Warning: Permanently added '[localhost]:10806' (ED25519) to the list of known hosts.
2025/11/07 13:02:14 parsed 1 programs
syzkaller login: [   91.537325][ T5311] cgroup: Unknown subsys name 'net'
[   91.605896][ T5311] cgroup: Unknown subsys name 'cpuset'
[   91.612886][ T5311] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   92.248320][   T10] cfg80211: failed to load regulatory.db
[   93.376820][ T5311] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   97.453573][ T5325] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   98.746718][ T5341] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   98.754457][ T5341] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   98.759135][ T5341] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   98.766040][ T5341] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   98.769725][ T5341] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  103.235998][ T5385] chnl_net:caif_netlink_parms(): no params data found
[  103.377268][ T5385] bridge0: port 1(bridge_slave_0) entered blocking state
[  103.381335][ T5385] bridge0: port 1(bridge_slave_0) entered disabled state
[  103.384637][ T5385] bridge_slave_0: entered allmulticast mode
[  103.401768][ T5385] bridge_slave_0: entered promiscuous mode
[  103.412853][ T5385] bridge0: port 2(bridge_slave_1) entered blocking state
[  103.415864][ T5385] bridge0: port 2(bridge_slave_1) entered disabled state
[  103.419116][ T5385] bridge_slave_1: entered allmulticast mode
[  103.433401][ T5385] bridge_slave_1: entered promiscuous mode
[  103.483323][ T5385] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  103.489628][ T5385] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  103.541299][ T5385] team0: Port device team_slave_0 added
[  103.545948][ T5385] team0: Port device team_slave_1 added
[  103.570669][ T5385] batman_adv: batadv0: Adding interface: batadv_slave_0
[  103.574085][ T5385] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  103.586738][ T5385] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  103.594406][ T5385] batman_adv: batadv0: Adding interface: batadv_slave_1
[  103.597213][ T5385] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  103.608401][ T5385] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  103.642720][ T5385] hsr_slave_0: entered promiscuous mode
[  103.646136][ T5385] hsr_slave_1: entered promiscuous mode
[  103.830152][ T5385] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  103.843778][ T5385] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  103.851023][ T5385] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  103.859668][ T5385] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  103.898408][ T5385] bridge0: port 2(bridge_slave_1) entered blocking state
[  103.902292][ T5385] bridge0: port 2(bridge_slave_1) entered forwarding state
[  103.907315][ T5385] bridge0: port 1(bridge_slave_0) entered blocking state
[  103.910743][ T5385] bridge0: port 1(bridge_slave_0) entered forwarding state
[  103.923412][  T134] bridge0: port 1(bridge_slave_0) entered disabled state
[  103.927998][  T134] bridge0: port 2(bridge_slave_1) entered disabled state
[  103.986236][ T5385] 8021q: adding VLAN 0 to HW filter on device bond0
[  104.009111][ T5385] 8021q: adding VLAN 0 to HW filter on device team0
[  104.019519][  T134] bridge0: port 1(bridge_slave_0) entered blocking state
[  104.022621][  T134] bridge0: port 1(bridge_slave_0) entered forwarding state
[  104.033492][  T134] bridge0: port 2(bridge_slave_1) entered blocking state
[  104.036685][  T134] bridge0: port 2(bridge_slave_1) entered forwarding state
[  104.234191][ T5385] 8021q: adding VLAN 0 to HW filter on device batadv0
