Warning: Permanently added '[localhost]:41446' (ED25519) to the list of known hosts.
2026/06/11 07:44:09 parsed 1 programs
syzkaller login: [ 65.376028][ T5621] cgroup: Unknown subsys name 'net'
[ 65.461756][ T5621] cgroup: Unknown subsys name 'cpuset'
[ 65.468378][ T5621] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 67.441708][ T5621] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 70.422292][ T5632] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 70.549786][ T82] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 70.562977][ T82] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 70.648444][ T1123] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 70.652097][ T1123] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 71.743405][ T55] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 71.747965][ T55] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 71.752951][ T55] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 71.759804][ T55] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 71.764875][ T55] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 72.199322][ T5651] bridge0: port 1(bridge_slave_0) entered blocking state
[ 72.202937][ T5651] bridge0: port 1(bridge_slave_0) entered disabled state
[ 72.205207][ T5651] bridge_slave_0: entered allmulticast mode
[ 72.208704][ T5651] bridge_slave_0: entered promiscuous mode
[ 72.213567][ T5651] bridge0: port 2(bridge_slave_1) entered blocking state
[ 72.215749][ T5651] bridge0: port 2(bridge_slave_1) entered disabled state
[ 72.218269][ T5651] bridge_slave_1: entered allmulticast mode
[ 72.221507][ T5651] bridge_slave_1: entered promiscuous mode
[ 72.283737][ T5651] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 72.297018][ T5651] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 72.364655][ T5651] team0: Port device team_slave_0 added
[ 72.380070][ T5651] team0: Port device team_slave_1 added
[ 72.432092][ T5651] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 72.434561][ T5651] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 72.443642][ T5651] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 72.473751][ T5651] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 72.476743][ T5651] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 72.488280][ T5651] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 72.741302][ T5651] hsr_slave_0: entered promiscuous mode
[ 72.750166][ T5651] hsr_slave_1: entered promiscuous mode
[ 73.092407][ T5651] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 73.107831][ T5651] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[ 73.198754][ T5651] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 73.204263][ T5651] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[ 73.219371][ T5651] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 73.231458][ T5651] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[ 73.238606][ T5651] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 73.265926][ T5651] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[ 73.458633][ T5651] 8021q: adding VLAN 0 to HW filter on device bond0
[ 73.511109][ T5651] 8021q: adding VLAN 0 to HW filter on device team0
[ 73.534463][ T27] bridge0: port 1(bridge_slave_0) entered blocking state
[ 73.537591][ T27] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 73.551731][ T27] bridge0: port 2(bridge_slave_1) entered blocking state
[ 73.554642][ T27] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 73.892767][ T5651] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 73.926290][ T5651] veth0_vlan: entered promiscuous mode
