Warning: Permanently added '[localhost]:36751' (ED25519) to the list of known hosts.
2025/07/22 02:22:20 ignoring optional flag "sandboxArg"="0"
2025/07/22 02:22:22 parsed 1 programs
syzkaller login: [ 90.496074][ T5331] cgroup: Unknown subsys name 'net'
[ 90.587755][ T5331] cgroup: Unknown subsys name 'cpuset'
[ 90.595493][ T5331] cgroup: Unknown subsys name 'rlimit'
[ 92.046592][ T54] cfg80211: failed to load regulatory.db
[ 92.357359][ T5331] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 96.778142][ T5348] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 96.918179][ T45] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 96.922752][ T45] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 96.928451][ T45] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 96.932566][ T45] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 96.937425][ T45] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 98.286763][ T5372] chnl_net:caif_netlink_parms(): no params data found
[ 98.364177][ T5372] bridge0: port 1(bridge_slave_0) entered blocking state
[ 98.368064][ T5372] bridge0: port 1(bridge_slave_0) entered disabled state
[ 98.371307][ T5372] bridge_slave_0: entered allmulticast mode
[ 98.376478][ T5372] bridge_slave_0: entered promiscuous mode
[ 98.382354][ T5372] bridge0: port 2(bridge_slave_1) entered blocking state
[ 98.387324][ T5372] bridge0: port 2(bridge_slave_1) entered disabled state
[ 98.391385][ T5372] bridge_slave_1: entered allmulticast mode
[ 98.396579][ T5372] bridge_slave_1: entered promiscuous mode
[ 98.426260][ T5372] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 98.434551][ T5372] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 98.467601][ T5372] team0: Port device team_slave_0 added
[ 98.474051][ T5372] team0: Port device team_slave_1 added
[ 98.496302][ T5372] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 98.499357][ T5372] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 98.511229][ T5372] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 98.518884][ T5372] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 98.521990][ T5372] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 98.534711][ T5372] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 98.582528][ T5372] hsr_slave_0: entered promiscuous mode
[ 98.586351][ T5372] hsr_slave_1: entered promiscuous mode
[ 98.748992][ T5372] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 98.761146][ T5372] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 98.769753][ T5372] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 98.777895][ T5372] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 98.816663][ T5372] bridge0: port 2(bridge_slave_1) entered blocking state
[ 98.820185][ T5372] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 98.824595][ T5372] bridge0: port 1(bridge_slave_0) entered blocking state
[ 98.827979][ T5372] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 98.891973][ T5372] 8021q: adding VLAN 0 to HW filter on device bond0
[ 98.908335][ T1039] bridge0: port 1(bridge_slave_0) entered disabled state
[ 98.912330][ T1039] bridge0: port 2(bridge_slave_1) entered disabled state
[ 98.930243][ T5372] 8021q: adding VLAN 0 to HW filter on device team0
[ 98.941149][ T1039] bridge0: port 1(bridge_slave_0) entered blocking state
[ 98.944737][ T1039] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 98.964896][ T1039] bridge0: port 2(bridge_slave_1) entered blocking state
[ 98.968219][ T1039] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 99.158154][ T5372] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 99.201893][ T5372] veth0_vlan: entered promiscuous mode
[ 99.211959][ T5372] veth1_vlan: entered promiscuous mode
[ 99.247015][ T5372] veth0_macvtap: entered promiscuous mode
[ 99.255789][ T5372] veth1_macvtap: entered promiscuous mode
[ 99.275610][ T5372] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 99.285287][ T5372] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 99.294879][ T5372] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 99.299034][ T5372] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 99.304710][ T5372] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 99.308976][ T5372] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 99.460662][ T1039] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 99.507369][ T1039] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 99.549344][ T1039] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 99.586627][ T1039] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 99.799798][ T1042] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 99.810898][ T1042] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 99.841397][ T1153] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 99.846161][ T1153] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/07/22 02:22:36 executed programs: 0
[ 101.818852][ T4686] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 101.822569][ T4686] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 101.830072][ T4686] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 101.834410][ T4686] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 101.837933][ T4686] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 102.273820][ T1039] bridge_slave_1: left allmulticast mode
