Warning: Permanently added '[localhost]:15689' (ED25519) to the list of known hosts.
2025/10/01 19:23:20 parsed 1 programs
syzkaller login: [ 84.139840][ T5324] cgroup: Unknown subsys name 'net'
[ 84.207950][ T5324] cgroup: Unknown subsys name 'cpuset'
[ 84.214844][ T5324] cgroup: Unknown subsys name 'rlimit'
[ 85.857242][ T5324] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 89.581182][ T5335] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 90.050458][ T5349] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 90.056697][ T45] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 90.060248][ T45] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 90.065640][ T45] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 90.069069][ T45] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 90.444006][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 90.447403][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 90.508229][ T1043] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 90.511759][ T1043] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 91.886901][ T9] cfg80211: failed to load regulatory.db
[ 92.860370][ T5396] chnl_net:caif_netlink_parms(): no params data found
[ 92.927953][ T5396] bridge0: port 1(bridge_slave_0) entered blocking state
[ 92.931431][ T5396] bridge0: port 1(bridge_slave_0) entered disabled state
[ 92.935369][ T5396] bridge_slave_0: entered allmulticast mode
[ 92.939743][ T5396] bridge_slave_0: entered promiscuous mode
[ 92.946352][ T5396] bridge0: port 2(bridge_slave_1) entered blocking state
[ 92.949402][ T5396] bridge0: port 2(bridge_slave_1) entered disabled state
[ 92.952443][ T5396] bridge_slave_1: entered allmulticast mode
[ 92.956453][ T5396] bridge_slave_1: entered promiscuous mode
[ 92.980023][ T5396] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 92.986408][ T5396] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 93.009192][ T5396] team0: Port device team_slave_0 added
[ 93.014075][ T5396] team0: Port device team_slave_1 added
[ 93.034180][ T5396] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 93.037086][ T5396] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 93.049277][ T5396] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 93.056042][ T5396] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 93.058985][ T5396] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 93.070536][ T5396] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 93.104775][ T5396] hsr_slave_0: entered promiscuous mode
[ 93.107986][ T5396] hsr_slave_1: entered promiscuous mode
[ 93.249432][ T5396] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 93.258633][ T5396] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 93.264876][ T5396] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 93.271537][ T5396] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 93.301488][ T5396] bridge0: port 2(bridge_slave_1) entered blocking state
[ 93.305354][ T5396] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 93.309192][ T5396] bridge0: port 1(bridge_slave_0) entered blocking state
[ 93.312364][ T5396] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 93.399379][ T5396] 8021q: adding VLAN 0 to HW filter on device bond0
[ 93.416747][ T1043] bridge0: port 1(bridge_slave_0) entered disabled state
[ 93.420816][ T1043] bridge0: port 2(bridge_slave_1) entered disabled state
[ 93.433862][ T5396] 8021q: adding VLAN 0 to HW filter on device team0
[ 93.442864][ T1043] bridge0: port 1(bridge_slave_0) entered blocking state
[ 93.446237][ T1043] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 93.462325][ T1043] bridge0: port 2(bridge_slave_1) entered blocking state
