Warning: Permanently added '[localhost]:41227' (ED25519) to the list of known hosts.
2026/01/06 23:17:17 parsed 1 programs
syzkaller login: [ 87.233880][ T5326] cgroup: Unknown subsys name 'net'
[ 87.305875][ T5326] cgroup: Unknown subsys name 'cpuset'
[ 87.311471][ T5326] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 89.077354][ T5326] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 91.813349][ T918] cfg80211: failed to load regulatory.db
[ 94.497335][ T5349] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 97.203708][ T3046] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 97.207256][ T3046] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 97.263581][ T25] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 97.266793][ T25] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 97.869797][ T4684] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 97.873708][ T4684] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 97.876985][ T4684] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 97.880297][ T4684] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 97.887462][ T4684] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 100.153275][ T5404] chnl_net:caif_netlink_parms(): no params data found
[ 100.284271][ T5404] bridge0: port 1(bridge_slave_0) entered blocking state
[ 100.288028][ T5404] bridge0: port 1(bridge_slave_0) entered disabled state
[ 100.290884][ T5404] bridge_slave_0: entered allmulticast mode
[ 100.302761][ T5404] bridge_slave_0: entered promiscuous mode
[ 100.312917][ T5404] bridge0: port 2(bridge_slave_1) entered blocking state
[ 100.316078][ T5404] bridge0: port 2(bridge_slave_1) entered disabled state
[ 100.319262][ T5404] bridge_slave_1: entered allmulticast mode
[ 100.332277][ T5404] bridge_slave_1: entered promiscuous mode
[ 100.384742][ T5404] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 100.402627][ T5404] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 100.456528][ T5404] team0: Port device team_slave_0 added
[ 100.460886][ T5404] team0: Port device team_slave_1 added
[ 100.504046][ T5404] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 100.507053][ T5404] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 100.535465][ T5404] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 100.550411][ T5404] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 100.561438][ T5404] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 100.581984][ T5404] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 100.655792][ T5404] hsr_slave_0: entered promiscuous mode
[ 100.659000][ T5404] hsr_slave_1: entered promiscuous mode
[ 100.963495][ T5404] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 100.984578][ T5404] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 100.994993][ T5404] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 101.013008][ T5404] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 101.155143][ T5404] 8021q: adding VLAN 0 to HW filter on device bond0
[ 101.180140][ T5404] 8021q: adding VLAN 0 to HW filter on device team0
[ 101.196643][ T25] bridge0: port 1(bridge_slave_0) entered blocking state
[ 101.199948][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 101.231050][ T3373] bridge0: port 2(bridge_slave_1) entered blocking state
[ 101.234034][ T3373] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 101.530148][ T5404] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 101.604146][ T5404] veth0_vlan: entered promiscuous mode
[ 101.616451][ T5404] veth1_vlan: entered promiscuous mode
[ 101.654086][ T5404] veth0_macvtap: entered promiscuous mode
[ 101.660917][ T5404] veth1_macvtap: entered promiscuous mode
[ 101.677049][ T5404] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 101.687823][ T5404] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 101.699032][ T3373] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 101.709878][ T3373] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 101.724100][ T3373] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 101.727795][ T3373] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 101.872956][ T1039] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 101.924560][ T1039] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 101.968480][ T1039] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 102.063984][ T1039] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2026/01/06 23:17:35 executed programs: 0
[ 103.358495][ T46] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 103.363941][ T46] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 103.367482][ T46] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 103.370680][ T46] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 103.380872][ T46] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 103.525772][ T5440] chnl_net:caif_netlink_parms(): no params data found
[ 103.599441][ T5440] bridge0: port 1(bridge_slave_0) entered blocking state
