Warning: Permanently added '[localhost]:56138' (ED25519) to the list of known hosts.
2026/02/11 06:59:03 parsed 1 programs
syzkaller login: [ 88.906181][ T5309] cgroup: Unknown subsys name 'net'
[ 88.972364][ T5309] cgroup: Unknown subsys name 'cpuset'
[ 88.977663][ T5309] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 90.886772][ T5309] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 91.551084][ T5309] ODEBUG: Out of memory. ODEBUG disabled
[ 91.907405][ T10] cfg80211: failed to load regulatory.db
[ 95.716503][ T5329] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 96.602869][ T5339] chnl_net:caif_netlink_parms(): no params data found
[ 96.742009][ T5339] bridge0: port 1(bridge_slave_0) entered blocking state
[ 96.750522][ T5339] bridge0: port 1(bridge_slave_0) entered disabled state
[ 96.754789][ T5339] bridge_slave_0: entered allmulticast mode
[ 96.762306][ T5339] bridge_slave_0: entered promiscuous mode
[ 96.769002][ T5339] bridge0: port 2(bridge_slave_1) entered blocking state
[ 96.772300][ T5339] bridge0: port 2(bridge_slave_1) entered disabled state
[ 96.775647][ T5339] bridge_slave_1: entered allmulticast mode
[ 96.780254][ T5339] bridge_slave_1: entered promiscuous mode
[ 96.809236][ T5339] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 96.815415][ T5339] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 96.839926][ T5339] team0: Port device team_slave_0 added
[ 96.844376][ T5339] team0: Port device team_slave_1 added
[ 96.894206][ T5339] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 96.897370][ T5339] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 96.921592][ T5339] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 96.948489][ T5339] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 96.951399][ T5339] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 96.967735][ T5339] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 97.004696][ T5339] hsr_slave_0: entered promiscuous mode
[ 97.007836][ T5339] hsr_slave_1: entered promiscuous mode
[ 97.230041][ T5339] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 97.250067][ T5339] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 97.275637][ T5339] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 97.291994][ T5339] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 97.352226][ T5339] bridge0: port 2(bridge_slave_1) entered blocking state
[ 97.355590][ T5339] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 97.359110][ T5339] bridge0: port 1(bridge_slave_0) entered blocking state
[ 97.362274][ T5339] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 97.470549][ T5339] 8021q: adding VLAN 0 to HW filter on device bond0
[ 97.493071][ T12] bridge0: port 1(bridge_slave_0) entered disabled state
[ 97.497211][ T12] bridge0: port 2(bridge_slave_1) entered disabled state
[ 97.516362][ T5339] 8021q: adding VLAN 0 to HW filter on device team0
[ 97.533949][ T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 97.536804][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 97.550090][ T12] bridge0: port 2(bridge_slave_1) entered blocking state
[ 97.553159][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 97.820158][ T5339] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 97.872035][ T5339] veth0_vlan: entered promiscuous mode
[ 97.893120][ T5339] veth1_vlan: entered promiscuous mode
[ 97.939186][ T5339] veth0_macvtap: entered promiscuous mode
[ 97.952081][ T5339] veth1_macvtap: entered promiscuous mode
[ 97.976609][ T5339] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 97.999590][ T5339] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 98.018683][ T1038] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 98.022764][ T1038] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 98.026733][ T1038] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 98.050044][ T1038] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 98.203610][ T1039] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 98.250554][ T1039] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 98.282087][ T1039] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 98.326854][ T1039] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 98.433509][ T5365] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 98.437443][ T5365] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 98.441431][ T5365] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 98.445295][ T5365] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 98.449534][ T5365] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 99.899189][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 99.902748][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 99.956409][ T1151] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 99.960355][ T1151] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 100.513995][ T1039] bridge_slave_1: left allmulticast mode
[ 100.516933][ T1039] bridge_slave_1: left promiscuous mode
[ 100.529497][ T1039] bridge0: port 2(bridge_slave_1) entered disabled state
[ 100.535488][ T1039] bridge_slave_0: left allmulticast mode
[ 100.537962][ T1039] bridge_slave_0: left promiscuous mode
[ 100.558703][ T1039] bridge0: port 1(bridge_slave_0) entered disabled state