[ 93.465611][ T1043] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 93.648901][ T5396] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 93.688802][ T5396] veth0_vlan: entered promiscuous mode
[ 93.698556][ T5396] veth1_vlan: entered promiscuous mode
[ 93.727290][ T5396] veth0_macvtap: entered promiscuous mode
[ 93.732669][ T5396] veth1_macvtap: entered promiscuous mode
[ 93.751415][ T5396] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 93.763736][ T5396] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 93.776291][ T1043] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 93.788343][ T1043] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 93.792425][ T1043] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 93.806188][ T1043] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 93.948587][ T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 94.025036][ T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 94.074373][ T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 94.136706][ T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/10/01 19:23:34 executed programs: 0
[ 95.629759][ T45] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 95.637716][ T45] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 95.641366][ T45] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 95.646727][ T45] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 95.650321][ T45] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 95.816016][ T5436] chnl_net:caif_netlink_parms(): no params data found
[ 95.888566][ T5436] bridge0: port 1(bridge_slave_0) entered blocking state
[ 95.891769][ T5436] bridge0: port 1(bridge_slave_0) entered disabled state
[ 95.895817][ T5436] bridge_slave_0: entered allmulticast mode
[ 95.900479][ T5436] bridge_slave_0: entered promiscuous mode
[ 95.906498][ T5436] bridge0: port 2(bridge_slave_1) entered blocking state
[ 95.909764][ T5436] bridge0: port 2(bridge_slave_1) entered disabled state
[ 95.915717][ T5436] bridge_slave_1: entered allmulticast mode
[ 95.919832][ T5436] bridge_slave_1: entered promiscuous mode
[ 95.954296][ T5436] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 95.961715][ T5436] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 95.991011][ T5436] team0: Port device team_slave_0 added
[ 95.996597][ T5436] team0: Port device team_slave_1 added
[ 96.020895][ T5436] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 96.024967][ T5436] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 96.038947][ T5436] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 96.051211][ T5436] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 96.055187][ T5436] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 96.067133][ T5436] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 96.108368][ T5436] hsr_slave_0: entered promiscuous mode
[ 96.111617][ T5436] hsr_slave_1: entered promiscuous mode
[ 96.116089][ T5436] debugfs: 'hsr0' already exists in 'hsr'
[ 96.118580][ T5436] Cannot create hsr debugfs directory
[ 96.375802][ T13] bridge_slave_1: left allmulticast mode
[ 96.378410][ T13] bridge_slave_1: left promiscuous mode
[ 96.381590][ T13] bridge0: port 2(bridge_slave_1) entered disabled state
[ 96.396827][ T13] bridge_slave_0: left allmulticast mode
[ 96.399072][ T13] bridge_slave_0: left promiscuous mode
[ 96.401380][ T13] bridge0: port 1(bridge_slave_0) entered disabled state
[ 96.841244][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 96.850140][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 96.855291][ T13] bond0 (unregistering): Released all slaves
[ 96.945485][ T13] hsr_slave_0: left promiscuous mode
[ 96.948325][ T13] hsr_slave_1: left promiscuous mode