[ 73.934733][ T5651] veth1_vlan: entered promiscuous mode
[ 73.962076][ T5651] veth0_macvtap: entered promiscuous mode
[ 73.969492][ T5651] veth1_macvtap: entered promiscuous mode
[ 73.981820][ T5651] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 73.993196][ T5651] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 74.004827][ T5671] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 74.014204][ T5671] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 74.019344][ T5671] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 74.022518][ T5671] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
2026/06/11 07:44:20 executed programs: 0
[ 74.179963][ T5004] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 74.184651][ T5004] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 74.191181][ T5004] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 74.197015][ T5004] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 74.202782][ T5004] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 74.214055][ T5678] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 74.224197][ T5678] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 74.235155][ T5678] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 74.238848][ T5678] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 74.241918][ T5678] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 74.249987][ T5746] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 74.256031][ T5746] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 74.261164][ T5746] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 74.265517][ T5746] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 74.270067][ T5746] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 74.328353][ T5671] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 74.430328][ T5671] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 74.500679][ T5671] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 75.057981][ T5744] bridge0: port 1(bridge_slave_0) entered blocking state
[ 75.060764][ T5744] bridge0: port 1(bridge_slave_0) entered disabled state
[ 75.063505][ T5744] bridge_slave_0: entered allmulticast mode
[ 75.066271][ T5744] bridge_slave_0: entered promiscuous mode
[ 75.069844][ T5743] bridge0: port 1(bridge_slave_0) entered blocking state
[ 75.072356][ T5743] bridge0: port 1(bridge_slave_0) entered disabled state
[ 75.074958][ T5743] bridge_slave_0: entered allmulticast mode
[ 75.078330][ T5743] bridge_slave_0: entered promiscuous mode
[ 75.081865][ T5743] bridge0: port 2(bridge_slave_1) entered blocking state
[ 75.084278][ T5743] bridge0: port 2(bridge_slave_1) entered disabled state
[ 75.086616][ T5743] bridge_slave_1: entered allmulticast mode
[ 75.090823][ T5743] bridge_slave_1: entered promiscuous mode
[ 75.108989][ T5744] bridge0: port 2(bridge_slave_1) entered blocking state
[ 75.113275][ T5744] bridge0: port 2(bridge_slave_1) entered disabled state
[ 75.116274][ T5744] bridge_slave_1: entered allmulticast mode
[ 75.121944][ T5744] bridge_slave_1: entered promiscuous mode
[ 75.200428][ T5743] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 75.220152][ T5744] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 75.228365][ T5743] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 75.231982][ T5748] bridge0: port 1(bridge_slave_0) entered blocking state
[ 75.234799][ T5748] bridge0: port 1(bridge_slave_0) entered disabled state
[ 75.238658][ T5748] bridge_slave_0: entered allmulticast mode
[ 75.242770][ T5748] bridge_slave_0: entered promiscuous mode
[ 75.249787][ T5744] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 75.276238][ T5748] bridge0: port 2(bridge_slave_1) entered blocking state