[  104.276037][ T5385] veth0_vlan: entered promiscuous mode
[  104.286027][ T5385] veth1_vlan: entered promiscuous mode
[  104.314725][ T5385] veth0_macvtap: entered promiscuous mode
[  104.330004][ T5385] veth1_macvtap: entered promiscuous mode
[  104.347340][ T5385] batman_adv: batadv0: Interface activated: batadv_slave_0
[  104.359573][ T5385] batman_adv: batadv0: Interface activated: batadv_slave_1
[  104.375535][ T1039] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  104.390527][ T1039] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  104.405567][ T1039] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  104.409542][ T1039] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  104.545291][ T5385] syz-executor (5385) used greatest stack depth: 19736 bytes left
[  104.570397][ T3029] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  104.615939][ T3029] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  104.660063][ T3029] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  104.696836][ T3029] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  104.956678][ T1039] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  104.960328][ T1039] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  105.033042][  T134] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  105.037338][  T134] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/11/07 13:02:30 executed programs: 0
[  105.909993][ T4666] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  105.924128][ T4666] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  105.928710][ T4666] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  105.932831][ T4666] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  105.936558][ T4666] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  106.209582][ T5421] chnl_net:caif_netlink_parms(): no params data found
[  106.330674][ T5421] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.334125][ T5421] bridge0: port 1(bridge_slave_0) entered disabled state
[  106.337328][ T5421] bridge_slave_0: entered allmulticast mode
[  106.353228][ T5421] bridge_slave_0: entered promiscuous mode
[  106.362637][ T5421] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.365961][ T5421] bridge0: port 2(bridge_slave_1) entered disabled state
[  106.369121][ T5421] bridge_slave_1: entered allmulticast mode
[  106.384874][ T5421] bridge_slave_1: entered promiscuous mode
[  106.458290][ T5421] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  106.487904][ T5421] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  106.564597][ T5421] team0: Port device team_slave_0 added
[  106.569982][ T5421] team0: Port device team_slave_1 added
[  106.619297][ T5421] batman_adv: batadv0: Adding interface: batadv_slave_0
[  106.623165][ T5421] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  106.635427][ T5421] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  106.643275][ T5421] batman_adv: batadv0: Adding interface: batadv_slave_1
[  106.646709][ T5421] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  106.658180][ T5421] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  106.694387][ T5421] hsr_slave_0: entered promiscuous mode
[  106.697869][ T5421] hsr_slave_1: entered promiscuous mode
[  106.703626][ T5421] debugfs: 'hsr0' already exists in 'hsr'
[  106.706048][ T5421] Cannot create hsr debugfs directory
[  107.292821][ T3029] bridge_slave_1: left allmulticast mode
[  107.295640][ T3029] bridge_slave_1: left promiscuous mode
[  107.299095][ T3029] bridge0: port 2(bridge_slave_1) entered disabled state
[  107.333089][ T3029] bridge_slave_0: left allmulticast mode
[  107.335502][ T3029] bridge_slave_0: left promiscuous mode
[  107.338176][ T3029] bridge0: port 1(bridge_slave_0) entered disabled state