[ 96.951027][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 96.956727][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 96.960629][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 96.965732][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 96.978387][ T13] veth1_macvtap: left promiscuous mode
[ 96.981021][ T13] veth0_macvtap: left promiscuous mode
[ 96.985021][ T13] veth1_vlan: left promiscuous mode
[ 96.987305][ T13] veth0_vlan: left promiscuous mode
[ 97.275902][ T13] team0 (unregistering): Port device team_slave_1 removed
[ 97.297290][ T13] team0 (unregistering): Port device team_slave_0 removed
[ 97.733823][ T45] Bluetooth: hci0: command tx timeout
[ 97.797883][ T5436] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 97.817918][ T5436] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 97.832740][ T5436] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 98.045995][ T5436] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 98.319170][ T5436] 8021q: adding VLAN 0 to HW filter on device bond0
[ 98.385091][ T5436] 8021q: adding VLAN 0 to HW filter on device team0
[ 98.392278][ T38] bridge0: port 1(bridge_slave_0) entered blocking state
[ 98.395366][ T38] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 98.419504][ T13] bridge0: port 2(bridge_slave_1) entered blocking state
[ 98.423256][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 98.497110][ T5436] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 98.796128][ T5436] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 98.861646][ T5436] veth0_vlan: entered promiscuous mode
[ 98.878708][ T5436] veth1_vlan: entered promiscuous mode
[ 98.931456][ T5436] veth0_macvtap: entered promiscuous mode
[ 98.940307][ T5436] veth1_macvtap: entered promiscuous mode
[ 98.955061][ T5436] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 98.964514][ T5436] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 98.974162][ T31] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 98.988788][ T31] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 98.992491][ T31] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 99.014439][ T31] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 99.056297][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 99.059642][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 99.097095][ T31] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 99.100169][ T31] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 99.159149][ T5477] loop0: detected capacity change from 0 to 1024
[ 99.189390][ T5477] EXT4-fs (loop0): Test dummy encryption mode enabled
[ 99.197369][ T5477] EXT4-fs (loop0): stripe (7) is not aligned with cluster size (16), stripe is disabled
[ 99.238417][ T5477] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 99.268792][ T5477] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni"
[ 99.293861][ T5477] loop0: detected capacity change from 1024 to 767
[ 99.311352][ T5477] ==================================================================
[ 99.314941][ T5477] BUG: KASAN: use-after-free in ext4_search_dir+0xf1/0x1b0
[ 99.318264][ T5477] Read of size 1 at addr ffff8880461b6416 by task syz.0.17/5477
[ 99.322299][ T5477]
[ 99.323399][ T5477] CPU: 0 UID: 0 PID: 5477 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)
[ 99.323414][ T5477] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 99.323422][ T5477] Call Trace:
[ 99.323429][ T5477]
[ 99.323436][ T5477] dump_stack_lvl+0x189/0x250
[ 99.323455][ T5477] ? __virt_addr_valid+0x1c8/0x5c0
[ 99.323472][ T5477] ? rcu_is_watching+0x15/0xb0
[ 99.323487][ T5477] ? __pfx_dump_stack_lvl+0x10/0x10
