Warning: Permanently added '[localhost]:49217' (ED25519) to the list of known hosts.
2025/11/28 06:11:07 parsed 1 programs
syzkaller login: [ 84.231444][ T5311] cgroup: Unknown subsys name 'net'
[ 84.316986][ T5311] cgroup: Unknown subsys name 'cpuset'
[ 84.324832][ T5311] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 86.010084][ T5311] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 90.553293][ T5328] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 91.215957][ T54] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 91.219517][ T54] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 91.269369][ T1041] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 91.274064][ T1041] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 91.918104][ T10] cfg80211: failed to load regulatory.db
[ 95.083070][ T5384] chnl_net:caif_netlink_parms(): no params data found
[ 95.224944][ T5384] bridge0: port 1(bridge_slave_0) entered blocking state
[ 95.228582][ T5384] bridge0: port 1(bridge_slave_0) entered disabled state
[ 95.231595][ T5384] bridge_slave_0: entered allmulticast mode
[ 95.235956][ T5384] bridge_slave_0: entered promiscuous mode
[ 95.253210][ T5384] bridge0: port 2(bridge_slave_1) entered blocking state
[ 95.256250][ T5384] bridge0: port 2(bridge_slave_1) entered disabled state
[ 95.259380][ T5384] bridge_slave_1: entered allmulticast mode
[ 95.273134][ T5384] bridge_slave_1: entered promiscuous mode
[ 95.305683][ T5384] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 95.312553][ T5384] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 95.337327][ T5384] team0: Port device team_slave_0 added
[ 95.342300][ T5384] team0: Port device team_slave_1 added
[ 95.366952][ T5384] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 95.369826][ T5384] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 95.380521][ T5384] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 95.387216][ T5384] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 95.390125][ T5384] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 95.401297][ T5384] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 95.472900][ T5384] hsr_slave_0: entered promiscuous mode
[ 95.482973][ T5384] hsr_slave_1: entered promiscuous mode
[ 95.725143][ T5384] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 95.735327][ T5384] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 95.741357][ T5384] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 95.747924][ T5384] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 95.804499][ T5384] bridge0: port 2(bridge_slave_1) entered blocking state
[ 95.807804][ T5384] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 95.811695][ T5384] bridge0: port 1(bridge_slave_0) entered blocking state
[ 95.814381][ T5384] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 95.923001][ T5384] 8021q: adding VLAN 0 to HW filter on device bond0
[ 95.946044][ T54] bridge0: port 1(bridge_slave_0) entered disabled state
[ 95.951046][ T54] bridge0: port 2(bridge_slave_1) entered disabled state
[ 95.962791][ T5384] 8021q: adding VLAN 0 to HW filter on device team0
[ 95.989514][ T54] bridge0: port 1(bridge_slave_0) entered blocking state
[ 95.992719][ T54] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 96.012790][ T54] bridge0: port 2(bridge_slave_1) entered blocking state
[ 96.015969][ T54] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 96.267659][ T5384] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 96.306005][ T5384] veth0_vlan: entered promiscuous mode
[ 96.315165][ T5384] veth1_vlan: entered promiscuous mode
[ 96.343782][ T5384] veth0_macvtap: entered promiscuous mode
[ 96.350491][ T5384] veth1_macvtap: entered promiscuous mode
[ 96.366641][ T5384] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 96.377082][ T5384] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 96.388754][ T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 96.400717][ T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 96.418391][ T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 96.423719][ T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 96.624851][ T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 96.634096][ T5406] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 96.638079][ T5406] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 96.641619][ T5406] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 96.645686][ T5406] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 96.649321][ T5406] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 96.719662][ T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 96.770476][ T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 96.876798][ T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/11/28 06:11:24 executed programs: 0
[ 99.047592][ T4667] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 99.051640][ T4667] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 99.055663][ T4667] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 99.059526][ T4667] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 99.063464][ T4667] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 99.204882][ T13] bridge_slave_1: left allmulticast mode
