Warning: Permanently added '10.128.1.191' (ED25519) to the list of known hosts.
2025/12/26 05:38:00 parsed 1 programs
[  152.519429][ T5793] cgroup: Unknown subsys name 'net'
[  152.659270][ T5793] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[  154.435390][ T5793] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  157.176677][ T5829] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  157.186068][ T5829] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  157.194448][ T5829] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  157.205322][ T5829] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  157.213776][ T5829] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  157.222274][ T5829] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  157.927341][ T5822] chnl_net:caif_netlink_parms(): no params data found
[  158.203529][ T3490] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  158.224835][ T3490] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  158.272913][ T5822] bridge0: port 1(bridge_slave_0) entered blocking state
[  158.281242][ T5822] bridge0: port 1(bridge_slave_0) entered disabled state
[  158.288447][ T5822] bridge_slave_0: entered allmulticast mode
[  158.296091][ T5822] bridge_slave_0: entered promiscuous mode
[  158.306057][ T5822] bridge0: port 2(bridge_slave_1) entered blocking state
[  158.313295][ T5822] bridge0: port 2(bridge_slave_1) entered disabled state
[  158.321079][ T5822] bridge_slave_1: entered allmulticast mode
[  158.328380][ T5822] bridge_slave_1: entered promiscuous mode
[  158.370685][ T5822] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  158.385689][ T5822] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  158.414944][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  158.424710][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  158.561819][ T5822] team0: Port device team_slave_0 added
[  158.627069][ T5822] team0: Port device team_slave_1 added
[  158.733110][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_0
[  158.750035][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  158.803690][ T5822] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  159.043166][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_1
[  159.060078][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  159.133725][ T5822] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  159.569057][ T5822] hsr_slave_0: entered promiscuous mode
[  159.587171][ T5822] hsr_slave_1: entered promiscuous mode
[  160.426947][ T5822] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  160.457656][ T5822] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  160.492615][ T5822] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  160.518178][ T5822] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  160.787302][ T5822] 8021q: adding VLAN 0 to HW filter on device bond0
[  160.835250][ T5822] 8021q: adding VLAN 0 to HW filter on device team0
[  160.890156][ T3490] bridge0: port 1(bridge_slave_0) entered blocking state
[  160.897747][ T3490] bridge0: port 1(bridge_slave_0) entered forwarding state
[  160.963278][ T3490] bridge0: port 2(bridge_slave_1) entered blocking state
[  160.970553][ T3490] bridge0: port 2(bridge_slave_1) entered forwarding state
[  161.352593][ T5822] 8021q: adding VLAN 0 to HW filter on device batadv0
[  161.467819][ T5822] veth0_vlan: entered promiscuous mode
[  161.525989][ T5822] veth1_vlan: entered promiscuous mode
[  161.599551][ T5822] veth0_macvtap: entered promiscuous mode
[  161.618496][ T5822] veth1_macvtap: entered promiscuous mode
[  161.654198][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_0
[  161.668869][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_1
[  161.702631][ T5822] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  161.712914][ T5822] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  161.722750][ T5822] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  161.731597][ T5822] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
2025/12/26 05:38:12 executed programs: 0
[  162.021006][ T5081] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  162.034451][ T5081] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  162.051773][ T5081] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  162.079658][ T5902] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  162.088429][ T5902] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  162.096485][ T5902] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  162.106585][ T5902] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  162.129835][ T5904] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  162.139402][ T5904] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  162.146490][   T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  162.156779][   T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  162.165106][   T51] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  162.172687][   T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  162.197994][   T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  162.206738][   T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  162.215049][   T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  162.223882][   T51] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  162.231899][   T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  162.392144][ T5829] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  162.410177][ T5829] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  162.418939][ T5829] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  162.453953][ T5829] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  162.471392][ T5829] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  162.479066][ T5829] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  162.862351][   T59] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  162.926177][ T5903] chnl_net:caif_netlink_parms(): no params data found