[ 99.323501][ T5477] ? rcu_is_watching+0x15/0xb0
[ 99.323514][ T5477] ? lock_release+0x4b/0x3e0
[ 99.323526][ T5477] ? _raw_spin_lock_irqsave+0xb3/0xf0
[ 99.323591][ T5477] ? __virt_addr_valid+0x1c8/0x5c0
[ 99.323607][ T5477] ? __virt_addr_valid+0x4a5/0x5c0
[ 99.323624][ T5477] print_report+0xca/0x240
[ 99.323638][ T5477] ? ext4_search_dir+0xf1/0x1b0
[ 99.323649][ T5477] kasan_report+0x118/0x150
[ 99.323663][ T5477] ? ext4_search_dir+0xf1/0x1b0
[ 99.323676][ T5477] ext4_search_dir+0xf1/0x1b0
[ 99.323689][ T5477] ext4_find_inline_entry+0x492/0x5f0
[ 99.323703][ T5477] ? __pfx_ext4_find_inline_entry+0x10/0x10
[ 99.323716][ T5477] ? kasan_quarantine_put+0xdd/0x220
[ 99.323731][ T5477] __ext4_find_entry+0x2fd/0x1f20
[ 99.323750][ T5477] ? __pfx___ext4_find_entry+0x10/0x10
[ 99.323764][ T5477] ? ext4_fname_prepare_lookup+0x3b8/0x4c0
[ 99.323783][ T5477] ext4_lookup+0x13d/0x6c0
[ 99.323795][ T5477] ? apparmor_path_mknod+0x1b1/0x230
[ 99.323813][ T5477] ? __pfx_ext4_lookup+0x10/0x10
[ 99.323829][ T5477] ? inode_permission+0x149/0x470
[ 99.323843][ T5477] ? bpf_lsm_path_mknod+0x9/0x20
[ 99.323857][ T5477] ? bpf_lsm_inode_create+0x9/0x20
[ 99.323873][ T5477] path_openat+0x1101/0x3830
[ 99.323893][ T5477] ? __pfx_path_openat+0x10/0x10
[ 99.323903][ T5477] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 99.323920][ T5477] do_filp_open+0x1fa/0x410
[ 99.323930][ T5477] ? __lock_acquire+0xab9/0xd20
[ 99.323942][ T5477] ? __pfx_do_filp_open+0x10/0x10
[ 99.323958][ T5477] ? _raw_spin_unlock+0x28/0x50
[ 99.323973][ T5477] ? alloc_fd+0x64c/0x6c0
[ 99.323989][ T5477] do_sys_openat2+0x121/0x1c0
[ 99.324006][ T5477] ? __se_sys_futex+0x36f/0x400
[ 99.324027][ T5477] ? __pfx_do_sys_openat2+0x10/0x10
[ 99.324070][ T5477] ? __pfx___se_sys_futex+0x10/0x10
[ 99.324093][ T5477] ? rcu_is_watching+0x15/0xb0
[ 99.324108][ T5477] __x64_sys_creat+0x8f/0xc0
[ 99.324126][ T5477] do_syscall_64+0xfa/0x3b0
[ 99.324139][ T5477] ? lockdep_hardirqs_on+0x9c/0x150
[ 99.324156][ T5477] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 99.324167][ T5477] ? clear_bhb_loop+0x60/0xb0
[ 99.324180][ T5477] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 99.324192][ T5477] RIP: 0033:0x7f7a4b58eec9
[ 99.324205][ T5477] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 99.324215][ T5477] RSP: 002b:00007ffdc1eedf58 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[ 99.324229][ T5477] RAX: ffffffffffffffda RBX: 00007f7a4b7e5fa0 RCX: 00007f7a4b58eec9
[ 99.324237][ T5477] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000100
[ 99.324245][ T5477] RBP: 00007f7a4b611f91 R08: 0000000000000000 R09: 0000000000000000
[ 99.324253][ T5477] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 99.324259][ T5477] R13: 00007f7a4b7e5fa0 R14: 00007f7a4b7e5fa0 R15: 0000000000000002
[ 99.324272][ T5477]
[ 99.324276][ T5477]
[ 99.467040][ T5477] The buggy address belongs to the physical page:
[ 99.469850][ T5477] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x461b6
[ 99.473620][ T5477] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[ 99.476855][ T5477] raw: 04fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 99.480592][ T5477] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 99.484380][ T5477] page dumped because: kasan: bad access detected
[ 99.487302][ T5477] page_owner tracks the page as freed
[ 99.489860][ T5477] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5434, tgid 5434 (syz-executor), ts 95394771104, free_ts 96675999104
[ 99.498424][ T5477] post_alloc_hook+0x240/0x2a0
[ 99.500520][ T5477] get_page_from_freelist+0x21e4/0x22c0
[ 99.502922][ T5477] __alloc_frozen_pages_noprof+0x181/0x370
[ 99.505445][ T5477] alloc_pages_mpol+0x232/0x4a0
