Warning: Permanently added '10.128.10.18' (ED25519) to the list of known hosts.
2025/12/26 18:35:06 parsed 1 programs
syzkaller login: [ 54.622252][ T4186] cgroup: Unknown subsys name 'net'
[ 54.784824][ T4186] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 56.096182][ T4186] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS
[ 57.563200][ T4199] chnl_net:caif_netlink_parms(): no params data found
[ 57.608424][ T4199] bridge0: port 1(bridge_slave_0) entered blocking state
[ 57.615994][ T4199] bridge0: port 1(bridge_slave_0) entered disabled state
[ 57.623882][ T4199] device bridge_slave_0 entered promiscuous mode
[ 57.634579][ T4199] bridge0: port 2(bridge_slave_1) entered blocking state
[ 57.641998][ T4199] bridge0: port 2(bridge_slave_1) entered disabled state
[ 57.649793][ T4199] device bridge_slave_1 entered promiscuous mode
[ 57.670345][ T4199] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 57.681246][ T4199] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 57.706081][ T4199] team0: Port device team_slave_0 added
[ 57.713291][ T4199] team0: Port device team_slave_1 added
[ 57.730934][ T4199] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 57.737868][ T4199] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 57.763989][ T4199] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 57.778156][ T4199] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 57.785328][ T4199] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 57.811335][ T4199] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 57.842967][ T4199] device hsr_slave_0 entered promiscuous mode
[ 57.850201][ T4199] device hsr_slave_1 entered promiscuous mode
[ 57.932932][ T4199] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 57.942997][ T4199] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 57.954760][ T4199] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 57.963749][ T4199] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 57.985285][ T4199] bridge0: port 2(bridge_slave_1) entered blocking state
[ 57.992422][ T4199] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 58.000112][ T4199] bridge0: port 1(bridge_slave_0) entered blocking state
[ 58.007267][ T4199] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 58.046627][ T4199] 8021q: adding VLAN 0 to HW filter on device bond0
[ 58.060808][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 58.071828][ T1236] bridge0: port 1(bridge_slave_0) entered disabled state
[ 58.081569][ T1236] bridge0: port 2(bridge_slave_1) entered disabled state
[ 58.090285][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 58.105092][ T4199] 8021q: adding VLAN 0 to HW filter on device team0
[ 58.115257][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 58.123774][ T1236] bridge0: port 1(bridge_slave_0) entered blocking state
[ 58.130906][ T1236] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 58.145599][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 58.154606][ T154] bridge0: port 2(bridge_slave_1) entered blocking state
[ 58.161683][ T154] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 58.182490][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 58.191411][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 58.200179][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 58.208367][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 58.221143][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 58.233025][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 58.343279][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 58.353177][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 58.365804][ T4199] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 58.386258][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 58.407784][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 58.418641][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 58.427176][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 58.438284][ T4199] device veth0_vlan entered promiscuous mode
[ 58.451512][ T4199] device veth1_vlan entered promiscuous mode
[ 58.474582][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 58.483150][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 58.493284][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 58.504135][ T4199] device veth0_macvtap entered promiscuous mode
[ 58.515735][ T4199] device veth1_macvtap entered promiscuous mode