[  163.171834][ T5900] chnl_net:caif_netlink_parms(): no params data found
[  163.189079][ T5903] bridge0: port 1(bridge_slave_0) entered blocking state
[  163.196410][ T5903] bridge0: port 1(bridge_slave_0) entered disabled state
[  163.205005][ T5903] bridge_slave_0: entered allmulticast mode
[  163.212464][ T5903] bridge_slave_0: entered promiscuous mode
[  163.234797][ T5903] bridge0: port 2(bridge_slave_1) entered blocking state
[  163.243941][ T5903] bridge0: port 2(bridge_slave_1) entered disabled state
[  163.251424][ T5903] bridge_slave_1: entered allmulticast mode
[  163.258839][ T5903] bridge_slave_1: entered promiscuous mode
[  163.306387][ T5898] chnl_net:caif_netlink_parms(): no params data found
[  163.347745][ T5903] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  163.357324][ T5908] chnl_net:caif_netlink_parms(): no params data found
[  163.398446][ T5903] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  163.492287][ T5900] bridge0: port 1(bridge_slave_0) entered blocking state
[  163.499521][ T5900] bridge0: port 1(bridge_slave_0) entered disabled state
[  163.507365][ T5900] bridge_slave_0: entered allmulticast mode
[  163.516016][ T5900] bridge_slave_0: entered promiscuous mode
[  163.541966][ T5903] team0: Port device team_slave_0 added
[  163.572720][ T5900] bridge0: port 2(bridge_slave_1) entered blocking state
[  163.580252][ T5900] bridge0: port 2(bridge_slave_1) entered disabled state
[  163.587587][ T5900] bridge_slave_1: entered allmulticast mode
[  163.594991][ T5900] bridge_slave_1: entered promiscuous mode
[  163.618262][ T5903] team0: Port device team_slave_1 added
[  163.651106][ T5908] bridge0: port 1(bridge_slave_0) entered blocking state
[  163.658418][ T5908] bridge0: port 1(bridge_slave_0) entered disabled state
[  163.666401][ T5908] bridge_slave_0: entered allmulticast mode
[  163.673784][ T5908] bridge_slave_0: entered promiscuous mode
[  163.726517][ T5908] bridge0: port 2(bridge_slave_1) entered blocking state
[  163.735068][ T5908] bridge0: port 2(bridge_slave_1) entered disabled state
[  163.743029][ T5908] bridge_slave_1: entered allmulticast mode
[  163.750208][ T5908] bridge_slave_1: entered promiscuous mode
[  163.761098][ T5900] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  163.784086][ T5903] batman_adv: batadv0: Adding interface: batadv_slave_0
[  163.791258][ T5903] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  163.818134][ T5903] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  163.861363][ T5900] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  163.871493][ T5903] batman_adv: batadv0: Adding interface: batadv_slave_1
[  163.878494][ T5903] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  163.905323][ T5903] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  163.923196][ T5898] bridge0: port 1(bridge_slave_0) entered blocking state
[  163.930636][ T5898] bridge0: port 1(bridge_slave_0) entered disabled state
[  163.938069][ T5898] bridge_slave_0: entered allmulticast mode
[  163.945772][ T5898] bridge_slave_0: entered promiscuous mode
[  163.998247][ T5900] team0: Port device team_slave_0 added
[  164.008597][ T5900] team0: Port device team_slave_1 added
[  164.015944][ T5898] bridge0: port 2(bridge_slave_1) entered blocking state
[  164.023378][ T5898] bridge0: port 2(bridge_slave_1) entered disabled state
[  164.031026][ T5898] bridge_slave_1: entered allmulticast mode
[  164.038239][ T5898] bridge_slave_1: entered promiscuous mode
[  164.061931][ T5908] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  164.075170][ T5908] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  164.181046][ T5900] batman_adv: batadv0: Adding interface: batadv_slave_0
[  164.188055][ T5900] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  164.216503][ T5900] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  164.223898][   T51] Bluetooth: hci1: command tx timeout
[  164.233372][ T5829] Bluetooth: hci0: command tx timeout
[  164.242243][ T5898] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  164.255160][ T5908] team0: Port device team_slave_0 added
[  164.264845][ T5908] team0: Port device team_slave_1 added
[  164.274960][ T5903] hsr_slave_0: entered promiscuous mode
[  164.281630][   T51] Bluetooth: hci2: command tx timeout
[  164.297789][ T5903] hsr_slave_1: entered promiscuous mode
[  164.305178][ T5903] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  164.314000][ T5903] Cannot create hsr debugfs directory
