Warning: Permanently added '[localhost]:21200' (ED25519) to the list of known hosts.
2025/12/24 14:03:33 parsed 1 programs
syzkaller login: [ 97.086855][ T786] cfg80211: failed to load regulatory.db
[ 97.360218][ T5323] cgroup: Unknown subsys name 'net'
[ 97.450680][ T5323] cgroup: Unknown subsys name 'cpuset'
[ 97.456106][ T5323] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 99.264632][ T5323] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 104.215057][ T5337] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 105.199380][ T2993] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 105.202932][ T2993] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 105.271937][ T3367] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 105.275060][ T3367] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 108.699933][ T5377] chnl_net:caif_netlink_parms(): no params data found
[ 108.860377][ T5377] bridge0: port 1(bridge_slave_0) entered blocking state
[ 108.867310][ T5377] bridge0: port 1(bridge_slave_0) entered disabled state
[ 108.871176][ T5377] bridge_slave_0: entered allmulticast mode
[ 108.887262][ T5377] bridge_slave_0: entered promiscuous mode
[ 108.898809][ T5377] bridge0: port 2(bridge_slave_1) entered blocking state
[ 108.902319][ T5377] bridge0: port 2(bridge_slave_1) entered disabled state
[ 108.905633][ T5377] bridge_slave_1: entered allmulticast mode
[ 108.918956][ T5377] bridge_slave_1: entered promiscuous mode
[ 108.970307][ T5377] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 108.979353][ T5377] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 109.031207][ T5377] team0: Port device team_slave_0 added
[ 109.038871][ T5377] team0: Port device team_slave_1 added
[ 109.084482][ T5377] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 109.097403][ T5377] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 109.117437][ T5377] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 109.127625][ T5377] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 109.130639][ T5377] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 109.164094][ T5377] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 109.235817][ T5377] hsr_slave_0: entered promiscuous mode
[ 109.248101][ T5377] hsr_slave_1: entered promiscuous mode
[ 109.530205][ T5377] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 109.541053][ T5377] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 109.547883][ T5377] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 109.554294][ T5377] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 109.639880][ T5377] 8021q: adding VLAN 0 to HW filter on device bond0
[ 109.656783][ T5377] 8021q: adding VLAN 0 to HW filter on device team0
[ 109.667232][ T72] bridge0: port 1(bridge_slave_0) entered blocking state
[ 109.670693][ T72] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 109.689736][ T72] bridge0: port 2(bridge_slave_1) entered blocking state
[ 109.693041][ T72] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 109.733317][ T5377] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 109.885969][ T5377] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 109.929716][ T5377] veth0_vlan: entered promiscuous mode
[ 109.941758][ T5377] veth1_vlan: entered promiscuous mode
[ 109.974436][ T5377] veth0_macvtap: entered promiscuous mode
[ 109.982376][ T5377] veth1_macvtap: entered promiscuous mode
[ 110.002074][ T5377] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 110.015136][ T5377] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 110.029660][ T125] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 110.041275][ T125] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 110.058477][ T125] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 110.062711][ T125] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 110.281261][ T2993] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 110.354238][ T2993] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 110.404316][ T2993] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 110.459207][ T2993] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 112.143892][ T4677] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 112.158152][ T4677] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 112.161936][ T4677] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 112.165494][ T4677] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 112.169001][ T4677] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 112.965870][ T2993] bridge_slave_1: left allmulticast mode
[ 112.979415][ T2993] bridge_slave_1: left promiscuous mode
[ 112.982816][ T2993] bridge0: port 2(bridge_slave_1) entered disabled state
[ 113.005859][ T2993] bridge_slave_0: left allmulticast mode
[ 113.017399][ T2993] bridge_slave_0: left promiscuous mode
[ 113.020007][ T2993] bridge0: port 1(bridge_slave_0) entered disabled state
2025/12/24 14:03:51 executed programs: 0
