Warning: Permanently added '[localhost]:20256' (ED25519) to the list of known hosts.
2026/01/17 21:03:54 parsed 1 programs
syzkaller login: [ 83.482502][ T5328] cgroup: Unknown subsys name 'net'
[ 83.549891][ T5328] cgroup: Unknown subsys name 'cpuset'
[ 83.556679][ T5328] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 85.299385][ T5328] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 90.772643][ T5343] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 91.853608][ T9] cfg80211: failed to load regulatory.db
[ 93.052473][ T5369] chnl_net:caif_netlink_parms(): no params data found
[ 93.187783][ T5369] bridge0: port 1(bridge_slave_0) entered blocking state
[ 93.196098][ T5369] bridge0: port 1(bridge_slave_0) entered disabled state
[ 93.199301][ T5369] bridge_slave_0: entered allmulticast mode
[ 93.206868][ T5369] bridge_slave_0: entered promiscuous mode
[ 93.217738][ T5369] bridge0: port 2(bridge_slave_1) entered blocking state
[ 93.220681][ T5369] bridge0: port 2(bridge_slave_1) entered disabled state
[ 93.223468][ T5369] bridge_slave_1: entered allmulticast mode
[ 93.237602][ T5369] bridge_slave_1: entered promiscuous mode
[ 93.290740][ T5369] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 93.295604][ T5369] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 93.342328][ T5369] team0: Port device team_slave_0 added
[ 93.357919][ T5369] team0: Port device team_slave_1 added
[ 93.380146][ T5369] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 93.382630][ T5369] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 93.392811][ T5369] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 93.400778][ T5369] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 93.404017][ T5369] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 93.415763][ T5369] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 93.451621][ T5369] hsr_slave_0: entered promiscuous mode
[ 93.455134][ T5369] hsr_slave_1: entered promiscuous mode
[ 93.610887][ T5369] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 93.621045][ T5369] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 93.628530][ T5369] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 93.636416][ T5369] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 93.668949][ T5369] bridge0: port 2(bridge_slave_1) entered blocking state
[ 93.671929][ T5369] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 93.675484][ T5369] bridge0: port 1(bridge_slave_0) entered blocking state
[ 93.679267][ T5369] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 93.688195][ T3775] bridge0: port 1(bridge_slave_0) entered disabled state
[ 93.692369][ T3775] bridge0: port 2(bridge_slave_1) entered disabled state
[ 93.745673][ T5369] 8021q: adding VLAN 0 to HW filter on device bond0
[ 93.763239][ T5369] 8021q: adding VLAN 0 to HW filter on device team0
[ 93.771697][ T3775] bridge0: port 1(bridge_slave_0) entered blocking state
[ 93.774701][ T3775] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 93.784427][ T3933] bridge0: port 2(bridge_slave_1) entered blocking state
[ 93.787411][ T3933] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 94.110491][ T5369] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 94.172580][ T5369] veth0_vlan: entered promiscuous mode
[ 94.190240][ T5369] veth1_vlan: entered promiscuous mode
[ 94.235220][ T5369] veth0_macvtap: entered promiscuous mode
[ 94.247322][ T5369] veth1_macvtap: entered promiscuous mode
