syzkaller login: [ 91.795617][ T10] cfg80211: failed to load regulatory.db
Warning: Permanently added '[localhost]:63923' (ED25519) to the list of known hosts.
2026/01/09 10:15:33 parsed 1 programs
[ 98.631294][ T5342] cgroup: Unknown subsys name 'net'
[ 98.696569][ T5342] cgroup: Unknown subsys name 'cpuset'
[ 98.700864][ T5342] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 100.372050][ T5342] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 104.841353][ T5351] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 105.669732][ T5363] chnl_net:caif_netlink_parms(): no params data found
[ 105.821401][ T5363] bridge0: port 1(bridge_slave_0) entered blocking state
[ 105.833932][ T5363] bridge0: port 1(bridge_slave_0) entered disabled state
[ 105.837385][ T5363] bridge_slave_0: entered allmulticast mode
[ 105.853754][ T5363] bridge_slave_0: entered promiscuous mode
[ 105.859756][ T5363] bridge0: port 2(bridge_slave_1) entered blocking state
[ 105.863008][ T5363] bridge0: port 2(bridge_slave_1) entered disabled state
[ 105.866936][ T5363] bridge_slave_1: entered allmulticast mode
[ 105.884430][ T5363] bridge_slave_1: entered promiscuous mode
[ 105.935440][ T5363] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 105.941483][ T5363] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 105.995848][ T5363] team0: Port device team_slave_0 added
[ 106.004284][ T5363] team0: Port device team_slave_1 added
[ 106.051141][ T5363] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 106.053943][ T5363] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 106.084171][ T5363] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 106.091762][ T5363] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 106.103500][ T5363] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 106.123479][ T5363] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 106.195159][ T5363] hsr_slave_0: entered promiscuous mode
[ 106.205610][ T5363] hsr_slave_1: entered promiscuous mode
[ 106.489335][ T5363] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 106.506133][ T5363] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 106.519159][ T5363] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 106.535976][ T5363] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 106.586250][ T5363] bridge0: port 2(bridge_slave_1) entered blocking state
[ 106.589401][ T5363] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 106.593277][ T5363] bridge0: port 1(bridge_slave_0) entered blocking state
[ 106.596180][ T5363] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 106.622979][ T4648] bridge0: port 1(bridge_slave_0) entered disabled state
[ 106.627900][ T4648] bridge0: port 2(bridge_slave_1) entered disabled state
[ 106.715689][ T5363] 8021q: adding VLAN 0 to HW filter on device bond0
[ 106.746673][ T5363] 8021q: adding VLAN 0 to HW filter on device team0
[ 106.764944][ T1074] bridge0: port 1(bridge_slave_0) entered blocking state
[ 106.767359][ T1074] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 106.779465][ T1074] bridge0: port 2(bridge_slave_1) entered blocking state
[ 106.782878][ T1074] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 107.114786][ T5363] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 107.172520][ T5363] veth0_vlan: entered promiscuous mode
[ 107.192690][ T5363] veth1_vlan: entered promiscuous mode
[ 107.221054][ T5363] veth0_macvtap: entered promiscuous mode
[ 107.228189][ T5363] veth1_macvtap: entered promiscuous mode
[ 107.245768][ T5363] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 107.256761][ T5363] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 107.266303][ T4648] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 107.270856][ T4648] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 107.278482][ T4648] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 107.289074][ T4648] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 107.422973][ T4648] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 107.464340][ T4648] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 107.525870][ T4648] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 107.559545][ T1095] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 107.562947][ T1095] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 107.587923][ T4648] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 107.616551][ T1058] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 107.619756][ T1058] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 109.793809][ T4648] bridge_slave_1: left allmulticast mode