[ 102.276666][ T1039] bridge_slave_1: left promiscuous mode
[ 102.294865][ T1039] bridge0: port 2(bridge_slave_1) entered disabled state
[ 102.348950][ T1039] bridge_slave_0: left allmulticast mode
[ 102.351622][ T1039] bridge_slave_0: left promiscuous mode
[ 102.378236][ T1039] bridge0: port 1(bridge_slave_0) entered disabled state
[ 102.823804][ T1039] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 102.830196][ T1039] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 102.837215][ T1039] bond0 (unregistering): Released all slaves
[ 102.851783][ T5432] chnl_net:caif_netlink_parms(): no params data found
[ 102.947803][ T1039] hsr_slave_0: left promiscuous mode
[ 102.950671][ T1039] hsr_slave_1: left promiscuous mode
[ 102.957913][ T1039] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 102.961086][ T1039] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 102.967465][ T1039] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 102.970926][ T1039] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 102.982333][ T1039] veth1_macvtap: left promiscuous mode
[ 102.986947][ T1039] veth0_macvtap: left promiscuous mode
[ 102.989903][ T1039] veth1_vlan: left promiscuous mode
[ 102.993042][ T1039] veth0_vlan: left promiscuous mode
[ 103.326952][ T1039] team0 (unregistering): Port device team_slave_1 removed
[ 103.350989][ T1039] team0 (unregistering): Port device team_slave_0 removed
[ 103.765942][ T5432] bridge0: port 1(bridge_slave_0) entered blocking state
[ 103.769097][ T5432] bridge0: port 1(bridge_slave_0) entered disabled state
[ 103.772301][ T5432] bridge_slave_0: entered allmulticast mode
[ 103.794396][ T5432] bridge_slave_0: entered promiscuous mode
[ 103.816458][ T5432] bridge0: port 2(bridge_slave_1) entered blocking state
[ 103.819666][ T5432] bridge0: port 2(bridge_slave_1) entered disabled state
[ 103.822749][ T5432] bridge_slave_1: entered allmulticast mode
[ 103.834647][ T5432] bridge_slave_1: entered promiscuous mode
[ 103.874145][ T4686] Bluetooth: hci0: command tx timeout
[ 103.926391][ T5432] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 103.944904][ T5432] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 104.406482][ T5432] team0: Port device team_slave_0 added
[ 104.419867][ T5432] team0: Port device team_slave_1 added
[ 104.517955][ T5432] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 104.521042][ T5432] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 104.557386][ T5432] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 104.650105][ T5432] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 104.663564][ T5432] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 104.713872][ T5432] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 104.888800][ T5432] hsr_slave_0: entered promiscuous mode
[ 104.892526][ T5432] hsr_slave_1: entered promiscuous mode
[ 105.675886][ T5432] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 105.698067][ T5432] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 105.711162][ T5432] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 105.724614][ T5432] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 105.867903][ T5432] 8021q: adding VLAN 0 to HW filter on device bond0
[ 105.909811][ T5432] 8021q: adding VLAN 0 to HW filter on device team0
[ 105.931083][ T1039] bridge0: port 1(bridge_slave_0) entered blocking state
[ 105.934383][ T1039] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 105.952400][ T1039] bridge0: port 2(bridge_slave_1) entered blocking state
[ 105.956545][ T1039] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 105.961064][ T4686] Bluetooth: hci0: command tx timeout
[ 106.330167][ T5432] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 106.417598][ T5432] veth0_vlan: entered promiscuous mode
[ 106.437540][ T5432] veth1_vlan: entered promiscuous mode
[ 106.478262][ T5432] veth0_macvtap: entered promiscuous mode
[ 106.500333][ T5432] veth1_macvtap: entered promiscuous mode
[ 106.536703][ T5432] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 106.555127][ T5432] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 106.567345][ T5432] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 106.571058][ T5432] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 106.595313][ T5432] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 106.599262][ T5432] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 106.741305][ T3020] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.755970][ T3020] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 106.805672][ T3020] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.815151][ T3020] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/07/22 02:22:41 executed programs: 2
[ 106.925974][ T5494] loop0: detected capacity change from 0 to 512
[ 106.956231][ T5494] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[ 106.962671][ T5494] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[ 107.007002][ T5494] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck.