[ 58.523594][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 58.543509][ T4199] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 58.553435][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 58.563187][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 58.575381][ T4199] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 58.583431][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 58.592589][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 58.603456][ T4199] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 58.614103][ T4199] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 58.623241][ T4199] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 58.641875][ T4199] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 58.774653][ T4199] syz-executor (4199) used greatest stack depth: 21024 bytes left
[ 59.495995][ T144] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 61.724791][ T144] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 63.995131][ T144] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 64.045592][ T144] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 64.366025][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 64.380945][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 64.396224][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 64.412740][ T4270] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 64.422214][ T4270] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 64.459267][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 65.075359][ T144] device hsr_slave_0 left promiscuous mode
[ 65.090309][ T144] device hsr_slave_1 left promiscuous mode
[ 65.097207][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 65.115918][ T144] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 65.124342][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 65.136569][ T144] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 65.144641][ T144] device bridge_slave_1 left promiscuous mode
[ 65.151768][ T144] bridge0: port 2(bridge_slave_1) entered disabled state
[ 65.167097][ T144] device bridge_slave_0 left promiscuous mode
[ 65.174507][ T144] bridge0: port 1(bridge_slave_0) entered disabled state
[ 65.195328][ T144] device veth1_macvtap left promiscuous mode
[ 65.202084][ T144] device veth0_macvtap left promiscuous mode
[ 65.208788][ T144] device veth1_vlan left promiscuous mode
[ 65.216171][ T144] device veth0_vlan left promiscuous mode
[ 65.406987][ T144] team0 (unregistering): Port device team_slave_1 removed
[ 65.418330][ T144] team0 (unregistering): Port device team_slave_0 removed
[ 65.430870][ T144] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 65.445417][ T144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 65.495041][ T144] bond0 (unregistering): Released all slaves
2025/12/26 18:35:20 executed programs: 0
[ 66.733958][ T4362] chnl_net:caif_netlink_parms(): no params data found
[ 66.845816][ T4362] bridge0: port 1(bridge_slave_0) entered blocking state
[ 66.855956][ T4362] bridge0: port 1(bridge_slave_0) entered disabled state
[ 66.864274][ T4362] device bridge_slave_0 entered promiscuous mode
[ 66.873785][ T4362] bridge0: port 2(bridge_slave_1) entered blocking state
[ 66.881402][ T4362] bridge0: port 2(bridge_slave_1) entered disabled state
[ 66.889569][ T4362] device bridge_slave_1 entered promiscuous mode
[ 66.932519][ T4362] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 66.950515][ T4362] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 67.009269][ T4362] team0: Port device team_slave_0 added
[ 67.031382][ T4362] team0: Port device team_slave_1 added
[ 67.072404][ T4362] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 67.086352][ T4362] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 67.112524][ T4362] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 67.129724][ T4362] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 67.136676][ T4362] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 67.163609][ T4362] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 67.205172][ T4362] device hsr_slave_0 entered promiscuous mode
[ 67.213229][ T4362] device hsr_slave_1 entered promiscuous mode
[ 67.716939][ T4362] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 67.728389][ T4362] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 67.740646][ T4362] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 67.751828][ T4362] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 67.856507][ T4362] 8021q: adding VLAN 0 to HW filter on device bond0
[ 67.880837][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 67.888442][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 67.904656][ T4362] 8021q: adding VLAN 0 to HW filter on device team0
[ 67.914435][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 67.927583][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 67.945928][ T154] bridge0: port 1(bridge_slave_0) entered blocking state
[ 67.953057][ T154] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 67.962388][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 67.980273][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 67.990265][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 67.999496][ T155] bridge0: port 2(bridge_slave_1) entered blocking state
