Warning: Permanently added '[localhost]:50454' (ED25519) to the list of known hosts. 2026/06/21 03:31:20 parsed 1 programs Setting up swapspace version 1, size = 127995904 bytes [ 119.819733][ T5622] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 126.477726][ T5671] bridge0: port 1(bridge_slave_0) entered blocking state [ 126.490781][ T5671] bridge0: port 1(bridge_slave_0) entered disabled state [ 126.495075][ T5671] bridge_slave_0: entered allmulticast mode [ 126.505174][ T5671] bridge_slave_0: entered promiscuous mode [ 126.516637][ T5671] bridge0: port 2(bridge_slave_1) entered blocking state [ 126.530665][ T5671] bridge0: port 2(bridge_slave_1) entered disabled state [ 126.534585][ T5671] bridge_slave_1: entered allmulticast mode [ 126.538961][ T5671] bridge_slave_1: entered promiscuous mode [ 126.574603][ T5671] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 126.591660][ T5671] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 126.618839][ T5671] team0: Port device team_slave_0 added [ 126.631848][ T5671] team0: Port device team_slave_1 added [ 126.658712][ T5671] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 126.670247][ T5671] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 126.700740][ T5671] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 126.707181][ T5671] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 126.721377][ T5671] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 126.740635][ T5671] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 126.789278][ T5671] hsr_slave_0: entered promiscuous mode [ 126.801207][ T5671] hsr_slave_1: entered promiscuous mode [ 127.142080][ T5671] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 127.156587][ T5671] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 127.171105][ T5671] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 127.177092][ T5671] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 127.187093][ T5671] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 127.204646][ T5671] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 127.208725][ T5671] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 127.222569][ T5671] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 127.385593][ T5671] 8021q: adding VLAN 0 to HW filter on device bond0 [ 127.422750][ T5671] 8021q: adding VLAN 0 to HW filter on device team0 [ 127.451522][ T41] bridge0: port 1(bridge_slave_0) entered blocking state [ 127.455010][ T41] bridge0: port 1(bridge_slave_0) entered forwarding state [ 127.485989][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 127.489090][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 128.098639][ T5671] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 128.182280][ T5671] veth0_vlan: entered promiscuous mode [ 128.204625][ T5671] veth1_vlan: entered promiscuous mode [ 128.258064][ T5671] veth0_macvtap: entered promiscuous mode [ 128.282852][ T5671] veth1_macvtap: entered promiscuous mode [ 128.324256][ T5671] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 128.350293][ T5671] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 128.377202][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.387475][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.403815][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.421437][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.551131][ T173] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.606516][ T173] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.676231][ T173] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.718959][ T173] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.776517][ T68] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 128.795668][ T68] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 