Warning: Permanently added '10.128.0.206' (ED25519) to the list of known hosts.
2025/12/26 03:57:01 parsed 1 programs
[   86.167401][ T5774] cgroup: Unknown subsys name 'net'
[   86.302770][ T5774] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   88.145370][ T5774] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   92.067773][   T23] cfg80211: failed to load regulatory.db
[   92.330609][ T5830] chnl_net:caif_netlink_parms(): no params data found
[   92.433055][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.441246][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state
[   92.448571][ T5830] bridge_slave_0: entered allmulticast mode
[   92.456610][ T5830] bridge_slave_0: entered promiscuous mode
[   92.477558][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.484939][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state
[   92.492120][ T5830] bridge_slave_1: entered allmulticast mode
[   92.499483][ T5830] bridge_slave_1: entered promiscuous mode
[   92.541457][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   92.553235][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   92.591299][ T5830] team0: Port device team_slave_0 added
[   92.610516][ T5830] team0: Port device team_slave_1 added
[   92.653522][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0
[   92.660614][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   92.687419][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   92.701293][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1
[   92.708509][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   92.734546][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   92.787826][ T5830] hsr_slave_0: entered promiscuous mode
[   92.794392][ T5830] hsr_slave_1: entered promiscuous mode
[   93.001802][ T5830] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   93.013567][ T5830] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   93.023626][ T5830] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   93.035145][ T5830] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   93.076179][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.083979][ T5830] bridge0: port 2(bridge_slave_1) entered forwarding state
[   93.092142][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.099336][ T5830] bridge0: port 1(bridge_slave_0) entered forwarding state
[   93.161011][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0
[   93.190044][ T2991] bridge0: port 1(bridge_slave_0) entered disabled state
[   93.199053][ T2991] bridge0: port 2(bridge_slave_1) entered disabled state
[   93.223501][ T5830] 8021q: adding VLAN 0 to HW filter on device team0
[   93.240240][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.247416][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[   93.262001][   T59] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.269288][   T59] bridge0: port 2(bridge_slave_1) entered forwarding state
[   93.480120][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0
[   93.531200][ T5830] veth0_vlan: entered promiscuous mode
[   93.543560][ T5830] veth1_vlan: entered promiscuous mode
[   93.582825][ T5830] veth0_macvtap: entered promiscuous mode
[   93.595151][ T5830] veth1_macvtap: entered promiscuous mode
[   93.617140][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0
[   93.631042][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1
[   93.649956][ T5830] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   93.659218][ T5830] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   93.668399][ T5830] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   93.678530][ T5830] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   93.853458][ T2955] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   93.946375][   T34] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.955567][   T34] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.989109][   T34] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.997605][   T34] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.848468][   T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   94.857301][   T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   94.866418][   T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   94.875423][   T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   94.883758][   T51] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   94.891557][   T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
2025/12/26 03:57:13 executed programs: 0
[   95.532702][   T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   95.542117][   T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   95.552216][   T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   95.561406][   T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   95.569432][   T51] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   95.576913][   T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   95.743740][ T5884] chnl_net:caif_netlink_parms(): no params data found
[   95.817898][ T5884] bridge0: port 1(bridge_slave_0) entered blocking state
[   95.825586][ T5884] bridge0: port 1(bridge_slave_0) entered disabled state
[   95.832789][ T5884] bridge_slave_0: entered allmulticast mode
[   95.840411][ T5884] bridge_slave_0: entered promiscuous mode