[ 94.268705][ T5369] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 94.290299][ T5369] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 94.310218][ T38] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 94.313897][ T38] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 94.329220][ T38] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 94.332688][ T38] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 94.612656][ T3688] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 94.687976][ T3688] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 94.798692][ T3688] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 95.470033][ T4685] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 95.474088][ T4685] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 95.479742][ T4685] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 95.483256][ T4685] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 95.487500][ T4685] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 95.835468][ T3688] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 96.097988][ T4327] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 96.101429][ T4327] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 96.169234][ T3933] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 96.172766][ T3933] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 97.440693][ T3688] bridge_slave_1: left allmulticast mode
[ 97.443332][ T3688] bridge_slave_1: left promiscuous mode
[ 97.470095][ T3688] bridge0: port 2(bridge_slave_1) entered disabled state
[ 97.487793][ T3688] bridge_slave_0: left allmulticast mode
[ 97.490192][ T3688] bridge_slave_0: left promiscuous mode
[ 97.516863][ T3688] bridge0: port 1(bridge_slave_0) entered disabled state
[ 97.948690][ T3688] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 97.954934][ T3688] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 97.960185][ T3688] bond0 (unregistering): Released all slaves
[ 98.081537][ T3688] hsr_slave_0: left promiscuous mode
[ 98.086575][ T3688] hsr_slave_1: left promiscuous mode
[ 98.092192][ T3688] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 98.095255][ T3688] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 98.108060][ T3688] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 98.111326][ T3688] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 98.134785][ T3688] veth1_macvtap: left promiscuous mode
[ 98.140928][ T3688] veth0_macvtap: left promiscuous mode
[ 98.143576][ T3688] veth1_vlan: left promiscuous mode
[ 98.156533][ T3688] veth0_vlan: left promiscuous mode
[ 98.638615][ T3688] team0 (unregistering): Port device team_slave_1 removed
[ 98.672418][ T3688] team0 (unregistering): Port device team_slave_0 removed
2026/01/17 21:04:12 executed programs: 0
[ 100.166902][ T46] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 100.171235][ T46] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 100.174801][ T46] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 100.179277][ T46] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 100.182768][ T46] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 100.739649][ T5463] chnl_net:caif_netlink_parms(): no params data found
[ 100.872855][ T5463] bridge0: port 1(bridge_slave_0) entered blocking state
[ 100.876086][ T5463] bridge0: port 1(bridge_slave_0) entered disabled state
[ 100.879022][ T5463] bridge_slave_0: entered allmulticast mode
[ 100.882339][ T5463] bridge_slave_0: entered promiscuous mode
[ 100.888388][ T5463] bridge0: port 2(bridge_slave_1) entered blocking state
[ 100.891396][ T5463] bridge0: port 2(bridge_slave_1) entered disabled state
[ 100.894326][ T5463] bridge_slave_1: entered allmulticast mode
[ 100.898075][ T5463] bridge_slave_1: entered promiscuous mode
[ 100.921476][ T5463] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 100.927532][ T5463] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 100.950986][ T5463] team0: Port device team_slave_0 added
[ 100.956112][ T5463] team0: Port device team_slave_1 added