[  107.781645][ T3029] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  107.788868][ T3029] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  107.795029][ T3029] bond0 (unregistering): Released all slaves
[  107.870830][ T3029] hsr_slave_0: left promiscuous mode
[  107.879867][ T3029] hsr_slave_1: left promiscuous mode
[  107.893908][ T3029] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  107.897558][ T3029] batman_adv: batadv0: Removing interface: batadv_slave_0
[  107.903011][ T3029] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  107.906656][ T3029] batman_adv: batadv0: Removing interface: batadv_slave_1
[  107.921765][ T3029] veth1_macvtap: left promiscuous mode
[  107.924878][ T3029] veth0_macvtap: left promiscuous mode
[  107.928293][ T3029] veth1_vlan: left promiscuous mode
[  107.930926][ T3029] veth0_vlan: left promiscuous mode
[  108.004599][ T4666] Bluetooth: hci0: command tx timeout
[  108.239209][ T3029] team0 (unregistering): Port device team_slave_1 removed
[  108.267807][ T3029] team0 (unregistering): Port device team_slave_0 removed
[  109.098437][ T5421] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  109.112614][ T5421] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  109.134214][ T5421] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  109.166302][ T5421] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  109.594610][ T5421] 8021q: adding VLAN 0 to HW filter on device bond0
[  109.637666][ T5421] 8021q: adding VLAN 0 to HW filter on device team0
[  109.663881][ T3029] bridge0: port 1(bridge_slave_0) entered blocking state
[  109.666949][ T3029] bridge0: port 1(bridge_slave_0) entered forwarding state
[  109.672341][ T3029] bridge0: port 2(bridge_slave_1) entered blocking state
[  109.675339][ T3029] bridge0: port 2(bridge_slave_1) entered forwarding state
[  110.023999][ T5421] 8021q: adding VLAN 0 to HW filter on device batadv0
[  110.082551][ T4666] Bluetooth: hci0: command tx timeout
[  110.094804][ T5421] veth0_vlan: entered promiscuous mode
[  110.113460][ T5421] veth1_vlan: entered promiscuous mode
[  110.176199][ T5421] veth0_macvtap: entered promiscuous mode
[  110.195330][ T5421] veth1_macvtap: entered promiscuous mode
[  110.220203][ T5421] batman_adv: batadv0: Interface activated: batadv_slave_0
[  110.240106][ T5421] batman_adv: batadv0: Interface activated: batadv_slave_1
[  110.267464][ T3029] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  110.284425][ T3029] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  110.288359][ T3029] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  110.306009][ T3029] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  110.424824][  T134] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  110.428274][  T134] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  110.491644][  T134] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  110.494905][  T134] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  111.016381][ T5469] loop0: detected capacity change from 0 to 32768
[  111.109011][  T104] BUG: spinlock bad magic on CPU#0, jfsCommit/104
[  111.111960][  T104] ==================================================================
[  111.116152][  T104] BUG: KASAN: slab-out-of-bounds in string+0x231/0x2b0
[  111.119144][  T104] Read of size 1 at addr ffff88801c12d2f8 by task jfsCommit/104
[  111.122563][  T104] 
[  111.123800][  T104] CPU: 0 UID: 0 PID: 104 Comm: jfsCommit Not tainted syzkaller #0 PREEMPT(full) 
[  111.123818][  T104] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  111.123826][  T104] Call Trace:
[  111.123834][  T104]  <TASK>
[  111.123841][  T104]  dump_stack_lvl+0x189/0x250