[ 107.031471][ T5494] EXT4-fs (loop0): 1 truncate cleaned up
[ 107.054339][ T5494] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 107.095424][ T5494] ==================================================================
[ 107.098719][ T5494] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x8e9/0x1e20
[ 107.102549][ T5494] Read of size 18446744073709551572 at addr ffff88804034f050 by task syz.0.16/5494
[ 107.107932][ T5494]
[ 107.109098][ T5494] CPU: 0 UID: 0 PID: 5494 Comm: syz.0.16 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full)
[ 107.109114][ T5494] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 107.109121][ T5494] Call Trace:
[ 107.109130][ T5494]
[ 107.109136][ T5494] dump_stack_lvl+0x189/0x250
[ 107.109154][ T5494] ? __kasan_check_byte+0x12/0x40
[ 107.109170][ T5494] ? __pfx_dump_stack_lvl+0x10/0x10
[ 107.109183][ T5494] ? lock_release+0x4b/0x3e0
[ 107.109195][ T5494] ? __virt_addr_valid+0x4a5/0x5c0
[ 107.109211][ T5494] print_report+0xca/0x230
[ 107.109222][ T5494] ? ext4_xattr_set_entry+0x8e9/0x1e20
[ 107.109234][ T5494] kasan_report+0x118/0x150
[ 107.109248][ T5494] ? ext4_xattr_set_entry+0x8e9/0x1e20
[ 107.109261][ T5494] ? ext4_xattr_set_entry+0x8e9/0x1e20
[ 107.109273][ T5494] kasan_check_range+0x2b0/0x2c0
[ 107.109285][ T5494] ? ext4_xattr_set_entry+0x8e9/0x1e20
[ 107.109296][ T5494] __asan_memmove+0x29/0x70
[ 107.109308][ T5494] ext4_xattr_set_entry+0x8e9/0x1e20
[ 107.109325][ T5494] ext4_xattr_block_set+0x872/0x2ac0
[ 107.109337][ T5494] ? fs_reclaim_acquire+0x7d/0x100
[ 107.109356][ T5494] ? __pfx_check_xattrs+0x10/0x10
[ 107.109368][ T5494] ? __pfx_ext4_xattr_block_set+0x10/0x10
[ 107.109379][ T5494] ? ext4_xattr_block_find+0x2d4/0x350
[ 107.109392][ T5494] ext4_expand_extra_isize_ea+0x12d5/0x1ea0
[ 107.109413][ T5494] __ext4_expand_extra_isize+0x30d/0x400
[ 107.109428][ T5494] __ext4_mark_inode_dirty+0x46c/0x700
[ 107.109447][ T5494] __ext4_unlink+0x631/0xab0
[ 107.109463][ T5494] ? __pfx___ext4_unlink+0x10/0x10
[ 107.109479][ T5494] ? __pfx___dquot_initialize+0x10/0x10
[ 107.109494][ T5494] ? down_write+0x162/0x1f0
[ 107.109564][ T5494] ext4_unlink+0x216/0x5d0
[ 107.109580][ T5494] vfs_unlink+0x391/0x650
[ 107.109594][ T5494] do_unlinkat+0x350/0x560
[ 107.109607][ T5494] ? __pfx_do_unlinkat+0x10/0x10
[ 107.109619][ T5494] ? getname_flags+0x1e5/0x540
[ 107.109635][ T5494] __x64_sys_unlink+0x47/0x50
[ 107.109646][ T5494] do_syscall_64+0xfa/0x3b0
[ 107.109658][ T5494] ? lockdep_hardirqs_on+0x9c/0x150
[ 107.109668][ T5494] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 107.109678][ T5494] ? clear_bhb_loop+0x60/0xb0
[ 107.109690][ T5494] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 107.109700][ T5494] RIP: 0033:0x7f6a2838e9a9
[ 107.109711][ T5494] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 107.109720][ T5494] RSP: 002b:00007ffd7d90efb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000057
[ 107.109733][ T5494] RAX: ffffffffffffffda RBX: 00007f6a285b5fa0 RCX: 00007f6a2838e9a9
[ 107.109741][ T5494] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000180
[ 107.109747][ T5494] RBP: 00007f6a28410d69 R08: 0000000000000000 R09: 0000000000000000