[  164.343430][ T5900] batman_adv: batadv0: Adding interface: batadv_slave_1
[  164.351008][ T5900] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  164.377720][ T5900] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  164.398441][ T5898] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  164.449734][ T5908] batman_adv: batadv0: Adding interface: batadv_slave_0
[  164.457366][ T5908] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  164.486652][ T5908] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  164.520307][   T51] Bluetooth: hci3: command tx timeout
[  164.562383][ T5908] batman_adv: batadv0: Adding interface: batadv_slave_1
[  164.569495][ T5908] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  164.597315][ T5908] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  164.705540][ T5900] hsr_slave_0: entered promiscuous mode
[  164.727709][ T5900] hsr_slave_1: entered promiscuous mode
[  164.744799][ T5900] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  164.753951][ T5900] Cannot create hsr debugfs directory
[  164.773491][ T5898] team0: Port device team_slave_0 added
[  164.875436][ T5898] team0: Port device team_slave_1 added
[  164.911429][   T59] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  164.981731][ T5908] hsr_slave_0: entered promiscuous mode
[  164.988533][ T5908] hsr_slave_1: entered promiscuous mode
[  164.997143][ T5908] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  165.005835][ T5908] Cannot create hsr debugfs directory
[  165.063381][ T5898] batman_adv: batadv0: Adding interface: batadv_slave_0
[  165.070783][ T5898] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  165.097311][ T5898] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  165.138847][ T5898] batman_adv: batadv0: Adding interface: batadv_slave_1
[  165.146079][ T5898] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  165.172740][ T5898] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  165.314138][ T5898] hsr_slave_0: entered promiscuous mode
[  165.321816][ T5898] hsr_slave_1: entered promiscuous mode
[  165.328398][ T5898] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  165.336964][ T5898] Cannot create hsr debugfs directory
[  165.416542][ T5903] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  165.456075][ T5903] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  165.467685][ T5903] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  165.507225][ T5903] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  165.668965][ T5903] 8021q: adding VLAN 0 to HW filter on device bond0
[  165.694786][ T5903] 8021q: adding VLAN 0 to HW filter on device team0
[  165.709830][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[  165.717096][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[  165.734861][ T3490] bridge0: port 2(bridge_slave_1) entered blocking state
[  165.742119][ T3490] bridge0: port 2(bridge_slave_1) entered forwarding state
[  165.969678][ T5903] 8021q: adding VLAN 0 to HW filter on device batadv0
[  166.020809][ T5903] veth0_vlan: entered promiscuous mode
[  166.034955][ T5903] veth1_vlan: entered promiscuous mode
[  166.069102][   T59] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  166.099790][ T5903] veth0_macvtap: entered promiscuous mode
[  166.110040][ T5903] veth1_macvtap: entered promiscuous mode
[  166.146547][   T59] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  166.163764][ T5903] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  166.175435][ T5903] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  166.187735][ T5903] batman_adv: batadv0: Interface activated: batadv_slave_0
[  166.209551][ T5903] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  166.220491][ T5903] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  166.233716][ T5903] batman_adv: batadv0: Interface activated: batadv_slave_1
[  166.249906][ T5903] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  166.259370][ T5903] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  166.269750][ T5903] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  166.279624][ T5903] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  166.290230][ T5829] Bluetooth: hci1: command tx timeout
[  166.290296][   T51] Bluetooth: hci0: command tx timeout
[  166.360948][   T51] Bluetooth: hci2: command tx timeout
[  166.422947][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  166.435479][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  166.610743][   T51] Bluetooth: hci3: command tx timeout
[  166.613035][ T3490] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  166.624390][ T3490] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  166.802273][ T5953] syz.2.19[5953]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[  166.860520][ T5953] loop2: detected capacity change from 0 to 1024
[  166.878168][ T5953] =======================================================
[  166.878168][ T5953] WARNING: The mand mount option has been deprecated and
[  166.878168][ T5953]          and is ignored by this kernel. Remove the mand
[  166.878168][ T5953]          option from the mount to silence this warning.