[  111.123866][  T104]  ? __pfx_dump_stack_lvl+0x10/0x10
[  111.123881][  T104]  ? lock_release+0x4b/0x3e0
[  111.123894][  T104]  ? __virt_addr_valid+0x4a5/0x5c0
[  111.123919][  T104]  print_report+0xca/0x240
[  111.123936][  T104]  ? string+0x231/0x2b0
[  111.123948][  T104]  kasan_report+0x118/0x150
[  111.123966][  T104]  ? number+0x101/0xf60
[  111.123977][  T104]  ? string+0x231/0x2b0
[  111.123990][  T104]  string+0x231/0x2b0
[  111.124002][  T104]  vsnprintf+0x739/0xf00
[  111.124015][  T104]  vprintk_store+0x3c7/0xd00
[  111.124032][  T104]  ? __pfx_vprintk_store+0x10/0x10
[  111.124045][  T104]  ? __console_unlock+0x136/0x1a0
[  111.124058][  T104]  ? __pfx___console_unlock+0x10/0x10
[  111.124075][  T104]  ? __irq_work_queue_local+0x1de/0x550
[  111.124087][  T104]  ? __pfx___irq_work_queue_local+0x10/0x10
[  111.124098][  T104]  ? console_unlock+0x13a/0x190
[  111.124111][  T104]  ? __pfx___down_trylock_console_sem+0x10/0x10
[  111.124128][  T104]  ? is_printk_cpu_sync_owner+0x32/0x40
[  111.124144][  T104]  vprintk_emit+0x15f/0x590
[  111.124158][  T104]  ? __pfx_vprintk_emit+0x10/0x10
[  111.124170][  T104]  ? __is_module_percpu_address+0x28/0x3f0
[  111.124184][  T104]  ? rcu_is_watching+0x15/0xb0
[  111.124196][  T104]  ? __kasan_check_byte+0x12/0x40
[  111.124211][  T104]  ? rcu_is_watching+0x15/0xb0
[  111.124223][  T104]  ? rcu_is_watching+0x15/0xb0
[  111.124235][  T104]  ? __kasan_check_byte+0x12/0x40
[  111.124251][  T104]  _printk+0xcf/0x120
[  111.124263][  T104]  ? __pfx__printk+0x10/0x10
[  111.124275][  T104]  ? __lock_acquire+0x99/0xd20
[  111.124287][  T104]  spin_dump+0x102/0x1a0
[  111.124297][  T104]  do_raw_spin_lock+0x1ca/0x290
[  111.124312][  T104]  ? __wake_up_common_lock+0x2f/0x1f0
[  111.124327][  T104]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  111.124344][  T104]  _raw_spin_lock_irqsave+0xb3/0xf0
[  111.124359][  T104]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[  111.124371][  T104]  ? dbFree+0x4d1/0x650
[  111.124445][  T104]  __wake_up_common_lock+0x2f/0x1f0
[  111.124462][  T104]  release_metapage+0x13c/0xac0
[  111.124476][  T104]  ? txFreeMap+0xb19/0xde0
[  111.124493][  T104]  ? do_raw_spin_unlock+0x4d/0x240
[  111.124508][  T104]  xtTruncate+0xe84/0x2e70
[  111.124531][  T104]  ? __pfx_xtTruncate+0x10/0x10
[  111.124549][  T104]  ? reacquire_held_locks+0x127/0x1d0
[  111.124562][  T104]  ? __mark_inode_dirty+0x4cc/0xe10
[  111.124574][  T104]  ? __asan_memset+0x22/0x50
[  111.124586][  T104]  ? __dquot_initialize+0x218/0xcb0
[  111.124599][  T104]  jfs_free_zero_link+0x33a/0x4a0
[  111.124613][  T104]  ? __pfx_jfs_free_zero_link+0x10/0x10
[  111.124627][  T104]  ? __pfx_inode_wait_for_writeback+0x10/0x10
[  111.124640][  T104]  jfs_evict_inode+0x363/0x440
[  111.124652][  T104]  ? evict+0x4f8/0x9c0
[  111.124664][  T104]  ? __pfx_jfs_evict_inode+0x10/0x10
[  111.124676][  T104]  evict+0x504/0x9c0
[  111.124690][  T104]  ? __pfx_evict+0x10/0x10
[  111.124700][  T104]  ? do_raw_spin_unlock+0x4d/0x240
[  111.124715][  T104]  ? _raw_spin_unlock+0x28/0x50
[  111.124728][  T104]  ? iput+0x946/0xc50
[  111.124745][  T104]  jfs_lazycommit+0x43f/0xa90
[  111.124757][  T104]  ? __pfx_jfs_lazycommit+0x10/0x10
[  111.124766][  T104]  ? __pfx_default_wake_function+0x10/0x10
[  111.124778][  T104]  ? __kthread_parkme+0x7b/0x200
[  111.124791][  T104]  ? __kthread_parkme+0x1a1/0x200
[  111.124805][  T104]  kthread+0x711/0x8a0
[  111.124820][  T104]  ? __pfx_jfs_lazycommit+0x10/0x10
[  111.124830][  T104]  ? __pfx_kthread+0x10/0x10
[  111.124846][  T104]  ? _raw_spin_unlock_irq+0x23/0x50
[  111.124858][  T104]  ? lockdep_hardirqs_on+0x9c/0x150
[  111.124873][  T104]  ? __pfx_kthread+0x10/0x10
[  111.124887][  T104]  ret_from_fork+0x4bc/0x870