[ 101.091572][ T1039] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 101.110066][ T1039] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 101.115703][ T1039] bond0 (unregistering): Released all slaves
[ 101.268590][ T1039] hsr_slave_0: left promiscuous mode
[ 101.279724][ T1039] hsr_slave_1: left promiscuous mode
[ 101.282826][ T1039] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 101.286340][ T1039] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 101.310295][ T1039] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 101.313564][ T1039] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 101.393797][ T1039] veth1_macvtap: left promiscuous mode
[ 101.401956][ T1039] veth0_macvtap: left promiscuous mode
[ 101.404291][ T1039] veth1_vlan: left promiscuous mode
[ 101.406594][ T1039] veth0_vlan: left promiscuous mode
[ 101.843430][ T1039] team0 (unregistering): Port device team_slave_1 removed
[ 101.871730][ T1039] team0 (unregistering): Port device team_slave_0 removed
2026/02/11 06:59:23 executed programs: 0
[ 106.675172][ T4667] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 106.680837][ T4667] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 106.684235][ T4667] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 106.695029][ T4667] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 106.699096][ T4667] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 106.871410][ T5456] chnl_net:caif_netlink_parms(): no params data found
[ 106.931577][ T5456] bridge0: port 1(bridge_slave_0) entered blocking state
[ 106.934831][ T5456] bridge0: port 1(bridge_slave_0) entered disabled state
[ 106.940897][ T5456] bridge_slave_0: entered allmulticast mode
[ 106.944360][ T5456] bridge_slave_0: entered promiscuous mode
[ 106.949220][ T5456] bridge0: port 2(bridge_slave_1) entered blocking state
[ 106.952036][ T5456] bridge0: port 2(bridge_slave_1) entered disabled state
[ 106.955381][ T5456] bridge_slave_1: entered allmulticast mode
[ 106.959585][ T5456] bridge_slave_1: entered promiscuous mode
[ 106.984502][ T5456] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 106.990406][ T5456] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 107.011425][ T5456] team0: Port device team_slave_0 added
[ 107.015864][ T5456] team0: Port device team_slave_1 added
[ 107.036971][ T5456] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 107.040308][ T5456] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 107.051644][ T5456] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 107.059730][ T5456] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 107.062769][ T5456] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 107.074504][ T5456] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 107.106775][ T5456] hsr_slave_0: entered promiscuous mode
[ 107.110123][ T5456] hsr_slave_1: entered promiscuous mode
[ 107.486161][ T5456] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 107.498970][ T5456] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 107.542750][ T5456] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 107.570196][ T5456] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 107.713621][ T5456] 8021q: adding VLAN 0 to HW filter on device bond0
[ 107.741847][ T5456] 8021q: adding VLAN 0 to HW filter on device team0
[ 107.760274][ T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 107.763544][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 107.785868][ T1038] bridge0: port 2(bridge_slave_1) entered blocking state
[ 107.789302][ T1038] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 107.860909][ T5456] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 108.110663][ T5456] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 108.175235][ T5456] veth0_vlan: entered promiscuous mode
[ 108.193143][ T5456] veth1_vlan: entered promiscuous mode
[ 108.240765][ T5456] veth0_macvtap: entered promiscuous mode
[ 108.262260][ T5456] veth1_macvtap: entered promiscuous mode
[ 108.285549][ T5456] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 108.306401][ T5456] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 108.327186][ T1038] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 108.333068][ T1038] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 108.350772][ T1038] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 108.354676][ T1038] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 108.443973][ T30] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 108.447155][ T30] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 108.494597][ T30] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 108.499743][ T30] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 108.780268][ T5365] Bluetooth: hci0: command tx timeout
[ 109.343249][ T5498] loop0: detected capacity change from 0 to 65536
[ 109.413022][ T5498] XFS (loop0): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[ 109.492511][ T5498] XFS (loop0): Ending clean mount
[ 109.516409][ T5498] XFS (loop0): Quotacheck needed: Please wait.
[ 109.553161][ T30] XFS (loop0): Metadata corruption detected at xfs_dinode_verify+0x1a9/0x1590, inode 0x25 dinode
[ 109.568329][ T30] XFS (loop0): Unmount and run xfs_repair
[ 109.571153][ T30] XFS (loop0): First 128 bytes of corrupted metadata buffer:
[ 109.574306][ T30] 00000000: 49 4e a1 ff 03 01 00 00 00 00 00 00 00 00 00 00 IN..............