[ 100.974731][ T5463] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 100.978007][ T5463] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 100.989140][ T5463] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 100.994916][ T5463] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 100.998441][ T5463] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 101.009575][ T5463] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 101.039664][ T5463] hsr_slave_0: entered promiscuous mode
[ 101.042790][ T5463] hsr_slave_1: entered promiscuous mode
[ 101.440428][ T5463] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 101.468419][ T5463] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 101.489064][ T5463] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 101.498147][ T5463] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 101.640113][ T5463] 8021q: adding VLAN 0 to HW filter on device bond0
[ 101.672969][ T5463] 8021q: adding VLAN 0 to HW filter on device team0
[ 101.692435][ T3688] bridge0: port 1(bridge_slave_0) entered blocking state
[ 101.695361][ T3688] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 101.713009][ T3688] bridge0: port 2(bridge_slave_1) entered blocking state
[ 101.716032][ T3688] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 102.036415][ T5463] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 102.105023][ T5463] veth0_vlan: entered promiscuous mode
[ 102.120759][ T5463] veth1_vlan: entered promiscuous mode
[ 102.174325][ T5463] veth0_macvtap: entered promiscuous mode
[ 102.189650][ T5463] veth1_macvtap: entered promiscuous mode
[ 102.212027][ T5463] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 102.227331][ T46] Bluetooth: hci0: command tx timeout
[ 102.239429][ T5463] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 102.269285][ T1045] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 102.272870][ T1045] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 102.291218][ T1045] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 102.328269][ T1045] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 102.418623][ T1045] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 102.421814][ T1045] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 102.476666][ T3933] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 102.480200][ T3933] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 102.589367][ T5513] loop0: detected capacity change from 0 to 512
[ 102.644108][ T5513] EXT4-fs (loop0): revision level too high, forcing read-only mode
[ 102.666518][ T5513] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8842c01c, mo2=0002]
[ 102.670780][ T5513] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 102.688325][ T5513] EXT4-fs error (device loop0): ext4_orphan_get:1391: inode #13: comm syz.0.17: iget: bad i_size value: 12154761577498
[ 102.717122][ T5513] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.17: couldn't read orphan inode 13 (err -117)
[ 102.747117][ T5513] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[ 102.753185][ T5513] EXT4-fs warning (device loop0): dx_probe:861: inode #2: comm syz.0.17: dx entry: limit 65535 != root limit 120
[ 102.779359][ T5513] EXT4-fs warning (device loop0): dx_probe:934: inode #2: comm syz.0.17: Corrupt directory, running e2fsck is recommended
[ 102.796302][ T5513] EXT4-fs error (device loop0): ext4_readdir:264: inode #2: block 3: comm syz.0.17: path /0/file0: bad entry in directory: directory entry overrun - offset=1023, inode=511, rec_len=1024, size=1024 fake=0
[ 102.834195][ T5463] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 102.967325][ T5519] loop0: detected capacity change from 0 to 512
[ 102.993226][ T5519] EXT4-fs (loop0): revision level too high, forcing read-only mode
[ 103.005984][ T5519] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8842c01c, mo2=0002]
[ 103.009508][ T5519] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 103.047169][ T5519] EXT4-fs error (device loop0): ext4_orphan_get:1391: inode #13: comm syz.0.18: iget: bad i_size value: 12154761577498