[ 109.801325][ T4648] bridge_slave_1: left promiscuous mode
[ 109.817857][ T4648] bridge0: port 2(bridge_slave_1) entered disabled state
[ 109.888911][ T4648] bridge_slave_0: left allmulticast mode
[ 109.891316][ T4648] bridge_slave_0: left promiscuous mode
[ 109.923801][ T4648] bridge0: port 1(bridge_slave_0) entered disabled state
[ 109.942763][ T4688] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 109.948643][ T4688] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 109.952417][ T4688] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 109.960724][ T4688] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 109.964514][ T4688] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 110.517749][ T4648] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 110.524234][ T4648] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 110.534265][ T4648] bond0 (unregistering): Released all slaves
[ 110.674859][ T4648] hsr_slave_0: left promiscuous mode
[ 110.683277][ T4648] hsr_slave_1: left promiscuous mode
[ 110.688844][ T4648] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 110.692425][ T4648] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 110.723805][ T4648] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 110.727079][ T4648] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 110.761115][ T4648] veth1_macvtap: left promiscuous mode
[ 110.774459][ T4648] veth0_macvtap: left promiscuous mode
[ 110.776911][ T4648] veth1_vlan: left promiscuous mode
[ 110.779418][ T4648] veth0_vlan: left promiscuous mode
[ 111.436676][ T4648] team0 (unregistering): Port device team_slave_1 removed
[ 111.460540][ T4648] team0 (unregistering): Port device team_slave_0 removed
2026/01/09 10:15:53 executed programs: 0
[ 116.529517][ T47] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 116.534819][ T47] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 116.538630][ T47] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 116.545184][ T47] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 116.548580][ T47] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 116.727872][ T5482] chnl_net:caif_netlink_parms(): no params data found
[ 116.791611][ T5482] bridge0: port 1(bridge_slave_0) entered blocking state
[ 116.794495][ T5482] bridge0: port 1(bridge_slave_0) entered disabled state
[ 116.797485][ T5482] bridge_slave_0: entered allmulticast mode
[ 116.801027][ T5482] bridge_slave_0: entered promiscuous mode
[ 116.806193][ T5482] bridge0: port 2(bridge_slave_1) entered blocking state
[ 116.808855][ T5482] bridge0: port 2(bridge_slave_1) entered disabled state
[ 116.811736][ T5482] bridge_slave_1: entered allmulticast mode
[ 116.815848][ T5482] bridge_slave_1: entered promiscuous mode
[ 116.840956][ T5482] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 116.847812][ T5482] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 116.870660][ T5482] team0: Port device team_slave_0 added
[ 116.874555][ T5482] team0: Port device team_slave_1 added
[ 116.891831][ T5482] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 116.895037][ T5482] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 116.905777][ T5482] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 116.911286][ T5482] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 116.914826][ T5482] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 116.926276][ T5482] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 116.964281][ T5482] hsr_slave_0: entered promiscuous mode
[ 116.967880][ T5482] hsr_slave_1: entered promiscuous mode
[ 117.429198][ T5482] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 117.447593][ T5482] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 117.468986][ T5482] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 117.484560][ T5482] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 117.517682][ T5482] bridge0: port 2(bridge_slave_1) entered blocking state