[  166.878168][ T5953] =======================================================
[  166.945688][ T5953] EXT4-fs: inline encryption not supported
[  166.999791][ T5953] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  167.078585][ T5953] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  167.134885][   T28] audit: type=1800 audit(1766727497.495:2): pid=5953 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.19" name="file1" dev="loop2" ino=15 res=0 errno=0
[  167.277702][ T5953] ==================================================================
[  167.285848][ T5953] BUG: KASAN: use-after-free in ext4_find_extent+0xbd0/0xe00
[  167.293284][ T5953] Read of size 4 at addr ffff8880598b7d18 by task syz.2.19/5953
[  167.300962][ T5953] 
[  167.303328][ T5953] CPU: 1 PID: 5953 Comm: syz.2.19 Not tainted syzkaller #0
[  167.310559][ T5953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  167.320668][ T5953] Call Trace:
[  167.323995][ T5953]  <TASK>
[  167.326977][ T5953]  dump_stack_lvl+0x16c/0x230
[  167.331712][ T5953]  ? read_lock_is_recursive+0x20/0x20
[  167.337156][ T5953]  ? show_regs_print_info+0x20/0x20
[  167.342405][ T5953]  ? load_image+0x3b0/0x3b0
[  167.346965][ T5953]  ? _raw_spin_lock_irqsave+0xb4/0xf0
[  167.352393][ T5953]  ? __virt_addr_valid+0x18c/0x540
[  167.357652][ T5953]  ? __virt_addr_valid+0x469/0x540
[  167.362823][ T5953]  print_report+0xac/0x220
[  167.367291][ T5953]  ? ext4_find_extent+0xbd0/0xe00
[  167.372372][ T5953]  kasan_report+0x117/0x150
[  167.376923][ T5953]  ? ext4_find_extent+0xbd0/0xe00
[  167.382032][ T5953]  ext4_find_extent+0xbd0/0xe00
[  167.386934][ T5953]  ext4_ext_map_blocks+0x260/0x6450
[  167.392208][ T5953]  ? __might_sleep+0xe0/0xe0
[  167.396854][ T5953]  ? ext4_ext_release+0x10/0x10
[  167.401744][ T5953]  ? __lock_acquire+0x7c80/0x7c80
[  167.406798][ T5953]  ? find_get_entries+0xe8/0x8c0
[  167.411768][ T5953]  ? ext4_es_lookup_extent+0x60e/0xa10
[  167.417288][ T5953]  ext4_map_blocks+0x9d5/0x1b70
[  167.422170][ T5953]  ? folio_contains+0x5c0/0x5c0
[  167.427047][ T5953]  ? ext4_issue_zeroout+0x250/0x250
[  167.432279][ T5953]  ? ext4_journal_check_start+0x178/0x250
[  167.438035][ T5953]  ? __ext4_journal_start_sb+0x259/0x570
[  167.443700][ T5953]  ext4_iomap_begin+0x7be/0xad0
[  167.448591][ T5953]  ? ext4_alloc_da_blocks+0x240/0x240
[  167.454010][ T5953]  ? ext4_alloc_da_blocks+0x240/0x240
[  167.459419][ T5953]  iomap_iter+0x6b1/0xec0
[  167.463781][ T5953]  ? blk_start_plug+0x6e/0x1a0
[  167.468572][ T5953]  __iomap_dio_rw+0xb9c/0x1c40
[  167.473498][ T5953]  ? iomap_dio_deferred_complete+0x20/0x20
[  167.479359][ T5953]  ? __might_sleep+0xe0/0xe0
[  167.483984][ T5953]  ? inode_needs_update_time+0x3ef/0x4a0
[  167.489656][ T5953]  ? ext4_fc_replay_link_internal+0x280/0x280
[  167.496109][ T5953]  ? ext4_journal_check_start+0x178/0x250
[  167.501866][ T5953]  iomap_dio_rw+0x45/0xa0
[  167.506226][ T5953]  ext4_file_write_iter+0x13ff/0x1870
[  167.511646][ T5953]  ? aa_path_link+0xdf0/0xdf0
[  167.516357][ T5953]  ? ext4_file_read_iter+0x670/0x670
[  167.521666][ T5953]  ? common_file_perm+0x198/0x1f0
[  167.526723][ T5953]  do_iter_write+0x79a/0xc70
[  167.531349][ T5953]  ? vfs_iter_write+0xa0/0xa0
[  167.536059][ T5953]  ? __asan_memset+0x22/0x40