[  111.124900][  T104]  ? __pfx_ret_from_fork+0x10/0x10
[  111.124919][  T104]  ? __pfx_kthread+0x10/0x10
[  111.124934][  T104]  ret_from_fork_asm+0x1a/0x30
[  111.124948][  T104]  </TASK>
[  111.124952][  T104] 
[  111.299227][  T104] The buggy address belongs to the object at ffff88801c12d268
[  111.299227][  T104]  which belongs to the cache jfs_ip of size 2216
[  111.304970][  T104] The buggy address is located 144 bytes inside of
[  111.304970][  T104]  allocated 2216-byte region [ffff88801c12d268, ffff88801c12db10)
[  111.310829][  T104] 
[  111.311922][  T104] The buggy address belongs to the physical page:
[  111.314743][  T104] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1c128
[  111.319001][  T104] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  111.322895][  T104] memcg:ffff88801e0b3001
[  111.324798][  T104] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  111.328169][  T104] page_type: f5(slab)
[  111.329999][  T104] raw: 00fff00000000040 ffff8880327e7780 dead000000000122 0000000000000000
[  111.334033][  T104] raw: 0000000000000000 00000000800d000d 00000000f5000000 ffff88801e0b3001
[  111.338226][  T104] head: 00fff00000000040 ffff8880327e7780 dead000000000122 0000000000000000
[  111.342593][  T104] head: 0000000000000000 00000000800d000d 00000000f5000000 ffff88801e0b3001
[  111.346231][  T104] head: 00fff00000000003 ffffea0000704a01 00000000ffffffff 00000000ffffffff
[  111.350128][  T104] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  111.353864][  T104] page dumped because: kasan: bad access detected
[  111.357038][  T104] page_owner tracks the page as allocated
[  111.360153][  T104] page last allocated via order 3, migratetype Reclaimable, gfp_mask 0xd2050(__GFP_RECLAIMABLE|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5469, tgid 5469 (syz.0.17), ts 111034938139, free_ts 100360899811
[  111.370099][  T104]  post_alloc_hook+0x240/0x2a0
[  111.372246][  T104]  get_page_from_freelist+0x2365/0x2440
[  111.374883][  T104]  __alloc_frozen_pages_noprof+0x181/0x370
[  111.377907][  T104]  alloc_pages_mpol+0x232/0x4a0
[  111.380101][  T104]  allocate_slab+0x96/0x350
[  111.382116][  T104]  ___slab_alloc+0xe94/0x18a0
[  111.384439][  T104]  __slab_alloc+0x65/0x100
[  111.386609][  T104]  kmem_cache_alloc_lru_noprof+0x3ef/0x6d0
[  111.389174][  T104]  jfs_alloc_inode+0x28/0x70
[  111.391190][  T104]  alloc_inode+0x6a/0x1b0
[  111.393275][  T104]  new_inode+0x22/0x170
[  111.395067][  T104]  jfs_fill_super+0x569/0xd80
[  111.397164][  T104]  get_tree_bdev_flags+0x40e/0x4d0
[  111.399310][  T104]  vfs_get_tree+0x92/0x2b0
[  111.401346][  T104]  do_new_mount+0x302/0xa10
[  111.403373][  T104]  __se_sys_mount+0x313/0x410
[  111.405674][  T104] page last free pid 5353 tgid 5353 stack trace:
[  111.408840][  T104]  __free_frozen_pages+0xbc4/0xd30
[  111.411369][  T104]  __slab_free+0x2e7/0x390
[  111.413293][  T104]  qlist_free_all+0x97/0x140
[  111.415265][  T104]  kasan_quarantine_reduce+0x148/0x160
[  111.417780][  T104]  __kasan_slab_alloc+0x22/0x80
[  111.420130][  T104]  __kmalloc_cache_noprof+0x36f/0x6f0
[  111.422817][  T104]  mpls_dev_notify+0x121/0x7a0
[  111.425059][  T104]  notifier_call_chain+0x1b6/0x3e0
[  111.427213][  T104]  register_netdevice+0x1608/0x1ae0
[  111.429640][  T104]  register_netdev+0x40/0x60
[  111.432077][  T104]  vti6_init_net+0x238/0x370
[  111.434280][  T104]  ops_init+0x35c/0x5c0
[  111.436023][  T104]  setup_net+0xfe/0x320
[  111.437632][  T104]  copy_net_ns+0x34e/0x4e0
[  111.439735][  T104]  create_new_namespaces+0x3f3/0x720
[  111.442143][  T104]  unshare_nsproxy_namespaces+0x11c/0x170
[  111.444990][  T104] 
[  111.446103][  T104] Memory state around the buggy address:
[  111.448613][  T104]  ffff88801c12d180: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc
[  111.451951][  T104]  ffff88801c12d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  111.455992][  T104] >ffff88801c12d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  111.459845][  T104]                                                                 ^
[  111.463389][  T104]  ffff88801c12d300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  111.466961][  T104]  ffff88801c12d380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  111.471070][  T104] ==================================================================
[  111.475646][  T104] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  111.479013][  T104] CPU: 0 UID: 0 PID: 104 Comm: jfsCommit Not tainted syzkaller #0 PREEMPT(full) 
[  111.483887][  T104] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  111.488763][  T104] Call Trace:
[  111.490375][  T104]  <TASK>
[  111.491788][  T104]  dump_stack_lvl+0x99/0x250
[  111.493943][  T104]  ? __asan_memcpy+0x40/0x70
[  111.496433][  T104]  ? __pfx_dump_stack_lvl+0x10/0x10
[  111.499319][  T104]  ? __pfx__printk+0x10/0x10
[  111.501363][  T104]  vpanic+0x237/0x6d0
[  111.503219][  T104]  ? __pfx_vpanic+0x10/0x10
[  111.505291][  T104]  panic+0xb9/0xc0
[  111.507126][  T104]  ? __pfx_panic+0x10/0x10
[  111.509548][  T104]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  111.512306][  T104]  ? string+0x231/0x2b0
[  111.514128][  T104]  check_panic_on_warn+0x89/0xb0
[  111.516458][  T104]  ? string+0x231/0x2b0
[  111.518663][  T104]  end_report+0x78/0x160
[  111.520954][  T104]  kasan_report+0x129/0x150
[  111.523215][  T104]  ? number+0x101/0xf60
[  111.524941][  T104]  ? string+0x231/0x2b0
[  111.526728][  T104]  string+0x231/0x2b0
[  111.528483][  T104]  vsnprintf+0x739/0xf00
[  111.530287][  T104]  vprintk_store+0x3c7/0xd00
[  111.532393][  T104]  ? __pfx_vprintk_store+0x10/0x10
[  111.534671][  T104]  ? __console_unlock+0x136/0x1a0
[  111.536893][  T104]  ? __pfx___console_unlock+0x10/0x10
[  111.539211][  T104]  ? __irq_work_queue_local+0x1de/0x550
[  111.542205][  T104]  ? __pfx___irq_work_queue_local+0x10/0x10
[  111.545835][  T104]  ? console_unlock+0x13a/0x190
[  111.548832][  T104]  ? __pfx___down_trylock_console_sem+0x10/0x10
[  111.552277][  T104]  ? is_printk_cpu_sync_owner+0x32/0x40
[  111.555015][  T104]  vprintk_emit+0x15f/0x590
[  111.557215][  T104]  ? __pfx_vprintk_emit+0x10/0x10
[  111.559538][  T104]  ? __is_module_percpu_address+0x28/0x3f0
[  111.562146][  T104]  ? rcu_is_watching+0x15/0xb0
[  111.564466][  T104]  ? __kasan_check_byte+0x12/0x40
[  111.567261][  T104]  ? rcu_is_watching+0x15/0xb0
[  111.569447][  T104]  ? rcu_is_watching+0x15/0xb0
[  111.571656][  T104]  ? __kasan_check_byte+0x12/0x40
[  111.573877][  T104]  _printk+0xcf/0x120
[  111.575671][  T104]  ? __pfx__printk+0x10/0x10
[  111.577641][  T104]  ? __lock_acquire+0x99/0xd20
[  111.579774][  T104]  spin_dump+0x102/0x1a0
[  111.581557][  T104]  do_raw_spin_lock+0x1ca/0x290
[  111.583733][  T104]  ? __wake_up_common_lock+0x2f/0x1f0
[  111.586283][  T104]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  111.589029][  T104]  _raw_spin_lock_irqsave+0xb3/0xf0
[  111.591906][  T104]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[  111.594637][  T104]  ? dbFree+0x4d1/0x650
[  111.596575][  T104]  __wake_up_common_lock+0x2f/0x1f0
[  111.598762][  T104]  release_metapage+0x13c/0xac0
[  111.600899][  T104]  ? txFreeMap+0xb19/0xde0
[  111.602897][  T104]  ? do_raw_spin_unlock+0x4d/0x240
[  111.605231][  T104]  xtTruncate+0xe84/0x2e70
[  111.607028][  T104]  ? __pfx_xtTruncate+0x10/0x10
[  111.609098][  T104]  ? reacquire_held_locks+0x127/0x1d0