[   95.849843][ T5884] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.857434][ T5884] bridge0: port 2(bridge_slave_1) entered disabled state
[   95.865052][ T5884] bridge_slave_1: entered allmulticast mode
[   95.872273][ T5884] bridge_slave_1: entered promiscuous mode
[   95.907511][ T5884] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   95.919721][ T5884] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   95.958842][ T5884] team0: Port device team_slave_0 added
[   95.967921][ T5884] team0: Port device team_slave_1 added
[   95.998877][ T5884] batman_adv: batadv0: Adding interface: batadv_slave_0
[   96.006074][ T5884] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   96.032195][ T5884] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   96.046631][ T5884] batman_adv: batadv0: Adding interface: batadv_slave_1
[   96.053685][ T5884] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   96.080449][ T5884] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   96.125752][ T5884] hsr_slave_0: entered promiscuous mode
[   96.132166][ T5884] hsr_slave_1: entered promiscuous mode
[   96.138601][ T5884] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   96.148431][ T5884] Cannot create hsr debugfs directory
[   96.328282][ T2955] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   97.665020][   T51] Bluetooth: hci0: command tx timeout
[   98.575926][ T2955] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   98.636245][ T2955] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   99.551922][ T5884] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   99.566902][ T5884] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   99.581149][ T5884] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   99.602714][ T2955] hsr_slave_0: left promiscuous mode
[   99.609406][ T2955] hsr_slave_1: left promiscuous mode
[   99.615759][ T2955] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   99.623286][ T2955] batman_adv: batadv0: Removing interface: batadv_slave_0
[   99.632637][ T2955] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   99.640447][ T2955] batman_adv: batadv0: Removing interface: batadv_slave_1
[   99.650750][ T2955] bridge_slave_1: left allmulticast mode
[   99.657179][ T2955] bridge_slave_1: left promiscuous mode
[   99.663959][ T2955] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.685649][ T2955] bridge_slave_0: left allmulticast mode
[   99.691476][ T2955] bridge_slave_0: left promiscuous mode
[   99.698244][ T2955] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.728196][ T2955] veth1_macvtap: left promiscuous mode
[   99.734334][ T2955] veth0_macvtap: left promiscuous mode
[   99.741074][ T2955] veth1_vlan: left promiscuous mode
[   99.747123][   T51] Bluetooth: hci0: command tx timeout
[   99.753003][ T2955] veth0_vlan: left promiscuous mode
[  100.173886][ T2955] team0 (unregistering): Port device team_slave_1 removed
[  100.210084][ T2955] team0 (unregistering): Port device team_slave_0 removed
[  100.252212][ T2955] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  100.292823][ T2955] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  100.606798][ T2955] bond0 (unregistering): Released all slaves
[  100.670815][ T5884] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  100.782491][ T5884] 8021q: adding VLAN 0 to HW filter on device bond0
[  100.812753][ T5884] 8021q: adding VLAN 0 to HW filter on device team0
[  100.827408][   T62] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.834699][   T62] bridge0: port 1(bridge_slave_0) entered forwarding state
[  100.847929][   T59] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.855222][   T59] bridge0: port 2(bridge_slave_1) entered forwarding state
[  101.116359][ T5884] 8021q: adding VLAN 0 to HW filter on device batadv0
[  101.176075][ T5884] veth0_vlan: entered promiscuous mode
[  101.193622][ T5884] veth1_vlan: entered promiscuous mode
[  101.237806][ T5884] veth0_macvtap: entered promiscuous mode
[  101.248813][ T5884] veth1_macvtap: entered promiscuous mode
[  101.269605][ T5884] batman_adv: batadv0: Interface activated: batadv_slave_0
[  101.285464][ T5884] batman_adv: batadv0: Interface activated: batadv_slave_1
[  101.298466][ T5884] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  101.307291][ T5884] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  101.316871][ T5884] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  101.325675][ T5884] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  101.430131][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.447678][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.495982][   T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.505564][   T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/12/26 03:57:19 executed programs: 2
[  101.585394][ T5931] syz.0.17[5931]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[  101.611343][ T5931] loop0: detected capacity change from 0 to 1024
[  101.620403][ T5931] =======================================================
[  101.620403][ T5931] WARNING: The mand mount option has been deprecated and
[  101.620403][ T5931]          and is ignored by this kernel. Remove the mand
[  101.620403][ T5931]          option from the mount to silence this warning.