[ 113.176128][ T46] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 113.181412][ T46] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 113.185303][ T46] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 113.189780][ T46] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 113.193656][ T46] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 113.358645][ T2993] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 113.364573][ T2993] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 113.370904][ T2993] bond0 (unregistering): Released all slaves
[ 113.478757][ T2993] hsr_slave_0: left promiscuous mode
[ 113.490143][ T2993] hsr_slave_1: left promiscuous mode
[ 113.498165][ T2993] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 113.501470][ T2993] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 113.518420][ T2993] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 113.521626][ T2993] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 113.544484][ T2993] veth1_macvtap: left promiscuous mode
[ 113.555463][ T2993] veth0_macvtap: left promiscuous mode
[ 113.560791][ T2993] veth1_vlan: left promiscuous mode
[ 113.563602][ T2993] veth0_vlan: left promiscuous mode
[ 114.057853][ T2993] team0 (unregistering): Port device team_slave_1 removed
[ 114.086652][ T2993] team0 (unregistering): Port device team_slave_0 removed
[ 114.615035][ T5432] chnl_net:caif_netlink_parms(): no params data found
[ 115.035637][ T5432] bridge0: port 1(bridge_slave_0) entered blocking state
[ 115.050869][ T5432] bridge0: port 1(bridge_slave_0) entered disabled state
[ 115.054130][ T5432] bridge_slave_0: entered allmulticast mode
[ 115.079071][ T5432] bridge_slave_0: entered promiscuous mode
[ 115.088043][ T5432] bridge0: port 2(bridge_slave_1) entered blocking state
[ 115.092147][ T5432] bridge0: port 2(bridge_slave_1) entered disabled state
[ 115.095606][ T5432] bridge_slave_1: entered allmulticast mode
[ 115.111558][ T5432] bridge_slave_1: entered promiscuous mode
[ 115.226081][ T5432] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 115.238637][ T46] Bluetooth: hci0: command tx timeout
[ 115.249606][ T5432] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 115.318456][ T5432] team0: Port device team_slave_0 added
[ 115.329998][ T5432] team0: Port device team_slave_1 added
[ 115.415096][ T5432] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 115.426687][ T5432] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 115.447140][ T5432] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 115.473677][ T5432] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 115.476853][ T5432] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 115.526422][ T5432] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 115.608828][ T5432] hsr_slave_0: entered promiscuous mode
[ 115.618087][ T5432] hsr_slave_1: entered promiscuous mode
[ 116.209909][ T5432] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 116.229568][ T5432] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 116.235545][ T5432] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 116.250390][ T5432] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 116.399240][ T5432] 8021q: adding VLAN 0 to HW filter on device bond0
[ 116.421393][ T5432] 8021q: adding VLAN 0 to HW filter on device team0
[ 116.443219][ T3367] bridge0: port 1(bridge_slave_0) entered blocking state
[ 116.446389][ T3367] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 116.469572][ T3367] bridge0: port 2(bridge_slave_1) entered blocking state
[ 116.473357][ T3367] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 116.801523][ T5432] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 116.881911][ T5432] veth0_vlan: entered promiscuous mode
[ 116.901137][ T5432] veth1_vlan: entered promiscuous mode
[ 116.952601][ T5432] veth0_macvtap: entered promiscuous mode
[ 116.970928][ T5432] veth1_macvtap: entered promiscuous mode
[ 117.006504][ T5432] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 117.024845][ T5432] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 117.044138][ T1074] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 117.059366][ T1074] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 117.068148][ T1074] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 117.072009][ T1074] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 117.183154][ T2993] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 117.191095][ T2993] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 117.245076][ T2993] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 117.251246][ T2993] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 117.317692][ T46] Bluetooth: hci0: command tx timeout
[ 117.349118][ T5496] loop0: detected capacity change from 0 to 1024
[ 117.358814][ T5496] =======================================================
[ 117.358814][ T5496] WARNING: The mand mount option has been deprecated and
[ 117.358814][ T5496] and is ignored by this kernel. Remove the mand
[ 117.358814][ T5496] option from the mount to silence this warning.