[ 99.507511][ T5477] allocate_slab+0x8a/0x370
[ 99.509482][ T5477] ___slab_alloc+0xbeb/0x1420
[ 99.511632][ T5477] __kmalloc_noprof+0x305/0x4f0
[ 99.513853][ T5477] tomoyo_realpath_from_path+0xe3/0x5d0
[ 99.516338][ T5477] tomoyo_path_perm+0x213/0x4b0
[ 99.518515][ T5477] security_inode_getattr+0x12f/0x330
[ 99.520733][ T5477] vfs_statx+0x18e/0x550
[ 99.522607][ T5477] vfs_fstatat+0x118/0x170
[ 99.524480][ T5477] __x64_sys_newfstatat+0x116/0x190
[ 99.526468][ T5477] do_syscall_64+0xfa/0x3b0
[ 99.528454][ T5477] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 99.530957][ T5477] page last free pid 13 tgid 13 stack trace:
[ 99.533601][ T5477] __free_frozen_pages+0xbc4/0xd30
[ 99.535874][ T5477] __put_partials+0x156/0x1a0
[ 99.537861][ T5477] put_cpu_partial+0x17c/0x250
[ 99.539849][ T5477] __slab_free+0x2d5/0x3c0
[ 99.541853][ T5477] qlist_free_all+0x97/0x140
[ 99.543954][ T5477] kasan_quarantine_reduce+0x148/0x160
[ 99.546460][ T5477] __kasan_slab_alloc+0x22/0x80
[ 99.548681][ T5477] kmem_cache_alloc_node_noprof+0x1bb/0x3c0
[ 99.551286][ T5477] __alloc_skb+0x112/0x2d0
[ 99.553274][ T5477] rtmsg_fib+0xea/0x4c0
[ 99.555107][ T5477] fib_table_delete+0xca9/0xf80
[ 99.557259][ T5477] fib_magic+0x2e4/0x390
[ 99.559060][ T5477] fib_del_ifaddr+0x1082/0x1480
[ 99.561214][ T5477] fib_inetaddr_event+0xbb/0x190
[ 99.563538][ T5477] notifier_call_chain+0x1b6/0x3e0
[ 99.565876][ T5477] blocking_notifier_call_chain+0x6a/0x90
[ 99.568388][ T5477]
[ 99.569532][ T5477] Memory state around the buggy address:
[ 99.572011][ T5477] ffff8880461b6300: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 99.575325][ T5477] ffff8880461b6380: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 99.578926][ T5477] >ffff8880461b6400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 99.582478][ T5477] ^
[ 99.584435][ T5477] ffff8880461b6480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 99.587860][ T5477] ffff8880461b6500: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 99.591362][ T5477] ==================================================================
[ 99.628820][ T5477] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 99.632087][ T5477] CPU: 0 UID: 0 PID: 5477 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)
[ 99.636084][ T5477] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 99.640715][ T5477] Call Trace:
[ 99.642146][ T5477]
[ 99.643471][ T5477] dump_stack_lvl+0x99/0x250
[ 99.645546][ T5477] ? __asan_memcpy+0x40/0x70
[ 99.647665][ T5477] ? __pfx_dump_stack_lvl+0x10/0x10
[ 99.649932][ T5477] ? __pfx__printk+0x10/0x10
[ 99.651906][ T5477] vpanic+0x281/0x750
[ 99.653756][ T5477] ? preempt_schedule+0xae/0xc0
[ 99.655785][ T5477] ? __pfx_vpanic+0x10/0x10
[ 99.657688][ T5477] ? preempt_schedule_common+0x83/0xd0
[ 99.660112][ T5477] ? preempt_schedule+0xae/0xc0
[ 99.662173][ T5477] ? __pfx_preempt_schedule+0x10/0x10
[ 99.664441][ T5477] panic+0xb9/0xc0
[ 99.666148][ T5477] ? __pfx_panic+0x10/0x10
[ 99.668065][ T5477] ? _raw_spin_unlock_irqrestore+0xfd/0x110
[ 99.670486][ T5477] ? is_module_address+0x17/0xf0
[ 99.672515][ T5477] ? ext4_search_dir+0xf1/0x1b0
[ 99.674522][ T5477] check_panic_on_warn+0x89/0xb0
[ 99.676700][ T5477] ? ext4_search_dir+0xf1/0x1b0
[ 99.678765][ T5477] end_report+0x78/0x160
[ 99.680639][ T5477] kasan_report+0x129/0x150
[ 99.682623][ T5477] ? ext4_search_dir+0xf1/0x1b0
[ 99.684706][ T5477] ext4_search_dir+0xf1/0x1b0
[ 99.686852][ T5477] ext4_find_inline_entry+0x492/0x5f0
[ 99.689317][ T5477] ? __pfx_ext4_find_inline_entry+0x10/0x10
[ 99.691804][ T5477] ? kasan_quarantine_put+0xdd/0x220
[ 99.694012][ T5477] __ext4_find_entry+0x2fd/0x1f20
[ 99.696249][ T5477] ? __pfx___ext4_find_entry+0x10/0x10