[ 68.006648][ T155] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 68.020360][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 68.034123][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 68.043278][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 68.057976][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 68.086704][ T4362] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 68.105553][ T4362] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 68.129891][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 68.138138][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 68.153376][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 68.176033][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 68.190468][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 68.198865][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 68.219796][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 68.237109][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 68.351325][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 68.358773][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 68.373121][ T4362] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 68.394048][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 68.404267][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 68.424641][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 68.433814][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 68.445140][ T4362] device veth0_vlan entered promiscuous mode
[ 68.452683][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 68.460916][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 68.472996][ T4362] device veth1_vlan entered promiscuous mode
[ 68.494681][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 68.504949][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 68.514631][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 68.524620][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 68.534936][ T4362] device veth0_macvtap entered promiscuous mode
[ 68.545736][ T4362] device veth1_macvtap entered promiscuous mode
[ 68.562762][ T4362] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 68.571167][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 68.580370][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 68.588567][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 68.597933][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 68.612529][ T4362] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 68.630399][ T7] Bluetooth: hci0: command 0x0409 tx timeout
[ 68.643782][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 68.652756][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 68.662604][ T4362] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 68.671536][ T4362] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 68.680381][ T4362] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 68.689089][ T4362] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 68.811283][ T4270] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 68.819245][ T4270] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 68.846710][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 68.895735][ T4270] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 68.906027][ T4270] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 68.916709][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 69.085209][ T4467] loop0: detected capacity change from 0 to 8192
[ 69.123549][ T4467] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal
[ 69.151117][ T4467] REISERFS (device loop0): using ordered data mode
[ 69.157745][ T4467] reiserfs: using flush barriers
[ 69.165656][ T4467] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[ 69.182653][ T4467] REISERFS (device loop0): checking transaction log (loop0)
[ 69.257370][ T4467] REISERFS (device loop0): Using tea hash to sort names
[ 69.271401][ T4467] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[ 69.298336][ T4467] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [2 5 0x0 SD] (nlink == 1) not found (pos 2)
[ 69.323935][ T4467] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [6 7 0x0 SD] (nlink == 2) not found (pos 1)
[ 69.359563][ T4467] ==================================================================
[ 69.367777][ T4467] BUG: KASAN: use-after-free in search_by_entry_key+0x597/0x1370
[ 69.375515][ T4467] Read of size 4 at addr ffff88805b0ccfc4 by task syz.0.17/4467
[ 69.383148][ T4467]
[ 69.385485][ T4467] CPU: 1 PID: 4467 Comm: syz.0.17 Not tainted syzkaller #0
[ 69.392683][ T4467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 69.402752][ T4467] Call Trace:
[ 69.406036][ T4467]
[ 69.408977][ T4467] dump_stack_lvl+0x168/0x230