[ 109.592959][ T30] 00000010: 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 109.597035][ T30] 00000020: 34 f7 58 68 7a bb 44 4d 34 f7 58 68 7a bb 44 4d 4.Xhz.DM4.Xhz.DM
[ 109.611763][ T30] 00000030: 34 f7 58 68 7a bb 44 4d 00 00 00 00 00 00 00 27 4.Xhz.DM.......'
[ 109.614726][ T30] 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 109.629316][ T30] 00000050: 00 00 00 02 00 00 00 00 00 00 00 00 0c 44 49 b4 .............DI.
[ 109.638266][ T30] 00000060: ff ff ff ff f1 fd ce d1 00 00 00 00 00 00 00 02 ................
[ 109.642052][ T30] 00000070: 00 00 00 01 00 00 00 10 00 00 00 00 00 00 00 08 ................
[ 109.654851][ T30] loop0: lost file I/O error report for ino 0 type 5 pos 0x0 len 0x0 error -117
[ 109.675576][ T5498] XFS (loop0): Quotacheck: Unsuccessful (Error -117): Disabling quotas.
[ 109.688690][ T5498] loop0: lost filesystem error report for type 5 error -117
[ 109.706363][ T5498] XFS (loop0): Metadata CRC error detected at xfs_agf_read_verify+0x142/0x210, xfs_agf block 0x8001
[ 109.715475][ T5498] XFS (loop0): Unmount and run xfs_repair
[ 109.718217][ T5498] XFS (loop0): First 128 bytes of corrupted metadata buffer:
[ 109.721503][ T5498] 00000000: 58 41 47 46 00 00 00 01 00 00 00 01 00 00 40 00 XAGF..........@.
[ 109.725508][ T5498] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01 ................
[ 109.729541][ T5498] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04 ................
[ 109.733809][ T5498] 00000030: 00 00 00 04 00 00 3b 5f 00 00 3b 5c 00 00 00 00 ......;_..;\....
[ 109.737616][ T5498] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3 .sH./.A..&.:g...
[ 109.741491][ T5498] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 109.745173][ T5498] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 109.748938][ T5498] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 109.752761][ T5498] XFS (loop0): metadata I/O error in "xfs_read_agf+0x287/0x5a0" at daddr 0x8001 len 1 error 74
[ 109.773263][ T5498] XFS (loop0): Metadata corruption detected at xfs_dinode_verify+0x1a9/0x1590, inode 0x25 dinode
[ 109.779186][ T5498] XFS (loop0): Unmount and run xfs_repair
[ 109.781762][ T5498] XFS (loop0): First 128 bytes of corrupted metadata buffer:
[ 109.785004][ T5498] 00000000: 49 4e a1 ff 03 01 00 00 00 00 00 00 00 00 00 00 IN..............
[ 109.788817][ T5498] 00000010: 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 109.792594][ T5498] 00000020: 34 f7 58 68 7a bb 44 4d 34 f7 58 68 7a bb 44 4d 4.Xhz.DM4.Xhz.DM
[ 109.796594][ T5498] 00000030: 34 f7 58 68 7a bb 44 4d 00 00 00 00 00 00 00 27 4.Xhz.DM.......'
[ 109.800409][ T5498] 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 109.804462][ T5498] 00000050: 00 00 00 02 00 00 00 00 00 00 00 00 0c 44 49 b4 .............DI.
[ 109.808467][ T5498] 00000060: ff ff ff ff f1 fd ce d1 00 00 00 00 00 00 00 02 ................
[ 109.811908][ T5498] 00000070: 00 00 00 01 00 00 00 10 00 00 00 00 00 00 00 08 ................