[  101.620403][ T5931] =======================================================
[  101.656443][ T5931] EXT4-fs: inline encryption not supported
[  101.667407][ T5931] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  101.704183][ T5931] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  101.722817][   T28] audit: type=1800 audit(1766721439.647:2): pid=5931 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.17" name="file1" dev="loop0" ino=15 res=0 errno=0
[  101.828134][   T51] Bluetooth: hci0: command tx timeout
[  101.852651][ T5931] ==================================================================
[  101.860787][ T5931] BUG: KASAN: use-after-free in ext4_find_extent+0xbd0/0xe00
[  101.868222][ T5931] Read of size 4 at addr ffff88806eb15018 by task syz.0.17/5931
[  101.875897][ T5931] 
[  101.878262][ T5931] CPU: 1 PID: 5931 Comm: syz.0.17 Not tainted syzkaller #0
[  101.885622][ T5931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  101.895739][ T5931] Call Trace:
[  101.899107][ T5931]  <TASK>
[  101.902067][ T5931]  dump_stack_lvl+0x16c/0x230
[  101.906783][ T5931]  ? read_lock_is_recursive+0x20/0x20
[  101.912179][ T5931]  ? show_regs_print_info+0x20/0x20
[  101.917408][ T5931]  ? load_image+0x3b0/0x3b0
[  101.921938][ T5931]  ? _raw_spin_lock_irqsave+0xb4/0xf0
[  101.927330][ T5931]  ? __virt_addr_valid+0x18c/0x540
[  101.932484][ T5931]  ? __virt_addr_valid+0x469/0x540
[  101.937614][ T5931]  print_report+0xac/0x220
[  101.942059][ T5931]  ? ext4_find_extent+0xbd0/0xe00
[  101.947107][ T5931]  kasan_report+0x117/0x150
[  101.951632][ T5931]  ? ext4_find_extent+0xbd0/0xe00
[  101.956694][ T5931]  ext4_find_extent+0xbd0/0xe00
[  101.961575][ T5931]  ext4_ext_map_blocks+0x260/0x6450
[  101.966809][ T5931]  ? __might_sleep+0xe0/0xe0
[  101.971419][ T5931]  ? ext4_ext_release+0x10/0x10
[  101.976296][ T5931]  ? __lock_acquire+0x7c80/0x7c80
[  101.981425][ T5931]  ? find_get_entries+0xe8/0x8c0
[  101.986381][ T5931]  ? ext4_es_lookup_extent+0x60e/0xa10
[  101.991863][ T5931]  ext4_map_blocks+0x9d5/0x1b70
[  101.996736][ T5931]  ? folio_contains+0x5c0/0x5c0
[  102.001611][ T5931]  ? ext4_issue_zeroout+0x250/0x250
[  102.006832][ T5931]  ? ext4_journal_check_start+0x178/0x250
[  102.012579][ T5931]  ? __ext4_journal_start_sb+0x259/0x570
[  102.018237][ T5931]  ext4_iomap_begin+0x7be/0xad0
[  102.023121][ T5931]  ? ext4_alloc_da_blocks+0x240/0x240
[  102.028521][ T5931]  ? ext4_alloc_da_blocks+0x240/0x240
[  102.033913][ T5931]  iomap_iter+0x6b1/0xec0
[  102.038259][ T5931]  ? blk_start_plug+0x6e/0x1a0
[  102.043041][ T5931]  __iomap_dio_rw+0xb9c/0x1c40
[  102.047847][ T5931]  ? ext4_mark_iloc_dirty+0x1a69/0x1ca0
[  102.053412][ T5931]  ? iomap_dio_deferred_complete+0x20/0x20
[  102.059250][ T5931]  ? __might_sleep+0xe0/0xe0
[  102.063868][ T5931]  ? ext4_fc_replay_link_internal+0x280/0x280
[  102.069981][ T5931]  ? ext4_journal_check_start+0x178/0x250
[  102.075733][ T5931]  iomap_dio_rw+0x45/0xa0
[  102.080087][ T5931]  ext4_file_write_iter+0x13ff/0x1870
[  102.085480][ T5931]  ? aa_path_link+0xdf0/0xdf0
[  102.090184][ T5931]  ? ext4_file_read_iter+0x670/0x670
[  102.095497][ T5931]  ? common_file_perm+0x198/0x1f0
[  102.100540][ T5931]  do_iter_write+0x79a/0xc70
[  102.105156][ T5931]  ? vfs_iter_write+0xa0/0xa0
[  102.109860][ T5931]  ? __asan_memset+0x22/0x40