[ 117.520655][ T5482] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 117.523911][ T5482] bridge0: port 1(bridge_slave_0) entered blocking state
[ 117.526878][ T5482] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 117.641796][ T5482] 8021q: adding VLAN 0 to HW filter on device bond0
[ 117.660378][ T2616] bridge0: port 1(bridge_slave_0) entered disabled state
[ 117.664879][ T2616] bridge0: port 2(bridge_slave_1) entered disabled state
[ 117.680304][ T5482] 8021q: adding VLAN 0 to HW filter on device team0
[ 117.699264][ T2616] bridge0: port 1(bridge_slave_0) entered blocking state
[ 117.702790][ T2616] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 117.728691][ T2616] bridge0: port 2(bridge_slave_1) entered blocking state
[ 117.731686][ T2616] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 118.046562][ T5482] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 118.115330][ T5482] veth0_vlan: entered promiscuous mode
[ 118.146586][ T5482] veth1_vlan: entered promiscuous mode
[ 118.193236][ T5482] veth0_macvtap: entered promiscuous mode
[ 118.204616][ T5482] veth1_macvtap: entered promiscuous mode
[ 118.239310][ T5482] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 118.256066][ T5482] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 118.301643][ T3900] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 118.320821][ T3900] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 118.337822][ T2616] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 118.348778][ T2616] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 118.437654][ T2616] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 118.440870][ T2616] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 118.494723][ T2616] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 118.498336][ T2616] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 118.595272][ T47] Bluetooth: hci0: command tx timeout
[ 118.629927][ T5528] loop0: detected capacity change from 0 to 2048
[ 118.707331][ T5528] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 118.745919][ T5528] loop0: detected capacity change from 2048 to 2045
[ 118.781557][ T5528] ==================================================================
[ 118.785652][ T5528] BUG: KASAN: slab-out-of-bounds in ext4_read_inline_data+0x1d0/0x2c0
[ 118.789242][ T5528] Read of size 68 at addr ffff8880112aa810 by task syz.0.17/5528
[ 118.793080][ T5528]
[ 118.793916][ T5528] CPU: 0 UID: 0 PID: 5528 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)
[ 118.793926][ T5528] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 118.793931][ T5528] Call Trace:
[ 118.793936][ T5528]
[ 118.793939][ T5528] dump_stack_lvl+0xe8/0x150
[ 118.793954][ T5528] print_report+0xca/0x240
[ 118.793965][ T5528] ? ext4_read_inline_data+0x1d0/0x2c0
[ 118.794003][ T5528] kasan_report+0x118/0x150
[ 118.794014][ T5528] ? ext4_read_inline_data+0x1d0/0x2c0
[ 118.794029][ T5528] kasan_check_range+0x2b0/0x2c0
[ 118.794039][ T5528] ? ext4_read_inline_data+0x1d0/0x2c0
[ 118.794053][ T5528] __asan_memcpy+0x29/0x70
[ 118.794066][ T5528] ext4_read_inline_data+0x1d0/0x2c0
[ 118.794081][ T5528] ext4_read_inline_dir+0x2b3/0xb80
[ 118.794092][ T5528] ? __pfx_ext4_read_inline_dir+0x10/0x10
[ 118.794104][ T5528] ? aa_file_perm+0x139/0x1530
[ 118.794117][ T5528] ext4_readdir+0x3e8/0x3e90
[ 118.794128][ T5528] ? aa_file_perm+0x139/0x1530
[ 118.794138][ T5528] ? look_up_lock_class+0x57/0x110
[ 118.794193][ T5528] ? __lock_acquire+0x6b6/0x2cf0
[ 118.794202][ T5528] ? trace_contention_end+0x39/0x100
[ 118.794212][ T5528] ? __mutex_lock+0x335/0x1350
[ 118.794252][ T5528] ? __pfx_aa_file_perm+0x10/0x10
[ 118.794292][ T5528] ? __pfx_ext4_readdir+0x10/0x10
[ 118.794304][ T5528] ? iterate_dir+0x292/0x570
[ 118.794320][ T5528] ? iterate_dir+0x292/0x570
[ 118.794331][ T5528] ? down_read_killable+0x1bc/0x350
[ 118.794342][ T5528] iterate_dir+0x399/0x570
[ 118.794355][ T5528] __se_sys_getdents64+0xe4/0x260
[ 118.794369][ T5528] ? __pfx___se_sys_getdents64+0x10/0x10