[ 109.818008][ T5498] overlayfs: failed lookup in lower (/, name='bus', err=-40): overlapping layers
[ 109.828946][ T54] ==================================================================
[ 109.832315][ T54] BUG: KASAN: slab-use-after-free in iput+0x3a7/0xe80
[ 109.835163][ T54] Read of size 4 at addr ffff88800ba8efb8 by task kworker/0:2/54
[ 109.839133][ T54]
[ 109.840251][ T54] CPU: 0 UID: 0 PID: 54 Comm: kworker/0:2 Not tainted syzkaller #0 PREEMPT(full)
[ 109.841379][ T54] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 109.841386][ T54] Workqueue: events fserror_worker
[ 109.841407][ T54] Call Trace:
[ 109.841449][ T54]
[ 109.842239][ T54] dump_stack_lvl+0xe8/0x150
[ 109.842256][ T54] print_report+0xba/0x230
[ 109.842267][ T54] ? iput+0x3a7/0xe80
[ 109.842280][ T54] kasan_report+0x117/0x150
[ 109.842293][ T54] ? iput+0x3a7/0xe80
[ 109.842307][ T54] iput+0x3a7/0xe80
[ 109.842321][ T54] ? pwq_dec_nr_in_flight+0xbc1/0xf60
[ 109.842338][ T54] fserror_worker+0x230/0x350
[ 109.842353][ T54] ? process_scheduled_works+0xa0f/0x17a0
[ 109.842363][ T54] ? __pfx_fserror_worker+0x10/0x10
[ 109.842377][ T54] ? process_scheduled_works+0xa0f/0x17a0
[ 109.842383][ T54] ? process_scheduled_works+0xa0f/0x17a0
[ 109.842392][ T54] process_scheduled_works+0xaec/0x17a0
[ 109.842407][ T54] ? __pfx_process_scheduled_works+0x10/0x10
[ 109.842415][ T54] ? do_raw_spin_lock+0x12b/0x2f0
[ 109.842433][ T54] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 109.842447][ T54] worker_thread+0xda6/0x1360
[ 109.842463][ T54] kthread+0x388/0x470
[ 109.842476][ T54] ? __pfx_worker_thread+0x10/0x10
[ 109.842485][ T54] ? __pfx_kthread+0x10/0x10
[ 109.842498][ T54] ret_from_fork+0x51e/0xb90
[ 109.842510][ T54] ? __pfx_ret_from_fork+0x10/0x10
[ 109.842520][ T54] ? __switch_to+0xc82/0x1410
[ 109.842535][ T54] ? __pfx_kthread+0x10/0x10
[ 109.842546][ T54] ret_from_fork_asm+0x1a/0x30
[ 109.842561][ T54]
[ 109.843494][ T54]
[ 109.911831][ T54] Allocated by task 5498:
[ 109.913763][ T54] kasan_save_track+0x3e/0x80
[ 109.915902][ T54] __kasan_slab_alloc+0x6c/0x80
[ 109.917773][ T54] kmem_cache_alloc_lru_noprof+0x35f/0x6c0
[ 109.919863][ T54] xfs_inode_alloc+0x7e/0x710
[ 109.921601][ T54] xfs_iget+0xa85/0x2ce0
[ 109.923304][ T54] xfs_lookup+0x321/0x630
[ 109.925264][ T54] xfs_vn_lookup+0x130/0x200
[ 109.927199][ T54] __lookup_slow+0x2b7/0x410
[ 109.929180][ T54] lookup_slow+0x53/0x70
[ 109.931081][ T54] ovl_lookup_single+0x32f/0xea0
[ 109.933257][ T54] ovl_lookup_layer+0x377/0x450
[ 109.935383][ T54] ovl_lookup+0x5f2/0x1c80
[ 109.937351][ T54] lookup_one_qstr_excl+0x131/0x360
[ 109.939630][ T54] __start_renaming+0x1db/0x410
[ 109.941606][ T54] filename_renameat2+0x38c/0x9c0
[ 109.943606][ T54] __se_sys_renameat2+0x5a/0x2c0
[ 109.945780][ T54] do_syscall_64+0x14d/0xf80
[ 109.947745][ T54] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 109.950104][ T54]
[ 109.951074][ T54] Freed by task 5498:
[ 109.952711][ T54] kasan_save_track+0x3e/0x80
[ 109.954675][ T54] kasan_save_free_info+0x46/0x50
[ 109.956742][ T54] __kasan_slab_free+0x5c/0x80
[ 109.958743][ T54] kmem_cache_free+0x195/0x610
[ 109.960781][ T54] rcu_core+0x7cd/0x1070
[ 109.962637][ T54] handle_softirqs+0x22a/0x7c0