[  102.114469][ T5931]  ? iov_iter_bvec+0xd4/0x1b0
[  102.119166][ T5931]  ? vfs_iter_write+0x6e/0xa0
[  102.123861][ T5931]  iter_file_splice_write+0x66f/0xc50
[  102.129272][ T5931]  ? splice_from_pipe+0x150/0x150
[  102.134320][ T5931]  ? splice_shrink_spd+0xc0/0xc0
[  102.139281][ T5931]  ? common_file_perm+0x198/0x1f0
[  102.144344][ T5931]  ? splice_from_pipe+0x150/0x150
[  102.149398][ T5931]  direct_splice_actor+0xe8/0x130
[  102.154450][ T5931]  splice_direct_to_actor+0x2f0/0x870
[  102.159849][ T5931]  ? direct_file_splice_eof+0xb0/0xb0
[  102.165265][ T5931]  ? warn_unsupported+0xc0/0xc0
[  102.170143][ T5931]  ? fsnotify_perm+0x5d/0x5e0
[  102.174849][ T5931]  ? security_file_permission+0x79/0xa0
[  102.180422][ T5931]  do_splice_direct+0x1b7/0x2c0
[  102.185298][ T5931]  ? splice_direct_to_actor+0x870/0x870
[  102.190882][ T5931]  ? rcu_read_lock_any_held+0xb4/0x120
[  102.196365][ T5931]  ? do_splice_direct+0x2c0/0x2c0
[  102.201431][ T5931]  do_sendfile+0x5dc/0xf70
[  102.205881][ T5931]  ? do_pwritev+0x340/0x340
[  102.210411][ T5931]  __se_sys_sendfile64+0x13f/0x190
[  102.215550][ T5931]  ? lock_chain_count+0x20/0x20
[  102.220446][ T5931]  ? __x64_sys_sendfile64+0xb0/0xb0
[  102.225669][ T5931]  ? lockdep_hardirqs_on+0x98/0x150
[  102.230891][ T5931]  do_syscall_64+0x55/0xb0
[  102.235333][ T5931]  ? clear_bhb_loop+0x40/0x90
[  102.240030][ T5931]  ? clear_bhb_loop+0x40/0x90
[  102.244740][ T5931]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  102.250651][ T5931] RIP: 0033:0x7fa8db38f749
[  102.255090][ T5931] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  102.274715][ T5931] RSP: 002b:00007fa8dc170038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  102.283163][ T5931] RAX: ffffffffffffffda RBX: 00007fa8db5e5fa0 RCX: 00007fa8db38f749
[  102.291155][ T5931] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004
[  102.299140][ T5931] RBP: 00007fa8db413f91 R08: 0000000000000000 R09: 0000000000000000
[  102.307133][ T5931] R10: 0000000020fffe82 R11: 0000000000000246 R12: 0000000000000000
[  102.315121][ T5931] R13: 00007fa8db5e6038 R14: 00007fa8db5e5fa0 R15: 00007ffe23ad96f8
[  102.323114][ T5931]  </TASK>
[  102.326166][ T5931] 
[  102.328502][ T5931] The buggy address belongs to the physical page:
[  102.334934][ T5931] page:ffffea0001bac540 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x6eb15
[  102.345118][ T5931] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  102.352423][ T5931] page_type: 0xffffffff()
[  102.356770][ T5931] raw: 00fff00000000000 dead000000000100 dead000000000122 0000000000000000
[  102.365375][ T5931] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[  102.373970][ T5931] page dumped because: kasan: bad access detected
[  102.380403][ T5931] page_owner tracks the page as freed
[  102.385796][ T5931] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 5786, tgid 5786 (syz-executor), ts 89754232527, free_ts 89959292015
[  102.403523][ T5931]  post_alloc_hook+0x1cd/0x210
[  102.408374][ T5931]  get_page_from_freelist+0x195c/0x19f0
[  102.413941][ T5931]  __alloc_pages+0x1e3/0x460
[  102.418548][ T5931]  __folio_alloc+0x10/0x20
[  102.422990][ T5931]  vma_alloc_folio+0x47a/0x8f0
[  102.427785][ T5931]  handle_mm_fault+0x1820/0x4920
[  102.432748][ T5931]  do_user_addr_fault+0x738/0x12e0
[  102.437871][ T5931]  exc_page_fault+0x67/0x110
