Warning: Permanently added '[localhost]:39054' (ED25519) to the list of known hosts.
2025/10/01 16:49:42 parsed 1 programs
syzkaller login: [ 85.361493][ T5319] cgroup: Unknown subsys name 'net'
[ 85.430040][ T5319] cgroup: Unknown subsys name 'cpuset'
[ 85.435618][ T5319] cgroup: Unknown subsys name 'rlimit'
[ 87.042368][ T5319] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 91.011456][ T5334] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 91.847732][ T10] cfg80211: failed to load regulatory.db
[ 92.428527][ T38] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 92.431910][ T38] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 92.468661][ T38] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 92.471705][ T38] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 94.088228][ T5373] chnl_net:caif_netlink_parms(): no params data found
[ 94.152778][ T5373] bridge0: port 1(bridge_slave_0) entered blocking state
[ 94.157181][ T5373] bridge0: port 1(bridge_slave_0) entered disabled state
[ 94.160690][ T5373] bridge_slave_0: entered allmulticast mode
[ 94.164533][ T5373] bridge_slave_0: entered promiscuous mode
[ 94.170509][ T5373] bridge0: port 2(bridge_slave_1) entered blocking state
[ 94.173463][ T5373] bridge0: port 2(bridge_slave_1) entered disabled state
[ 94.177403][ T5373] bridge_slave_1: entered allmulticast mode
[ 94.181381][ T5373] bridge_slave_1: entered promiscuous mode
[ 94.208186][ T5373] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 94.214112][ T5373] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 94.240461][ T5373] team0: Port device team_slave_0 added
[ 94.244938][ T5373] team0: Port device team_slave_1 added
[ 94.266164][ T5373] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 94.269357][ T5373] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 94.280884][ T5373] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 94.287671][ T5373] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 94.290677][ T5373] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 94.301885][ T5373] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 94.344023][ T5373] hsr_slave_0: entered promiscuous mode
[ 94.347561][ T5373] hsr_slave_1: entered promiscuous mode
[ 94.501047][ T5373] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 94.509905][ T5373] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 94.515942][ T5373] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 94.523775][ T5373] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 94.605792][ T5373] 8021q: adding VLAN 0 to HW filter on device bond0
[ 94.624140][ T5373] 8021q: adding VLAN 0 to HW filter on device team0
[ 94.633393][ T38] bridge0: port 1(bridge_slave_0) entered blocking state
[ 94.636661][ T38] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 94.648953][ T38] bridge0: port 2(bridge_slave_1) entered blocking state
[ 94.652087][ T38] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 94.835972][ T5373] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 94.882479][ T5373] veth0_vlan: entered promiscuous mode
[ 94.890853][ T5373] veth1_vlan: entered promiscuous mode
[ 94.920187][ T5373] veth0_macvtap: entered promiscuous mode
[ 94.925652][ T5373] veth1_macvtap: entered promiscuous mode
[ 94.942550][ T5373] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 94.952224][ T5373] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 94.963816][ T38] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 94.969025][ T38] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 94.973074][ T38] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 94.992929][ T38] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 95.123604][ T38] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 95.170416][ T38] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 95.214883][ T38] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 95.264950][ T38] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 95.373935][ T5400] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 95.378969][ T5400] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 95.382796][ T45] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 95.388086][ T45] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 95.391646][ T45] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