[ 99.207486][ T13] bridge_slave_1: left promiscuous mode
[ 99.210870][ T13] bridge0: port 2(bridge_slave_1) entered disabled state
[ 99.224734][ T13] bridge_slave_0: left allmulticast mode
[ 99.227119][ T13] bridge_slave_0: left promiscuous mode
[ 99.229606][ T13] bridge0: port 1(bridge_slave_0) entered disabled state
[ 99.624891][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 99.632703][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 99.646471][ T13] bond0 (unregistering): Released all slaves
[ 99.742231][ T13] hsr_slave_0: left promiscuous mode
[ 99.757012][ T13] hsr_slave_1: left promiscuous mode
[ 99.773846][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 99.777096][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 99.812183][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 99.817555][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 99.866193][ T13] veth1_macvtap: left promiscuous mode
[ 99.868424][ T13] veth0_macvtap: left promiscuous mode
[ 99.870739][ T13] veth1_vlan: left promiscuous mode
[ 99.900994][ T13] veth0_vlan: left promiscuous mode
[ 100.638503][ T13] team0 (unregistering): Port device team_slave_1 removed
[ 100.662637][ T13] team0 (unregistering): Port device team_slave_0 removed
[ 101.113295][ T4667] Bluetooth: hci0: command tx timeout
[ 101.226133][ T5424] chnl_net:caif_netlink_parms(): no params data found
[ 101.641204][ T5424] bridge0: port 1(bridge_slave_0) entered blocking state
[ 101.650514][ T5424] bridge0: port 1(bridge_slave_0) entered disabled state
[ 101.658274][ T5424] bridge_slave_0: entered allmulticast mode
[ 101.669089][ T5424] bridge_slave_0: entered promiscuous mode
[ 101.703426][ T5424] bridge0: port 2(bridge_slave_1) entered blocking state
[ 101.706447][ T5424] bridge0: port 2(bridge_slave_1) entered disabled state
[ 101.709511][ T5424] bridge_slave_1: entered allmulticast mode
[ 101.736407][ T5424] bridge_slave_1: entered promiscuous mode
[ 101.786964][ T5424] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 101.802564][ T5424] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 101.863848][ T5424] team0: Port device team_slave_0 added
[ 101.882837][ T5424] team0: Port device team_slave_1 added
[ 101.937208][ T5424] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 101.940302][ T5424] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 101.963197][ T5424] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 101.992359][ T5424] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 101.995268][ T5424] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 102.026263][ T5424] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 102.111296][ T5424] hsr_slave_0: entered promiscuous mode
[ 102.114767][ T5424] hsr_slave_1: entered promiscuous mode
[ 102.655205][ T5424] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 102.674901][ T5424] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 102.681030][ T5424] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 102.703885][ T5424] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 102.828353][ T5424] 8021q: adding VLAN 0 to HW filter on device bond0
[ 102.854169][ T5424] 8021q: adding VLAN 0 to HW filter on device team0
[ 102.868705][ T54] bridge0: port 1(bridge_slave_0) entered blocking state
[ 102.871949][ T54] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 102.894571][ T54] bridge0: port 2(bridge_slave_1) entered blocking state
[ 102.897483][ T54] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 103.195667][ T4667] Bluetooth: hci0: command tx timeout
[ 103.217562][ T5424] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 103.296564][ T5424] veth0_vlan: entered promiscuous mode
[ 103.314006][ T5424] veth1_vlan: entered promiscuous mode
[ 103.364353][ T5424] veth0_macvtap: entered promiscuous mode
[ 103.376483][ T5424] veth1_macvtap: entered promiscuous mode
[ 103.398838][ T5424] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 103.419093][ T5424] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 103.454349][ T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 103.458218][ T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 103.465915][ T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 103.476882][ T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 103.565799][ T54] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 103.569105][ T54] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 103.634511][ T1038] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 103.643968][ T1038] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 103.721269][ T5485] loop0: detected capacity change from 0 to 512
[ 103.773761][ T5485] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[ 103.779504][ T5485] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[ 103.821260][ T5485] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2853: Unable to expand inode 15. Delete some EAs or run e2fsck.