[ 117.358814][ T5496] =======================================================
[ 117.406265][ T5496] EXT4-fs: Ignoring removed oldalloc option
[ 117.410285][ T5496] EXT4-fs: Ignoring removed orlov option
[ 117.412330][ T5496] EXT4-fs: Ignoring removed nobh option
[ 117.416837][ T5496] EXT4-fs (loop0): stripe (2) is not aligned with cluster size (16), stripe is disabled
[ 117.448187][ T5496] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 117.515194][ T125] ==================================================================
[ 117.519351][ T125] BUG: KASAN: use-after-free in ext4_find_extent+0xae6/0xcc0
[ 117.522844][ T125] Read of size 4 at addr ffff88805395e400 by task kworker/u4:5/125
[ 117.527594][ T125]
[ 117.528727][ T125] CPU: 0 UID: 0 PID: 125 Comm: kworker/u4:5 Not tainted syzkaller #0 PREEMPT(full)
[ 117.528741][ T125] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 117.528750][ T125] Workqueue: writeback wb_workfn (flush-7:0)
[ 117.528772][ T125] Call Trace:
[ 117.528779][ T125]
[ 117.528785][ T125] dump_stack_lvl+0xe8/0x150
[ 117.528800][ T125] print_report+0xca/0x240
[ 117.528811][ T125] ? ext4_find_extent+0xae6/0xcc0
[ 117.528825][ T125] kasan_report+0x118/0x150
[ 117.528836][ T125] ? ext4_find_extent+0xae6/0xcc0
[ 117.528850][ T125] ext4_find_extent+0xae6/0xcc0
[ 117.528864][ T125] ext4_ext_map_blocks+0x278/0x69c0
[ 117.528885][ T125] ? ext4_map_blocks+0x73f/0x16f0
[ 117.528895][ T125] ? __pfx_ext4_ext_map_blocks+0x10/0x10
[ 117.528912][ T125] ? ext4_es_lookup_extent+0x6cd/0xb00
[ 117.528924][ T125] ext4_map_blocks+0x82c/0x16f0
[ 117.528938][ T125] ? __pfx_ext4_map_blocks+0x10/0x10
[ 117.528948][ T125] ? rcu_is_watching+0x15/0xb0
[ 117.528961][ T125] ? trace_kmem_cache_alloc+0x1f/0xb0
[ 117.528974][ T125] ? kmem_cache_alloc_noprof+0x3ce/0x710
[ 117.528989][ T125] ? ext4_inode_journal_mode+0x193/0x470
[ 117.529001][ T125] ext4_do_writepages+0x222f/0x4500
[ 117.529023][ T125] ? __pfx_ext4_do_writepages+0x10/0x10
[ 117.529034][ T125] ? lockdep_unlock+0x6c/0xf0
[ 117.529043][ T125] ? __lock_acquire+0x146f/0x2cf0
[ 117.529057][ T125] ? ext4_writepages+0x1ca/0x350
[ 117.529072][ T125] ? ext4_writepages+0x1ca/0x350
[ 117.529086][ T125] ext4_writepages+0x203/0x350
[ 117.529099][ T125] ? __pfx_ext4_writepages+0x10/0x10
[ 117.529123][ T125] ? __pfx___schedule+0x10/0x10
[ 117.529192][ T125] ? __pfx_ext4_writepages+0x10/0x10
[ 117.529206][ T125] do_writepages+0x32e/0x550
[ 117.529220][ T125] ? reacquire_held_locks+0x104/0x190
[ 117.529230][ T125] ? writeback_sb_inodes+0x3bd/0x1870
[ 117.529240][ T125] __writeback_single_inode+0x133/0x1240
[ 117.529250][ T125] ? do_raw_spin_unlock+0x4d/0x240
[ 117.529264][ T125] writeback_sb_inodes+0x93a/0x1870
[ 117.529279][ T125] ? __pfx_writeback_sb_inodes+0x10/0x10
[ 117.529288][ T125] ? do_raw_spin_lock+0x121/0x290
[ 117.529305][ T125] ? rcu_is_watching+0x15/0xb0
[ 117.529314][ T125] wb_writeback+0x42b/0xaa0
[ 117.529320][ T125] ? queue_io+0x261/0x450
[ 117.529326][ T125] ? __pfx_wb_writeback+0x10/0x10
[ 117.529335][ T125] ? do_raw_spin_lock+0x121/0x290
[ 117.529344][ T125] wb_workfn+0x3f9/0xed0
[ 117.529354][ T125] ? __pfx_wb_workfn+0x10/0x10