[ 103.063163][ T5519] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.18: couldn't read orphan inode 13 (err -117)
[ 103.077234][ T5519] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[ 103.083191][ T5519] EXT4-fs warning (device loop0): dx_probe:861: inode #2: comm syz.0.18: dx entry: limit 65535 != root limit 120
[ 103.109169][ T5519] EXT4-fs warning (device loop0): dx_probe:934: inode #2: comm syz.0.18: Corrupt directory, running e2fsck is recommended
[ 103.127475][ T5519] ==================================================================
[ 103.131485][ T5519] BUG: KASAN: slab-use-after-free in __ext4_check_dir_entry+0x755/0x8e0
[ 103.135935][ T5519] Read of size 2 at addr ffff8880124e4003 by task syz.0.18/5519
[ 103.140718][ T5519]
[ 103.141996][ T5519] CPU: 0 UID: 0 PID: 5519 Comm: syz.0.18 Not tainted syzkaller #0 PREEMPT(full)
[ 103.142012][ T5519] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 103.142019][ T5519] Call Trace:
[ 103.142026][ T5519]
[ 103.142032][ T5519] dump_stack_lvl+0xe8/0x150
[ 103.142051][ T5519] print_report+0xca/0x240
[ 103.142063][ T5519] ? __ext4_check_dir_entry+0x755/0x8e0
[ 103.142078][ T5519] kasan_report+0x118/0x150
[ 103.142090][ T5519] ? __ext4_check_dir_entry+0x755/0x8e0
[ 103.142103][ T5519] __ext4_check_dir_entry+0x755/0x8e0
[ 103.142119][ T5519] ext4_readdir+0x13ee/0x3e90
[ 103.142132][ T5519] ? aa_file_perm+0x139/0x1530
[ 103.142152][ T5519] ? __pfx_ext4_readdir+0x10/0x10
[ 103.142165][ T5519] ? iterate_dir+0x292/0x570
[ 103.142183][ T5519] ? iterate_dir+0x292/0x570
[ 103.142196][ T5519] ? down_read_killable+0x1bc/0x350
[ 103.142279][ T5519] iterate_dir+0x399/0x570
[ 103.142294][ T5519] __se_sys_getdents64+0xe4/0x260
[ 103.142309][ T5519] ? __pfx___se_sys_getdents64+0x10/0x10
[ 103.142322][ T5519] ? exc_page_fault+0x71/0xd0
[ 103.142337][ T5519] ? __pfx_filldir64+0x10/0x10
[ 103.142354][ T5519] do_syscall_64+0xec/0xf80
[ 103.142364][ T5519] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 103.142374][ T5519] ? trace_irq_disable+0x37/0x100
[ 103.142389][ T5519] ? clear_bhb_loop+0x60/0xb0
[ 103.142400][ T5519] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 103.142411][ T5519] RIP: 0033:0x7f335ad8f7c9
[ 103.142424][ T5519] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 103.142433][ T5519] RSP: 002b:00007ffe15889468 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 103.142446][ T5519] RAX: ffffffffffffffda RBX: 00007f335afe5fa0 RCX: 00007f335ad8f7c9
[ 103.142454][ T5519] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[ 103.142459][ T5519] RBP: 00007f335ae13f91 R08: 0000000000000000 R09: 0000000000000000
[ 103.142465][ T5519] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 103.142471][ T5519] R13: 00007f335afe5fa0 R14: 00007f335afe5fa0 R15: 0000000000000003
[ 103.142482][ T5519]
[ 103.142486][ T5519]
[ 103.233044][ T5519] Allocated by task 4724:
[ 103.234902][ T5519] kasan_save_track+0x3e/0x80
[ 103.236917][ T5519] __kasan_kmalloc+0x93/0xb0
[ 103.238804][ T5519] __kmalloc_node_track_caller_noprof+0x575/0x820
[ 103.241437][ T5519] kmalloc_reserve+0x136/0x290
[ 103.243435][ T5519] __alloc_skb+0x204/0x3a0
[ 103.245196][ T5519] alloc_skb_with_frags+0xca/0x890
[ 103.247197][ T5519] sock_alloc_send_pskb+0x84d/0x980
[ 103.249300][ T5519] unix_dgram_sendmsg+0x501/0x18c0
[ 103.251387][ T5519] __sock_sendmsg+0x21c/0x270
[ 103.253429][ T5519] __sys_sendto+0x3bd/0x520
[ 103.255430][ T5519] __x64_sys_sendto+0xde/0x100
[ 103.257557][ T5519] do_syscall_64+0xec/0xf80
[ 103.259806][ T5519] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 103.262558][ T5519]
[ 103.263818][ T5519] Freed by task 4717:
[ 103.265613][ T5519] kasan_save_track+0x3e/0x80
[ 103.267760][ T5519] kasan_save_free_info+0x46/0x50
[ 103.269981][ T5519] __kasan_slab_free+0x5c/0x80
[ 103.272071][ T5519] kfree+0x1c0/0x660
[ 103.273876][ T5519] skb_release_data+0x62d/0x7c0