[ 103.856872][ T5485] EXT4-fs (loop0): 1 truncate cleaned up
[ 103.860070][ T5485] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 103.921497][ T5485] ==================================================================
[ 103.925003][ T5485] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x8e9/0x1e20
[ 103.928257][ T5485] Read of size 18446744073709551572 at addr ffff888059eb4850 by task syz.0.17/5485
[ 103.933100][ T5485]
[ 103.934156][ T5485] CPU: 0 UID: 0 PID: 5485 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)
[ 103.934169][ T5485] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 103.934176][ T5485] Call Trace:
[ 103.934183][ T5485]
[ 103.934188][ T5485] dump_stack_lvl+0x189/0x250
[ 103.934209][ T5485] ? __kasan_check_byte+0x12/0x40
[ 103.934225][ T5485] ? __pfx_dump_stack_lvl+0x10/0x10
[ 103.934239][ T5485] ? lock_release+0x4b/0x3e0
[ 103.934252][ T5485] ? __virt_addr_valid+0x4a5/0x5c0
[ 103.934267][ T5485] print_report+0xca/0x240
[ 103.934280][ T5485] ? ext4_xattr_set_entry+0x8e9/0x1e20
[ 103.934296][ T5485] kasan_report+0x118/0x150
[ 103.934309][ T5485] ? ext4_xattr_set_entry+0x8e9/0x1e20
[ 103.934323][ T5485] ? ext4_xattr_set_entry+0x8e9/0x1e20
[ 103.934336][ T5485] kasan_check_range+0x2b0/0x2c0
[ 103.934349][ T5485] ? ext4_xattr_set_entry+0x8e9/0x1e20
[ 103.934363][ T5485] __asan_memmove+0x29/0x70
[ 103.934374][ T5485] ext4_xattr_set_entry+0x8e9/0x1e20
[ 103.934393][ T5485] ext4_xattr_block_set+0x872/0x2ac0
[ 103.934408][ T5485] ? fs_reclaim_acquire+0x7d/0x100
[ 103.934425][ T5485] ? __pfx_check_xattrs+0x10/0x10
[ 103.934440][ T5485] ? __pfx_ext4_xattr_block_set+0x10/0x10
[ 103.934454][ T5485] ? ext4_xattr_block_find+0x2d4/0x350
[ 103.934469][ T5485] ext4_expand_extra_isize_ea+0x12da/0x1ea0
[ 103.934493][ T5485] __ext4_expand_extra_isize+0x30d/0x400
[ 103.934505][ T5485] __ext4_mark_inode_dirty+0x46c/0x700
[ 103.934520][ T5485] __ext4_unlink+0x631/0xab0
[ 103.934534][ T5485] ? __pfx___ext4_unlink+0x10/0x10
[ 103.934546][ T5485] ? __pfx___dquot_initialize+0x10/0x10
[ 103.934559][ T5485] ? down_write+0x162/0x1f0
[ 103.934622][ T5485] ext4_unlink+0x216/0x5d0
[ 103.934635][ T5485] vfs_unlink+0x394/0x650
[ 103.934650][ T5485] do_unlinkat+0x345/0x560
[ 103.934663][ T5485] ? __pfx_do_unlinkat+0x10/0x10
[ 103.934675][ T5485] ? strncpy_from_user+0x150/0x290
[ 103.934689][ T5485] ? getname_flags+0x1e5/0x540
[ 103.934704][ T5485] __x64_sys_unlink+0x47/0x50
[ 103.934716][ T5485] do_syscall_64+0xfa/0xfa0
[ 103.934729][ T5485] ? lockdep_hardirqs_on+0x9c/0x150
[ 103.934743][ T5485] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 103.934753][ T5485] ? clear_bhb_loop+0x60/0xb0
[ 103.934763][ T5485] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 103.934773][ T5485] RIP: 0033:0x7fc470d8f7c9
[ 103.934790][ T5485] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 103.934799][ T5485] RSP: 002b:00007ffebab06be8 EFLAGS: 00000246 ORIG_RAX: 0000000000000057
[ 103.934811][ T5485] RAX: ffffffffffffffda RBX: 00007fc470fe5fa0 RCX: 00007fc470d8f7c9
[ 103.934819][ T5485] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000180
[ 103.934824][ T5485] RBP: 00007fc470e13f91 R08: 0000000000000000 R09: 0000000000000000