[ 103.602554][ T5440] bridge0: port 1(bridge_slave_0) entered disabled state
[ 103.606510][ T5440] bridge_slave_0: entered allmulticast mode
[ 103.610781][ T5440] bridge_slave_0: entered promiscuous mode
[ 103.617984][ T5440] bridge0: port 2(bridge_slave_1) entered blocking state
[ 103.621638][ T5440] bridge0: port 2(bridge_slave_1) entered disabled state
[ 103.624537][ T5440] bridge_slave_1: entered allmulticast mode
[ 103.628565][ T5440] bridge_slave_1: entered promiscuous mode
[ 103.655433][ T5440] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 103.661651][ T5440] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 103.686398][ T5440] team0: Port device team_slave_0 added
[ 103.690802][ T5440] team0: Port device team_slave_1 added
[ 103.727144][ T5440] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 103.730087][ T5440] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 103.754641][ T5440] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 103.763574][ T5440] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 103.766910][ T5440] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 103.781116][ T5440] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 103.813458][ T5440] hsr_slave_0: entered promiscuous mode
[ 103.816191][ T5440] hsr_slave_1: entered promiscuous mode
[ 103.818727][ T5440] debugfs: 'hsr0' already exists in 'hsr'
[ 103.821503][ T5440] Cannot create hsr debugfs directory
[ 104.263769][ T1039] bridge_slave_1: left allmulticast mode
[ 104.266334][ T1039] bridge_slave_1: left promiscuous mode
[ 104.269620][ T1039] bridge0: port 2(bridge_slave_1) entered disabled state
[ 104.297039][ T1039] bridge_slave_0: left allmulticast mode
[ 104.299507][ T1039] bridge_slave_0: left promiscuous mode
[ 104.308578][ T1039] bridge0: port 1(bridge_slave_0) entered disabled state
[ 104.694470][ T1039] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 104.700668][ T1039] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 104.706378][ T1039] bond0 (unregistering): Released all slaves
[ 104.782402][ T1039] hsr_slave_0: left promiscuous mode
[ 104.785625][ T1039] hsr_slave_1: left promiscuous mode
[ 104.792446][ T1039] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 104.796758][ T1039] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 104.805484][ T1039] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 104.809413][ T1039] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 104.824441][ T1039] veth1_macvtap: left promiscuous mode
[ 104.827997][ T1039] veth0_macvtap: left promiscuous mode
[ 104.830620][ T1039] veth1_vlan: left promiscuous mode
[ 104.833593][ T1039] veth0_vlan: left promiscuous mode
[ 105.159997][ T1039] team0 (unregistering): Port device team_slave_1 removed
[ 105.185540][ T1039] team0 (unregistering): Port device team_slave_0 removed
[ 105.402850][ T46] Bluetooth: hci0: command tx timeout
[ 105.989130][ T5440] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 106.019224][ T5440] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 106.051558][ T5440] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 106.081548][ T5440] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 106.233841][ T5440] 8021q: adding VLAN 0 to HW filter on device bond0
[ 106.258302][ T5440] 8021q: adding VLAN 0 to HW filter on device team0
[ 106.277449][ T25] bridge0: port 1(bridge_slave_0) entered blocking state
[ 106.280511][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 106.303985][ T25] bridge0: port 2(bridge_slave_1) entered blocking state
[ 106.307041][ T25] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 106.629458][ T5440] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 106.687956][ T5440] veth0_vlan: entered promiscuous mode
[ 106.702485][ T5440] veth1_vlan: entered promiscuous mode
[ 106.726908][ T5440] veth0_macvtap: entered promiscuous mode
[ 106.734924][ T5440] veth1_macvtap: entered promiscuous mode
[ 106.747153][ T5440] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 106.757562][ T5440] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 106.766595][ T25] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 106.775700][ T25] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 106.788686][ T25] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 106.802901][ T25] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 106.848841][ T3373] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.854702][ T3373] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 106.881546][ T3046] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.885096][ T3046] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 106.984167][ T5483] loop0: detected capacity change from 0 to 1024
[ 107.003118][ T5483] =======================================================
[ 107.003118][ T5483] WARNING: The mand mount option has been deprecated and
[ 107.003118][ T5483] and is ignored by this kernel. Remove the mand
[ 107.003118][ T5483] option from the mount to silence this warning.