[ 103.276010][ T5519] consume_skb+0x9e/0xf0
[ 103.277677][ T5519] __unix_dgram_recvmsg+0xa03/0xdc0
[ 103.279723][ T5519] sock_recvmsg+0x22c/0x270
[ 103.281451][ T5519] sock_read_iter+0x231/0x2f0
[ 103.283230][ T5519] vfs_read+0x55a/0xa30
[ 103.284780][ T5519] ksys_read+0x145/0x250
[ 103.286231][ T5519] do_syscall_64+0xec/0xf80
[ 103.288142][ T5519] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 103.290301][ T5519]
[ 103.291363][ T5519] The buggy address belongs to the object at ffff8880124e4000
[ 103.291363][ T5519] which belongs to the cache kmalloc-cg-512 of size 512
[ 103.297338][ T5519] The buggy address is located 3 bytes inside of
[ 103.297338][ T5519] freed 512-byte region [ffff8880124e4000, ffff8880124e4200)
[ 103.303101][ T5519]
[ 103.304163][ T5519] The buggy address belongs to the physical page:
[ 103.306872][ T5519] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x124e4
[ 103.310738][ T5519] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 103.314539][ T5519] memcg:ffff88801a352781
[ 103.316466][ T5519] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 103.319484][ T5519] page_type: f5(slab)
[ 103.321076][ T5519] raw: 00fff00000000040 ffff88801a44b140 ffffea000068b300 dead000000000005
[ 103.324582][ T5519] raw: 0000000000000000 0000000000080008 00000000f5000000 ffff88801a352781
[ 103.327922][ T5519] head: 00fff00000000040 ffff88801a44b140 ffffea000068b300 dead000000000005
[ 103.331442][ T5519] head: 0000000000000000 0000000000080008 00000000f5000000 ffff88801a352781
[ 103.334580][ T5519] head: 00fff00000000001 ffffea0000493901 00000000ffffffff 00000000ffffffff
[ 103.337473][ T5519] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[ 103.340767][ T5519] page dumped because: kasan: bad access detected
[ 103.343256][ T5519] page_owner tracks the page as allocated
[ 103.345189][ T5519] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5369, tgid 5369 (syz-executor), ts 93751039655, free_ts 93368309387
[ 103.352610][ T5519] post_alloc_hook+0x234/0x290
[ 103.354717][ T5519] get_page_from_freelist+0x24e0/0x2580
[ 103.356869][ T5519] __alloc_frozen_pages_noprof+0x181/0x370
[ 103.359066][ T5519] alloc_pages_mpol+0x232/0x4a0
[ 103.360903][ T5519] allocate_slab+0x86/0x3b0
[ 103.362647][ T5519] ___slab_alloc+0xe53/0x1820
[ 103.364408][ T5519] __slab_alloc+0x65/0x100
[ 103.366051][ T5519] __kmalloc_cache_noprof+0x41e/0x700
[ 103.368008][ T5519] ipv6_add_addr+0x530/0x1090
[ 103.369725][ T5519] inet6_addr_add+0x3c3/0xce0
[ 103.371576][ T5519] inet6_rtm_newaddr+0x93d/0xd20
[ 103.373507][ T5519] rtnetlink_rcv_msg+0x7cf/0xb70
[ 103.375306][ T5519] netlink_rcv_skb+0x208/0x470
[ 103.377062][ T5519] netlink_unicast+0x82f/0x9e0
[ 103.378753][ T5519] netlink_sendmsg+0x805/0xb30
[ 103.380527][ T5519] __sock_sendmsg+0x21c/0x270
[ 103.382345][ T5519] page last free pid 76 tgid 76 stack trace:
[ 103.384969][ T5519] free_unref_folios+0xdb3/0x14f0
[ 103.387874][ T5519] shrink_folio_list+0x289b/0x4f90
[ 103.390071][ T5519] evict_folios+0x473e/0x57f0
[ 103.392092][ T5519] try_to_shrink_lruvec+0x8a3/0xb50
[ 103.394458][ T5519] shrink_one+0x25c/0x720
[ 103.396340][ T5519] shrink_node+0x2f7d/0x35b0
[ 103.398195][ T5519] kswapd+0x145a/0x2820
[ 103.399757][ T5519] kthread+0x711/0x8a0
[ 103.401228][ T5519] ret_from_fork+0x510/0xa50
[ 103.403247][ T5519] ret_from_fork_asm+0x1a/0x30
[ 103.405597][ T5519]
[ 103.406721][ T5519] Memory state around the buggy address:
[ 103.409188][ T5519] ffff8880124e3f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 103.412442][ T5519] ffff8880124e3f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 103.415498][ T5519] >ffff8880124e4000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 103.418729][ T5519] ^
[ 103.420318][ T5519] ffff8880124e4080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 103.423427][ T5519] ffff8880124e4100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 103.426727][ T5519] ==================================================================