2025/10/01 16:49:55 executed programs: 0
[ 96.571111][ T4676] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 96.576211][ T4676] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 96.582101][ T4676] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 96.585872][ T4676] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 96.590892][ T4676] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 96.763770][ T5430] chnl_net:caif_netlink_parms(): no params data found
[ 96.829401][ T5430] bridge0: port 1(bridge_slave_0) entered blocking state
[ 96.832767][ T5430] bridge0: port 1(bridge_slave_0) entered disabled state
[ 96.836120][ T5430] bridge_slave_0: entered allmulticast mode
[ 96.841468][ T5430] bridge_slave_0: entered promiscuous mode
[ 96.846131][ T5430] bridge0: port 2(bridge_slave_1) entered blocking state
[ 96.850765][ T5430] bridge0: port 2(bridge_slave_1) entered disabled state
[ 96.854072][ T5430] bridge_slave_1: entered allmulticast mode
[ 96.858667][ T5430] bridge_slave_1: entered promiscuous mode
[ 96.884649][ T5430] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 96.892089][ T5430] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 96.914885][ T5430] team0: Port device team_slave_0 added
[ 96.919325][ T5430] team0: Port device team_slave_1 added
[ 96.939381][ T5430] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 96.942438][ T5430] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 96.954469][ T5430] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 96.961367][ T5430] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 96.964284][ T5430] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 96.978004][ T5430] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 97.012584][ T5430] hsr_slave_0: entered promiscuous mode
[ 97.015758][ T5430] hsr_slave_1: entered promiscuous mode
[ 97.019948][ T5430] debugfs: 'hsr0' already exists in 'hsr'
[ 97.022493][ T5430] Cannot create hsr debugfs directory
[ 97.827976][ T38] bridge_slave_1: left allmulticast mode
[ 97.830484][ T38] bridge_slave_1: left promiscuous mode
[ 97.848191][ T38] bridge0: port 2(bridge_slave_1) entered disabled state
[ 97.867703][ T38] bridge_slave_0: left allmulticast mode
[ 97.870049][ T38] bridge_slave_0: left promiscuous mode
[ 97.872551][ T38] bridge0: port 1(bridge_slave_0) entered disabled state
[ 98.261050][ T38] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 98.268504][ T38] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 98.273353][ T38] bond0 (unregistering): Released all slaves
[ 98.373284][ T38] hsr_slave_0: left promiscuous mode
[ 98.375987][ T38] hsr_slave_1: left promiscuous mode
[ 98.388682][ T38] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 98.391992][ T38] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 98.408915][ T38] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 98.411864][ T38] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 98.434173][ T38] veth1_macvtap: left promiscuous mode
[ 98.447532][ T38] veth0_macvtap: left promiscuous mode
[ 98.450821][ T38] veth1_vlan: left promiscuous mode
[ 98.453367][ T38] veth0_vlan: left promiscuous mode
[ 98.638702][ T4676] Bluetooth: hci0: command tx timeout
[ 98.922936][ T38] team0 (unregistering): Port device team_slave_1 removed
[ 98.941445][ T38] team0 (unregistering): Port device team_slave_0 removed