[ 75.278902][ T5748] bridge0: port 2(bridge_slave_1) entered disabled state
[ 75.281538][ T5748] bridge_slave_1: entered allmulticast mode
[ 75.285140][ T5748] bridge_slave_1: entered promiscuous mode
[ 75.338112][ T5748] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 75.343636][ T5744] team0: Port device team_slave_0 added
[ 75.346965][ T5743] team0: Port device team_slave_0 added
[ 75.350980][ T5743] team0: Port device team_slave_1 added
[ 75.354806][ T5748] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 75.371666][ T5744] team0: Port device team_slave_1 added
[ 75.434683][ T5743] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 75.437434][ T5743] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 75.447397][ T5743] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 75.459245][ T5748] team0: Port device team_slave_0 added
[ 75.473499][ T5743] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 75.476492][ T5743] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 75.486604][ T5743] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 75.502564][ T5748] team0: Port device team_slave_1 added
[ 75.505291][ T5744] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 75.508390][ T5744] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 75.518327][ T5744] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 75.524115][ T5744] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 75.526871][ T5744] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 75.536852][ T5744] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 75.566526][ T5671] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 75.599099][ T5748] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 75.601657][ T5748] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 75.611128][ T5748] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 75.616084][ T5748] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 75.618898][ T5748] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 75.627927][ T5748] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 75.681620][ T5743] hsr_slave_0: entered promiscuous mode
[ 75.683997][ T5743] hsr_slave_1: entered promiscuous mode
[ 75.686172][ T5743] debugfs: 'hsr0' already exists in 'hsr'
[ 75.688398][ T5743] Cannot create hsr debugfs directory
[ 75.696966][ T5744] hsr_slave_0: entered promiscuous mode
[ 75.699863][ T5744] hsr_slave_1: entered promiscuous mode
[ 75.702570][ T5744] debugfs: 'hsr0' already exists in 'hsr'
[ 75.704454][ T5744] Cannot create hsr debugfs directory
[ 75.759371][ T5748] hsr_slave_0: entered promiscuous mode
[ 75.761586][ T5748] hsr_slave_1: entered promiscuous mode
[ 75.763604][ T5748] debugfs: 'hsr0' already exists in 'hsr'
[ 75.765233][ T5748] Cannot create hsr debugfs directory
[ 76.054211][ T5743] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 76.060714][ T5743] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[ 76.063520][ T5743] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 76.069906][ T5743] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[ 76.073636][ T5743] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 76.080309][ T5743] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[ 76.084136][ T5743] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 76.090173][ T5743] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[ 76.195199][ T5743] 8021q: adding VLAN 0 to HW filter on device bond0
[ 76.214641][ T5743] 8021q: adding VLAN 0 to HW filter on device team0
[ 76.223483][ T53] bridge0: port 1(bridge_slave_0) entered blocking state