[ 117.529361][ T125] ? finish_task_switch+0x162/0x940
[ 117.529373][ T125] ? do_raw_spin_lock+0x121/0x290
[ 117.529380][ T125] ? lock_acquire+0x107/0x340
[ 117.529388][ T125] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 117.529400][ T125] ? process_scheduled_works+0x9ef/0x1770
[ 117.529409][ T125] ? process_scheduled_works+0x9ef/0x1770
[ 117.529421][ T125] ? process_scheduled_works+0x9ef/0x1770
[ 117.529430][ T125] ? process_scheduled_works+0x9ef/0x1770
[ 117.529440][ T125] process_scheduled_works+0xad1/0x1770
[ 117.529454][ T125] ? __pfx_process_scheduled_works+0x10/0x10
[ 117.529463][ T125] ? do_raw_spin_lock+0x121/0x290
[ 117.529478][ T125] worker_thread+0x8a0/0xda0
[ 117.529501][ T125] kthread+0x711/0x8a0
[ 117.529515][ T125] ? __pfx_worker_thread+0x10/0x10
[ 117.529524][ T125] ? __pfx_kthread+0x10/0x10
[ 117.529537][ T125] ? _raw_spin_unlock_irq+0x23/0x50
[ 117.529550][ T125] ? __pfx_kthread+0x10/0x10
[ 117.529559][ T125] ret_from_fork+0x510/0xa50
[ 117.529566][ T125] ? __pfx_ret_from_fork+0x10/0x10
[ 117.529572][ T125] ? __switch_to+0xc9e/0x1480
[ 117.529581][ T125] ? __pfx_kthread+0x10/0x10
[ 117.529592][ T125] ret_from_fork_asm+0x1a/0x30
[ 117.529608][ T125]
[ 117.529612][ T125]
[ 117.694249][ T125] The buggy address belongs to the physical page:
[ 117.696797][ T125] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x30e pfn:0x5395e
[ 117.700029][ T125] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[ 117.703265][ T125] raw: 04fff00000000000 dead000000000100 dead000000000122 0000000000000000
[ 117.707193][ T125] raw: 000000000000030e 0000000000000000 00000000ffffffff 0000000000000000
[ 117.711525][ T125] page dumped because: kasan: bad access detected
[ 117.714515][ T125] page_owner tracks the page as freed
[ 117.717079][ T125] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 5402, tgid 5402 (syz-executor), ts 110635817555, free_ts 111181985962
[ 117.724822][ T125] post_alloc_hook+0x234/0x290
[ 117.726979][ T125] get_page_from_freelist+0x24e0/0x2580
[ 117.729388][ T125] __alloc_frozen_pages_noprof+0x181/0x370
[ 117.731999][ T125] alloc_pages_mpol+0x232/0x4a0
[ 117.734197][ T125] vma_alloc_folio_noprof+0xe4/0x200
[ 117.736456][ T125] folio_prealloc+0x30/0x180
[ 117.738617][ T125] do_pte_missing+0x522/0x3330
[ 117.740801][ T125] handle_mm_fault+0x1b26/0x32b0
[ 117.743104][ T125] do_user_addr_fault+0xa7c/0x1380
[ 117.745343][ T125] exc_page_fault+0x71/0xd0
[ 117.747320][ T125] asm_exc_page_fault+0x26/0x30
[ 117.749496][ T125] page last free pid 5403 tgid 5403 stack trace:
[ 117.752280][ T125] free_unref_folios+0xdb3/0x14f0
[ 117.754467][ T125] folios_put_refs+0x584/0x670
[ 117.756655][ T125] free_pages_and_swap_cache+0x277/0x520
[ 117.759204][ T125] tlb_flush_mmu+0x3a0/0x680
[ 117.761292][ T125] tlb_finish_mmu+0xc3/0x1d0
[ 117.763278][ T125] exit_mmap+0x439/0xb10
[ 117.765160][ T125] __mmput+0x118/0x430
[ 117.766916][ T125] exit_mm+0x169/0x230
[ 117.768718][ T125] do_exit+0x627/0x22f0
[ 117.770587][ T125] do_group_exit+0x21c/0x2d0
[ 117.772555][ T125] get_signal+0x1285/0x1340
[ 117.774482][ T125] arch_do_signal_or_restart+0x9a/0x7a0
[ 117.776900][ T125] exit_to_user_mode_loop+0x87/0x4e0