[ 100.086721][ T5430] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 100.120378][ T5430] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 100.152462][ T5430] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 100.177213][ T5430] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 100.420659][ T5430] 8021q: adding VLAN 0 to HW filter on device bond0
[ 100.437694][ T5430] 8021q: adding VLAN 0 to HW filter on device team0
[ 100.444939][ T38] bridge0: port 1(bridge_slave_0) entered blocking state
[ 100.448379][ T38] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 100.468480][ T38] bridge0: port 2(bridge_slave_1) entered blocking state
[ 100.471583][ T38] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 100.659875][ T5430] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 100.700165][ T5430] veth0_vlan: entered promiscuous mode
[ 100.709215][ T5430] veth1_vlan: entered promiscuous mode
[ 100.717834][ T4676] Bluetooth: hci0: command tx timeout
[ 100.741271][ T5430] veth0_macvtap: entered promiscuous mode
[ 100.748202][ T5430] veth1_macvtap: entered promiscuous mode
[ 100.762514][ T5430] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 100.774178][ T5430] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 100.785759][ T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 100.800073][ T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 100.803800][ T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 100.814814][ T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 100.872382][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 100.875875][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 100.910771][ T72] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 100.914230][ T72] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 100.973699][ T5473] loop0: detected capacity change from 0 to 1024
[ 100.993077][ T5473] EXT4-fs (loop0): Test dummy encryption mode enabled
[ 101.002774][ T5473] EXT4-fs (loop0): stripe (7) is not aligned with cluster size (16), stripe is disabled
[ 101.030836][ T5473] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 101.045338][ T5473] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni"
[ 101.087277][ T5473] loop0: detected capacity change from 1024 to 767
[ 101.101647][ T5473] ==================================================================
[ 101.105241][ T5473] BUG: KASAN: slab-use-after-free in ext4_search_dir+0xf1/0x1b0
[ 101.108659][ T5473] Read of size 1 at addr ffff88803fb8d62c by task syz.0.17/5473
[ 101.112772][ T5473]
[ 101.113858][ T5473] CPU: 0 UID: 0 PID: 5473 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)
[ 101.113872][ T5473] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 101.113880][ T5473] Call Trace:
[ 101.113887][ T5473]
[ 101.113894][ T5473] dump_stack_lvl+0x189/0x250
[ 101.113912][ T5473] ? __virt_addr_valid+0x1c8/0x5c0
[ 101.113929][ T5473] ? rcu_is_watching+0x15/0xb0
[ 101.113942][ T5473] ? __pfx_dump_stack_lvl+0x10/0x10
[ 101.113956][ T5473] ? rcu_is_watching+0x15/0xb0
[ 101.113969][ T5473] ? lock_release+0x4b/0x3e0
[ 101.113980][ T5473] ? _raw_spin_lock_irqsave+0xb3/0xf0
[ 101.114036][ T5473] ? __virt_addr_valid+0x1c8/0x5c0
[ 101.114052][ T5473] ? __virt_addr_valid+0x4a5/0x5c0
[ 101.114069][ T5473] print_report+0xca/0x240
[ 101.114082][ T5473] ? ext4_search_dir+0xf1/0x1b0
[ 101.114092][ T5473] kasan_report+0x118/0x150
[ 101.114106][ T5473] ? ext4_search_dir+0xf1/0x1b0
[ 101.114118][ T5473] ext4_search_dir+0xf1/0x1b0
[ 101.114130][ T5473] ext4_find_inline_entry+0x492/0x5f0
[ 101.114143][ T5473] ? __pfx_ext4_find_inline_entry+0x10/0x10
[ 101.114156][ T5473] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 101.114174][ T5473] __ext4_find_entry+0x2fd/0x1f20
[ 101.114192][ T5473] ? __pfx___ext4_find_entry+0x10/0x10
[ 101.114205][ T5473] ? ext4_fname_prepare_lookup+0x3b8/0x4c0