[ 69.413667][ T4467] ? show_regs_print_info+0x20/0x20
[ 69.418882][ T4467] ? _printk+0xcc/0x110
[ 69.423068][ T4467] ? search_by_entry_key+0x597/0x1370
[ 69.428453][ T4467] ? load_image+0x3b0/0x3b0
[ 69.432954][ T4467] ? _raw_spin_lock_irqsave+0xb0/0xf0
[ 69.438335][ T4467] print_address_description+0x60/0x2d0
[ 69.443893][ T4467] ? search_by_entry_key+0x597/0x1370
[ 69.449270][ T4467] kasan_report+0xdf/0x130
[ 69.453700][ T4467] ? search_by_entry_key+0x597/0x1370
[ 69.459080][ T4467] search_by_entry_key+0x597/0x1370
[ 69.464281][ T4467] ? make_cpu_key+0x2b/0x220
[ 69.468889][ T4467] reiserfs_find_entry+0x2ff/0x18e0
[ 69.474102][ T4467] ? reiserfs_get_parent+0x270/0x270
[ 69.479402][ T4467] ? memset+0x1e/0x40
[ 69.483392][ T4467] reiserfs_add_entry+0x653/0xd40
[ 69.488431][ T4467] ? drop_new_inode+0x60/0x60
[ 69.493133][ T4467] ? memcpy+0x3c/0x60
[ 69.497127][ T4467] ? journal_begin+0x2b1/0x350
[ 69.501897][ T4467] ? reiserfs_update_inode_transaction+0x1c/0x120
[ 69.508322][ T4467] reiserfs_mkdir+0x68f/0x970
[ 69.513017][ T4467] ? reiserfs_symlink+0x770/0x770
[ 69.518070][ T4467] ? lookup_one_len+0x18e/0x2c0
[ 69.522922][ T4467] ? clear_nonspinnable+0x60/0x60
[ 69.527961][ T4467] open_xa_dir+0x5af/0x6b0
[ 69.532393][ T4467] ? listxattr_filler+0x410/0x410
[ 69.537428][ T4467] xattr_lookup+0x22/0x2a0
[ 69.541841][ T4467] ? reiserfs_xattr_set_handle+0xc5/0xf20
[ 69.547560][ T4467] reiserfs_xattr_set_handle+0xf4/0xf20
[ 69.553124][ T4467] ? __mutex_unlock_slowpath+0x19e/0x6a0
[ 69.558767][ T4467] ? chown_one_xattr+0x90/0x90
[ 69.563530][ T4467] ? mutex_unlock+0x10/0x10
[ 69.568045][ T4467] ? journal_begin+0x1f1/0x350
[ 69.572814][ T4467] ? reiserfs_write_unlock+0xa2/0x110
[ 69.578192][ T4467] reiserfs_xattr_set+0x435/0x550
[ 69.583223][ T4467] ? reiserfs_get_page+0x400/0x400
[ 69.588349][ T4467] ? trusted_set+0x7d/0xe0
[ 69.592766][ T4467] ? trusted_get+0xc0/0xc0
[ 69.597186][ T4467] __vfs_setxattr+0x3e0/0x420
[ 69.601883][ T4467] __vfs_setxattr_noperm+0x129/0x5e0
[ 69.607182][ T4467] vfs_setxattr+0x168/0x2f0
[ 69.611697][ T4467] ? xattr_permission+0x500/0x500
[ 69.616730][ T4467] ? strncpy_from_user+0x1fb/0x360
[ 69.621851][ T4467] setxattr+0x2da/0x300
[ 69.626019][ T4467] ? path_setxattr+0x280/0x280
[ 69.630806][ T4467] ? sb_start_write+0x112/0x1c0
[ 69.635658][ T4467] ? mnt_want_write_file+0x166/0x200
[ 69.640949][ T4467] __se_sys_fsetxattr+0x15e/0x1d0
[ 69.645982][ T4467] do_syscall_64+0x4c/0xa0
[ 69.650411][ T4467] ? clear_bhb_loop+0x30/0x80
[ 69.655114][ T4467] ? clear_bhb_loop+0x30/0x80
[ 69.659798][ T4467] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 69.665700][ T4467] RIP: 0033:0x7ffbf8080749
[ 69.670123][ T4467] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 69.689733][ T4467] RSP: 002b:00007ffd4e4a06f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000be
[ 69.698157][ T4467] RAX: ffffffffffffffda RBX: 00007ffbf82d6fa0 RCX: 00007ffbf8080749
[ 69.706132][ T4467] RDX: 0000000000000000 RSI: 0000200000001700 RDI: 0000000000000004
[ 69.714112][ T4467] RBP: 00007ffbf8104f91 R08: 0000000000000003 R09: 0000000000000000
[ 69.722085][ T4467] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 69.730054][ T4467] R13: 00007ffbf82d6fa0 R14: 00007ffbf82d6fa0 R15: 0000000000000005
[ 69.738035][ T4467]
[ 69.741057][ T4467]
[ 69.743396][ T4467] The buggy address belongs to the page:
[ 69.749027][ T4467] page:ffffea00016c3300 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x5b0cc
[ 69.759172][ T4467] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 69.766292][ T4467] raw: 00fff00000000000 ffffea00016c3348 ffffea00016c32c8 0000000000000000
[ 69.774883][ T4467] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[ 69.783473][ T4467] page dumped because: kasan: bad access detected
[ 69.789887][ T4467] page_owner tracks the page as freed
[ 69.795252][ T4467] page last allocated via order 0, migratetype Movable, gfp_mask 0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), pid 4477, ts 69314516811, free_ts 69317357319
[ 69.810788][ T4467] get_page_from_freelist+0x1b77/0x1c60
[ 69.816344][ T4467] __alloc_pages+0x1e1/0x470
[ 69.820943][ T4467] alloc_pages_vma+0x393/0x7c0
[ 69.825709][ T4467] handle_mm_fault+0x237f/0x43b0
[ 69.830648][ T4467] do_user_addr_fault+0x489/0xc80
[ 69.835672][ T4467] exc_page_fault+0x60/0x100
[ 69.840261][ T4467] asm_exc_page_fault+0x22/0x30
[ 69.845118][ T4467] page last free stack trace:
[ 69.849795][ T4467] free_unref_page_prepare+0x637/0x6c0
[ 69.855269][ T4467] free_unref_page_list+0x122/0x7e0
[ 69.860480][ T4467] release_pages+0x184b/0x1bb0
[ 69.865263][ T4467] tlb_finish_mmu+0x164/0x2e0
[ 69.869942][ T4467] exit_mmap+0x3a6/0x5f0
[ 69.874185][ T4467] __mmput+0x115/0x3b0
[ 69.878256][ T4467] exit_mm+0x567/0x6c0
[ 69.882324][ T4467] do_exit+0x5a1/0x20a0