[ 109.964645][ T54] __irq_exit_rcu+0x5f/0x150
[ 109.966662][ T54] irq_exit_rcu+0x9/0x30
[ 109.968523][ T54] sysvec_apic_timer_interrupt+0xa6/0xc0
[ 109.970909][ T54] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 109.973558][ T54]
[ 109.974561][ T54] Last potentially related work creation:
[ 109.977078][ T54] kasan_save_stack+0x3e/0x60
[ 109.979006][ T54] kasan_record_aux_stack+0xbd/0xd0
[ 109.981137][ T54] call_rcu+0xee/0x890
[ 109.982811][ T54] xfs_iget+0xb01/0x2ce0
[ 109.984685][ T54] xfs_lookup+0x321/0x630
[ 109.986533][ T54] xfs_vn_lookup+0x130/0x200
[ 109.988358][ T54] __lookup_slow+0x2b7/0x410
[ 109.990269][ T54] lookup_slow+0x53/0x70
[ 109.992063][ T54] ovl_lookup_single+0x32f/0xea0
[ 109.994271][ T54] ovl_lookup_layer+0x377/0x450
[ 109.996530][ T54] ovl_lookup+0x5f2/0x1c80
[ 109.998404][ T54] lookup_one_qstr_excl+0x131/0x360
[ 110.000532][ T54] __start_renaming+0x1db/0x410
[ 110.002484][ T54] filename_renameat2+0x38c/0x9c0
[ 110.004498][ T54] __se_sys_renameat2+0x5a/0x2c0
[ 110.006734][ T54] do_syscall_64+0x14d/0xf80
[ 110.008801][ T54] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 110.011274][ T54]
[ 110.012365][ T54] The buggy address belongs to the object at ffff88800ba8ed00
[ 110.012365][ T54] which belongs to the cache xfs_inode of size 1784
[ 110.017730][ T54] The buggy address is located 696 bytes inside of
[ 110.017730][ T54] freed 1784-byte region [ffff88800ba8ed00, ffff88800ba8f3f8)
[ 110.023445][ T54]
[ 110.024434][ T54] The buggy address belongs to the physical page:
[ 110.026878][ T54] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xba8c
[ 110.030566][ T54] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 110.034089][ T54] memcg:ffff8880125ab781
[ 110.035925][ T54] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 110.039149][ T54] page_type: f5(slab)
[ 110.040829][ T54] raw: 00fff00000000040 ffff88803139da00 dead000000000122 0000000000000000
[ 110.044526][ T54] raw: 0000000000000000 0000000080080008 00000000f5000000 ffff8880125ab781
[ 110.048166][ T54] head: 00fff00000000040 ffff88803139da00 dead000000000122 0000000000000000
[ 110.051387][ T54] head: 0000000000000000 0000000080080008 00000000f5000000 ffff8880125ab781
[ 110.055058][ T54] head: 00fff00000000002 ffffea00002ea301 00000000ffffffff 00000000ffffffff
[ 110.058678][ T54] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[ 110.062204][ T54] page dumped because: kasan: bad access detected
[ 110.065068][ T54] page_owner tracks the page as allocated
[ 110.067549][ T54] page last allocated via order 2, migratetype Reclaimable, gfp_mask 0xd2050(__GFP_RECLAIMABLE|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5498, tgid 5497 (syz.0.17), ts 109700745240, free_ts 106973924123
[ 110.077289][ T54] post_alloc_hook+0x228/0x280
[ 110.079589][ T54] get_page_from_freelist+0x24dc/0x2580
[ 110.081847][ T54] __alloc_frozen_pages_noprof+0x18d/0x380
[ 110.084321][ T54] alloc_pages_mpol+0x232/0x4a0
[ 110.086574][ T54] allocate_slab+0x86/0x3a0
[ 110.088577][ T54] ___slab_alloc+0xd90/0x1790
[ 110.090648][ T54] __slab_alloc+0x65/0x100
[ 110.092705][ T54] kmem_cache_alloc_lru_noprof+0x3ed/0x6c0
[ 110.095229][ T54] xfs_inode_alloc+0x7e/0x710