128.838155][ T68] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 128.851948][ T68] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 130.126101][ T173] bridge_slave_1: left allmulticast mode [ 130.147157][ T173] bridge_slave_1: left promiscuous mode [ 130.164356][ T173] bridge0: port 2(bridge_slave_1) entered disabled state [ 130.182270][ T173] bridge_slave_0: left allmulticast mode [ 130.185219][ T173] bridge_slave_0: left promiscuous mode [ 130.187910][ T173] bridge0: port 1(bridge_slave_0) entered disabled state [ 130.335234][ T173] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 130.348495][ T173] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 130.361208][ T173] bond0 (unregistering): Released all slaves [ 130.425150][ T173] hsr_slave_0: left promiscuous mode [ 130.434897][ T173] hsr_slave_1: left promiscuous mode [ 130.443819][ T173] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 130.450994][ T173] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 130.464487][ T173] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 130.468562][ T173] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 130.484253][ T173] veth1_macvtap: left promiscuous mode [ 130.490329][ T173] veth0_macvtap: left promiscuous mode [ 130.498850][ T173] veth1_vlan: left promiscuous mode [ 130.502510][ T173] veth0_vlan: left promiscuous mode [ 130.758096][ T173] team0 (unregistering): Port device team_slave_1 removed [ 130.774665][ T173] team0 (unregistering): Port device team_slave_0 removed [ 131.058427][ T5373] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 131.063198][ T5373] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 131.067026][ T5373] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 131.073396][ T5373] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 131.076756][ T5373] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 132.838388][ T5000] 8021q: adding VLAN 0 to HW filter on device eth2 [ 133.203198][ T5000] 8021q: adding VLAN 0 to HW filter on device eth3 2026/06/21 03:31:38 executed programs: 0 [ 133.507515][ T5000] 8021q: adding VLAN 0 to HW filter on device eth4 [ 133.551639][ T4654] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 133.555789][ T4654] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 133.561821][ T4654] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 133.565982][ T4654] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 133.569301][ T4654] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 133.926630][ T5000] 8021q: adding VLAN 0 to HW filter on device eth5 [ 134.221548][ T5827] bridge0: port 1(bridge_slave_0) entered blocking state [ 134.225490][ T5827] bridge0: port 1(bridge_slave_0) entered disabled state [ 134.228968][ T5827] bridge_slave_0: entered allmulticast mode [ 134.233709][ T5827] bridge_slave_0: entered promiscuous mode [ 134.239503][ T5827] bridge0: port 2(bridge_slave_1) entered blocking state [ 134.242996][ T5827] bridge0: port 2(bridge_slave_1) entered disabled state [ 134.246247][ T5827] bridge_slave_1: entered allmulticast mode [ 134.249562][ T5827] bridge_slave_1: entered promiscuous mode [ 134.267731][ T5827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 134.274382][ T5827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 134.294330][ T5827] team0: Port device team_slave_0 added [ 134.299488][ T5827] team0: Port device team_slave_1 added [ 134.316376][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 134.319567][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 134.332845][ T5827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 134.339102][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 134.343384][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 134.355516][ T5827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 134.381679][ T5827] hsr_slave_0: entered promiscuous mode [ 134.384849][ T5827] hsr_slave_1: entered promiscuous mode [ 134.601226][ T5827] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 134.612745][ T5827] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 134.622077][ T5827] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 134.636807][ T5827] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 134.650656][ T5827] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 134.655757][ T5827] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 134.663851][ T5827] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 134.675844][ T5827] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 134.706414][ T5827] bridge0: port 2(bridge_slave_1) entered blocking state [ 134.710401][ T5827] bridge0: port 2(bridge_slave_1) entered forwarding state [ 134.714050][ T5827] bridge0: port 1(bridge_slave_0) entered blocking state [ 134.717164][ T5827] bridge0: port 1(bridge_slave_0) entered forwarding state [ 134.809154][ T5827] 8021q: adding VLAN 0 to HW filter on device bond0 [ 134.832778][ T41] bridge0: port 1(bridge_slave_0) entered disabled state [ 134.841167][ T41] bridge0: port 2(bridge_slave_1) entered disabled state [ 134.856075][ T5827] 8021q: adding VLAN 0 to HW filter on device team0 [ 134.872661][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 134.876572][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 134.898341][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 134.901613][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 135.401610][ T5827] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 135.461389][ T5827] veth0_vlan: entered promiscuous mode [ 135.474737][ T5827] veth1_vlan: entered promiscuous mode [ 135.514968][ T5827] veth0_macvtap: entered promiscuous mode [ 135.528983][ T5827] veth1_macvtap: entered promiscuous mode [ 135.557850][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 135.572501][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 135.581336][ T4654] Bluetooth: hci0: command tx timeout [ 135.594054][ T41] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 135.604277][ T41] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 135.620217][ T41] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 135.627138][ T41] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 135.695341][ T41] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 135.706635][ T41] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 135.729887][ T41] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 135.734085][ T41] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 135.781699][ T5896] loop0: detected capacity change from 0 to 512 [ 135.793432][ T5896] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 135.803868][ T5896] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8842c01c, mo2=0002] [ 135.814794][ T5896] EXT4-fs (loop0): orphan cleanup on readonly fs [ 135.818018][ T5896] EXT4-fs error (device loop0): ext4_orphan_get:1399: inode #13: comm syz.0.17: iget: bad i_size value: 12154761577498 [ 135.837112][ T5896] loop0: lost file I/O error report for ino 13 type 5 pos 0x0 len 0x0 error -117 [ 135.837463][ T5896] EXT4-fs error (device loop0): ext4_orphan_get:1404: comm syz.0.17: couldn't read orphan inode 13 (err -117) [ 135.841837][ C0] EXT4-fs (loop0): error count since last fsck: 1 [ 135.841855][ C0] EXT4-fs (loop0): initial error at time 1782012700: ext4_orphan_get:1399: inode 13 [ 135.841872][ C0] EXT4-fs (loop0): last error at time 1782012700: ext4_orphan_get:1399: inode 13 [ 135.861233][ T5896] loop0: lost filesystem error report for type 5 error -117 [ 135.862099][ T5896] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 135.874802][ T5896] EXT4-fs warning (device loop0): dx_probe:861: inode #2: comm syz.0.17: dx entry: limit 65535 != root limit 120 [ 135.880661][ T5896] EXT4-fs warning (device loop0): dx_probe:934: inode #2: comm syz.0.17: Corrupt directory, running e2fsck is recommended [ 135.886221][ T5896] EXT4-fs error (device loop0): ext4_readdir:265: inode #2: block 3: comm syz.0.17: path /0/file0: bad entry in directory: directory entry overrun - offset=1023, inode=255, rec_len=1024, size=1024 fake=0 [ 135.899235][ T5827] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 135.938988][ T5899] loop0: detected capacity change from 0 to 512 [ 135.952120][ T5899] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 135.970640][ T5899] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8842c01c, mo2=0002] [ 135.974192][ T5899] EXT4-fs (loop0): orphan cleanup on readonly fs [ 135.977235][ T5899] EXT4-fs error (device loop0): ext4_orphan_get:1399: inode #13: comm syz.0.18: iget: bad i_size value: 12154761577498 [ 135.997479][ T5899] loop0: lost file I/O error report for ino 13 type 5 pos 0x0 len 0x0 error -117 [ 135.997750][ T5899] EXT4-fs error (device loop0): ext4_orphan_get:1404: comm syz.0.18: couldn't read orphan inode 13 (err -117) [ 136.002074][ C0] EXT4-fs (loop0): error count since last fsck: 1 [ 136.002095][ C0] EXT4-fs (loop0): initial error at time 1782012700: ext4_orphan_get:1399: inode 13 [ 136.002120][ C0] EXT4-fs (loop0): last error at time 1782012700: ext4_orphan_get:1399: inode 13 [ 136.020819][ T5899] loop0: lost filesystem error report for type 5 error -117 [ 136.021607][ T5899] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 136.033398][ T5899] EXT4-fs warning (device loop0): dx_probe:861: inode #2: comm syz.0.18: dx entry: limit 65535 != root limit 120 [ 136.038757][ T5899] EXT4-fs warning (device loop0): dx_probe:934: inode #2: comm syz.0.18: Corrupt directory, running e2fsck is recommended [ 136.045014][ T5899] EXT4-fs error (device loop0): ext4_readdir:265: inode #2: block 3: comm syz.0.18: path /1/file0: bad entry in directory: directory entry overrun - offset=1023, inode=4177066239, rec_len=63736, size=1024 fake=0 [ 136.059341][ T5827] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 136.127722][ T5902] loop0: detected capacity change from 0 to 512 [ 136.141528][ T5902] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 136.151712][ T5902] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8842c01c, mo2=0002] [ 136.164620][ T5902] EXT4-fs (loop0): orphan cleanup on readonly fs [ 136.167835][ T5902] EXT4-fs error (device loop0): ext4_orphan_get:1399: inode #13: comm syz.0.19: iget: bad i_size value: 12154761577498 [ 136.174659][ T5902] loop0: lost file I/O error report for ino 13 type 5 pos 0x0 len 0x0 error -117 [ 136.174965][ T5902] EXT4-fs error (device loop0): ext4_orphan_get:1404: comm syz.0.19: couldn't read orphan inode 13 (err -117) [ 136.184890][ C0] EXT4-fs (loop0): error count since last fsck: 1 [ 136.184905][ C0] EXT4-fs (loop0): initial error at time 1782012701: ext4_orphan_get:1399: inode 13 [ 136.184924][ C0] EXT4-fs (loop0): last error at time 1782012701: ext4_orphan_get:1399: inode 13 [ 136.196068][ T5902] loop0: lost filesystem error report for type 5 error -117 [ 136.196909][ T5902] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 136.207858][ T5902] EXT4-fs warning (device loop0): dx_probe:861: inode #2: comm syz.0.19: dx entry: limit 65535 != root limit 120 [ 136.214136][ T5902] EXT4-fs warning (device loop0): dx_probe:934: inode #2: comm syz.0.19: Corrupt directory, running e2fsck is recommended [ 136.222647][ T5902] EXT4-fs error (device loop0): ext4_readdir:265: inode #2: block 3: comm syz.0.19: path /2/file0: bad