[  102.442476][ T5931]  asm_exc_page_fault+0x26/0x30
[  102.447345][ T5931] page last free stack trace:
[  102.452026][ T5931]  free_unref_page_prepare+0x7ce/0x8e0
[  102.457507][ T5931]  free_unref_page_list+0xbe/0x860
[  102.462638][ T5931]  release_pages+0x1fa0/0x2220
[  102.467424][ T5931]  tlb_flush_mmu+0x368/0x4f0
[  102.472037][ T5931]  tlb_finish_mmu+0xc3/0x1d0
[  102.476655][ T5931]  exit_mmap+0x3f0/0xb50
[  102.480919][ T5931]  __mmput+0x118/0x3c0
[  102.485020][ T5931]  exit_mm+0x1da/0x2c0
[  102.489107][ T5931]  do_exit+0x88e/0x23c0
[  102.493281][ T5931]  do_group_exit+0x21b/0x2d0
[  102.497897][ T5931]  get_signal+0x12fc/0x1400
[  102.502419][ T5931]  arch_do_signal_or_restart+0x9c/0x7b0
[  102.507980][ T5931]  exit_to_user_mode_loop+0x70/0x110
[  102.513288][ T5931]  exit_to_user_mode_prepare+0xf6/0x180
[  102.518863][ T5931]  syscall_exit_to_user_mode+0x1a/0x50
[  102.524345][ T5931]  do_syscall_64+0x61/0xb0
[  102.528783][ T5931] 
[  102.531120][ T5931] Memory state around the buggy address:
[  102.536764][ T5931]  ffff88806eb14f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  102.544846][ T5931]  ffff88806eb14f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  102.552926][ T5931] >ffff88806eb15000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  102.561013][ T5931]                             ^
[  102.565881][ T5931]  ffff88806eb15080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  102.573955][ T5931]  ffff88806eb15100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  102.582023][ T5931] ==================================================================
[  102.594684][ T5931] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  102.601934][ T5931] CPU: 0 PID: 5931 Comm: syz.0.17 Not tainted syzkaller #0
[  102.609168][ T5931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  102.619283][ T5931] Call Trace:
[  102.622612][ T5931]  <TASK>
[  102.625569][ T5931]  dump_stack_lvl+0x16c/0x230
[  102.630297][ T5931]  ? show_regs_print_info+0x20/0x20
[  102.635550][ T5931]  ? load_image+0x3b0/0x3b0
[  102.640101][ T5931]  panic+0x2c0/0x710
[  102.644042][ T5931]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  102.650236][ T5931]  ? bpf_jit_dump+0xd0/0xd0
[  102.654780][ T5931]  ? _raw_spin_unlock_irqrestore+0xfa/0x110
[  102.660705][ T5931]  ? _raw_spin_unlock+0x40/0x40
[  102.665576][ T5931]  ? ext4_find_extent+0xbd0/0xe00
[  102.670623][ T5931]  check_panic_on_warn+0x84/0xa0
[  102.675581][ T5931]  ? ext4_find_extent+0xbd0/0xe00
[  102.680629][ T5931]  end_report+0x6f/0x140
[  102.684887][ T5931]  kasan_report+0x128/0x150
[  102.689405][ T5931]  ? ext4_find_extent+0xbd0/0xe00
[  102.694449][ T5931]  ext4_find_extent+0xbd0/0xe00
[  102.699323][ T5931]  ext4_ext_map_blocks+0x260/0x6450
[  102.704563][ T5931]  ? __might_sleep+0xe0/0xe0
[  102.709172][ T5931]  ? ext4_ext_release+0x10/0x10
[  102.714044][ T5931]  ? __lock_acquire+0x7c80/0x7c80
[  102.719081][ T5931]  ? find_get_entries+0xe8/0x8c0
[  102.724039][ T5931]  ? ext4_es_lookup_extent+0x60e/0xa10
[  102.729521][ T5931]  ext4_map_blocks+0x9d5/0x1b70
[  102.734395][ T5931]  ? folio_contains+0x5c0/0x5c0
[  102.739269][ T5931]  ? ext4_issue_zeroout+0x250/0x250
[  102.744487][ T5931]  ? ext4_journal_check_start+0x178/0x250
[  102.750222][ T5931]  ? __ext4_journal_start_sb+0x259/0x570