[ 107.003118][ T5483] =======================================================
[ 107.051523][ T5483] EXT4-fs: Ignoring removed nobh option
[ 107.054019][ T5483] EXT4-fs: Ignoring removed bh option
[ 107.090762][ T5483] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 107.100596][ T26] audit: type=1800 audit(1767741459.314:2): pid=5483 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.17" name="file1" dev="loop0" ino=15 res=0 errno=0
[ 107.126916][ T3046] ==================================================================
[ 107.130431][ T3046] BUG: KASAN: use-after-free in ext4_find_extent+0xae6/0xcc0
[ 107.133987][ T3046] Read of size 4 at addr ffff8880230b020c by task kworker/u4:15/3046
[ 107.138212][ T3046]
[ 107.139188][ T3046] CPU: 0 UID: 0 PID: 3046 Comm: kworker/u4:15 Not tainted syzkaller #0 PREEMPT(full)
[ 107.139202][ T3046] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 107.139210][ T3046] Workqueue: writeback wb_workfn (flush-7:0)
[ 107.139226][ T3046] Call Trace:
[ 107.139232][ T3046]
[ 107.139236][ T3046] dump_stack_lvl+0xe8/0x150
[ 107.139246][ T3046] print_report+0xca/0x240
[ 107.139253][ T3046] ? ext4_find_extent+0xae6/0xcc0
[ 107.139265][ T3046] kasan_report+0x118/0x150
[ 107.139275][ T3046] ? ext4_find_extent+0xae6/0xcc0
[ 107.139289][ T3046] ext4_find_extent+0xae6/0xcc0
[ 107.139302][ T3046] ext4_ext_map_blocks+0x278/0x69c0
[ 107.139324][ T3046] ? ext4_map_blocks+0x73f/0x16f0
[ 107.139333][ T3046] ? __pfx_ext4_ext_map_blocks+0x10/0x10
[ 107.139351][ T3046] ? ext4_es_lookup_extent+0x6cd/0xb00
[ 107.139360][ T3046] ext4_map_blocks+0x82c/0x16f0
[ 107.139368][ T3046] ? __pfx_ext4_map_blocks+0x10/0x10
[ 107.139374][ T3046] ? rcu_is_watching+0x15/0xb0
[ 107.139384][ T3046] ? trace_kmem_cache_alloc+0x1f/0xb0
[ 107.139392][ T3046] ? kmem_cache_alloc_noprof+0x3ce/0x710
[ 107.139401][ T3046] ? ext4_inode_journal_mode+0x193/0x470
[ 107.139412][ T3046] ext4_do_writepages+0x222f/0x4500
[ 107.139432][ T3046] ? __pfx_ext4_do_writepages+0x10/0x10
[ 107.139441][ T3046] ? lockdep_unlock+0x6c/0xf0
[ 107.139448][ T3046] ? __lock_acquire+0x146f/0x2cf0
[ 107.139462][ T3046] ? ext4_writepages+0x1ca/0x350
[ 107.139474][ T3046] ? ext4_writepages+0x1ca/0x350
[ 107.139489][ T3046] ext4_writepages+0x203/0x350
[ 107.139504][ T3046] ? __pfx_ext4_writepages+0x10/0x10
[ 107.139519][ T3046] ? filemap_get_entry+0xad/0x2f0
[ 107.139533][ T3046] ? __pfx_ext4_writepages+0x10/0x10
[ 107.139545][ T3046] do_writepages+0x32e/0x550
[ 107.139557][ T3046] ? reacquire_held_locks+0x104/0x190
[ 107.139568][ T3046] ? writeback_sb_inodes+0x3bd/0x1870
[ 107.139579][ T3046] __writeback_single_inode+0x133/0x1240
[ 107.139587][ T3046] ? do_raw_spin_unlock+0x4d/0x240
[ 107.139601][ T3046] writeback_sb_inodes+0x93a/0x1870
[ 107.139616][ T3046] ? __pfx_writeback_sb_inodes+0x10/0x10
[ 107.139630][ T3046] ? do_raw_spin_lock+0x121/0x290
[ 107.139650][ T3046] ? rcu_is_watching+0x15/0xb0
[ 107.139663][ T3046] wb_writeback+0x42b/0xaa0
[ 107.139678][ T3046] ? queue_io+0x211/0x450
[ 107.139693][ T3046] ? __pfx_wb_writeback+0x10/0x10
[ 107.139705][ T3046] ? do_raw_spin_lock+0x121/0x290
[ 107.139720][ T3046] wb_workfn+0x3f9/0xed0
[ 107.139734][ T3046] ? __pfx_wb_workfn+0x10/0x10