[ 76.226205][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 76.238317][ T53] bridge0: port 2(bridge_slave_1) entered blocking state
[ 76.240730][ T53] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 76.289995][ T5746] Bluetooth: hci1: command tx timeout
[ 76.290022][ T5678] Bluetooth: hci2: command tx timeout
[ 76.292935][ T5746] Bluetooth: hci0: command tx timeout
[ 76.470911][ T5743] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 76.503796][ T5743] veth0_vlan: entered promiscuous mode
[ 76.512157][ T5743] veth1_vlan: entered promiscuous mode
[ 76.534715][ T5743] veth0_macvtap: entered promiscuous mode
[ 76.541351][ T5743] veth1_macvtap: entered promiscuous mode
[ 76.552129][ T5743] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 76.561242][ T5743] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 76.569677][ T5484] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 76.572570][ T5484] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 76.576072][ T5484] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 76.580295][ T5484] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 76.650594][ T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 76.656196][ T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 76.680831][ T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 76.684503][ T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 76.746741][ T5816] loop0: detected capacity change from 0 to 512
[ 76.760606][ T5816] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[ 76.769338][ T1382] ieee802154 phy0 wpan0: encryption failed: -22
[ 76.772828][ T1382] ieee802154 phy1 wpan1: encryption failed: -22
[ 76.773347][ T5816] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[ 76.800875][ T5816] EXT4-fs error (device loop0): ext4_orphan_get:1423: comm syz.0.17: bad orphan inode 131083
[ 76.807052][ T5816] loop0: lost filesystem error report for type 5 error -117
[ 76.807641][ C0] EXT4-fs (loop0): initial error at time 1781163862: ext4_orphan_get:1423
[ 76.812717][ C0] EXT4-fs (loop0): last error at time 1781163862: ext4_orphan_get:1423
[ 76.823994][ T5816] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 76.842310][ T5671] bridge_slave_1: left allmulticast mode
[ 76.845667][ T5816] EXT4-fs error (device loop0): ext4_find_dest_de:2204: inode #12: block 7: comm syz.0.17: bad entry in directory: directory entry overrun - offset=16, inode=1560281102, rec_len=1024, size=56 fake=0
[ 76.853062][ T5671] bridge_slave_1: left promiscuous mode
[ 76.856377][ T5671] bridge0: port 2(bridge_slave_1) entered disabled state
[ 76.866737][ T5671] bridge_slave_0: left allmulticast mode
[ 76.877802][ T5671] bridge_slave_0: left promiscuous mode
[ 76.880497][ T5671] bridge0: port 1(bridge_slave_0) entered disabled state
[ 76.881377][ T5743] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 76.913634][ T5821] loop0: detected capacity change from 0 to 512
[ 76.916362][ T5821] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[ 76.937414][ T5821] EXT4-fs error (device loop0): ext4_orphan_get:1423: comm syz.0.20: bad orphan inode 131083
[ 76.945472][ T5821] loop0: lost filesystem error report for type 5 error -117
[ 76.947173][ T5821] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 76.970364][ T5821] ==================================================================
[ 76.973368][ T5821] BUG: KASAN: slab-use-after-free in __ext4_check_dir_entry+0x65a/0xc40
[ 76.976370][ T5821] Read of size 1 at addr ffff888114d8c045 by task syz.0.20/5821
[ 76.980050][ T5821]
[ 76.980961][ T5821] CPU: 1 UID: 0 PID: 5821 Comm: syz.0.20 Not tainted syzkaller #0 PREEMPT(full)