entry in directory: directory entry overrun - offset=1023, inode=8959, rec_len=1024, size=1024 fake=0 [ 136.235711][ T5827] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 136.288220][ T5905] loop0: detected capacity change from 0 to 512 [ 136.298133][ T5905] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 136.310840][ T5905] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8842c01c, mo2=0002] [ 136.319756][ T5905] EXT4-fs (loop0): orphan cleanup on readonly fs [ 136.325565][ T5905] EXT4-fs error (device loop0): ext4_orphan_get:1399: inode #13: comm syz.0.20: iget: bad i_size value: 12154761577498 [ 136.332189][ T5905] loop0: lost file I/O error report for ino 13 type 5 pos 0x0 len 0x0 error -117 [ 136.332537][ T5905] EXT4-fs error (device loop0): ext4_orphan_get:1404: comm syz.0.20: couldn't read orphan inode 13 (err -117) [ 136.342518][ C0] EXT4-fs (loop0): error count since last fsck: 1 [ 136.342535][ C0] EXT4-fs (loop0): initial error at time 1782012701: ext4_orphan_get:1399: inode 13 [ 136.342554][ C0] EXT4-fs (loop0): last error at time 1782012701: ext4_orphan_get:1399: inode 13 [ 136.356316][ T5905] loop0: lost filesystem error report for type 5 error -117 [ 136.357803][ T5905] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 136.368119][ T5905] EXT4-fs warning (device loop0): dx_probe:861: inode #2: comm syz.0.20: dx entry: limit 65535 != root limit 120 [ 136.374257][ T5905] EXT4-fs warning (device loop0): dx_probe:934: inode #2: comm syz.0.20: Corrupt directory, running e2fsck is recommended [ 136.382430][ T5905] ================================================================== [ 136.386861][ T5905] BUG: KASAN: slab-use-after-free in __ext4_check_dir_entry+0x71c/0x8a0 [ 136.390475][ T5905] Read of size 2 at addr ffff88805184c003 by task syz.0.20/5905 [ 136.394602][ T5905] [ 136.395854][ T5905] CPU: 0 UID: 0 PID: 5905 Comm: syz.0.20 Not tainted syzkaller #0 PREEMPT(full) [ 136.395871][ T5905] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 136.395879][ T5905] Call Trace: [ 136.395888][ T5905] [ 136.395895][ T5905] dump_stack_lvl+0xe8/0x150 [ 136.395917][ T5905] print_address_description+0x55/0x1e0 [ 136.395932][ T5905] ? __ext4_check_dir_entry+0x71c/0x8a0 [ 136.395946][ T5905] print_report+0x58/0x70 [ 136.395957][ T5905] kasan_report+0x117/0x150 [ 136.395976][ T5905] ? __ext4_check_dir_entry+0x71c/0x8a0 [ 136.395990][ T5905] __ext4_check_dir_entry+0x71c/0x8a0 [ 136.396007][ T5905] ext4_readdir+0x14eb/0x41b0 [ 136.396029][ T5905] ? __pfx_ext4_readdir+0x10/0x10 [ 136.396043][ T5905] ? iterate_dir+0x209/0x4d0 [ 136.396055][ T5905] ? rcu_is_watching+0x15/0xb0 [ 136.396080][ T5905] ? iterate_dir+0x209/0x4d0 [ 136.396091][ T5905] ? down_read_killable+0x1bb/0x3b0 [ 136.396163][ T5905] iterate_dir+0x2e2/0x4d0 [ 136.396177][ T5905] __se_sys_getdents64+0xf1/0x280 [ 136.396190][ T5905] ? __pfx___se_sys_getdents64+0x10/0x10 [ 136.396202][ T5905] ? __pfx_filldir64+0x10/0x10 [ 136.396214][ T5905] ? rcu_is_watching+0x15/0xb0 [ 136.396260][ T5905] ? rcu_is_watching+0x15/0xb0 [ 136.396276][ T5905] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.396289][ T5905] do_syscall_64+0x174/0x580 [ 136.396306][ T5905] ? trace_irq_disable+0x3b/0x140 [ 136.396324][ T5905] ? clear_bhb_loop+0x40/0x90 [ 136.396338][ T5905] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.396351][ T5905] RIP: 0033:0x7f5c9b39af39 [ 136.396365][ T5905] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 136.396375][ T5905] RSP: 002b:00007f5c9c232028 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 136.396389][ T5905] RAX: ffffffffffffffda RBX: 00007f5c9b605fa0 RCX: 00007f5c9b39af39 [ 136.396398][ T5905] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 136.396406][ T5905] RBP: 00007f5c9b42fee0 R08: 