[ 107.139745][ T3046] ? finish_task_switch+0x162/0x940
[ 107.139760][ T3046] ? do_raw_spin_lock+0x121/0x290
[ 107.139772][ T3046] ? lock_acquire+0x107/0x340
[ 107.139780][ T3046] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 107.139793][ T3046] ? process_scheduled_works+0x9ef/0x1770
[ 107.139803][ T3046] ? process_scheduled_works+0x9ef/0x1770
[ 107.139815][ T3046] ? process_scheduled_works+0x9ef/0x1770
[ 107.139823][ T3046] ? process_scheduled_works+0x9ef/0x1770
[ 107.139831][ T3046] process_scheduled_works+0xad1/0x1770
[ 107.139845][ T3046] ? __pfx_process_scheduled_works+0x10/0x10
[ 107.139854][ T3046] ? do_raw_spin_lock+0x121/0x290
[ 107.139868][ T3046] worker_thread+0x8a0/0xda0
[ 107.139882][ T3046] ? __kthread_parkme+0x7b/0x200
[ 107.139901][ T3046] kthread+0x711/0x8a0
[ 107.139914][ T3046] ? __pfx_worker_thread+0x10/0x10
[ 107.139923][ T3046] ? __pfx_kthread+0x10/0x10
[ 107.139935][ T3046] ? _raw_spin_unlock_irq+0x23/0x50
[ 107.139999][ T3046] ? __pfx_kthread+0x10/0x10
[ 107.140011][ T3046] ret_from_fork+0x510/0xa50
[ 107.140022][ T3046] ? __pfx_ret_from_fork+0x10/0x10
[ 107.140030][ T3046] ? __switch_to+0xc9e/0x1480
[ 107.140045][ T3046] ? __pfx_kthread+0x10/0x10
[ 107.140056][ T3046] ret_from_fork_asm+0x1a/0x30
[ 107.140072][ T3046]
[ 107.140077][ T3046]
[ 107.298711][ T3046] The buggy address belongs to the physical page:
[ 107.301535][ T3046] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x7f70e6dfc pfn:0x230b0
[ 107.305500][ T3046] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 107.308621][ T3046] page_type: f0(buddy)
[ 107.310431][ T3046] raw: 00fff00000000000 ffffea00008c1708 ffffea00008c1f08 0000000000000000
[ 107.314130][ T3046] raw: 00000007f70e6dfc 0000000000000002 00000000f0000000 0000000000000000
[ 107.317814][ T3046] page dumped because: kasan: bad access detected
[ 107.320588][ T3046] page_owner tracks the page as freed
[ 107.323018][ T3046] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|__GFP_COMP), pid 5474, tgid 5474 (dhcpcd-run-hook), ts 106419654158, free_ts 106690123259
[ 107.331008][ T3046] post_alloc_hook+0x234/0x290
[ 107.333191][ T3046] get_page_from_freelist+0x24e0/0x2580
[ 107.335612][ T3046] __alloc_frozen_pages_noprof+0x181/0x370
[ 107.338179][ T3046] alloc_pages_mpol+0x232/0x4a0
[ 107.340319][ T3046] vma_alloc_folio_noprof+0xe4/0x200
[ 107.342695][ T3046] folio_prealloc+0x30/0x180
[ 107.344762][ T3046] do_pte_missing+0x14e8/0x3330
[ 107.346911][ T3046] handle_mm_fault+0x1b26/0x32b0
[ 107.349090][ T3046] do_user_addr_fault+0xa7c/0x1380
[ 107.351363][ T3046] exc_page_fault+0x71/0xd0
[ 107.353442][ T3046] asm_exc_page_fault+0x26/0x30
[ 107.355556][ T3046] page last free pid 5474 tgid 5474 stack trace:
[ 107.358229][ T3046] free_unref_folios+0xdb3/0x14f0
[ 107.360483][ T3046] folios_put_refs+0x584/0x670
[ 107.362651][ T3046] free_pages_and_swap_cache+0x277/0x520
[ 107.365016][ T3046] tlb_flush_mmu+0x3a0/0x680
[ 107.367026][ T3046] tlb_finish_mmu+0xc3/0x1d0
[ 107.369134][ T3046] exit_mmap+0x439/0xb10
[ 107.370985][ T3046] __mmput+0x118/0x430
[ 107.372781][ T3046] exit_mm+0x169/0x230
[ 107.374561][ T3046] do_exit+0x627/0x22f0
[ 107.376345][ T3046] do_group_exit+0x21c/0x2d0