[ 118.794382][ T5528] ? __pfx_filldir64+0x10/0x10
[ 118.794395][ T5528] ? rcu_is_watching+0x15/0xb0
[ 118.794409][ T5528] do_syscall_64+0xec/0xf80
[ 118.794418][ T5528] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 118.794427][ T5528] ? trace_irq_disable+0x37/0x100
[ 118.794439][ T5528] ? clear_bhb_loop+0x60/0xb0
[ 118.794449][ T5528] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 118.794459][ T5528] RIP: 0033:0x7f9ec198f7c9
[ 118.794470][ T5528] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 118.794478][ T5528] RSP: 002b:00007ffd3131e748 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 118.794490][ T5528] RAX: ffffffffffffffda RBX: 00007f9ec1be5fa0 RCX: 00007f9ec198f7c9
[ 118.794495][ T5528] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005
[ 118.794499][ T5528] RBP: 00007f9ec1a13f91 R08: 0000000000000000 R09: 0000000000000000
[ 118.794504][ T5528] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 118.794508][ T5528] R13: 00007f9ec1be5fa0 R14: 00007f9ec1be5fa0 R15: 0000000000000003
[ 118.794520][ T5528]
[ 118.794522][ T5528]
[ 118.900444][ T5528] Allocated by task 1095:
[ 118.902077][ T5528] kasan_save_track+0x3e/0x80
[ 118.904022][ T5528] __kasan_slab_alloc+0x6c/0x80
[ 118.906536][ T5528] kmem_cache_alloc_noprof+0x37d/0x710
[ 118.908808][ T5528] mempool_alloc_noprof+0x1c9/0x2f0
[ 118.911312][ T5528] __sg_alloc_table+0x1bc/0x700
[ 118.912985][ T5528] sg_alloc_table_chained+0x85/0x1e0
[ 118.914772][ T5528] scsi_alloc_sgtables+0x291/0xc40
[ 118.916457][ T5528] sd_init_command+0x558/0x2000
[ 118.918291][ T5528] scsi_queue_rq+0x1264/0x30d0
[ 118.920500][ T5528] blk_mq_dispatch_rq_list+0x4c0/0x1900
[ 118.922881][ T5528] __blk_mq_sched_dispatch_requests+0xdac/0x1570
[ 118.925435][ T5528] blk_mq_sched_dispatch_requests+0xd7/0x190
[ 118.927936][ T5528] blk_mq_run_hw_queue+0x404/0x4f0
[ 118.929996][ T5528] blk_mq_dispatch_list+0xd0b/0xe00
[ 118.932289][ T5528] blk_mq_flush_plug_list+0x469/0x550
[ 118.934657][ T5528] blk_add_rq_to_plug+0x175/0x450
[ 118.936817][ T5528] blk_mq_submit_bio+0xd5b/0x26b0
[ 118.938783][ T5528] __submit_bio+0x207/0x5a0
[ 118.940638][ T5528] submit_bio_noacct_nocheck+0x377/0xa30
[ 118.942968][ T5528] ext4_bio_write_folio+0x1087/0x1f20
[ 118.945159][ T5528] ext4_do_writepages+0x1fe9/0x4500
[ 118.947474][ T5528] ext4_writepages+0x203/0x350
[ 118.949446][ T5528] do_writepages+0x32e/0x550
[ 118.951523][ T5528] __writeback_single_inode+0x133/0x1240
[ 118.953873][ T5528] writeback_sb_inodes+0x93a/0x1870
[ 118.956167][ T5528] __writeback_inodes_wb+0x111/0x240
[ 118.958397][ T5528] wb_writeback+0x43f/0xaa0
[ 118.960342][ T5528] wb_workfn+0xb46/0xed0
[ 118.962229][ T5528] process_scheduled_works+0xad1/0x1770
[ 118.964339][ T5528] worker_thread+0x8a0/0xda0
[ 118.966419][ T5528] kthread+0x711/0x8a0
[ 118.968186][ T5528] ret_from_fork+0x510/0xa50
[ 118.970133][ T5528] ret_from_fork_asm+0x1a/0x30
[ 118.972076][ T5528]
[ 118.973159][ T5528] Freed by task 1095:
[ 118.974894][ T5528] kasan_save_track+0x3e/0x80
[ 118.976584][ T5528] kasan_save_free_info+0x46/0x50
[ 118.978631][ T5528] __kasan_slab_free+0x5c/0x80
[ 118.980550][ T5528] kmem_cache_free+0x197/0x620
[ 118.982636][ T5528] mempool_free+0xec/0x130
[ 118.984538][ T5528] __sg_free_table+0x191/0x200
[ 118.986551][ T5528] scsi_end_request+0x1f0/0x820
[ 118.988538][ T5528] scsi_io_completion+0x131/0x360
[ 118.990575][ T5528] ata_qc_complete_multiple+0x1ae/0x280
[ 118.992926][ T5528] ahci_handle_port_interrupt+0x3d5/0x610
[ 118.995163][ T5528] ahci_handle_port_intr+0x19f/0x2e0
[ 118.997239][ T5528] ahci_single_level_irq_intr+0x9b/0xe0
[ 118.999649][ T5528] __handle_irq_event_percpu+0x217/0x970
[ 119.002092][ T5528] handle_irq_event+0x8b/0x1e0
[ 119.004189][ T5528] handle_edge_irq+0x23b/0xa10
[ 119.006413][ T5528] __common_interrupt+0x141/0x1f0
[ 119.008697][ T5528] common_interrupt+0xb6/0xe0
[ 119.010780][ T5528] asm_common_interrupt+0x26/0x40
[ 119.012889][ T5528]
[ 119.013998][ T5528] The buggy address belongs to the object at ffff8880112aa400
[ 119.013998][ T5528] which belongs to the cache sgpool-32 of size 1024
[ 119.019701][ T5528] The buggy address is located 16 bytes to the right of