[  167.540678][ T5953]  ? iov_iter_bvec+0xd4/0x1b0
[  167.545384][ T5953]  ? vfs_iter_write+0x6e/0xa0
[  167.550093][ T5953]  iter_file_splice_write+0x66f/0xc50
[  167.555506][ T5953]  ? splice_from_pipe+0x150/0x150
[  167.560568][ T5953]  ? splice_shrink_spd+0xc0/0xc0
[  167.565539][ T5953]  ? common_file_perm+0x198/0x1f0
[  167.570598][ T5953]  ? splice_from_pipe+0x150/0x150
[  167.575654][ T5953]  direct_splice_actor+0xe8/0x130
[  167.580715][ T5953]  splice_direct_to_actor+0x2f0/0x870
[  167.586150][ T5953]  ? direct_file_splice_eof+0xb0/0xb0
[  167.591553][ T5953]  ? warn_unsupported+0xc0/0xc0
[  167.596451][ T5953]  ? fsnotify_perm+0x5d/0x5e0
[  167.601201][ T5953]  ? security_file_permission+0x79/0xa0
[  167.606793][ T5953]  do_splice_direct+0x1b7/0x2c0
[  167.611685][ T5953]  ? splice_direct_to_actor+0x870/0x870
[  167.617353][ T5953]  ? rcu_read_lock_any_held+0xb4/0x120
[  167.622835][ T5953]  ? do_splice_direct+0x2c0/0x2c0
[  167.627892][ T5953]  do_sendfile+0x5dc/0xf70
[  167.632344][ T5953]  ? do_pwritev+0x340/0x340
[  167.636890][ T5953]  __se_sys_sendfile64+0x13f/0x190
[  167.642033][ T5953]  ? lock_chain_count+0x20/0x20
[  167.646914][ T5953]  ? __x64_sys_sendfile64+0xb0/0xb0
[  167.652151][ T5953]  ? lockdep_hardirqs_on+0x98/0x150
[  167.657380][ T5953]  do_syscall_64+0x55/0xb0
[  167.661827][ T5953]  ? clear_bhb_loop+0x40/0x90
[  167.666529][ T5953]  ? clear_bhb_loop+0x40/0x90
[  167.671243][ T5953]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  167.677159][ T5953] RIP: 0033:0x7f763738f749
[  167.681620][ T5953] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  167.701257][ T5953] RSP: 002b:00007f7638195038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  167.709708][ T5953] RAX: ffffffffffffffda RBX: 00007f76375e5fa0 RCX: 00007f763738f749
[  167.717701][ T5953] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004
[  167.725692][ T5953] RBP: 00007f7637413f91 R08: 0000000000000000 R09: 0000000000000000
[  167.733692][ T5953] R10: 0000000020fffe82 R11: 0000000000000246 R12: 0000000000000000
[  167.741868][ T5953] R13: 00007f76375e6038 R14: 00007f76375e5fa0 R15: 00007ffce0965d88
[  167.749906][ T5953]  </TASK>
[  167.752955][ T5953] 
[  167.755295][ T5953] The buggy address belongs to the physical page:
[  167.761732][ T5953] page:ffffea0001662dc0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x598b7
[  167.771914][ T5953] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  167.779074][ T5953] page_type: 0xffffffff()
[  167.783430][ T5953] raw: 00fff00000000000 ffffea0001662f08 ffffea0001662e08 0000000000000000
[  167.792050][ T5953] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[  167.800660][ T5953] page dumped because: kasan: bad access detected
[  167.807099][ T5953] page_owner tracks the page as freed
[  167.812482][ T5953] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO), pid 5955, tgid 5955 (sed), ts 167024521050, free_ts 167053646309
[  167.830573][ T5953]  post_alloc_hook+0x1cd/0x210
[  167.835380][ T5953]  get_page_from_freelist+0x195c/0x19f0
[  167.840961][ T5953]  __alloc_pages+0x1e3/0x460
[  167.845582][ T5953]  __folio_alloc+0x10/0x20
[  167.850027][ T5953]  vma_alloc_folio+0x47a/0x8f0
[  167.854826][ T5953]  handle_mm_fault+0x1a38/0x4920
[  167.859810][ T5953]  do_user_addr_fault+0x738/0x12e0