[ 107.378388][ T3046] __x64_sys_exit_group+0x3f/0x40
[ 107.380532][ T3046] __pfx_syscall_get_nr+0x0/0x10
[ 107.382733][ T3046] do_syscall_64+0xec/0xf80
[ 107.384670][ T3046] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 107.387210][ T3046]
[ 107.388241][ T3046] Memory state around the buggy address:
[ 107.390636][ T3046] ffff8880230b0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 107.394106][ T3046] ffff8880230b0180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 107.397571][ T3046] >ffff8880230b0200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 107.400948][ T3046] ^
[ 107.402867][ T3046] ffff8880230b0280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 107.406207][ T3046] ffff8880230b0300: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 107.409596][ T3046] ==================================================================
[ 107.436883][ T3046] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 107.440020][ T3046] CPU: 0 UID: 0 PID: 3046 Comm: kworker/u4:15 Not tainted syzkaller #0 PREEMPT(full)
[ 107.444081][ T3046] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 107.448650][ T3046] Workqueue: writeback wb_workfn (flush-7:0)
[ 107.451320][ T3046] Call Trace:
[ 107.452730][ T3046]
[ 107.454066][ T3046] vpanic+0x1e0/0x670
[ 107.455787][ T3046] panic+0xb9/0xc0
[ 107.457445][ T3046] ? __pfx_panic+0x10/0x10
[ 107.459352][ T3046] ? preempt_schedule_common+0x83/0xd0
[ 107.461777][ T3046] ? ext4_find_extent+0xae6/0xcc0
[ 107.463931][ T3046] check_panic_on_warn+0x89/0xb0
[ 107.466082][ T3046] ? ext4_find_extent+0xae6/0xcc0
[ 107.468235][ T3046] end_report+0x6f/0x140
[ 107.470085][ T3046] kasan_report+0x129/0x150
[ 107.471999][ T3046] ? ext4_find_extent+0xae6/0xcc0
[ 107.474112][ T3046] ext4_find_extent+0xae6/0xcc0
[ 107.476108][ T3046] ext4_ext_map_blocks+0x278/0x69c0
[ 107.478376][ T3046] ? ext4_map_blocks+0x73f/0x16f0
[ 107.480498][ T3046] ? __pfx_ext4_ext_map_blocks+0x10/0x10
[ 107.482908][ T3046] ? ext4_es_lookup_extent+0x6cd/0xb00
[ 107.485183][ T3046] ext4_map_blocks+0x82c/0x16f0
[ 107.487193][ T3046] ? __pfx_ext4_map_blocks+0x10/0x10
[ 107.489345][ T3046] ? rcu_is_watching+0x15/0xb0
[ 107.491414][ T3046] ? trace_kmem_cache_alloc+0x1f/0xb0
[ 107.493706][ T3046] ? kmem_cache_alloc_noprof+0x3ce/0x710
[ 107.496018][ T3046] ? ext4_inode_journal_mode+0x193/0x470
[ 107.498411][ T3046] ext4_do_writepages+0x222f/0x4500
[ 107.500611][ T3046] ? __pfx_ext4_do_writepages+0x10/0x10
[ 107.502992][ T3046] ? lockdep_unlock+0x6c/0xf0
[ 107.505042][ T3046] ? __lock_acquire+0x146f/0x2cf0
[ 107.507201][ T3046] ? ext4_writepages+0x1ca/0x350
[ 107.509340][ T3046] ? ext4_writepages+0x1ca/0x350
[ 107.511492][ T3046] ext4_writepages+0x203/0x350
[ 107.513552][ T3046] ? __pfx_ext4_writepages+0x10/0x10
[ 107.515763][ T3046] ? filemap_get_entry+0xad/0x2f0
[ 107.517860][ T3046] ? __pfx_ext4_writepages+0x10/0x10
[ 107.520067][ T3046] do_writepages+0x32e/0x550
[ 107.522059][ T3046] ? reacquire_held_locks+0x104/0x190
[ 107.524331][ T3046] ? writeback_sb_inodes+0x3bd/0x1870
[ 107.526586][ T3046] __writeback_single_inode+0x133/0x1240
[ 107.528899][ T3046] ? do_raw_spin_unlock+0x4d/0x240
[ 107.531057][ T3046] writeback_sb_inodes+0x93a/0x1870