[ 119.019701][ T5528] allocated 1024-byte region [ffff8880112aa400, ffff8880112aa800)
[ 119.025645][ T5528]
[ 119.026707][ T5528] The buggy address belongs to the physical page:
[ 119.029429][ T5528] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880112a8d80 pfn:0x112a8
[ 119.033582][ T5528] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 119.037064][ T5528] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff)
[ 119.040514][ T5528] page_type: f5(slab)
[ 119.042236][ T5528] raw: 00fff00000000240 ffff88801e92a640 ffffea000002a910 ffffea0000445810
[ 119.045863][ T5528] raw: ffff8880112a8d80 00000000000e0000 00000000f5000000 0000000000000000
[ 119.049292][ T5528] head: 00fff00000000240 ffff88801e92a640 ffffea000002a910 ffffea0000445810
[ 119.053133][ T5528] head: ffff8880112a8d80 00000000000e0000 00000000f5000000 0000000000000000
[ 119.056859][ T5528] head: 00fff00000000002 ffffea000044aa01 00000000ffffffff 00000000ffffffff
[ 119.060617][ T5528] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[ 119.064168][ T5528] page dumped because: kasan: bad access detected
[ 119.066876][ T5528] page_owner tracks the page as allocated
[ 119.069530][ T5528] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4704, tgid 4704 (ext4lazyinit), ts 32074737175, free_ts 32048211831
[ 119.077770][ T5528] post_alloc_hook+0x234/0x290
[ 119.079832][ T5528] get_page_from_freelist+0x24e0/0x2580
[ 119.082202][ T5528] __alloc_frozen_pages_noprof+0x181/0x370
[ 119.084639][ T5528] alloc_pages_mpol+0x232/0x4a0
[ 119.086714][ T5528] allocate_slab+0x86/0x3b0
[ 119.088658][ T5528] ___slab_alloc+0xe53/0x1820
[ 119.090718][ T5528] __slab_alloc+0x65/0x100
[ 119.092667][ T5528] kmem_cache_alloc_noprof+0x40f/0x710
[ 119.094996][ T5528] mempool_alloc_noprof+0x1c9/0x2f0
[ 119.097255][ T5528] __sg_alloc_table+0x1bc/0x700
[ 119.099284][ T5528] sg_alloc_table_chained+0x85/0x1e0
[ 119.101374][ T5528] scsi_alloc_sgtables+0x291/0xc40
[ 119.103655][ T5528] sd_init_command+0x558/0x2000
[ 119.105792][ T5528] scsi_queue_rq+0x1264/0x30d0
[ 119.107769][ T5528] blk_mq_dispatch_rq_list+0x4c0/0x1900
[ 119.109938][ T5528] __blk_mq_sched_dispatch_requests+0xdac/0x1570
[ 119.112644][ T5528] page last free pid 4739 tgid 4739 stack trace:
[ 119.115312][ T5528] __free_frozen_pages+0xbc8/0xd30
[ 119.117540][ T5528] __slab_free+0x2ce/0x320
[ 119.119514][ T5528] qlist_free_all+0x97/0x100
[ 119.121450][ T5528] kasan_quarantine_reduce+0x148/0x160
[ 119.123885][ T5528] __kasan_slab_alloc+0x22/0x80
[ 119.126007][ T5528] kmem_cache_alloc_noprof+0x37d/0x710
[ 119.128273][ T5528] getname_flags+0xb8/0x540
[ 119.129957][ T5528] do_readlinkat+0xbc/0x500
[ 119.131857][ T5528] __x64_sys_readlink+0x7f/0x90
[ 119.133893][ T5528] do_syscall_64+0xec/0xf80
[ 119.135875][ T5528] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 119.138340][ T5528]
[ 119.139376][ T5528] Memory state around the buggy address:
[ 119.141732][ T5528] ffff8880112aa700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 119.145170][ T5528] ffff8880112aa780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 119.148559][ T5528] >ffff8880112aa800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 119.151928][ T5528] ^
[ 119.153904][ T5528] ffff8880112aa880: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 119.156936][ T5528] ffff8880112aa900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 119.160253][ T5528] ==================================================================
[ 119.322693][ T5528] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 119.325705][ T5528] CPU: 0 UID: 0 PID: 5528 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)
[ 119.329376][ T5528] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 119.333745][ T5528] Call Trace:
[ 119.335185][ T5528]
[ 119.336396][ T5528] vpanic+0x1e0/0x670
[ 119.338257][ T5528] panic+0xb9/0xc0
[ 119.339892][ T5528] ? __pfx_panic+0x10/0x10
[ 119.341857][ T5528] ? preempt_schedule_common+0x83/0xd0
[ 119.344188][ T5528] ? ext4_read_inline_data+0x1d0/0x2c0
[ 119.346718][ T5528] check_panic_on_warn+0x89/0xb0
[ 119.348876][ T5528] ? ext4_read_inline_data+0x1d0/0x2c0
[ 119.351140][ T5528] end_report+0x6f/0x140