[ 101.114225][ T5473] ext4_lookup+0x13d/0x6c0
[ 101.114237][ T5473] ? __pfx_ext4_lookup+0x10/0x10
[ 101.114247][ T5473] ? do_raw_spin_lock+0x121/0x290
[ 101.114265][ T5473] ? do_raw_spin_unlock+0x4d/0x240
[ 101.114281][ T5473] ? _raw_spin_unlock+0x28/0x50
[ 101.114296][ T5473] ? d_alloc+0x144/0x190
[ 101.114312][ T5473] lookup_one_qstr_excl+0x12e/0x360
[ 101.114330][ T5473] filename_create+0x224/0x3c0
[ 101.114342][ T5473] ? __pfx_filename_create+0x10/0x10
[ 101.114354][ T5473] do_mknodat+0x184/0x4d0
[ 101.114370][ T5473] ? __pfx_do_mknodat+0x10/0x10
[ 101.114386][ T5473] ? getname_flags+0x1e5/0x540
[ 101.114401][ T5473] __x64_sys_mknod+0x8c/0xa0
[ 101.114412][ T5473] do_syscall_64+0xfa/0x3b0
[ 101.114423][ T5473] ? lockdep_hardirqs_on+0x9c/0x150
[ 101.114440][ T5473] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 101.114451][ T5473] ? clear_bhb_loop+0x60/0xb0
[ 101.114463][ T5473] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 101.114475][ T5473] RIP: 0033:0x7f3a2bb8eec9
[ 101.114487][ T5473] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 101.114497][ T5473] RSP: 002b:00007ffcb2ccbdd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000085
[ 101.114509][ T5473] RAX: ffffffffffffffda RBX: 00007f3a2bde5fa0 RCX: 00007f3a2bb8eec9
[ 101.114517][ T5473] RDX: 0000000000000700 RSI: 0000000000000000 RDI: 0000200000000000
[ 101.114524][ T5473] RBP: 00007f3a2bc11f91 R08: 0000000000000000 R09: 0000000000000000
[ 101.114530][ T5473] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 101.114536][ T5473] R13: 00007f3a2bde5fa0 R14: 00007f3a2bde5fa0 R15: 0000000000000003
[ 101.114548][ T5473]
[ 101.114552][ T5473]
[ 101.242257][ T5473] Allocated by task 5273:
[ 101.243981][ T5473] kasan_save_track+0x3e/0x80
[ 101.245982][ T5473] __kasan_slab_alloc+0x6c/0x80
[ 101.247966][ T5473] kmem_cache_alloc_noprof+0x1c1/0x3c0
[ 101.250101][ T5473] mm_alloc+0x23/0xd0
[ 101.251770][ T5473] alloc_bprm+0x398/0x5c0
[ 101.253640][ T5473] do_execveat_common+0x1b3/0x6a0
[ 101.256034][ T5473] __x64_sys_execve+0x94/0xb0
[ 101.258201][ T5473] do_syscall_64+0xfa/0x3b0
[ 101.260296][ T5473] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 101.262952][ T5473]
[ 101.264073][ T5473] Freed by task 5022:
[ 101.265854][ T5473] kasan_save_track+0x3e/0x80
[ 101.267994][ T5473] kasan_save_free_info+0x46/0x50
[ 101.270266][ T5473] __kasan_slab_free+0x5b/0x80
[ 101.272464][ T5473] kmem_cache_free+0x18f/0x400
[ 101.274412][ T5473] finish_task_switch+0x3ee/0x950
[ 101.276639][ T5473] __schedule+0x17a0/0x4cc0
[ 101.278601][ T5473] schedule+0x165/0x360
[ 101.280489][ T5473] do_wait+0x294/0x510
[ 101.282322][ T5473] kernel_wait4+0x1af/0x280
[ 101.284414][ T5473] __x64_sys_wait4+0x133/0x1e0
[ 101.286592][ T5473] do_syscall_64+0xfa/0x3b0
[ 101.288666][ T5473] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 101.291071][ T5473]
[ 101.292127][ T5473] The buggy address belongs to the object at ffff88803fb8d600
[ 101.292127][ T5473] which belongs to the cache mm_struct of size 2584
[ 101.297840][ T5473] The buggy address is located 44 bytes inside of
[ 101.297840][ T5473] freed 2584-byte region [ffff88803fb8d600, ffff88803fb8e018)
[ 101.303428][ T5473]
[ 101.304421][ T5473] The buggy address belongs to the physical page:
[ 101.307245][ T5473] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88803fb8d600 pfn:0x3fb88
[ 101.311548][ T5473] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 101.315310][ T5473] flags: 0x4fff00000000240(workingset|head|node=1|zone=1|lastcpupid=0x7ff)
[ 101.318999][ T5473] page_type: f5(slab)
[ 101.320707][ T5473] raw: 04fff00000000240 ffff88801a04bb40 ffff888030402b88 ffffea0000fef010
[ 101.324299][ T5473] raw: ffff88803fb8d600 00000000000b0001 00000000f5000000 0000000000000000
[ 101.327969][ T5473] head: 04fff00000000240 ffff88801a04bb40 ffff888030402b88 ffffea0000fef010