[  102.755874][ T5931]  ext4_iomap_begin+0x7be/0xad0
[  102.760753][ T5931]  ? ext4_alloc_da_blocks+0x240/0x240
[  102.766174][ T5931]  ? ext4_alloc_da_blocks+0x240/0x240
[  102.771560][ T5931]  iomap_iter+0x6b1/0xec0
[  102.775921][ T5931]  ? blk_start_plug+0x6e/0x1a0
[  102.780703][ T5931]  __iomap_dio_rw+0xb9c/0x1c40
[  102.785503][ T5931]  ? ext4_mark_iloc_dirty+0x1a69/0x1ca0
[  102.791078][ T5931]  ? iomap_dio_deferred_complete+0x20/0x20
[  102.796932][ T5931]  ? __might_sleep+0xe0/0xe0
[  102.801548][ T5931]  ? ext4_fc_replay_link_internal+0x280/0x280
[  102.807676][ T5931]  ? ext4_journal_check_start+0x178/0x250
[  102.813416][ T5931]  iomap_dio_rw+0x45/0xa0
[  102.817779][ T5931]  ext4_file_write_iter+0x13ff/0x1870
[  102.823165][ T5931]  ? aa_path_link+0xdf0/0xdf0
[  102.827861][ T5931]  ? ext4_file_read_iter+0x670/0x670
[  102.833159][ T5931]  ? common_file_perm+0x198/0x1f0
[  102.838216][ T5931]  do_iter_write+0x79a/0xc70
[  102.842838][ T5931]  ? vfs_iter_write+0xa0/0xa0
[  102.847539][ T5931]  ? __asan_memset+0x22/0x40
[  102.852143][ T5931]  ? iov_iter_bvec+0xd4/0x1b0
[  102.856886][ T5931]  ? vfs_iter_write+0x6e/0xa0
[  102.861681][ T5931]  iter_file_splice_write+0x66f/0xc50
[  102.867087][ T5931]  ? splice_from_pipe+0x150/0x150
[  102.872168][ T5931]  ? splice_shrink_spd+0xc0/0xc0
[  102.877158][ T5931]  ? common_file_perm+0x198/0x1f0
[  102.882228][ T5931]  ? splice_from_pipe+0x150/0x150
[  102.887279][ T5931]  direct_splice_actor+0xe8/0x130
[  102.892331][ T5931]  splice_direct_to_actor+0x2f0/0x870
[  102.897740][ T5931]  ? direct_file_splice_eof+0xb0/0xb0
[  102.903139][ T5931]  ? warn_unsupported+0xc0/0xc0
[  102.908016][ T5931]  ? fsnotify_perm+0x5d/0x5e0
[  102.912724][ T5931]  ? security_file_permission+0x79/0xa0
[  102.918295][ T5931]  do_splice_direct+0x1b7/0x2c0
[  102.923187][ T5931]  ? splice_direct_to_actor+0x870/0x870
[  102.928757][ T5931]  ? rcu_read_lock_any_held+0xb4/0x120
[  102.934248][ T5931]  ? do_splice_direct+0x2c0/0x2c0
[  102.939329][ T5931]  do_sendfile+0x5dc/0xf70
[  102.943778][ T5931]  ? do_pwritev+0x340/0x340
[  102.948310][ T5931]  __se_sys_sendfile64+0x13f/0x190
[  102.953466][ T5931]  ? lock_chain_count+0x20/0x20
[  102.958341][ T5931]  ? __x64_sys_sendfile64+0xb0/0xb0
[  102.963567][ T5931]  ? lockdep_hardirqs_on+0x98/0x150
[  102.968792][ T5931]  do_syscall_64+0x55/0xb0
[  102.973231][ T5931]  ? clear_bhb_loop+0x40/0x90
[  102.977933][ T5931]  ? clear_bhb_loop+0x40/0x90
[  102.982635][ T5931]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  102.988552][ T5931] RIP: 0033:0x7fa8db38f749
[  102.992994][ T5931] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  103.012706][ T5931] RSP: 002b:00007fa8dc170038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  103.021137][ T5931] RAX: ffffffffffffffda RBX: 00007fa8db5e5fa0 RCX: 00007fa8db38f749
[  103.029132][ T5931] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004
[  103.037126][ T5931] RBP: 00007fa8db413f91 R08: 0000000000000000 R09: 0000000000000000
[  103.045127][ T5931] R10: 0000000020fffe82 R11: 0000000000000246 R12: 0000000000000000
[  103.053118][ T5931] R13: 00007fa8db5e6038 R14: 00007fa8db5e5fa0 R15: 00007ffe23ad96f8
[  103.061117][ T5931]  </TASK>
[  103.064717][ T5931] Kernel Offset: disabled
[  103.069137][ T5931] Rebooting in 86400 seconds..