[ 107.109753][ T5494] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 107.109759][ T5494] R13: 00007f6a285b5fa0 R14: 00007f6a285b5fa0 R15: 0000000000000001
[ 107.109770][ T5494]
[ 107.109774][ T5494]
[ 107.241670][ T5494] Allocated by task 5494:
[ 107.243583][ T5494] kasan_save_track+0x3e/0x80
[ 107.245623][ T5494] __kasan_kmalloc+0x93/0xb0
[ 107.247631][ T5494] __kmalloc_node_track_caller_noprof+0x271/0x4e0
[ 107.250363][ T5494] kmemdup_noprof+0x2b/0x70
[ 107.252332][ T5494] ext4_xattr_block_set+0x781/0x2ac0
[ 107.255284][ T5494] ext4_expand_extra_isize_ea+0x12d5/0x1ea0
[ 107.258018][ T5494] __ext4_expand_extra_isize+0x30d/0x400
[ 107.260624][ T5494] __ext4_mark_inode_dirty+0x46c/0x700
[ 107.263019][ T5494] __ext4_unlink+0x631/0xab0
[ 107.265043][ T5494] ext4_unlink+0x216/0x5d0
[ 107.267075][ T5494] vfs_unlink+0x391/0x650
[ 107.269325][ T5494] do_unlinkat+0x350/0x560
[ 107.271855][ T5494] __x64_sys_unlink+0x47/0x50
[ 107.274353][ T5494] do_syscall_64+0xfa/0x3b0
[ 107.276956][ T5494] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 107.280046][ T5494]
[ 107.281163][ T5494] The buggy address belongs to the object at ffff88804034f000
[ 107.281163][ T5494] which belongs to the cache kmalloc-1k of size 1024
[ 107.287137][ T5494] The buggy address is located 80 bytes inside of
[ 107.287137][ T5494] 1024-byte region [ffff88804034f000, ffff88804034f400)
[ 107.292513][ T5494]
[ 107.293604][ T5494] The buggy address belongs to the physical page:
[ 107.296489][ T5494] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4034c
[ 107.300211][ T5494] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 107.303739][ T5494] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff)
[ 107.307137][ T5494] page_type: f5(slab)
[ 107.308919][ T5494] raw: 04fff00000000040 ffff88801a441dc0 ffffea0000fd5000 dead000000000004
[ 107.312448][ T5494] raw: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000
[ 107.315993][ T5494] head: 04fff00000000040 ffff88801a441dc0 ffffea0000fd5000 dead000000000004
[ 107.319832][ T5494] head: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000
[ 107.323989][ T5494] head: 04fff00000000002 ffffea000100d301 00000000ffffffff 00000000ffffffff
[ 107.327737][ T5494] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[ 107.331399][ T5494] page dumped because: kasan: bad access detected
[ 107.334143][ T5494] page_owner tracks the page as allocated
[ 107.336664][ T5494] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 29775688485, free_ts 29772010363
[ 107.345202][ T5494] post_alloc_hook+0x240/0x2a0
[ 107.347421][ T5494] get_page_from_freelist+0x21e4/0x22c0
[ 107.349979][ T5494] __alloc_frozen_pages_noprof+0x181/0x370
[ 107.352846][ T5494] alloc_pages_mpol+0x232/0x4a0
[ 107.354951][ T5494] allocate_slab+0x8a/0x3b0
[ 107.356916][ T5494] ___slab_alloc+0xbfc/0x1480
[ 107.359045][ T5494] __kmalloc_noprof+0x305/0x4f0
[ 107.360971][ T5494] ext4_mb_init+0x81d/0x2860
[ 107.362998][ T5494] ext4_fill_super+0x5231/0x6080
[ 107.365344][ T5494] get_tree_bdev_flags+0x40b/0x4d0
[ 107.367743][ T5494] vfs_get_tree+0x92/0x2b0
[ 107.369763][ T5494] do_new_mount+0x24a/0xa40