[ 117.779348][ T125] do_syscall_64+0x2b7/0xf80
[ 117.782083][ T125] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 117.785364][ T125]
[ 117.786462][ T125] Memory state around the buggy address:
[ 117.788995][ T125] ffff88805395e300: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 117.792670][ T125] ffff88805395e380: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 117.796604][ T125] >ffff88805395e400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 117.800241][ T125] ^
[ 117.801902][ T125] ffff88805395e480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 117.805681][ T125] ffff88805395e500: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 117.809504][ T125] ==================================================================
[ 117.842821][ T125] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 117.845954][ T125] CPU: 0 UID: 0 PID: 125 Comm: kworker/u4:5 Not tainted syzkaller #0 PREEMPT(full)
[ 117.850120][ T125] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 117.854833][ T125] Workqueue: writeback wb_workfn (flush-7:0)
[ 117.857354][ T125] Call Trace:
[ 117.858717][ T125]
[ 117.859881][ T125] vpanic+0x1e0/0x670
[ 117.861487][ T125] panic+0xb9/0xc0
[ 117.863059][ T125] ? __pfx_panic+0x10/0x10
[ 117.864904][ T125] ? preempt_schedule_common+0x83/0xd0
[ 117.867056][ T125] ? ext4_find_extent+0xae6/0xcc0
[ 117.869070][ T125] check_panic_on_warn+0x89/0xb0
[ 117.871248][ T125] ? ext4_find_extent+0xae6/0xcc0
[ 117.873536][ T125] end_report+0x6f/0x140
[ 117.875408][ T125] kasan_report+0x129/0x150
[ 117.877393][ T125] ? ext4_find_extent+0xae6/0xcc0
[ 117.879558][ T125] ext4_find_extent+0xae6/0xcc0
[ 117.881712][ T125] ext4_ext_map_blocks+0x278/0x69c0
[ 117.883981][ T125] ? ext4_map_blocks+0x73f/0x16f0
[ 117.886176][ T125] ? __pfx_ext4_ext_map_blocks+0x10/0x10
[ 117.888935][ T125] ? ext4_es_lookup_extent+0x6cd/0xb00
[ 117.891473][ T125] ext4_map_blocks+0x82c/0x16f0
[ 117.893920][ T125] ? __pfx_ext4_map_blocks+0x10/0x10
[ 117.896596][ T125] ? rcu_is_watching+0x15/0xb0
[ 117.898769][ T125] ? trace_kmem_cache_alloc+0x1f/0xb0
[ 117.901265][ T125] ? kmem_cache_alloc_noprof+0x3ce/0x710
[ 117.904194][ T125] ? ext4_inode_journal_mode+0x193/0x470
[ 117.906799][ T125] ext4_do_writepages+0x222f/0x4500
[ 117.909063][ T125] ? __pfx_ext4_do_writepages+0x10/0x10
[ 117.911487][ T125] ? lockdep_unlock+0x6c/0xf0
[ 117.913551][ T125] ? __lock_acquire+0x146f/0x2cf0
[ 117.915784][ T125] ? ext4_writepages+0x1ca/0x350
[ 117.918168][ T125] ? ext4_writepages+0x1ca/0x350
[ 117.920487][ T125] ext4_writepages+0x203/0x350
[ 117.922722][ T125] ? __pfx_ext4_writepages+0x10/0x10
[ 117.925115][ T125] ? __pfx___schedule+0x10/0x10
[ 117.927439][ T125] ? __pfx_ext4_writepages+0x10/0x10
[ 117.929816][ T125] do_writepages+0x32e/0x550
[ 117.931918][ T125] ? reacquire_held_locks+0x104/0x190
[ 117.934181][ T125] ? writeback_sb_inodes+0x3bd/0x1870
[ 117.936678][ T125] __writeback_single_inode+0x133/0x1240
[ 117.939143][ T125] ? do_raw_spin_unlock+0x4d/0x240
[ 117.941444][ T125] writeback_sb_inodes+0x93a/0x1870
[ 117.943687][ T125] ? __pfx_writeback_sb_inodes+0x10/0x10