[ 101.331606][ T5473] head: ffff88803fb8d600 00000000000b0001 00000000f5000000 0000000000000000
[ 101.335261][ T5473] head: 04fff00000000003 ffffea0000fee201 00000000ffffffff 00000000ffffffff
[ 101.339032][ T5473] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[ 101.342775][ T5473] page dumped because: kasan: bad access detected
[ 101.345439][ T5473] page_owner tracks the page as allocated
[ 101.347740][ T5473] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5022, tgid 5022 (dhcpcd), ts 65839764550, free_ts 65778712810
[ 101.355837][ T5473] post_alloc_hook+0x240/0x2a0
[ 101.357921][ T5473] get_page_from_freelist+0x21e4/0x22c0
[ 101.360375][ T5473] __alloc_frozen_pages_noprof+0x181/0x370
[ 101.362933][ T5473] alloc_pages_mpol+0x232/0x4a0
[ 101.365028][ T5473] allocate_slab+0x8a/0x370
[ 101.366994][ T5473] ___slab_alloc+0xbeb/0x1420
[ 101.369094][ T5473] kmem_cache_alloc_noprof+0x283/0x3c0
[ 101.371537][ T5473] copy_mm+0xdb/0x4b0
[ 101.373325][ T5473] copy_process+0x1706/0x3c00
[ 101.375447][ T5473] kernel_clone+0x21e/0x840
[ 101.377330][ T5473] __x64_sys_clone+0x18b/0x1e0
[ 101.379229][ T5473] do_syscall_64+0xfa/0x3b0
[ 101.381101][ T5473] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 101.383529][ T5473] page last free pid 5205 tgid 5205 stack trace:
[ 101.386103][ T5473] __free_frozen_pages+0xbc4/0xd30
[ 101.388151][ T5473] __slab_free+0x303/0x3c0
[ 101.389974][ T5473] qlist_free_all+0x97/0x140
[ 101.391921][ T5473] kasan_quarantine_reduce+0x148/0x160
[ 101.394289][ T5473] __kasan_slab_alloc+0x22/0x80
[ 101.396525][ T5473] kmem_cache_alloc_noprof+0x1c1/0x3c0
[ 101.398906][ T5473] vm_area_dup+0x2b/0x680
[ 101.400860][ T5473] __split_vma+0x1a9/0xa00
[ 101.402867][ T5473] vms_gather_munmap_vmas+0x2ea/0x12f0
[ 101.405287][ T5473] mmap_region+0x724/0x20c0
[ 101.407203][ T5473] do_mmap+0xc45/0x10d0
[ 101.409021][ T5473] vm_mmap_pgoff+0x2a6/0x4d0
[ 101.411007][ T5473] ksys_mmap_pgoff+0x51f/0x760
[ 101.413039][ T5473] do_syscall_64+0xfa/0x3b0
[ 101.415040][ T5473] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 101.417610][ T5473]
[ 101.418648][ T5473] Memory state around the buggy address:
[ 101.420986][ T5473] ffff88803fb8d500: fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc
[ 101.424528][ T5473] ffff88803fb8d580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 101.427823][ T5473] >ffff88803fb8d600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 101.431186][ T5473] ^
[ 101.433616][ T5473] ffff88803fb8d680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 101.437116][ T5473] ffff88803fb8d700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 101.440540][ T5473] ==================================================================
[ 101.488870][ T5473] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 101.491805][ T5473] CPU: 0 UID: 0 PID: 5473 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)
[ 101.495343][ T5473] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 101.499501][ T5473] Call Trace:
[ 101.500864][ T5473]
[ 101.502055][ T5473] dump_stack_lvl+0x99/0x250
[ 101.503978][ T5473] ? __asan_memcpy+0x40/0x70
[ 101.506010][ T5473] ? __pfx_dump_stack_lvl+0x10/0x10
[ 101.508123][ T5473] ? __pfx__printk+0x10/0x10
[ 101.510044][ T5473] vpanic+0x281/0x750
[ 101.511593][ T5473] ? preempt_schedule+0xae/0xc0
[ 101.513604][ T5473] ? __pfx_vpanic+0x10/0x10
[ 101.515360][ T5473] ? preempt_schedule_common+0x83/0xd0
[ 101.517676][ T5473] ? preempt_schedule+0xae/0xc0
[ 101.519774][ T5473] ? __pfx_preempt_schedule+0x10/0x10
[ 101.522117][ T5473] panic+0xb9/0xc0
[ 101.523723][ T5473] ? __pfx_panic+0x10/0x10
[ 101.525620][ T5473] ? _raw_spin_unlock_irqrestore+0xfd/0x110
[ 101.528229][ T5473] ? is_module_address+0x17/0xf0
[ 101.530325][ T5473] ? ext4_search_dir+0xf1/0x1b0
[ 101.532500][ T5473] check_panic_on_warn+0x89/0xb0
[ 101.534684][ T5473] ? ext4_search_dir+0xf1/0x1b0