[ 103.546647][ T5519] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 103.549677][ T5519] CPU: 0 UID: 0 PID: 5519 Comm: syz.0.18 Not tainted syzkaller #0 PREEMPT(full)
[ 103.553818][ T5519] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 103.558523][ T5519] Call Trace:
[ 103.559805][ T5519]
[ 103.561116][ T5519] vpanic+0x1e0/0x670
[ 103.562601][ T5519] panic+0xb9/0xc0
[ 103.564244][ T5519] ? __pfx_panic+0x10/0x10
[ 103.566285][ T5519] ? preempt_schedule_thunk+0x16/0x30
[ 103.568695][ T5519] ? preempt_schedule_thunk+0x16/0x30
[ 103.571112][ T5519] ? __ext4_check_dir_entry+0x755/0x8e0
[ 103.573618][ T5519] check_panic_on_warn+0x89/0xb0
[ 103.575832][ T5519] ? __ext4_check_dir_entry+0x755/0x8e0
[ 103.578278][ T5519] end_report+0x6f/0x140
[ 103.580146][ T5519] kasan_report+0x129/0x150
[ 103.582184][ T5519] ? __ext4_check_dir_entry+0x755/0x8e0
[ 103.584721][ T5519] __ext4_check_dir_entry+0x755/0x8e0
[ 103.587181][ T5519] ext4_readdir+0x13ee/0x3e90
[ 103.589300][ T5519] ? aa_file_perm+0x139/0x1530
[ 103.591484][ T5519] ? __pfx_ext4_readdir+0x10/0x10
[ 103.593785][ T5519] ? iterate_dir+0x292/0x570
[ 103.595921][ T5519] ? iterate_dir+0x292/0x570
[ 103.598016][ T5519] ? down_read_killable+0x1bc/0x350
[ 103.600440][ T5519] iterate_dir+0x399/0x570
[ 103.602480][ T5519] __se_sys_getdents64+0xe4/0x260
[ 103.604712][ T5519] ? __pfx___se_sys_getdents64+0x10/0x10
[ 103.607246][ T5519] ? exc_page_fault+0x71/0xd0
[ 103.609404][ T5519] ? __pfx_filldir64+0x10/0x10
[ 103.611604][ T5519] do_syscall_64+0xec/0xf80
[ 103.613511][ T5519] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 103.615669][ T5519] ? trace_irq_disable+0x37/0x100
[ 103.617725][ T5519] ? clear_bhb_loop+0x60/0xb0
[ 103.619737][ T5519] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 103.622032][ T5519] RIP: 0033:0x7f335ad8f7c9
[ 103.623928][ T5519] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 103.632332][ T5519] RSP: 002b:00007ffe15889468 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 103.635642][ T5519] RAX: ffffffffffffffda RBX: 00007f335afe5fa0 RCX: 00007f335ad8f7c9
[ 103.639207][ T5519] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[ 103.642716][ T5519] RBP: 00007f335ae13f91 R08: 0000000000000000 R09: 0000000000000000
[ 103.646091][ T5519] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 103.649531][ T5519] R13: 00007f335afe5fa0 R14: 00007f335afe5fa0 R15: 0000000000000003
[ 103.653082][ T5519]
[ 103.654862][ T5519] Kernel Offset: disabled
[ 103.656846][ T5519] Rebooting in 86400 seconds..
VM DIAGNOSIS:
21:04:16 Registers:
info registers vcpu 0
CPU#0
RAX=0000000000000061 RBX=0000000000000061 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc90002b9f410
R8 =ffff888034038237 R9 =1ffff11006807046 R10=dffffc0000000000 R11=ffffffff851bb760
R12=dffffc0000000000 R13=ffffffff999009fa R14=ffffffff99c156c0 R15=0000000000000000
RIP=ffffffff851bb7dc RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00005555696ab500 ffffffff 00c00000
GS =0000 ffff88808d414000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007fb100a74e9c CR3=00000000331d8000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000030100 Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe15889740 0000003000000018
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f335ae15050
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f335ae1505d
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f335ae15057
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f335ae1506b
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f335ae150f1
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f335ae151cf
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000188 0000000000000005 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000