[ 69.886480][ T4467] do_group_exit+0x12e/0x300
[ 69.891070][ T4467] __x64_sys_exit_group+0x3b/0x40
[ 69.896099][ T4467] do_syscall_64+0x4c/0xa0
[ 69.900513][ T4467] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 69.906405][ T4467]
[ 69.908729][ T4467] Memory state around the buggy address:
[ 69.914366][ T4467] ffff88805b0cce80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 69.922441][ T4467] ffff88805b0ccf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 69.930498][ T4467] >ffff88805b0ccf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 69.938556][ T4467] ^
[ 69.944711][ T4467] ffff88805b0cd000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 69.952768][ T4467] ffff88805b0cd080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 69.960852][ T4467] ==================================================================
[ 69.968910][ T4467] Disabling lock debugging due to kernel taint
[ 69.992675][ T4467] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 69.999905][ T4467] CPU: 0 PID: 4467 Comm: syz.0.17 Tainted: G B syzkaller #0
[ 70.008516][ T4467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 70.018578][ T4467] Call Trace:
[ 70.021866][ T4467]
[ 70.024806][ T4467] dump_stack_lvl+0x168/0x230
[ 70.029501][ T4467] ? show_regs_print_info+0x20/0x20
[ 70.034710][ T4467] ? load_image+0x3b0/0x3b0
[ 70.039228][ T4467] panic+0x2c9/0x7f0
[ 70.043136][ T4467] ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 70.049305][ T4467] ? bpf_jit_dump+0xd0/0xd0
[ 70.053853][ T4467] ? _raw_spin_unlock_irqrestore+0xf6/0x100
[ 70.059755][ T4467] ? _raw_spin_unlock+0x40/0x40
[ 70.064628][ T4467] ? search_by_entry_key+0x597/0x1370
[ 70.070046][ T4467] check_panic_on_warn+0x80/0xa0
[ 70.075003][ T4467] ? search_by_entry_key+0x597/0x1370
[ 70.080412][ T4467] end_report+0x6d/0xf0
[ 70.084587][ T4467] kasan_report+0x102/0x130
[ 70.089116][ T4467] ? search_by_entry_key+0x597/0x1370
[ 70.094533][ T4467] search_by_entry_key+0x597/0x1370
[ 70.099754][ T4467] ? make_cpu_key+0x2b/0x220
[ 70.104365][ T4467] reiserfs_find_entry+0x2ff/0x18e0
[ 70.109584][ T4467] ? reiserfs_get_parent+0x270/0x270
[ 70.114886][ T4467] ? memset+0x1e/0x40
[ 70.118889][ T4467] reiserfs_add_entry+0x653/0xd40
[ 70.123956][ T4467] ? drop_new_inode+0x60/0x60
[ 70.128667][ T4467] ? memcpy+0x3c/0x60
[ 70.132662][ T4467] ? journal_begin+0x2b1/0x350
[ 70.137439][ T4467] ? reiserfs_update_inode_transaction+0x1c/0x120
[ 70.143873][ T4467] reiserfs_mkdir+0x68f/0x970
[ 70.148570][ T4467] ? reiserfs_symlink+0x770/0x770
[ 70.153614][ T4467] ? lookup_one_len+0x18e/0x2c0
[ 70.158477][ T4467] ? clear_nonspinnable+0x60/0x60
[ 70.163606][ T4467] open_xa_dir+0x5af/0x6b0
[ 70.168040][ T4467] ? listxattr_filler+0x410/0x410
[ 70.173083][ T4467] xattr_lookup+0x22/0x2a0
[ 70.177514][ T4467] ? reiserfs_xattr_set_handle+0xc5/0xf20
[ 70.183246][ T4467] reiserfs_xattr_set_handle+0xf4/0xf20
[ 70.188813][ T4467] ? __mutex_unlock_slowpath+0x19e/0x6a0
[ 70.194467][ T4467] ? chown_one_xattr+0x90/0x90
[ 70.199253][ T4467] ? mutex_unlock+0x10/0x10
[ 70.203775][ T4467] ? journal_begin+0x1f1/0x350
[ 70.208550][ T4467] ? reiserfs_write_unlock+0xa2/0x110
[ 70.213936][ T4467] reiserfs_xattr_set+0x435/0x550
[ 70.218983][ T4467] ? reiserfs_get_page+0x400/0x400
[ 70.224113][ T4467] ? trusted_set+0x7d/0xe0
[ 70.228576][ T4467] ? trusted_get+0xc0/0xc0
[ 70.233004][ T4467] __vfs_setxattr+0x3e0/0x420
[ 70.237700][ T4467] __vfs_setxattr_noperm+0x129/0x5e0
[ 70.243001][ T4467] vfs_setxattr+0x168/0x2f0
[ 70.247521][ T4467] ? xattr_permission+0x500/0x500
[ 70.252561][ T4467] ? strncpy_from_user+0x1fb/0x360
[ 70.257684][ T4467] setxattr+0x2da/0x300
[ 70.261851][ T4467] ? path_setxattr+0x280/0x280
[ 70.266668][ T4467] ? sb_start_write+0x112/0x1c0
[ 70.271534][ T4467] ? mnt_want_write_file+0x166/0x200
[ 70.276828][ T4467] __se_sys_fsetxattr+0x15e/0x1d0
[ 70.281865][ T4467] do_syscall_64+0x4c/0xa0
[ 70.286420][ T4467] ? clear_bhb_loop+0x30/0x80
[ 70.291123][ T4467] ? clear_bhb_loop+0x30/0x80
[ 70.295816][ T4467] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 70.301726][ T4467] RIP: 0033:0x7ffbf8080749
[ 70.306149][ T4467] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 70.325763][ T4467] RSP: 002b:00007ffd4e4a06f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000be
[ 70.334188][ T4467] RAX: ffffffffffffffda RBX: 00007ffbf82d6fa0 RCX: 00007ffbf8080749
[ 70.342173][ T4467] RDX: 0000000000000000 RSI: 0000200000001700 RDI: 0000000000000004
[ 70.350158][ T4467] RBP: 00007ffbf8104f91 R08: 0000000000000003 R09: 0000000000000000
[ 70.358144][ T4467] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 70.366124][ T4467] R13: 00007ffbf82d6fa0 R14: 00007ffbf82d6fa0 R15: 0000000000000005
[ 70.374120][ T4467]
[ 70.377439][ T4467] Kernel Offset: disabled
[ 70.381783][ T4467] Rebooting in 86400 seconds..