[  167.864953][ T5953]  exc_page_fault+0x67/0x110
[  167.869570][ T5953]  asm_exc_page_fault+0x26/0x30
[  167.874445][ T5953] page last free stack trace:
[  167.879133][ T5953]  free_unref_page_prepare+0x7ce/0x8e0
[  167.884627][ T5953]  free_unref_page_list+0xbe/0x860
[  167.889765][ T5953]  release_pages+0x1fa0/0x2220
[  167.894551][ T5953]  tlb_flush_mmu+0x368/0x4f0
[  167.899172][ T5953]  tlb_finish_mmu+0xc3/0x1d0
[  167.903793][ T5953]  exit_mmap+0x3f0/0xb50
[  167.908071][ T5953]  __mmput+0x118/0x3c0
[  167.912189][ T5953]  exit_mm+0x1da/0x2c0
[  167.916284][ T5953]  do_exit+0x88e/0x23c0
[  167.920467][ T5953]  do_group_exit+0x21b/0x2d0
[  167.925090][ T5953]  __x64_sys_exit_group+0x3f/0x40
[  167.930188][ T5953]  do_syscall_64+0x55/0xb0
[  167.934630][ T5953]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  167.940546][ T5953] 
[  167.942883][ T5953] Memory state around the buggy address:
[  167.948531][ T5953]  ffff8880598b7c00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  167.956619][ T5953]  ffff8880598b7c80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  167.964710][ T5953] >ffff8880598b7d00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  167.972822][ T5953]                             ^
[  167.977695][ T5953]  ffff8880598b7d80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  167.985779][ T5953]  ffff8880598b7e00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  167.993864][ T5953] ==================================================================
[  168.008155][ T5953] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  168.015419][ T5953] CPU: 0 PID: 5953 Comm: syz.2.19 Not tainted syzkaller #0
[  168.022649][ T5953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  168.032758][ T5953] Call Trace:
[  168.036198][ T5953]  <TASK>
[  168.039161][ T5953]  dump_stack_lvl+0x16c/0x230
[  168.043894][ T5953]  ? show_regs_print_info+0x20/0x20
[  168.049148][ T5953]  ? load_image+0x3b0/0x3b0
[  168.053705][ T5953]  panic+0x2c0/0x710
[  168.057648][ T5953]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  168.063845][ T5953]  ? bpf_jit_dump+0xd0/0xd0
[  168.068402][ T5953]  ? _raw_spin_unlock_irqrestore+0xfa/0x110
[  168.074345][ T5953]  ? _raw_spin_unlock+0x40/0x40
[  168.079237][ T5953]  ? ext4_find_extent+0xbd0/0xe00
[  168.084292][ T5953]  check_panic_on_warn+0x84/0xa0
[  168.089259][ T5953]  ? ext4_find_extent+0xbd0/0xe00
[  168.094306][ T5953]  end_report+0x6f/0x140
[  168.098575][ T5953]  kasan_report+0x128/0x150
[  168.103120][ T5953]  ? ext4_find_extent+0xbd0/0xe00
[  168.108178][ T5953]  ext4_find_extent+0xbd0/0xe00
[  168.113065][ T5953]  ext4_ext_map_blocks+0x260/0x6450
[  168.118304][ T5953]  ? __might_sleep+0xe0/0xe0
[  168.122926][ T5953]  ? ext4_ext_release+0x10/0x10
[  168.127807][ T5953]  ? __lock_acquire+0x7c80/0x7c80
[  168.132856][ T5953]  ? find_get_entries+0xe8/0x8c0
[  168.137823][ T5953]  ? ext4_es_lookup_extent+0x60e/0xa10
[  168.143316][ T5953]  ext4_map_blocks+0x9d5/0x1b70
[  168.148192][ T5953]  ? folio_contains+0x5c0/0x5c0
[  168.153076][ T5953]  ? ext4_issue_zeroout+0x250/0x250
[  168.158328][ T5953]  ? ext4_journal_check_start+0x178/0x250
[  168.164079][ T5953]  ? __ext4_journal_start_sb+0x259/0x570
[  168.169740][ T5953]  ext4_iomap_begin+0x7be/0xad0