[ 101.536747][ T5473] end_report+0x78/0x160
[ 101.538539][ T5473] kasan_report+0x129/0x150
[ 101.540574][ T5473] ? ext4_search_dir+0xf1/0x1b0
[ 101.542585][ T5473] ext4_search_dir+0xf1/0x1b0
[ 101.544478][ T5473] ext4_find_inline_entry+0x492/0x5f0
[ 101.546579][ T5473] ? __pfx_ext4_find_inline_entry+0x10/0x10
[ 101.549101][ T5473] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 101.551489][ T5473] __ext4_find_entry+0x2fd/0x1f20
[ 101.553665][ T5473] ? __pfx___ext4_find_entry+0x10/0x10
[ 101.556075][ T5473] ? ext4_fname_prepare_lookup+0x3b8/0x4c0
[ 101.558551][ T5473] ext4_lookup+0x13d/0x6c0
[ 101.560464][ T5473] ? __pfx_ext4_lookup+0x10/0x10
[ 101.562436][ T5473] ? do_raw_spin_lock+0x121/0x290
[ 101.564565][ T5473] ? do_raw_spin_unlock+0x4d/0x240
[ 101.566787][ T5473] ? _raw_spin_unlock+0x28/0x50
[ 101.568940][ T5473] ? d_alloc+0x144/0x190
[ 101.570885][ T5473] lookup_one_qstr_excl+0x12e/0x360
[ 101.573151][ T5473] filename_create+0x224/0x3c0
[ 101.575069][ T5473] ? __pfx_filename_create+0x10/0x10
[ 101.577111][ T5473] do_mknodat+0x184/0x4d0
[ 101.578818][ T5473] ? __pfx_do_mknodat+0x10/0x10
[ 101.580815][ T5473] ? getname_flags+0x1e5/0x540
[ 101.582737][ T5473] __x64_sys_mknod+0x8c/0xa0
[ 101.584698][ T5473] do_syscall_64+0xfa/0x3b0
[ 101.586713][ T5473] ? lockdep_hardirqs_on+0x9c/0x150
[ 101.588903][ T5473] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 101.591602][ T5473] ? clear_bhb_loop+0x60/0xb0
[ 101.593643][ T5473] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 101.596200][ T5473] RIP: 0033:0x7f3a2bb8eec9
[ 101.597995][ T5473] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 101.605864][ T5473] RSP: 002b:00007ffcb2ccbdd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000085
[ 101.609332][ T5473] RAX: ffffffffffffffda RBX: 00007f3a2bde5fa0 RCX: 00007f3a2bb8eec9
[ 101.612613][ T5473] RDX: 0000000000000700 RSI: 0000000000000000 RDI: 0000200000000000
[ 101.616072][ T5473] RBP: 00007f3a2bc11f91 R08: 0000000000000000 R09: 0000000000000000
[ 101.619387][ T5473] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 101.622799][ T5473] R13: 00007f3a2bde5fa0 R14: 00007f3a2bde5fa0 R15: 0000000000000003
[ 101.626100][ T5473]
[ 101.627800][ T5473] Kernel Offset: disabled
[ 101.629622][ T5473] Rebooting in 86400 seconds..
VM DIAGNOSIS:
16:50:00 Registers:
info registers vcpu 0
CPU#0
RAX=0000000000000073 RBX=0000000000000073 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc90002b5f030
R8 =ffff888033850237 R9 =1ffff1100670a046 R10=dffffc0000000000 R11=ffffffff850e5b50
R12=dffffc0000000000 R13=ffffffff995ad900 R14=ffffffff998a0400 R15=0000000000000000
RIP=ffffffff850e5bcc RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 000055557d6b6500 ffffffff 00c00000
GS =0000 ffff88808d967000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007fa9929b2000 CR3=0000000059ca1000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000fffffc00 Opmask01=0000000000000000 Opmask02=000000000000003f Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffcb2ccb340 00007ffcb2ccb320
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffcb2ccb480 00007ffcb2ccb300
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffcb2ccb340
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffcb2ccb480
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffcb2ccb480 00007ffcb2ccb300
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffcb2ccb340 00007ffcb2ccb320
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffff00
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 7272727272727272 7272727272727272
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 7272727272727272 727272727272725e
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6130656c69662f2e
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0061616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000