[ 107.371832][ T5494] init_mount+0xd1/0x120
[ 107.373884][ T5494] do_mount_root+0x120/0x2b0
[ 107.375967][ T5494] mount_root_generic+0x1e0/0x440
[ 107.378199][ T5494] prepare_namespace+0xc2/0x100
[ 107.380353][ T5494] page last free pid 1 tgid 1 stack trace:
[ 107.382903][ T5494] __free_frozen_pages+0xc71/0xe70
[ 107.385262][ T5494] stack_depot_save_flags+0x445/0x900
[ 107.387861][ T5494] kasan_save_track+0x4f/0x80
[ 107.390177][ T5494] __kasan_kmalloc+0x93/0xb0
[ 107.392194][ T5494] __kmalloc_noprof+0x27a/0x4f0
[ 107.394321][ T5494] shrinker_alloc+0x199/0xa70
[ 107.396416][ T5494] mb_cache_create+0x32e/0x540
[ 107.398546][ T5494] ext4_fill_super+0x4087/0x6080
[ 107.400694][ T5494] get_tree_bdev_flags+0x40b/0x4d0
[ 107.402842][ T5494] vfs_get_tree+0x92/0x2b0
[ 107.404750][ T5494] do_new_mount+0x24a/0xa40
[ 107.406724][ T5494] init_mount+0xd1/0x120
[ 107.408609][ T5494] do_mount_root+0x120/0x2b0
[ 107.410700][ T5494] mount_root_generic+0x1e0/0x440
[ 107.412900][ T5494] prepare_namespace+0xc2/0x100
[ 107.415102][ T5494] kernel_init_freeable+0x41a/0x570
[ 107.417369][ T5494]
[ 107.418436][ T5494] Memory state around the buggy address:
[ 107.420822][ T5494] ffff88804034ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 107.424095][ T5494] ffff88804034ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 107.428006][ T5494] >ffff88804034f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 107.431866][ T5494] ^
[ 107.434769][ T5494] ffff88804034f080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 107.438272][ T5494] ffff88804034f100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 107.441663][ T5494] ==================================================================
[ 107.606578][ T5494] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 107.609524][ T5494] CPU: 0 UID: 0 PID: 5494 Comm: syz.0.16 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full)
[ 107.613692][ T5494] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 107.618594][ T5494] Call Trace:
[ 107.620133][ T5494]
[ 107.621463][ T5494] dump_stack_lvl+0x99/0x250
[ 107.623532][ T5494] ? __asan_memcpy+0x40/0x70
[ 107.625609][ T5494] ? __pfx_dump_stack_lvl+0x10/0x10
[ 107.627839][ T5494] ? __pfx__printk+0x10/0x10
[ 107.629918][ T5494] panic+0x2db/0x790
[ 107.631730][ T5494] ? __pfx_panic+0x10/0x10
[ 107.633774][ T5494] ? _raw_spin_unlock_irqrestore+0xfd/0x110
[ 107.636504][ T5494] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 107.639259][ T5494] ? print_memory_metadata+0x314/0x400
[ 107.641683][ T5494] ? ext4_xattr_set_entry+0x8e9/0x1e20
[ 107.644073][ T5494] check_panic_on_warn+0x89/0xb0
[ 107.646299][ T5494] ? ext4_xattr_set_entry+0x8e9/0x1e20
[ 107.648745][ T5494] end_report+0x78/0x160
[ 107.650557][ T5494] kasan_report+0x129/0x150
[ 107.652425][ T5494] ? ext4_xattr_set_entry+0x8e9/0x1e20
[ 107.654672][ T5494] ? ext4_xattr_set_entry+0x8e9/0x1e20
[ 107.656930][ T5494] kasan_check_range+0x2b0/0x2c0
[ 107.658958][ T5494] ? ext4_xattr_set_entry+0x8e9/0x1e20
[ 107.661132][ T5494] __asan_memmove+0x29/0x70
[ 107.663034][ T5494] ext4_xattr_set_entry+0x8e9/0x1e20