[ 76.980975][ T5821] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 76.980982][ T5821] Call Trace:
[ 76.980987][ T5821]
[ 76.980993][ T5821] dump_stack_lvl+0xe8/0x150
[ 76.981008][ T5821] print_address_description+0x55/0x1e0
[ 76.981020][ T5821] ? __ext4_check_dir_entry+0x65a/0xc40
[ 76.981030][ T5821] print_report+0x58/0x70
[ 76.981038][ T5821] kasan_report+0x117/0x150
[ 76.981047][ T5821] ? __ext4_check_dir_entry+0x65a/0xc40
[ 76.981057][ T5821] __ext4_check_dir_entry+0x65a/0xc40
[ 76.981069][ T5821] ext4_find_dest_de+0x136/0x770
[ 76.981083][ T5821] ? ext4_try_add_inline_entry+0xf8/0x8e0
[ 76.981098][ T5821] ext4_add_dirent_to_inline+0xcf/0x430
[ 76.981111][ T5821] ? __pfx_ext4_add_dirent_to_inline+0x10/0x10
[ 76.981123][ T5821] ? ext4_get_inode_loc+0xc5/0xf0
[ 76.981132][ T5821] ext4_try_add_inline_entry+0x235/0x8e0
[ 76.981146][ T5821] ? __pfx_ext4_try_add_inline_entry+0x10/0x10
[ 76.981161][ T5821] __ext4_add_entry+0x390/0x1f40
[ 76.981174][ T5821] ? __ext4_mark_inode_dirty+0x4c8/0x710
[ 76.981188][ T5821] ? rcu_is_watching+0x15/0xb0
[ 76.981200][ T5821] ? __ext4_new_inode+0x3431/0x3ce0
[ 76.981211][ T5821] ? __pfx___ext4_add_entry+0x10/0x10
[ 76.981227][ T5821] ? __pfx___dquot_initialize+0x10/0x10
[ 76.981238][ T5821] ? d_splice_alias_ops+0x117/0x3d0
[ 76.981247][ T5821] ext4_add_nondir+0x111/0x310
[ 76.981257][ T5821] ext4_create+0x2e9/0x470
[ 76.981271][ T5821] ? __pfx_ext4_create+0x10/0x10
[ 76.981282][ T5821] ? bpf_lsm_inode_permission+0x9/0x20
[ 76.981295][ T5821] ? may_o_create+0x2d2/0x370
[ 76.981307][ T5821] ? bpf_lsm_inode_create+0x9/0x20
[ 76.981317][ T5821] ? __pfx_ext4_create+0x10/0x10
[ 76.981328][ T5821] path_openat+0x1395/0x3860
[ 76.981347][ T5821] ? __pfx_path_openat+0x10/0x10
[ 76.981358][ T5821] ? __x64_sys_openat+0x138/0x170
[ 76.981377][ T5821] do_file_open+0x23e/0x4a0
[ 76.981390][ T5821] ? __pfx_do_file_open+0x10/0x10
[ 76.981406][ T5821] ? _raw_spin_unlock+0x28/0x50
[ 76.981419][ T5821] ? alloc_fd+0x64b/0x6c0
[ 76.981431][ T5821] do_sys_openat2+0x113/0x200
[ 76.981441][ T5821] ? __se_sys_futex+0x3a8/0x450
[ 76.981452][ T5821] ? __pfx_do_sys_openat2+0x10/0x10
[ 76.981463][ T5821] ? rcu_is_watching+0x15/0xb0
[ 76.981473][ T5821] __x64_sys_openat+0x138/0x170
[ 76.981484][ T5821] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 76.981494][ T5821] do_syscall_64+0x174/0x580
[ 76.981504][ T5821] ? trace_irq_disable+0x3b/0x140
[ 76.981518][ T5821] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 76.981528][ T5821] RIP: 0033:0x7f922219ce59
[ 76.981539][ T5821] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 76.981547][ T5821] RSP: 002b:00007f9223137028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 76.981559][ T5821] RAX: ffffffffffffffda RBX: 00007f9222415fa0 RCX: 00007f922219ce59
[ 76.981566][ T5821] RDX: 0000000000042042 RSI: 0000200000000080 RDI: 0000000000000004
[ 76.981572][ T5821] RBP: 00007f9222232d6f R08: 0000000000000000 R09: 0000000000000000
[ 76.981579][ T5821] R10: 000000000000014a R11: 0000000000000246 R12: 0000000000000000
[ 76.981584][ T5821] R13: 00007f9222416038 R14: 00007f9222415fa0 R15: 00007ffd01a2d448
[ 76.981595][ T5821]
[ 76.981598][ T5821]
[ 77.085467][ T5821] Allocated by task 5484:
[ 77.086770][ T5821] kasan_save_track+0x3e/0x80
[ 77.088247][ T5821] __kasan_slab_alloc+0x6c/0x80
[ 77.089945][ T5821] kmem_cache_alloc_node_noprof+0x384/0x690
[ 77.092159][ T5821] __alloc_skb+0x27d/0x7d0
[ 77.093507][ T5821] mpls_netconf_notify_devconf+0x46/0x100
[ 77.095210][ T5821] mpls_dev_notify+0xb2d/0xd10
[ 77.096610][ T5821] notifier_call_chain+0x1ad/0x3d0
[ 77.098096][ T5821] unregister_netdevice_many_notify+0x17a5/0x22c0