[  168.174710][ T5953]  ? ext4_alloc_da_blocks+0x240/0x240
[  168.180118][ T5953]  ? ext4_alloc_da_blocks+0x240/0x240
[  168.185519][ T5953]  iomap_iter+0x6b1/0xec0
[  168.189877][ T5953]  ? blk_start_plug+0x6e/0x1a0
[  168.194668][ T5953]  __iomap_dio_rw+0xb9c/0x1c40
[  168.199472][ T5953]  ? iomap_dio_deferred_complete+0x20/0x20
[  168.205314][ T5953]  ? __might_sleep+0xe0/0xe0
[  168.209932][ T5953]  ? inode_needs_update_time+0x3ef/0x4a0
[  168.215592][ T5953]  ? ext4_fc_replay_link_internal+0x280/0x280
[  168.221693][ T5953]  ? ext4_journal_check_start+0x178/0x250
[  168.227441][ T5953]  iomap_dio_rw+0x45/0xa0
[  168.231803][ T5953]  ext4_file_write_iter+0x13ff/0x1870
[  168.237200][ T5953]  ? aa_path_link+0xdf0/0xdf0
[  168.242017][ T5953]  ? ext4_file_read_iter+0x670/0x670
[  168.247325][ T5953]  ? common_file_perm+0x198/0x1f0
[  168.252379][ T5953]  do_iter_write+0x79a/0xc70
[  168.257004][ T5953]  ? vfs_iter_write+0xa0/0xa0
[  168.261712][ T5953]  ? __asan_memset+0x22/0x40
[  168.266337][ T5953]  ? iov_iter_bvec+0xd4/0x1b0
[  168.271043][ T5953]  ? vfs_iter_write+0x6e/0xa0
[  168.275750][ T5953]  iter_file_splice_write+0x66f/0xc50
[  168.281188][ T5953]  ? splice_from_pipe+0x150/0x150
[  168.286246][ T5953]  ? splice_shrink_spd+0xc0/0xc0
[  168.291216][ T5953]  ? common_file_perm+0x198/0x1f0
[  168.296268][ T5953]  ? splice_from_pipe+0x150/0x150
[  168.301326][ T5953]  direct_splice_actor+0xe8/0x130
[  168.306382][ T5953]  splice_direct_to_actor+0x2f0/0x870
[  168.311787][ T5953]  ? direct_file_splice_eof+0xb0/0xb0
[  168.317196][ T5953]  ? warn_unsupported+0xc0/0xc0
[  168.322081][ T5953]  ? fsnotify_perm+0x5d/0x5e0
[  168.326818][ T5953]  ? security_file_permission+0x79/0xa0
[  168.332405][ T5953]  do_splice_direct+0x1b7/0x2c0
[  168.337286][ T5953]  ? splice_direct_to_actor+0x870/0x870
[  168.342862][ T5953]  ? rcu_read_lock_any_held+0xb4/0x120
[  168.348350][ T5953]  ? do_splice_direct+0x2c0/0x2c0
[  168.353414][ T5953]  do_sendfile+0x5dc/0xf70
[  168.357873][ T5953]  ? do_pwritev+0x340/0x340
[  168.362420][ T5953]  __se_sys_sendfile64+0x13f/0x190
[  168.367565][ T5953]  ? lock_chain_count+0x20/0x20
[  168.372445][ T5953]  ? __x64_sys_sendfile64+0xb0/0xb0
[  168.377674][ T5953]  ? lockdep_hardirqs_on+0x98/0x150
[  168.382903][ T5953]  do_syscall_64+0x55/0xb0
[  168.387368][ T5953]  ? clear_bhb_loop+0x40/0x90
[  168.392078][ T5953]  ? clear_bhb_loop+0x40/0x90
[  168.396787][ T5953]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  168.402738][ T5953] RIP: 0033:0x7f763738f749
[  168.407183][ T5953] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  168.426926][ T5953] RSP: 002b:00007f7638195038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  168.435368][ T5953] RAX: ffffffffffffffda RBX: 00007f76375e5fa0 RCX: 00007f763738f749
[  168.443365][ T5953] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004
[  168.451364][ T5953] RBP: 00007f7637413f91 R08: 0000000000000000 R09: 0000000000000000
[  168.459354][ T5953] R10: 0000000020fffe82 R11: 0000000000000246 R12: 0000000000000000
[  168.467444][ T5953] R13: 00007f76375e6038 R14: 00007f76375e5fa0 R15: 00007ffce0965d88
[  168.475546][ T5953]  </TASK>
[  168.479159][ T5953] Kernel Offset: disabled
[  168.483498][ T5953] Rebooting in 86400 seconds..