[ 104.450858][ T5522] __folio_batch_release+0x48/0x90
[ 104.452789][ T5522] shmem_undo_range+0x49e/0x1490
[ 104.454699][ T5522] shmem_evict_inode+0x26e/0xa70
[ 104.456720][ T5522] evict+0x5f4/0xae0
[ 104.458372][ T5522] __dentry_kill+0x209/0x660
[ 104.460192][ T5522] finish_dput+0xc9/0x480
[ 104.462102][ T5522] do_renameat2+0x604/0x8e0
[ 104.464146][ T5522] __x64_sys_rename+0x82/0x90
[ 104.466204][ T5522] do_syscall_64+0xec/0xf80
[ 104.468317][ T5522] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 104.471376][ T5522]
[ 104.472757][ T5522] Memory state around the buggy address:
[ 104.475324][ T5522] ffff8880542b1f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 104.479003][ T5522] ffff8880542b1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 104.482540][ T5522] >ffff8880542b2000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 104.485965][ T5522] ^
[ 104.487811][ T5522] ffff8880542b2080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 104.491529][ T5522] ffff8880542b2100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 104.495271][ T5522] ==================================================================
[ 104.570555][ T5522] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 104.573859][ T5522] CPU: 0 UID: 0 PID: 5522 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)
[ 104.577860][ T5522] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 104.582324][ T5522] Call Trace:
[ 104.583825][ T5522]
[ 104.585187][ T5522] vpanic+0x1e0/0x670
[ 104.586982][ T5522] panic+0xb9/0xc0
[ 104.588659][ T5522] ? __pfx_panic+0x10/0x10
[ 104.590614][ T5522] ? preempt_schedule_thunk+0x16/0x30
[ 104.593021][ T5522] ? hpfs_bplus_lookup+0x4dc/0x860
[ 104.595211][ T5522] check_panic_on_warn+0x89/0xb0
[ 104.597392][ T5522] ? hpfs_bplus_lookup+0x4dc/0x860
[ 104.599600][ T5522] end_report+0x6f/0x140
[ 104.601474][ T5522] kasan_report+0x129/0x150
[ 104.603440][ T5522] ? hpfs_bplus_lookup+0x4dc/0x860
[ 104.605716][ T5522] hpfs_bplus_lookup+0x4dc/0x860
[ 104.607888][ T5522] ? __pfx_hpfs_bplus_lookup+0x10/0x10
[ 104.610311][ T5522] ? hpfs_get_block+0x98/0x6e0
[ 104.612440][ T5522] hpfs_bmap+0x22a/0x4d0
[ 104.614347][ T5522] ? __pfx_hpfs_bmap+0x10/0x10
[ 104.616526][ T5522] ? __page_table_check_zero+0x6a/0x3e0
[ 104.619015][ T5522] hpfs_get_block+0xa8/0x6e0
[ 104.621206][ T5522] do_mpage_readpage+0x822/0x1990
[ 104.623952][ T5522] mpage_readahead+0x3b0/0x790
[ 104.626555][ T5522] ? __pfx_mpage_readahead+0x10/0x10
[ 104.629350][ T5522] ? __pfx_hpfs_get_block+0x10/0x10
[ 104.632204][ T5522] ? blk_start_plug+0x6f/0x1b0
[ 104.634665][ T5522] read_pages+0x17a/0x580
[ 104.636951][ T5522] ? __pfx_read_pages+0x10/0x10
[ 104.639041][ T5522] ? filemap_add_folio+0x35f/0x540
[ 104.641310][ T5522] page_cache_ra_unbounded+0x750/0x990
[ 104.643726][ T5522] filemap_get_pages+0x468/0x1dc0
[ 104.645941][ T5522] ? __lock_acquire+0x6b6/0x2cf0
[ 104.648124][ T5522] ? __pfx_filemap_get_pages+0x10/0x10
[ 104.650372][ T5522] ? unwind_next_frame+0xa5/0x23d0
[ 104.652463][ T5522] filemap_read+0x3f6/0x11a0
[ 104.654096][ T5522] ? kernel_text_address+0xa5/0xe0
[ 104.656115][ T5522] ? __kernel_text_address+0xd/0x40
[ 104.658216][ T5522] ? __pfx_filemap_read+0x10/0x10
[ 104.660149][ T5522] ? generic_file_read_iter+0x8f/0x510
[ 104.662199][ T5522] ? __asan_memset+0x22/0x50
[ 104.664078][ T5522] ? iov_iter_kvec+0xb8/0x180
[ 104.665774][ T5522] __kernel_read+0x4cf/0x960
[ 104.667579][ T5522] ? __pfx___kernel_read+0x10/0x10
[ 104.669470][ T5522] integrity_kernel_read+0x89/0xd0
[ 104.671435][ T5522] ? __pfx_integrity_kernel_read+0x10/0x10
[ 104.673771][ T5522] ? __kmalloc_cache_noprof+0x3e2/0x700
[ 104.676104][ T5522] ? ima_calc_file_hash+0x820/0x16f0
[ 104.678380][ T5522] ? __asan_memcpy+0x40/0x70
[ 104.680179][ T5522] ima_calc_file_hash+0x85e/0x16f0
[ 104.682245][ T5522] ? unwind_next_frame+0xa5/0x23d0
[ 104.684482][ T5522] ? __pfx_ima_calc_file_hash+0x10/0x10
[ 104.686890][ T5522] ? arch_stack_walk+0xfc/0x150
[ 104.689042][ T5522] ? look_up_lock_class+0x57/0x110
[ 104.691288][ T5522] ? register_lock_class+0x31/0x2e0
[ 104.693635][ T5522] ? __lock_acquire+0x6b6/0x2cf0
[ 104.695901][ T5522] ? make_vfsgid+0x49/0xa0
[ 104.697896][ T5522] ? generic_fillattr+0x63d/0x9a0
[ 104.700055][ T5522] ima_collect_measurement+0x428/0x8f0
[ 104.702372][ T5522] ? __pfx_ima_collect_measurement+0x10/0x10
[ 104.704829][ T5522] ? trace_contention_end+0x39/0x100
[ 104.706639][ T5522] ? __mutex_lock+0x335/0x1350
[ 104.708369][ T5522] ? __pfx_ima_get_hash_algo+0x10/0x10