[ 77.100014][ T5821] ops_undo_list+0x3d3/0x940
[ 77.101417][ T5821] cleanup_net+0x56b/0x800
[ 77.102761][ T5821] process_scheduled_works+0xb5d/0x1860
[ 77.105057][ T5821] worker_thread+0xa53/0xfc0
[ 77.106521][ T5821] kthread+0x389/0x470
[ 77.107738][ T5821] ret_from_fork+0x514/0xb70
[ 77.109114][ T5821] ret_from_fork_asm+0x1a/0x30
[ 77.110624][ T5821]
[ 77.111371][ T5821] Freed by task 5484:
[ 77.112698][ T5821] kasan_save_track+0x3e/0x80
[ 77.114044][ T5821] kasan_save_free_info+0x46/0x50
[ 77.115481][ T5821] __kasan_slab_free+0x5c/0x80
[ 77.116998][ T5821] kfree+0x1c5/0x640
[ 77.118214][ T5821] skb_release_data+0x828/0xa60
[ 77.119573][ T5821] __kfree_skb+0x5d/0x210
[ 77.120773][ T5821] netlink_broadcast_filtered+0xe18/0xf20
[ 77.122515][ T5821] nlmsg_notify+0xf0/0x1a0
[ 77.123929][ T5821] mpls_dev_notify+0xb2d/0xd10
[ 77.125454][ T5821] notifier_call_chain+0x1ad/0x3d0
[ 77.127109][ T5821] unregister_netdevice_many_notify+0x17a5/0x22c0
[ 77.129202][ T5821] ops_undo_list+0x3d3/0x940
[ 77.130725][ T5821] cleanup_net+0x56b/0x800
[ 77.132412][ T5821] process_scheduled_works+0xb5d/0x1860
[ 77.134450][ T5821] worker_thread+0xa53/0xfc0
[ 77.136017][ T5821] kthread+0x389/0x470
[ 77.137280][ T5821] ret_from_fork+0x514/0xb70
[ 77.138764][ T5821] ret_from_fork_asm+0x1a/0x30
[ 77.140537][ T5821]
[ 77.141422][ T5821] The buggy address belongs to the object at ffff888114d8c000
[ 77.141422][ T5821] which belongs to the cache skbuff_small_head of size 704
[ 77.146418][ T5821] The buggy address is located 69 bytes inside of
[ 77.146418][ T5821] freed 704-byte region [ffff888114d8c000, ffff888114d8c2c0)
[ 77.150906][ T5821]
[ 77.151664][ T5821] The buggy address belongs to the physical page:
[ 77.153751][ T5821] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x114d8c
[ 77.156365][ T5821] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 77.159008][ T5821] flags: 0x17ff00000000040(head|node=0|zone=2|lastcpupid=0x7ff)
[ 77.161264][ T5821] page_type: f5(slab)
[ 77.162624][ T5821] raw: 017ff00000000040 ffff888160416b40 dead000000000100 dead000000000122
[ 77.165208][ T5821] raw: 0000000000000000 0000000800120012 00000000f5000000 0000000000000000
[ 77.167779][ T5821] head: 017ff00000000040 ffff888160416b40 dead000000000100 dead000000000122
[ 77.170660][ T5821] head: 0000000000000000 0000000800120012 00000000f5000000 0000000000000000
[ 77.173909][ T5821] head: 017ff00000000002 ffffffffffffff01 00000000ffffffff 00000000ffffffff
[ 77.176515][ T5821] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[ 77.179092][ T5821] page dumped because: kasan: bad access detected
[ 77.181014][ T5821] page_owner tracks the page as allocated
[ 77.182723][ T5821] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5484, tgid 5484 (kworker/u8:2), ts 72573003529, free_ts 72546506446
[ 77.189923][ T5821] post_alloc_hook+0x22d/0x280
[ 77.191441][ T5821] get_page_from_freelist+0x2593/0x2610
[ 77.193124][ T5821] __alloc_frozen_pages_noprof+0x18d/0x380
[ 77.194911][ T5821] allocate_slab+0x77/0x660
[ 77.196350][ T5821] refill_objects+0x339/0x3d0
[ 77.198339][ T5821] __pcs_replace_empty_main+0x321/0x720
[ 77.200014][ T5821] kmem_cache_alloc_node_noprof+0x441/0x690
[ 77.201735][ T5821] __alloc_skb+0x27d/0x7d0
[ 77.203230][ T5821] mpls_netconf_notify_devconf+0x46/0x100
[ 77.204942][ T5821] mpls_dev_notify+0xb2d/0xd10
[ 77.206326][ T5821] notifier_call_chain+0x1ad/0x3d0
[ 77.207790][ T5821] unregister_netdevice_many_notify+0x17a5/0x22c0
[ 77.209677][ T5821] ops_undo_list+0x3d3/0x940
[ 77.211122][ T5821] cleanup_net+0x56b/0x800
[ 77.212468][ T5821] process_scheduled_works+0xb5d/0x1860