[ 103.934830][ T5485] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 103.934837][ T5485] R13: 00007fc470fe5fa0 R14: 00007fc470fe5fa0 R15: 0000000000000001
[ 103.934847][ T5485]
[ 103.934851][ T5485]
[ 104.056728][ T5485] Allocated by task 5485:
[ 104.058279][ T5485] kasan_save_track+0x3e/0x80
[ 104.060141][ T5485] __kasan_kmalloc+0x93/0xb0
[ 104.061881][ T5485] __kmalloc_node_track_caller_noprof+0x568/0x800
[ 104.064377][ T5485] kmemdup_noprof+0x2b/0x70
[ 104.066494][ T5485] ext4_xattr_block_set+0x781/0x2ac0
[ 104.069020][ T5485] ext4_expand_extra_isize_ea+0x12da/0x1ea0
[ 104.071837][ T5485] __ext4_expand_extra_isize+0x30d/0x400
[ 104.074199][ T5485] __ext4_mark_inode_dirty+0x46c/0x700
[ 104.076411][ T5485] __ext4_unlink+0x631/0xab0
[ 104.078272][ T5485] ext4_unlink+0x216/0x5d0
[ 104.080267][ T5485] vfs_unlink+0x394/0x650
[ 104.082068][ T5485] do_unlinkat+0x345/0x560
[ 104.083952][ T5485] __x64_sys_unlink+0x47/0x50
[ 104.086079][ T5485] do_syscall_64+0xfa/0xfa0
[ 104.087911][ T5485] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 104.090392][ T5485]
[ 104.091415][ T5485] The buggy address belongs to the object at ffff888059eb4800
[ 104.091415][ T5485] which belongs to the cache kmalloc-1k of size 1024
[ 104.097070][ T5485] The buggy address is located 80 bytes inside of
[ 104.097070][ T5485] 1024-byte region [ffff888059eb4800, ffff888059eb4c00)
[ 104.102621][ T5485]
[ 104.103698][ T5485] The buggy address belongs to the physical page:
[ 104.106590][ T5485] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x59eb4
[ 104.110189][ T5485] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 104.113715][ T5485] anon flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff)
[ 104.117115][ T5485] page_type: f5(slab)
[ 104.118856][ T5485] raw: 04fff00000000040 ffff88801a041dc0 0000000000000000 dead000000000001
[ 104.122401][ T5485] raw: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000
[ 104.125780][ T5485] head: 04fff00000000040 ffff88801a041dc0 0000000000000000 dead000000000001
[ 104.129208][ T5485] head: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000
[ 104.132676][ T5485] head: 04fff00000000002 ffffea000167ad01 00000000ffffffff 00000000ffffffff
[ 104.136470][ T5485] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[ 104.140063][ T5485] page dumped because: kasan: bad access detected
[ 104.142715][ T5485] page_owner tracks the page as allocated
[ 104.145190][ T5485] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5420, tgid 5420 (syz-executor), ts 98143788801, free_ts 98134637023
[ 104.154115][ T5485] post_alloc_hook+0x234/0x290
[ 104.156250][ T5485] get_page_from_freelist+0x2365/0x2440
[ 104.159163][ T5485] __alloc_frozen_pages_noprof+0x181/0x370
[ 104.162167][ T5485] alloc_pages_mpol+0x232/0x4a0
[ 104.164643][ T5485] allocate_slab+0x96/0x350
[ 104.166628][ T5485] ___slab_alloc+0xf56/0x1990
[ 104.168635][ T5485] __slab_alloc+0x65/0x100
[ 104.170583][ T5485] __kvmalloc_node_noprof+0x6ba/0x910
[ 104.172866][ T5485] rhashtable_init_noprof+0x4f3/0xbc0
[ 104.175085][ T5485] ipc_init_ids+0x7b/0x1f0
[ 104.177065][ T5485] copy_ipcs+0x3e7/0x460
[ 104.179343][ T5485] create_new_namespaces+0x218/0x720
[ 104.182140][ T5485] unshare_nsproxy_namespaces+0x11c/0x170
[ 104.185218][ T5485] ksys_unshare+0x4c8/0x8c0