[ 117.946106][ T125] ? do_raw_spin_lock+0x121/0x290
[ 117.948287][ T125] ? rcu_is_watching+0x15/0xb0
[ 117.950548][ T125] wb_writeback+0x42b/0xaa0
[ 117.952592][ T125] ? queue_io+0x261/0x450
[ 117.954464][ T125] ? __pfx_wb_writeback+0x10/0x10
[ 117.957259][ T125] ? do_raw_spin_lock+0x121/0x290
[ 117.960078][ T125] wb_workfn+0x3f9/0xed0
[ 117.962661][ T125] ? __pfx_wb_workfn+0x10/0x10
[ 117.965521][ T125] ? finish_task_switch+0x162/0x940
[ 117.967970][ T125] ? do_raw_spin_lock+0x121/0x290
[ 117.970200][ T125] ? lock_acquire+0x107/0x340
[ 117.972277][ T125] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 117.974722][ T125] ? process_scheduled_works+0x9ef/0x1770
[ 117.977253][ T125] ? process_scheduled_works+0x9ef/0x1770
[ 117.979795][ T125] ? process_scheduled_works+0x9ef/0x1770
[ 117.982306][ T125] ? process_scheduled_works+0x9ef/0x1770
[ 117.984951][ T125] process_scheduled_works+0xad1/0x1770
[ 117.987506][ T125] ? __pfx_process_scheduled_works+0x10/0x10
[ 117.990216][ T125] ? do_raw_spin_lock+0x121/0x290
[ 117.992830][ T125] worker_thread+0x8a0/0xda0
[ 117.995305][ T125] kthread+0x711/0x8a0
[ 117.997358][ T125] ? __pfx_worker_thread+0x10/0x10
[ 118.000086][ T125] ? __pfx_kthread+0x10/0x10
[ 118.002474][ T125] ? _raw_spin_unlock_irq+0x23/0x50
[ 118.004890][ T125] ? __pfx_kthread+0x10/0x10
[ 118.007133][ T125] ret_from_fork+0x510/0xa50
[ 118.009243][ T125] ? __pfx_ret_from_fork+0x10/0x10
[ 118.011476][ T125] ? __switch_to+0xc9e/0x1480
[ 118.013916][ T125] ? __pfx_kthread+0x10/0x10
[ 118.015987][ T125] ret_from_fork_asm+0x1a/0x30
[ 118.018429][ T125]
[ 118.020297][ T125] Kernel Offset: disabled
[ 118.022388][ T125] Rebooting in 86400 seconds..
VM DIAGNOSIS:
14:03:56 Registers:
info registers vcpu 0
CPU#0
RAX=0000000000000020 RBX=0000000000000020 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc9000195e190
R8 =ffff888033c68237 R9 =1ffff1100678d046 R10=dffffc0000000000 R11=ffffffff851baf30
R12=dffffc0000000000 R13=ffffffff998fea06 R14=ffffffff99c136a0 R15=0000000000000000
RIP=ffffffff851bafac RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88808d416000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=000055558412e5c8 CR3=0000000035b26000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000020081 Opmask01=0000000001000001 Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffc64898fe0 0000003000000018
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa05a415050
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa05a41505d
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa05a415057
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa05a41506b
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa05a4150f1
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa05a4151cf
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 47414c46585f5346 2074657365720064 656c696166202973 2528746174736c00
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 47414c46585f5346 0551405640570041 40494c4443050c56 000d514451564900
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000003 0000000000000000 0000000000000000 00000000000000d8
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000