[ 107.665440][ T5494] ext4_xattr_block_set+0x872/0x2ac0
[ 107.667994][ T5494] ? fs_reclaim_acquire+0x7d/0x100
[ 107.670398][ T5494] ? __pfx_check_xattrs+0x10/0x10
[ 107.672663][ T5494] ? __pfx_ext4_xattr_block_set+0x10/0x10
[ 107.674999][ T5494] ? ext4_xattr_block_find+0x2d4/0x350
[ 107.677179][ T5494] ext4_expand_extra_isize_ea+0x12d5/0x1ea0
[ 107.679592][ T5494] __ext4_expand_extra_isize+0x30d/0x400
[ 107.681868][ T5494] __ext4_mark_inode_dirty+0x46c/0x700
[ 107.684249][ T5494] __ext4_unlink+0x631/0xab0
[ 107.686483][ T5494] ? __pfx___ext4_unlink+0x10/0x10
[ 107.688781][ T5494] ? __pfx___dquot_initialize+0x10/0x10
[ 107.691194][ T5494] ? down_write+0x162/0x1f0
[ 107.693207][ T5494] ext4_unlink+0x216/0x5d0
[ 107.695260][ T5494] vfs_unlink+0x391/0x650
[ 107.697178][ T5494] do_unlinkat+0x350/0x560
[ 107.699228][ T5494] ? __pfx_do_unlinkat+0x10/0x10
[ 107.701466][ T5494] ? getname_flags+0x1e5/0x540
[ 107.703721][ T5494] __x64_sys_unlink+0x47/0x50
[ 107.706113][ T5494] do_syscall_64+0xfa/0x3b0
[ 107.708556][ T5494] ? lockdep_hardirqs_on+0x9c/0x150
[ 107.711002][ T5494] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 107.713602][ T5494] ? clear_bhb_loop+0x60/0xb0
[ 107.715706][ T5494] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 107.718288][ T5494] RIP: 0033:0x7f6a2838e9a9
[ 107.720320][ T5494] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 107.728985][ T5494] RSP: 002b:00007ffd7d90efb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000057
[ 107.733500][ T5494] RAX: ffffffffffffffda RBX: 00007f6a285b5fa0 RCX: 00007f6a2838e9a9
[ 107.737117][ T5494] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000180
[ 107.740608][ T5494] RBP: 00007f6a28410d69 R08: 0000000000000000 R09: 0000000000000000
[ 107.744015][ T5494] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 107.747538][ T5494] R13: 00007f6a285b5fa0 R14: 00007f6a285b5fa0 R15: 0000000000000001
[ 107.751401][ T5494]
[ 107.753664][ T5494] Kernel Offset: disabled
[ 107.756103][ T5494] Rebooting in 86400 seconds..
VM DIAGNOSIS:
02:22:41 Registers:
info registers vcpu 0
CPU#0
RAX=0000000000000064 RBX=0000000000000064 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc90002b2eed0
R8 =ffff888033da0237 R9 =1ffff110067b4046 R10=dffffc0000000000 R11=ffffffff8547a7e0
R12=dffffc0000000000 R13=ffffffff99afc89b R14=ffffffff99e01700 R15=0000000000000000
RIP=ffffffff8547a85c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 000055557487f500 ffffffff 00c00000
GS =0000 ffff88808d218000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007ffdeebc6f38 CR3=00000000509c6000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000002000 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd7d90f290 0000003000000018
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6a28411d42
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6a28411d4f
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6a28411d49
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6a28411d5d
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6a28411de3
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6a28411ec1
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000