[ 77.214138][ T5821] worker_thread+0xa53/0xfc0
[ 77.215608][ T5821] page last free pid 5484 tgid 5484 stack trace:
[ 77.217475][ T5821] __free_frozen_pages+0xc1c/0xd30
[ 77.219026][ T5821] stack_depot_save_flags+0x40e/0x810
[ 77.220604][ T5821] kasan_save_track+0x4f/0x80
[ 77.222001][ T5821] __kasan_slab_alloc+0x6c/0x80
[ 77.223565][ T5821] kmem_cache_alloc_noprof+0x2bc/0x650
[ 77.225480][ T5821] fill_pool+0x156/0x580
[ 77.226731][ T5821] debug_object_activate+0x4a3/0x580
[ 77.228330][ T5821] call_rcu+0x43/0x890
[ 77.229551][ T5821] kernfs_put+0x259/0x520
[ 77.230845][ T5821] kernfs_remove_by_name_ns+0xc8/0x140
[ 77.232504][ T5821] device_remove_class_symlinks+0x178/0x190
[ 77.234292][ T5821] device_del+0x400/0x8f0
[ 77.235585][ T5821] unregister_netdevice_many_notify+0x1d5f/0x22c0
[ 77.237434][ T5821] ops_undo_list+0x3d3/0x940
[ 77.238836][ T5821] cleanup_net+0x56b/0x800
[ 77.240396][ T5821] process_scheduled_works+0xb5d/0x1860
[ 77.242325][ T5821]
[ 77.243228][ T5821] Memory state around the buggy address:
[ 77.245023][ T5821] ffff888114d8bf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 77.247740][ T5821] ffff888114d8bf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 77.250317][ T5821] >ffff888114d8c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 77.253098][ T5821] ^
[ 77.255221][ T5821] ffff888114d8c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 77.257882][ T5821] ffff888114d8c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 77.260571][ T5821] ==================================================================
[ 77.283887][ T5821] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 77.286132][ T5821] CPU: 1 UID: 0 PID: 5821 Comm: syz.0.20 Not tainted syzkaller #0 PREEMPT(full)
[ 77.289283][ T5821] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 77.292314][ T5821] Call Trace:
[ 77.293336][ T5821]
[ 77.294235][ T5821] vpanic+0x56c/0xa60
[ 77.295391][ T5821] ? __pfx_vpanic+0x10/0x10
[ 77.296747][ T5821] ? __pfx___schedule+0x10/0x10
[ 77.298278][ T5821] panic+0xc5/0xd0
[ 77.299742][ T5821] ? __pfx_panic+0x10/0x10
[ 77.301350][ T5821] ? preempt_schedule_common+0x82/0xd0
[ 77.303019][ T5821] ? __ext4_check_dir_entry+0x65a/0xc40
[ 77.304653][ T5821] check_panic_on_warn+0x89/0xb0
[ 77.306197][ T5821] ? __ext4_check_dir_entry+0x65a/0xc40
[ 77.307841][ T5821] end_report+0x73/0x170
[ 77.309326][ T5821] ? __ext4_check_dir_entry+0x65a/0xc40
[ 77.311374][ T5821] kasan_report+0x128/0x150
[ 77.313382][ T5821] ? __ext4_check_dir_entry+0x65a/0xc40
[ 77.315064][ T5821] __ext4_check_dir_entry+0x65a/0xc40
[ 77.316655][ T5821] ext4_find_dest_de+0x136/0x770
[ 77.318249][ T5821] ? ext4_try_add_inline_entry+0xf8/0x8e0
[ 77.320013][ T5821] ext4_add_dirent_to_inline+0xcf/0x430
[ 77.321661][ T5821] ? __pfx_ext4_add_dirent_to_inline+0x10/0x10
[ 77.323497][ T5821] ? ext4_get_inode_loc+0xc5/0xf0
[ 77.324961][ T5821] ext4_try_add_inline_entry+0x235/0x8e0
[ 77.326596][ T5821] ? __pfx_ext4_try_add_inline_entry+0x10/0x10
[ 77.328447][ T5821] __ext4_add_entry+0x390/0x1f40
[ 77.329996][ T5821] ? __ext4_mark_inode_dirty+0x4c8/0x710
[ 77.331653][ T5821] ? rcu_is_watching+0x15/0xb0
[ 77.333060][ T5821] ? __ext4_new_inode+0x3431/0x3ce0
[ 77.334591][ T5821] ? __pfx___ext4_add_entry+0x10/0x10
[ 77.336142][ T5821] ? __pfx___dquot_initialize+0x10/0x10
[ 77.337878][ T5821] ? d_splice_alias_ops+0x117/0x3d0
[ 77.339570][ T5821] ext4_add_nondir+0x111/0x310
[ 77.340958][ T5821] ext4_create+0x2e9/0x470
[ 77.342262][ T5821] ? __pfx_ext4_create+0x10/0x10
[ 77.343710][ T5821] ? bpf_lsm_inode_permission+0x9/0x20
[ 77.345276][ T5821] ? may_o_create+0x2d2/0x370