[  111.611253][  T104]  ? __mark_inode_dirty+0x4cc/0xe10
[  111.613642][  T104]  ? __asan_memset+0x22/0x50
[  111.615866][  T104]  ? __dquot_initialize+0x218/0xcb0
[  111.618358][  T104]  jfs_free_zero_link+0x33a/0x4a0
[  111.620455][  T104]  ? __pfx_jfs_free_zero_link+0x10/0x10
[  111.622609][  T104]  ? __pfx_inode_wait_for_writeback+0x10/0x10
[  111.625173][  T104]  jfs_evict_inode+0x363/0x440
[  111.627409][  T104]  ? evict+0x4f8/0x9c0
[  111.629303][  T104]  ? __pfx_jfs_evict_inode+0x10/0x10
[  111.631574][  T104]  evict+0x504/0x9c0
[  111.633562][  T104]  ? __pfx_evict+0x10/0x10
[  111.635806][  T104]  ? do_raw_spin_unlock+0x4d/0x240
[  111.638467][  T104]  ? _raw_spin_unlock+0x28/0x50
[  111.640779][  T104]  ? iput+0x946/0xc50
[  111.642875][  T104]  jfs_lazycommit+0x43f/0xa90
[  111.645193][  T104]  ? __pfx_jfs_lazycommit+0x10/0x10
[  111.647564][  T104]  ? __pfx_default_wake_function+0x10/0x10
[  111.650062][  T104]  ? __kthread_parkme+0x7b/0x200
[  111.652054][  T104]  ? __kthread_parkme+0x1a1/0x200
[  111.654096][  T104]  kthread+0x711/0x8a0
[  111.655845][  T104]  ? __pfx_jfs_lazycommit+0x10/0x10
[  111.658649][  T104]  ? __pfx_kthread+0x10/0x10
[  111.661004][  T104]  ? _raw_spin_unlock_irq+0x23/0x50
[  111.663495][  T104]  ? lockdep_hardirqs_on+0x9c/0x150
[  111.665869][  T104]  ? __pfx_kthread+0x10/0x10
[  111.667951][  T104]  ret_from_fork+0x4bc/0x870
[  111.669907][  T104]  ? __pfx_ret_from_fork+0x10/0x10
[  111.672118][  T104]  ? __pfx_kthread+0x10/0x10
[  111.674093][  T104]  ret_from_fork_asm+0x1a/0x30
[  111.676313][  T104]  </TASK>
[  111.678106][  T104] Kernel Offset: disabled
[  111.680240][  T104] Rebooting in 86400 seconds..

VM DIAGNOSIS:
13:02:36  Registers:
info registers vcpu 0

CPU#0
RAX=000000000000003d RBX=000000000000003d RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc900018ce8d0
R8 =ffff8880339f8237 R9 =1ffff1100673f046 R10=dffffc0000000000 R11=ffffffff85166ca0
R12=dffffc0000000000 R13=ffffffff997e4935 R14=ffffffff99af8320 R15=0000000000000000
RIP=ffffffff85166d1c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88808d730000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fab7b91e090 CR3=00000000595d0000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000c0c40000 Opmask01=000000000000000f Opmask02=000000000000000f Opmask03=0000000000000000
Opmask04=00000000ffff7fff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005594e7bfe548 00005594e7bf31e0
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005594e7bf31f0
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005594e7bfe548
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fab7b9f1b20
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffff000000000000 ffff000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffff0000ff000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fab7b952c80
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 20676e6964616572 004b4f2034366f66 6e695f706f6f6c20 676e696461657200
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7361647c2a737369 63637c2a65686361 63627c2a6476787c 2a64767c2a72737c
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6e2e65726f632e74 656e2e6c74637379 73203034313d6873 657268745f676f64
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6e617020343d7372 6f6e696d5f796361 67656c5f6d756e5f 6964656d6f632e69
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 64656d6f63203233 3d78616d5f736462 6e2032333d706f6f 6c5f78616d203233
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3d6d756e2e646368 5f796d6d75642030 34313d736365735f 74756f656d69745f
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7265747369676572 6e755f7665647465 6e2e65726f632e74 656e2e6c74637379
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000