[ 99.698602][ T5477] ? ext4_fname_prepare_lookup+0x3b8/0x4c0
[ 99.701104][ T5477] ext4_lookup+0x13d/0x6c0
[ 99.702968][ T5477] ? apparmor_path_mknod+0x1b1/0x230
[ 99.705197][ T5477] ? __pfx_ext4_lookup+0x10/0x10
[ 99.707329][ T5477] ? inode_permission+0x149/0x470
[ 99.709553][ T5477] ? bpf_lsm_path_mknod+0x9/0x20
[ 99.711822][ T5477] ? bpf_lsm_inode_create+0x9/0x20
[ 99.713795][ T5477] path_openat+0x1101/0x3830
[ 99.715729][ T5477] ? __pfx_path_openat+0x10/0x10
[ 99.717703][ T5477] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 99.720240][ T5477] do_filp_open+0x1fa/0x410
[ 99.722151][ T5477] ? __lock_acquire+0xab9/0xd20
[ 99.724269][ T5477] ? __pfx_do_filp_open+0x10/0x10
[ 99.726672][ T5477] ? _raw_spin_unlock+0x28/0x50
[ 99.728800][ T5477] ? alloc_fd+0x64c/0x6c0
[ 99.730642][ T5477] do_sys_openat2+0x121/0x1c0
[ 99.732623][ T5477] ? __se_sys_futex+0x36f/0x400
[ 99.734722][ T5477] ? __pfx_do_sys_openat2+0x10/0x10
[ 99.736819][ T5477] ? __pfx___se_sys_futex+0x10/0x10
[ 99.738962][ T5477] ? rcu_is_watching+0x15/0xb0
[ 99.741006][ T5477] __x64_sys_creat+0x8f/0xc0
[ 99.742866][ T5477] do_syscall_64+0xfa/0x3b0
[ 99.744770][ T5477] ? lockdep_hardirqs_on+0x9c/0x150
[ 99.747039][ T5477] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 99.749584][ T5477] ? clear_bhb_loop+0x60/0xb0
[ 99.751628][ T5477] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 99.754216][ T5477] RIP: 0033:0x7f7a4b58eec9
[ 99.756382][ T5477] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 99.764369][ T5477] RSP: 002b:00007ffdc1eedf58 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[ 99.767955][ T5477] RAX: ffffffffffffffda RBX: 00007f7a4b7e5fa0 RCX: 00007f7a4b58eec9
[ 99.771519][ T5477] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000100
[ 99.775128][ T5477] RBP: 00007f7a4b611f91 R08: 0000000000000000 R09: 0000000000000000
[ 99.778736][ T5477] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 99.782038][ T5477] R13: 00007f7a4b7e5fa0 R14: 00007f7a4b7e5fa0 R15: 0000000000000002
[ 99.785315][ T5477]
[ 99.786949][ T5477] Kernel Offset: disabled
[ 99.788788][ T5477] Rebooting in 86400 seconds..
VM DIAGNOSIS:
19:23:38 Registers:
info registers vcpu 0
CPU#0
RAX=0000000000000065 RBX=0000000000000065 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc90001a2ed10
R8 =ffff888033518237 R9 =1ffff110066a3046 R10=dffffc0000000000 R11=ffffffff850e5b50
R12=dffffc0000000000 R13=ffffffff995ad903 R14=ffffffff998a0400 R15=0000000000000000
RIP=ffffffff850e5bcc RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00005555576bb500 ffffffff 00c00000
GS =0000 ffff88808d967000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007f16a17b1000 CR3=0000000059d92000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000fffffc00 Opmask01=0000000000000000 Opmask02=000000000000003f Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffdc1eed4c0 00007ffdc1eed4a0
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffdc1eed600 00007ffdc1eed480
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffdc1eed4c0
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffdc1eed600
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffdc1eed600 00007ffdc1eed480
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffdc1eed4c0 00007ffdc1eed4a0
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffff00
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 7272727272727272 7272727272727272
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 7272727272727272 727272727272725e
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6130656c69662f2e
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0061616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000