[ 119.352749][ T5528] kasan_report+0x129/0x150
[ 119.354642][ T5528] ? ext4_read_inline_data+0x1d0/0x2c0
[ 119.356991][ T5528] kasan_check_range+0x2b0/0x2c0
[ 119.359277][ T5528] ? ext4_read_inline_data+0x1d0/0x2c0
[ 119.361709][ T5528] __asan_memcpy+0x29/0x70
[ 119.363718][ T5528] ext4_read_inline_data+0x1d0/0x2c0
[ 119.366064][ T5528] ext4_read_inline_dir+0x2b3/0xb80
[ 119.368348][ T5528] ? __pfx_ext4_read_inline_dir+0x10/0x10
[ 119.370794][ T5528] ? aa_file_perm+0x139/0x1530
[ 119.372915][ T5528] ext4_readdir+0x3e8/0x3e90
[ 119.374989][ T5528] ? aa_file_perm+0x139/0x1530
[ 119.377111][ T5528] ? look_up_lock_class+0x57/0x110
[ 119.379436][ T5528] ? __lock_acquire+0x6b6/0x2cf0
[ 119.381658][ T5528] ? trace_contention_end+0x39/0x100
[ 119.383880][ T5528] ? __mutex_lock+0x335/0x1350
[ 119.385961][ T5528] ? __pfx_aa_file_perm+0x10/0x10
[ 119.388237][ T5528] ? __pfx_ext4_readdir+0x10/0x10
[ 119.390427][ T5528] ? iterate_dir+0x292/0x570
[ 119.392489][ T5528] ? iterate_dir+0x292/0x570
[ 119.394567][ T5528] ? down_read_killable+0x1bc/0x350
[ 119.396945][ T5528] iterate_dir+0x399/0x570
[ 119.398859][ T5528] __se_sys_getdents64+0xe4/0x260
[ 119.401539][ T5528] ? __pfx___se_sys_getdents64+0x10/0x10
[ 119.404536][ T5528] ? __pfx_filldir64+0x10/0x10
[ 119.407062][ T5528] ? rcu_is_watching+0x15/0xb0
[ 119.409444][ T5528] do_syscall_64+0xec/0xf80
[ 119.411684][ T5528] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 119.414241][ T5528] ? trace_irq_disable+0x37/0x100
[ 119.416241][ T5528] ? clear_bhb_loop+0x60/0xb0
[ 119.418312][ T5528] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 119.420793][ T5528] RIP: 0033:0x7f9ec198f7c9
[ 119.423046][ T5528] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 119.432822][ T5528] RSP: 002b:00007ffd3131e748 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 119.436483][ T5528] RAX: ffffffffffffffda RBX: 00007f9ec1be5fa0 RCX: 00007f9ec198f7c9
[ 119.439937][ T5528] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005
[ 119.443563][ T5528] RBP: 00007f9ec1a13f91 R08: 0000000000000000 R09: 0000000000000000
[ 119.446841][ T5528] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 119.450386][ T5528] R13: 00007f9ec1be5fa0 R14: 00007f9ec1be5fa0 R15: 0000000000000003
[ 119.453505][ T5528]
[ 119.455382][ T5528] Kernel Offset: disabled
[ 119.457160][ T5528] Rebooting in 86400 seconds..
VM DIAGNOSIS:
10:15:55 Registers:
info registers vcpu 0
CPU#0
RAX=0000000000000064 RBX=0000000000000064 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc90002a772b0
R8 =ffff888033e28237 R9 =1ffff110067c5046 R10=dffffc0000000000 R11=ffffffff851bb760
R12=dffffc0000000000 R13=ffffffff999009fb R14=ffffffff99c156c0 R15=0000000000000000
RIP=ffffffff851bb7dc RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 000055555f2a3500 ffffffff 00c00000
GS =0000 ffff88808d414000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00005600a5c7f048 CR3=00000000111da000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000d4d0d004 Opmask01=0000000000000001 Opmask02=000000002b2f2ffb Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00752f3a6e69622f
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000002a2e 2573257325003a25
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ff0f0e0d0c0b0a09
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 752f3a6e69622f3a 6e6962732f727375
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000ff00ff ffff00ff00000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffff00ff00000000 0000000000ff0000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005600a500662d 00005600a5c7f048 00005600a5c7f068 6c69665f70006d72
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005600a500662d 00005600a5c7f048 00005600a5c7f068 6c69665f70006d72
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000056008a004902 000056008ac7df48 000056008ac7df47 4346495f5f00425d
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005600a5c7b2f8 0000000000000000 000000000000000f 00005600a500873d
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005600a5c75b58 0000000000000000 000000000000000f 0000000000875d81
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000