0000000000000000 R09: 0000000000000000 [ 136.396414][ T5905] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 136.396421][ T5905] R13: 00007f5c9b606038 R14: 00007f5c9b605fa0 R15: 00007ffd35fec3f8 [ 136.396435][ T5905] [ 136.396439][ T5905] [ 136.499476][ T5905] Allocated by task 5632: [ 136.501312][ T5905] kasan_save_track+0x3e/0x80 [ 136.503244][ T5905] __kasan_slab_alloc+0x6c/0x80 [ 136.505833][ T5905] kmem_cache_alloc_node_noprof+0x380/0x680 [ 136.508874][ T5905] __alloc_skb+0x1d7/0x7a0 [ 136.511115][ T5905] alloc_skb_with_frags+0xc6/0x760 [ 136.513384][ T5905] sock_alloc_send_pskb+0x878/0x990 [ 136.515694][ T5905] unix_dgram_sendmsg+0x4fe/0x1870 [ 136.517984][ T5905] sock_sendmsg_nosec+0x13a/0x180 [ 136.520398][ T5905] sock_write_iter+0x2de/0x3e0 [ 136.522732][ T5905] vfs_write+0x612/0xba0 [ 136.524927][ T5905] ksys_write+0x150/0x270 [ 136.527518][ T5905] do_syscall_64+0x174/0x580 [ 136.529879][ T5905] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.532631][ T5905] [ 136.533784][ T5905] Freed by task 4704: [ 136.535759][ T5905] kasan_save_track+0x3e/0x80 [ 136.538102][ T5905] kasan_save_free_info+0x40/0x50 [ 136.540492][ T5905] __kasan_slab_free+0x5c/0x80 [ 136.542561][ T5905] kmem_cache_free+0x182/0x650 [ 136.544624][ T5905] __unix_dgram_recvmsg+0x9e8/0xdc0 [ 136.547119][ T5905] sock_recvmsg+0x196/0x1e0 [ 136.549510][ T5905] ____sys_recvmsg+0x1e6/0x4a0 [ 136.552107][ T5905] ___sys_recvmsg+0x213/0x5a0 [ 136.554388][ T5905] __x64_sys_recvmsg+0x1ae/0x290 [ 136.556516][ T5905] do_syscall_64+0x174/0x580 [ 136.558553][ T5905] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.561091][ T5905] [ 136.562306][ T5905] The buggy address belongs to the object at ffff88805184c000 [ 136.562306][ T5905] which belongs to the cache skbuff_head_cache of size 240 [ 136.569710][ T5905] The buggy address is located 3 bytes inside of [ 136.569710][ T5905] freed 240-byte region [ffff88805184c000, ffff88805184c0f0) [ 136.575386][ T5905] [ 136.576579][ T5905] The buggy address belongs to the physical page: [ 136.579363][ T5905] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5184c [ 136.583335][ T5905] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 136.587919][ T5905] page_type: f5(slab) [ 136.590053][ T5905] raw: 04fff00000000000 ffff88801b7fda00 dead000000000122 0000000000000000 [ 136.593744][ T5905] raw: 0000000000000000 00000008000c000c 00000000f5000000 0000000000000000 [ 136.597397][ T5905] page dumped because: kasan: bad access detected [ 136.600139][ T5905] page_owner tracks the page as allocated [ 136.602573][ T5905] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd2cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5827, tgid 5827 (syz-executor), ts 135699774369, free_ts 135691725720 [ 136.613015][ T5905] post_alloc_hook+0x1f9/0x250 [ 136.615106][ T5905] get_page_from_freelist+0x21fa/0x2270 [ 136.617308][ T5905] __alloc_frozen_pages_noprof+0x18d/0x380 [ 136.619743][ T5905] allocate_slab+0x74/0x5d0 [ 136.621678][ T5905] refill_objects+0x328/0x3c0 [ 136.624013][ T5905] __pcs_replace_empty_main+0x2e0/0x6b0 [ 136.627017][ T5905] kmem_cache_alloc_noprof+0x373/0x650 [ 136.629777][ T5905] skb_clone+0x212/0x3a0 [ 136.631533][ T5905] netlink_broadcast_filtered+0x578/0xea0 [ 136.633893][ T5905] netlink_broadcast+0x37/0x50 [ 136.635921][ T5905] kobject_uevent_net_broadcast+0x378/0x560 [ 136.638300][ T5905] kobject_uevent_env+0x566/0x9e0 [ 136.640637][ T5905] device_add+0x544/0xb80 [ 136.643052][ T5905] device_create+0x269/0x300 [ 136.645444][ T5905] mac80211_hwsim_new_radio+0x3f6/0x5680 [ 136.647769][ T5905] hwsim_new_radio_nl+0xd8b/0xf90 [ 136.649845][ T5905] page last free pid 5894 tgid 5894 stack trace: [ 136.652417][ T5905] __free_frozen_pages+0xc1f/0xd10 [ 136.654659][ T5905] tlb_finish_mmu+0x13e/0x220 [ 136.656815][ T5905] exit_mmap+0x4b2/0x9f0 [ 136.658679][ T5905] __mmput+0x118/0x420 [ 136.660570][ T5905] exit_mm+0x221/0x2d0 [ 136.662564][ T5905] do_exit+0x6cd/0x2360 [ 136.664451][ T5905] do_group_exit+0x22d/0x2f0 [ 136.666525][ T5905] __x64_sys_exit_group+0x3f/0x40 [ 136.668541][ T5905] x64_sys_call+0x221a/0x2240 [ 136.670602][ T5905] do_syscall_64+0x174/0x580 [ 136.672666][ T5905] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.675609][ T5905] [ 136.677113][ T5905] Memory state around the buggy address: [ 136.679500][ T5905] ffff88805184bf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 136.682784][ T5905] ffff88805184bf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 136.686444][ T5905] >ffff88805184c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 136.690199][ T5905] ^ [ 136.692183][ T5905] ffff88805184c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc [ 136.695615][ T5905] ffff88805184c100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 136.699033][ T5905] ================================================================== [ 136.716282][ T5905] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 136.719442][ T5905] CPU: 0 UID: 0 PID: 5905 Comm: syz.0.20 Not tainted syzkaller #0 PREEMPT(full) [ 136.724174][ T5905] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 136.728819][ T5905] Call Trace: [ 136.730252][ T5905] [ 136.731532][ T5905] vpanic+0x56c/0xa60 [ 136.733325][ T5905] ? __pfx_vpanic+0x10/0x10 [ 136.735368][ T5905] ? __pfx___schedule+0x10/0x10 [ 136.737664][ T5905] panic+0xc5/0xd0 [ 136.739542][ T5905] ? __pfx_panic+0x10/0x10 [ 136.741703][ T5905] ? preempt_schedule_thunk+0x16/0x40 [ 136.744123][ T5905] ? __ext4_check_dir_entry+0x71c/0x8a0 [ 136.746573][ T5905] check_panic_on_warn+0x89/0xb0 [ 136.748815][ T5905] ? __ext4_check_dir_entry+0x71c/0x8a0 [ 136.751453][ T5905] end_report+0x73/0x170 [ 136.753546][ T5905] ? __ext4_check_dir_entry+0x71c/0x8a0 [ 136.756139][ T5905] kasan_report+0x128/0x150 [ 136.758282][ T5905] ? __ext4_check_dir_entry+0x71c/0x8a0 [ 136.760589][ T5905] __ext4_check_dir_entry+0x71c/0x8a0 [ 136.762798][ T5905] ext4_readdir+0x14eb/0x41b0 [ 136.764977][ T5905] ? __pfx_ext4_readdir+0x10/0x10 [ 136.767564][ T5905] ? iterate_dir+0x209/0x4d0 [ 136.770359][ T5905] ? rcu_is_watching+0x15/0xb0 [ 136.772866][ T5905] ? iterate_dir+0x209/0x4d0 [ 136.774836][ T5905] ? down_read_killable+0x1bb/0x3b0 [ 136.777064][ T5905] iterate_dir+0x2e2/0x4d0 [ 136.779030][ T5905] __se_sys_getdents64+0xf1/0x280 [ 136.781202][ T5905] ? __pfx___se_sys_getdents64+0x10/0x10 [ 136.783637][ T5905] ? __pfx_filldir64+0x10/0x10 [ 136.785746][ T5905] ? rcu_is_watching+0x15/0xb0 [ 136.787717][ T5905] ? rcu_is_watching+0x15/0xb0 [ 136.789956][ T5905] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.793764][ T5905] do_syscall_64+0x174/0x580 [ 136.796719][ T5905] ? trace_irq_disable+0x3b/0x140 [ 136.798855][ T5905] ? clear_bhb_loop+0x40/0x90 [ 136.800892][ T5905] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.803352][ T5905] RIP: 0033:0x7f5c9b39af39 [ 136.805365][ T5905] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 136.813653][ T5905] RSP: 002b:00007f5c9c232028 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 136.817683][ T5905] RAX: ffffffffffffffda RBX: 00007f5c9b605fa0 RCX: 00007f5c9b39af39 [ 136.821266][ T5905] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 136.824707][ T5905] RBP: 00007f5c9b42fee0 R08: 0000000000000000 R09: 0000000000000000 [ 136.828637][ T5905] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 136.832930][ T5905] R13: 00007f5c9b606038 R14: 00007f5c9b605fa0 R15: 00007ffd35fec3f8 [ 136.836532][ T5905] [ 136.838263][ T5905] Kernel Offset: disabled [ 136.840179][ T5905] Rebooting in 86400 seconds..