[ 104.187685][ T5485] __x64_sys_unshare+0x38/0x50
[ 104.189612][ T5485] do_syscall_64+0xfa/0xfa0
[ 104.191471][ T5485] page last free pid 5419 tgid 5419 stack trace:
[ 104.194078][ T5485] __free_frozen_pages+0xbc4/0xd30
[ 104.196182][ T5485] stack_depot_save_flags+0x436/0x860
[ 104.198440][ T5485] kasan_save_track+0x4f/0x80
[ 104.200582][ T5485] __kasan_slab_alloc+0x6c/0x80
[ 104.202640][ T5485] kmem_cache_alloc_noprof+0x367/0x6e0
[ 104.205088][ T5485] alloc_buffer_head+0x2a/0x270
[ 104.207024][ T5485] folio_alloc_buffers+0x32d/0x640
[ 104.209044][ T5485] bdev_getblk+0x286/0x660
[ 104.210768][ T5485] __ext4_get_inode_loc+0x561/0x1040
[ 104.212930][ T5485] ext4_reserve_inode_write+0x18b/0x360
[ 104.215208][ T5485] __ext4_mark_inode_dirty+0x15b/0x700
[ 104.217515][ T5485] __ext4_new_inode+0x336a/0x3cb0
[ 104.219631][ T5485] ext4_mkdir+0x3cb/0xc50
[ 104.221542][ T5485] vfs_mkdir+0x306/0x510
[ 104.223676][ T5485] do_mkdirat+0x247/0x590
[ 104.225986][ T5485] __x64_sys_mkdir+0x6c/0x80
[ 104.228398][ T5485]
[ 104.229731][ T5485] Memory state around the buggy address:
[ 104.232551][ T5485] ffff888059eb4700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 104.236393][ T5485] ffff888059eb4780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 104.239601][ T5485] >ffff888059eb4800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 104.242739][ T5485] ^
[ 104.245519][ T5485] ffff888059eb4880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 104.248894][ T5485] ffff888059eb4900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 104.252154][ T5485] ==================================================================
[ 104.361326][ T5485] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 104.364397][ T5485] CPU: 0 UID: 0 PID: 5485 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)
[ 104.368112][ T5485] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 104.372376][ T5485] Call Trace:
[ 104.373751][ T5485]
[ 104.374951][ T5485] dump_stack_lvl+0x99/0x250
[ 104.376821][ T5485] ? __asan_memcpy+0x40/0x70
[ 104.378671][ T5485] ? __pfx_dump_stack_lvl+0x10/0x10
[ 104.380762][ T5485] ? __pfx__printk+0x10/0x10
[ 104.382723][ T5485] vpanic+0x237/0x6d0
[ 104.384450][ T5485] ? __pfx_vpanic+0x10/0x10
[ 104.386396][ T5485] ? preempt_schedule+0xae/0xc0
[ 104.388844][ T5485] ? __pfx_preempt_schedule+0x10/0x10
[ 104.391258][ T5485] panic+0xb9/0xc0
[ 104.392878][ T5485] ? __pfx_panic+0x10/0x10
[ 104.394714][ T5485] ? _raw_spin_unlock_irqrestore+0xfd/0x110
[ 104.397219][ T5485] ? ext4_xattr_set_entry+0x8e9/0x1e20
[ 104.399518][ T5485] check_panic_on_warn+0x89/0xb0
[ 104.401646][ T5485] ? ext4_xattr_set_entry+0x8e9/0x1e20
[ 104.403855][ T5485] end_report+0x78/0x160
[ 104.405702][ T5485] kasan_report+0x129/0x150
[ 104.407613][ T5485] ? ext4_xattr_set_entry+0x8e9/0x1e20
[ 104.409980][ T5485] ? ext4_xattr_set_entry+0x8e9/0x1e20
[ 104.412266][ T5485] kasan_check_range+0x2b0/0x2c0
[ 104.414420][ T5485] ? ext4_xattr_set_entry+0x8e9/0x1e20
[ 104.416595][ T5485] __asan_memmove+0x29/0x70
[ 104.418475][ T5485] ext4_xattr_set_entry+0x8e9/0x1e20
[ 104.420654][ T5485] ext4_xattr_block_set+0x872/0x2ac0
[ 104.422858][ T5485] ? fs_reclaim_acquire+0x7d/0x100
[ 104.425015][ T5485] ? __pfx_check_xattrs+0x10/0x10