[ 104.710421][ T5522] process_measurement+0x111e/0x1a70
[ 104.712351][ T5522] ? __pfx_process_measurement+0x10/0x10
[ 104.714315][ T5522] ? tomoyo_check_open_permission+0x325/0x3b0
[ 104.716391][ T5522] ? tomoyo_check_open_permission+0x16a/0x3b0
[ 104.718380][ T5522] ima_file_check+0xd9/0x130
[ 104.720319][ T5522] ? __pfx_ima_file_check+0x10/0x10
[ 104.722350][ T5522] security_file_post_open+0xbb/0x290
[ 104.724820][ T5522] path_openat+0x3456/0x3dd0
[ 104.726841][ T5522] ? __pfx_stack_trace_save+0x10/0x10
[ 104.729238][ T5522] ? kmem_cache_alloc_noprof+0x37d/0x710
[ 104.731683][ T5522] ? getname_flags+0xb8/0x540
[ 104.733921][ T5522] ? __pfx_path_openat+0x10/0x10
[ 104.736100][ T5522] ? __lock_acquire+0x6b6/0x2cf0
[ 104.738465][ T5522] do_filp_open+0x1fa/0x410
[ 104.740572][ T5522] ? __pfx_do_filp_open+0x10/0x10
[ 104.742753][ T5522] ? _raw_spin_unlock+0x28/0x50
[ 104.744975][ T5522] ? alloc_fd+0x64c/0x6c0
[ 104.746880][ T5522] do_sys_openat2+0x121/0x200
[ 104.749051][ T5522] ? __se_sys_futex+0x36f/0x400
[ 104.751187][ T5522] ? __pfx_do_sys_openat2+0x10/0x10
[ 104.753445][ T5522] ? exc_page_fault+0x71/0xd0
[ 104.755531][ T5522] ? __pfx___se_sys_futex+0x10/0x10
[ 104.757810][ T5522] __x64_sys_openat+0x138/0x170
[ 104.760066][ T5522] do_syscall_64+0xec/0xf80
[ 104.762187][ T5522] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 104.764850][ T5522] ? trace_irq_disable+0x37/0x100
[ 104.767249][ T5522] ? clear_bhb_loop+0x60/0xb0
[ 104.769431][ T5522] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 104.772016][ T5522] RIP: 0033:0x7f3531d8f7c9
[ 104.773918][ T5522] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 104.782342][ T5522] RSP: 002b:00007ffddd0e1878 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 104.785830][ T5522] RAX: ffffffffffffffda RBX: 00007f3531fe5fa0 RCX: 00007f3531d8f7c9
[ 104.788938][ T5522] RDX: 0000000000000000 RSI: 0000200000004280 RDI: ffffffffffffff9c
[ 104.791748][ T5522] RBP: 00007f3531e13f91 R08: 0000000000000000 R09: 0000000000000000
[ 104.794622][ T5522] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 104.797481][ T5522] R13: 00007f3531fe5fa0 R14: 00007f3531fe5fa0 R15: 0000000000000004
[ 104.800693][ T5522]
[ 104.802383][ T5522] Kernel Offset: disabled
[ 104.804244][ T5522] Rebooting in 86400 seconds..
VM DIAGNOSIS:
21:55:36 Registers:
info registers vcpu 0
CPU#0
RAX=0000000000000073 RBX=0000000000000073 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc90002a25990
R8 =ffff888033f30237 R9 =1ffff110067e6046 R10=dffffc0000000000 R11=ffffffff851bb760
R12=dffffc0000000000 R13=ffffffff99900a00 R14=ffffffff99c156c0 R15=0000000000000000
RIP=ffffffff851bb7dc RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000555593da9500 ffffffff 00c00000
GS =0000 ffff88808d414000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=0000200000004280 CR3=0000000036fcb000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000008 Opmask01=0000000000000014 Opmask02=00000000000000ff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffddd0e0de0 00007ffddd0e0dc0
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffddd0e0f20 00007ffddd0e0da0
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffddd0e0de0
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffddd0e0f20
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffddd0e0f20 00007ffddd0e0da0
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffddd0e0de0 00007ffddd0e0dc0
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3531e150f1
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3531e151cf
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 eefe5ddfcbbbf977 7f2eefe5ddfcbbbf 9777f2eefe5ddfcb bbf9770073667068
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 598cfa3495246ec9 d339a8c0a489e30f af1d9f583c0bedea 00040009000a0008
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6f6e3d6b63656863 2c736973613d6573 61632c6f6e3d7361 652c6f6e3d736165
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4ae47909766ebd5e dc1a7503e60a54f0 f135a227dca5d0b5 eee147e26ade8c39
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 37b7163b7bfd9638 9ef370f65611955f 51c884b60ce29a8e b6138c1932c37eb0
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 e05ab850c7023446 6d2683ce3a8abd33 4c33e4b22795c6c1 cc8fafa1526be8e5
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 585f793ca9bd08c0 741b53e7434b5e33 2536fafae850e18d df89a6063f5cc80c
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000