[ 77.346642][ T5821] ? bpf_lsm_inode_create+0x9/0x20
[ 77.348277][ T5821] ? __pfx_ext4_create+0x10/0x10
[ 77.349748][ T5821] path_openat+0x1395/0x3860
[ 77.351148][ T5821] ? __pfx_path_openat+0x10/0x10
[ 77.352681][ T5821] ? __x64_sys_openat+0x138/0x170
[ 77.354241][ T5821] do_file_open+0x23e/0x4a0
[ 77.355624][ T5821] ? __pfx_do_file_open+0x10/0x10
[ 77.357154][ T5821] ? _raw_spin_unlock+0x28/0x50
[ 77.358725][ T5821] ? alloc_fd+0x64b/0x6c0
[ 77.360068][ T5821] do_sys_openat2+0x113/0x200
[ 77.361481][ T5821] ? __se_sys_futex+0x3a8/0x450
[ 77.363017][ T5821] ? __pfx_do_sys_openat2+0x10/0x10
[ 77.364614][ T5821] ? rcu_is_watching+0x15/0xb0
[ 77.366097][ T5821] __x64_sys_openat+0x138/0x170
[ 77.367677][ T5821] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 77.369659][ T5821] do_syscall_64+0x174/0x580
[ 77.371027][ T5821] ? trace_irq_disable+0x3b/0x140
[ 77.372511][ T5821] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 77.374288][ T5821] RIP: 0033:0x7f922219ce59
[ 77.375625][ T5821] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 77.381502][ T5821] RSP: 002b:00007f9223137028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 77.384000][ T5821] RAX: ffffffffffffffda RBX: 00007f9222415fa0 RCX: 00007f922219ce59
[ 77.386340][ T5821] RDX: 0000000000042042 RSI: 0000200000000080 RDI: 0000000000000004
[ 77.388818][ T5821] RBP: 00007f9222232d6f R08: 0000000000000000 R09: 0000000000000000
[ 77.391104][ T5821] R10: 000000000000014a R11: 0000000000000246 R12: 0000000000000000
[ 77.393594][ T5821] R13: 00007f9222416038 R14: 00007f9222415fa0 R15: 00007ffd01a2d448
[ 77.395997][ T5821]
[ 77.397604][ T5821] Kernel Offset: disabled
[ 77.398948][ T5821] Rebooting in 86400 seconds..
VM DIAGNOSIS:
07:44:23 Registers:
info registers vcpu 0
CPU#0
RAX=00000000a12a0681 RBX=00000000345d9713 RCX=00000000adffa265 RDX=0000000000000008
RSI=ffff888102eba978 RDI=ffff888102eb9dc0 RBP=00000000413372fe RSP=ffffc90000147590
R8 =ffffffff8176e256 R9 =ffffffff8e95cd20 R10=ffffc90000147898 R11=ffffffff81b0e210
R12=ffff888102eba978 R13=ffff888102eba978 R14=ffff888102eb9dc0 R15=0000000000000001
RIP=ffffffff81a1b14d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88818dc9f000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=000055b43657c868 CR3=000000000e74a000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=00ff000000000000 ff00000000000000 XMM05=0000303a37622f2a 00006c6111337920
XMM06=ffff000000000000 0000000000000000 XMM07=0000000000000000 0000000000000000
XMM08=ffff000000000000 ffff000000000000 XMM09=0000303a37622f72 656c6c616b7a7973
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1
CPU#1
RAX=0000000000000074 RBX=0000000000000074 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc9000424ebd0
R8 =ffff888109810237 R9 =1ffff11021302046 R10=dffffc0000000000 R11=ffffffff85451d30
R12=dffffc0000000000 R13=ffffffff9a4779e3 R14=ffffffff9a78dac0 R15=0000000000000000
RIP=ffffffff85451dac RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f92231376c0 ffffffff 00c00000
GS =0000 ffff8882a929f000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000048000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b33863fff CR3=000000001bbbe000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=65756e69746e6f63 3d73726f7272652c XMM01=0000000000000000 0000000000000000
XMM02=ffffffffffff0000 0000000000000000 XMM03=ffffffffffffffff ffffffffffffffff
XMM04=0000000000000000 0000000000000000 XMM05=00007f9223136590 00007f9223136570
XMM06=0008000800080008 0008000800080008 XMM07=0000000000000000 0000000000080008
XMM08=0000000000000000 0000000000000000 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000