[ 110.097111][ T54] xfs_iget+0xa85/0x2ce0
[ 110.098936][ T54] xfs_icreate+0xbe/0x170
[ 110.100853][ T54] xfs_create+0x648/0xae0
[ 110.103098][ T54] xfs_generic_create+0x410/0xb30
[ 110.105844][ T54] xfs_vn_mkdir+0x37/0x50
[ 110.108166][ T54] vfs_mkdir+0x413/0x630
[ 110.110179][ T54] filename_mkdirat+0x285/0x510
[ 110.112296][ T54] page last free pid 5456 tgid 5456 stack trace:
[ 110.114896][ T54] __free_frozen_pages+0xbf8/0xd70
[ 110.117008][ T54] __put_partials+0x146/0x170
[ 110.118919][ T54] __slab_free+0x294/0x320
[ 110.120773][ T54] qlist_free_all+0x97/0x100
[ 110.122607][ T54] kasan_quarantine_reduce+0x148/0x160
[ 110.124877][ T54] __kasan_slab_alloc+0x22/0x80
[ 110.126868][ T54] kmem_cache_alloc_node_noprof+0x427/0x6f0
[ 110.129313][ T54] __alloc_skb+0x1d7/0x390
[ 110.131287][ T54] netlink_ack+0x146/0xa50
[ 110.133261][ T54] netlink_rcv_skb+0x2b6/0x4b0
[ 110.135385][ T54] netlink_unicast+0x80f/0x9b0
[ 110.137675][ T54] netlink_sendmsg+0x813/0xb40
[ 110.139695][ T54] __sys_sendto+0x709/0x7a0
[ 110.141531][ T54] __x64_sys_sendto+0xde/0x100
[ 110.143368][ T54] do_syscall_64+0x14d/0xf80
[ 110.145467][ T54] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 110.147967][ T54]
[ 110.148947][ T54] Memory state around the buggy address:
[ 110.151442][ T54] ffff88800ba8ee80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 110.155054][ T54] ffff88800ba8ef00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 110.158515][ T54] >ffff88800ba8ef80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 110.161892][ T54] ^
[ 110.164544][ T54] ffff88800ba8f000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 110.168132][ T54] ffff88800ba8f080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 110.171488][ T54] ==================================================================
[ 110.271425][ T5456] XFS (loop0): Metadata corruption detected at xfs_dinode_verify+0x1a9/0x1590, inode 0x25 dinode
[ 110.275981][ T5456] XFS (loop0): Unmount and run xfs_repair
[ 110.294015][ T5456] XFS (loop0): First 128 bytes of corrupted metadata buffer:
[ 110.297419][ T5456] 00000000: 49 4e a1 ff 03 01 00 00 00 00 00 00 00 00 00 00 IN..............
[ 110.311944][ T5456] 00000010: 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 110.315584][ T5456] 00000020: 34 f7 58 68 7a bb 44 4d 34 f7 58 68 7a bb 44 4d 4.Xhz.DM4.Xhz.DM
[ 110.320238][ T5456] 00000030: 34 f7 58 68 7a bb 44 4d 00 00 00 00 00 00 00 27 4.Xhz.DM.......'
[ 110.324177][ T5456] 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 110.337378][ T5456] 00000050: 00 00 00 02 00 00 00 00 00 00 00 00 0c 44 49 b4 .............DI.
[ 110.358720][ T5456] 00000060: ff ff ff ff f1 fd ce d1 00 00 00 00 00 00 00 02 ................
[ 110.362858][ T5456] 00000070: 00 00 00 01 00 00 00 10 00 00 00 00 00 00 00 08 ................
[ 110.384440][ T5456] XFS (loop0): Metadata corruption detected at xfs_dinode_verify+0x1a9/0x1590, inode 0x25 dinode
[ 110.389439][ T5456] XFS (loop0): Unmount and run xfs_repair
[ 110.392010][ T5456] XFS (loop0): First 128 bytes of corrupted metadata buffer:
[ 110.395172][ T5456] 00000000: 49 4e a1 ff 03 01 00 00 00 00 00 00 00 00 00 00 IN..............