[ 107.533283][ T3046] ? __pfx_writeback_sb_inodes+0x10/0x10
[ 107.535591][ T3046] ? do_raw_spin_lock+0x121/0x290
[ 107.537674][ T3046] ? rcu_is_watching+0x15/0xb0
[ 107.539673][ T3046] wb_writeback+0x42b/0xaa0
[ 107.541594][ T3046] ? queue_io+0x211/0x450
[ 107.543471][ T3046] ? __pfx_wb_writeback+0x10/0x10
[ 107.545670][ T3046] ? do_raw_spin_lock+0x121/0x290
[ 107.547839][ T3046] wb_workfn+0x3f9/0xed0
[ 107.549635][ T3046] ? __pfx_wb_workfn+0x10/0x10
[ 107.551712][ T3046] ? finish_task_switch+0x162/0x940
[ 107.553833][ T3046] ? do_raw_spin_lock+0x121/0x290
[ 107.555899][ T3046] ? lock_acquire+0x107/0x340
[ 107.557879][ T3046] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 107.560116][ T3046] ? process_scheduled_works+0x9ef/0x1770
[ 107.562653][ T3046] ? process_scheduled_works+0x9ef/0x1770
[ 107.565059][ T3046] ? process_scheduled_works+0x9ef/0x1770
[ 107.567496][ T3046] ? process_scheduled_works+0x9ef/0x1770
[ 107.569969][ T3046] process_scheduled_works+0xad1/0x1770
[ 107.572365][ T3046] ? __pfx_process_scheduled_works+0x10/0x10
[ 107.574991][ T3046] ? do_raw_spin_lock+0x121/0x290
[ 107.577214][ T3046] worker_thread+0x8a0/0xda0
[ 107.579296][ T3046] ? __kthread_parkme+0x7b/0x200
[ 107.581552][ T3046] kthread+0x711/0x8a0
[ 107.583389][ T3046] ? __pfx_worker_thread+0x10/0x10
[ 107.585659][ T3046] ? __pfx_kthread+0x10/0x10
[ 107.587755][ T3046] ? _raw_spin_unlock_irq+0x23/0x50
[ 107.590030][ T3046] ? __pfx_kthread+0x10/0x10
[ 107.592111][ T3046] ret_from_fork+0x510/0xa50
[ 107.594208][ T3046] ? __pfx_ret_from_fork+0x10/0x10
[ 107.596434][ T3046] ? __switch_to+0xc9e/0x1480
[ 107.598528][ T3046] ? __pfx_kthread+0x10/0x10
[ 107.600539][ T3046] ret_from_fork_asm+0x1a/0x30
[ 107.602704][ T3046]
[ 107.604433][ T3046] Kernel Offset: disabled
[ 107.606383][ T3046] Rebooting in 86400 seconds..
VM DIAGNOSIS:
23:17:39 Registers:
info registers vcpu 0
CPU#0
RAX=000000000000006f RBX=000000000000006f RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc9000a926190
R8 =ffff888033ae8237 R9 =1ffff1100675d046 R10=dffffc0000000000 R11=ffffffff851bb760
R12=dffffc0000000000 R13=ffffffff999009fd R14=ffffffff99c156c0 R15=0000000000000000
RIP=ffffffff851bb7dc RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88808d414000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00005555586085c8 CR3=00000000446ca000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000020081 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd9b1bf900 0000003000000018
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f65d3615050
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f65d361505d
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f65d3615057
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f65d361506b
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f65d36150f1
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f65d36151cf
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 47414c46585f5346 2074657365720064 656c696166202973 2528746174736c00
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 47414c46585f5346 0551405640570041 40494c4443050c56 000d514451564900
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000