[ 104.427125][ T5485] ? __pfx_ext4_xattr_block_set+0x10/0x10
[ 104.429504][ T5485] ? ext4_xattr_block_find+0x2d4/0x350
[ 104.431761][ T5485] ext4_expand_extra_isize_ea+0x12da/0x1ea0
[ 104.434193][ T5485] __ext4_expand_extra_isize+0x30d/0x400
[ 104.436644][ T5485] __ext4_mark_inode_dirty+0x46c/0x700
[ 104.439062][ T5485] __ext4_unlink+0x631/0xab0
[ 104.441098][ T5485] ? __pfx___ext4_unlink+0x10/0x10
[ 104.443280][ T5485] ? __pfx___dquot_initialize+0x10/0x10
[ 104.445677][ T5485] ? down_write+0x162/0x1f0
[ 104.447647][ T5485] ext4_unlink+0x216/0x5d0
[ 104.449711][ T5485] vfs_unlink+0x394/0x650
[ 104.451537][ T5485] do_unlinkat+0x345/0x560
[ 104.453420][ T5485] ? __pfx_do_unlinkat+0x10/0x10
[ 104.455482][ T5485] ? strncpy_from_user+0x150/0x290
[ 104.457731][ T5485] ? getname_flags+0x1e5/0x540
[ 104.459678][ T5485] __x64_sys_unlink+0x47/0x50
[ 104.461542][ T5485] do_syscall_64+0xfa/0xfa0
[ 104.463452][ T5485] ? lockdep_hardirqs_on+0x9c/0x150
[ 104.465686][ T5485] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 104.468340][ T5485] ? clear_bhb_loop+0x60/0xb0
[ 104.470388][ T5485] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 104.472944][ T5485] RIP: 0033:0x7fc470d8f7c9
[ 104.474839][ T5485] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 104.483120][ T5485] RSP: 002b:00007ffebab06be8 EFLAGS: 00000246 ORIG_RAX: 0000000000000057
[ 104.486694][ T5485] RAX: ffffffffffffffda RBX: 00007fc470fe5fa0 RCX: 00007fc470d8f7c9
[ 104.490038][ T5485] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000180
[ 104.493350][ T5485] RBP: 00007fc470e13f91 R08: 0000000000000000 R09: 0000000000000000
[ 104.496596][ T5485] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 104.499991][ T5485] R13: 00007fc470fe5fa0 R14: 00007fc470fe5fa0 R15: 0000000000000001
[ 104.503217][ T5485]
[ 104.504868][ T5485] Kernel Offset: disabled
[ 104.506751][ T5485] Rebooting in 86400 seconds..
VM DIAGNOSIS:
06:11:29 Registers:
info registers vcpu 0
CPU#0
RAX=000000000000007a RBX=000000000000007a RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc90002aaeeb0
R8 =ffff8880335a8237 R9 =1ffff110066b5046 R10=dffffc0000000000 R11=ffffffff85169580
R12=dffffc0000000000 R13=ffffffff997e7922 R14=ffffffff99afb340 R15=0000000000000000
RIP=ffffffff851695fc RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 000055555e523500 ffffffff 00c00000
GS =0000 ffff88808d72d000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007fdb5f051286 CR3=0000000019f60000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000001000000 Opmask01=0000000001000001 Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffebab06ec0 0000003000000018
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc470e15050
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc470e1505d
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc470e15057
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc470e1506b
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc470e150f1
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc470e151cf
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000a8
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 0000000000000000 0000000000000000 00000000000000a8
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000