[ 110.404078][ T5456] 00000010: 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 110.407675][ T5456] 00000020: 34 f7 58 68 7a bb 44 4d 34 f7 58 68 7a bb 44 4d 4.Xhz.DM4.Xhz.DM
[ 110.416030][ T5456] 00000030: 34 f7 58 68 7a bb 44 4d 00 00 00 00 00 00 00 27 4.Xhz.DM.......'
[ 110.420428][ T5456] 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 110.424074][ T5456] 00000050: 00 00 00 02 00 00 00 00 00 00 00 00 0c 44 49 b4 .............DI.
[ 110.427955][ T5456] 00000060: ff ff ff ff f1 fd ce d1 00 00 00 00 00 00 00 02 ................
[ 110.433465][ T5456] 00000070: 00 00 00 01 00 00 00 10 00 00 00 00 00 00 00 08 ................
[ 110.444245][ T54] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 110.447433][ T54] CPU: 0 UID: 0 PID: 54 Comm: kworker/0:2 Not tainted syzkaller #0 PREEMPT(full)
[ 110.451520][ T54] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 110.455940][ T54] Workqueue: events fserror_worker
[ 110.458138][ T54] Call Trace:
[ 110.459631][ T54]
[ 110.460926][ T54] vpanic+0x1e0/0x670
[ 110.462683][ T54] panic+0xc5/0xd0
[ 110.464352][ T54] ? __pfx_panic+0x10/0x10
[ 110.466410][ T54] ? preempt_schedule_thunk+0x16/0x30
[ 110.468543][ T54] ? iput+0x3a7/0xe80
[ 110.470314][ T54] check_panic_on_warn+0x89/0xb0
[ 110.472564][ T54] ? iput+0x3a7/0xe80
[ 110.474311][ T54] end_report+0x6f/0x140
[ 110.476259][ T54] kasan_report+0x128/0x150
[ 110.478350][ T54] ? iput+0x3a7/0xe80
[ 110.480159][ T54] iput+0x3a7/0xe80
[ 110.481877][ T54] ? pwq_dec_nr_in_flight+0xbc1/0xf60
[ 110.484261][ T54] fserror_worker+0x230/0x350
[ 110.486412][ T54] ? process_scheduled_works+0xa0f/0x17a0
[ 110.488995][ T54] ? __pfx_fserror_worker+0x10/0x10
[ 110.491229][ T54] ? process_scheduled_works+0xa0f/0x17a0
[ 110.493792][ T54] ? process_scheduled_works+0xa0f/0x17a0
[ 110.496347][ T54] process_scheduled_works+0xaec/0x17a0
[ 110.498706][ T54] ? __pfx_process_scheduled_works+0x10/0x10
[ 110.501144][ T54] ? do_raw_spin_lock+0x12b/0x2f0
[ 110.503248][ T54] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 110.505673][ T54] worker_thread+0xda6/0x1360
[ 110.507691][ T54] kthread+0x388/0x470
[ 110.509602][ T54] ? __pfx_worker_thread+0x10/0x10
[ 110.511830][ T54] ? __pfx_kthread+0x10/0x10
[ 110.513823][ T54] ret_from_fork+0x51e/0xb90
[ 110.515981][ T54] ? __pfx_ret_from_fork+0x10/0x10
[ 110.518836][ T54] ? __switch_to+0xc82/0x1410
[ 110.521018][ T54] ? __pfx_kthread+0x10/0x10
[ 110.523022][ T54] ret_from_fork_asm+0x1a/0x30
[ 110.525083][ T54]
[ 110.526815][ T54] Kernel Offset: disabled
[ 110.528638][ T54] Rebooting in 86400 seconds..
VM DIAGNOSIS:
06:59:26 Registers:
info registers vcpu 0
CPU#0
RAX=0000000000000061 RBX=0000000000000061 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc9000100f390
R8 =ffff888034190237 R9 =1ffff11006832046 R10=dffffc0000000000 R11=ffffffff8537c290
R12=dffffc0000000000 R13=ffffffff9a2579ca R14=ffffffff9a56ef80 R15=0000000000000000
RIP=ffffffff8537c30c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88808cabf000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007f14479efeb8 CR3=0000000011a5d000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008 00000000000000e8
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000b68 000000000002c498
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000001da0 0000000000033260
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000