Warning: Permanently added '[localhost]:20935' (ED25519) to the list of known hosts.
2025/10/01 15:58:02 parsed 1 programs
syzkaller login: [   83.947691][ T5326] cgroup: Unknown subsys name 'net'
[   84.020843][ T5326] cgroup: Unknown subsys name 'cpuset'
[   84.028236][ T5326] cgroup: Unknown subsys name 'rlimit'
[   85.721959][ T5326] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   89.859435][ T5340] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   90.948146][ T5362] chnl_net:caif_netlink_parms(): no params data found
[   91.015171][ T5362] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.019004][ T5362] bridge0: port 1(bridge_slave_0) entered disabled state
[   91.021933][ T5362] bridge_slave_0: entered allmulticast mode
[   91.025529][ T5362] bridge_slave_0: entered promiscuous mode
[   91.032943][ T5362] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.036031][ T5362] bridge0: port 2(bridge_slave_1) entered disabled state
[   91.040112][ T5362] bridge_slave_1: entered allmulticast mode
[   91.043626][ T5362] bridge_slave_1: entered promiscuous mode
[   91.068362][ T5362] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   91.074887][ T5362] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   91.098962][ T5362] team0: Port device team_slave_0 added
[   91.102533][ T5362] team0: Port device team_slave_1 added
[   91.130963][ T5362] batman_adv: batadv0: Adding interface: batadv_slave_0
[   91.134016][ T5362] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   91.146014][ T5362] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   91.153707][ T5362] batman_adv: batadv0: Adding interface: batadv_slave_1
[   91.157637][ T5362] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   91.169004][ T5362] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   91.203495][ T5362] hsr_slave_0: entered promiscuous mode
[   91.208377][ T5362] hsr_slave_1: entered promiscuous mode
[   91.349818][ T5362] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   91.362057][ T5362] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   91.368586][ T5362] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   91.375399][ T5362] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   91.412114][ T5362] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.415339][ T5362] bridge0: port 2(bridge_slave_1) entered forwarding state
[   91.418996][ T5362] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.421901][ T5362] bridge0: port 1(bridge_slave_0) entered forwarding state
[   91.476064][ T5362] 8021q: adding VLAN 0 to HW filter on device bond0
[   91.490186][ T1039] bridge0: port 1(bridge_slave_0) entered disabled state
[   91.494138][ T1039] bridge0: port 2(bridge_slave_1) entered disabled state
[   91.508405][ T5362] 8021q: adding VLAN 0 to HW filter on device team0
[   91.519687][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.522702][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   91.533530][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.536687][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   91.715870][ T5362] 8021q: adding VLAN 0 to HW filter on device batadv0
[   91.754284][ T5362] veth0_vlan: entered promiscuous mode
[   91.763610][ T5362] veth1_vlan: entered promiscuous mode
[   91.793781][ T5362] veth0_macvtap: entered promiscuous mode
[   91.802759][ T5362] veth1_macvtap: entered promiscuous mode
[   91.819628][ T5362] batman_adv: batadv0: Interface activated: batadv_slave_0
[   91.830535][ T5362] batman_adv: batadv0: Interface activated: batadv_slave_1
[   91.840256][   T10] cfg80211: failed to load regulatory.db
[   91.857557][   T70] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   91.861428][   T70] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   91.865214][   T70] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   91.878907][   T70] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   92.033955][ T1081] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   92.081483][ T1081] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   92.132842][ T1081] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   92.181830][ T1081] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   92.579029][ T5396] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   92.582890][   T45] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   92.589920][   T45] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   92.594286][   T45] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   92.599769][   T45] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   92.873509][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.884067][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.912647][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.915812][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.890865][ T1081] bridge_slave_1: left allmulticast mode
[   94.893481][ T1081] bridge_slave_1: left promiscuous mode
[   94.896707][ T1081] bridge0: port 2(bridge_slave_1) entered disabled state
[   94.988481][ T1081] bridge_slave_0: left allmulticast mode
[   94.997874][ T1081] bridge_slave_0: left promiscuous mode
[   95.000496][ T1081] bridge0: port 1(bridge_slave_0) entered disabled state
[   95.541548][ T1081] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   95.548718][ T1081] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   95.555368][ T1081] bond0 (unregistering): Released all slaves
[   95.713874][ T1081] hsr_slave_0: left promiscuous mode
[   95.718782][ T1081] hsr_slave_1: left promiscuous mode
[   95.738653][ T1081] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   95.742238][ T1081] batman_adv: batadv0: Removing interface: batadv_slave_0
[   95.767398][ T1081] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   95.770555][ T1081] batman_adv: batadv0: Removing interface: batadv_slave_1
[   95.806118][ T1081] veth1_macvtap: left promiscuous mode
[   95.817788][ T1081] veth0_macvtap: left promiscuous mode
[   95.820294][ T1081] veth1_vlan: left promiscuous mode
[   95.822675][ T1081] veth0_vlan: left promiscuous mode
[   96.357720][ T1081] team0 (unregistering): Port device team_slave_1 removed
[   96.375519][ T1081] team0 (unregistering): Port device team_slave_0 removed
2025/10/01 15:58:18 executed programs: 0
[   97.406603][   T45] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   97.410723][   T45] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   97.414119][   T45] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   97.421601][   T45] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   97.425046][   T45] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   98.242053][ T5457] chnl_net:caif_netlink_parms(): no params data found
[   98.425302][ T5457] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.435854][ T5457] bridge0: port 1(bridge_slave_0) entered disabled state
[   98.443467][ T5457] bridge_slave_0: entered allmulticast mode
[   98.448168][ T5457] bridge_slave_0: entered promiscuous mode
[   98.457908][ T5457] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.463498][ T5457] bridge0: port 2(bridge_slave_1) entered disabled state
[   98.467840][ T5457] bridge_slave_1: entered allmulticast mode
[   98.471592][ T5457] bridge_slave_1: entered promiscuous mode
[   98.513514][ T5457] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   98.546052][ T5457] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   98.638819][ T5457] team0: Port device team_slave_0 added
[   98.642996][ T5457] team0: Port device team_slave_1 added
[   98.709298][ T5457] batman_adv: batadv0: Adding interface: batadv_slave_0
[   98.712118][ T5457] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   98.725080][ T5457] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   98.741061][ T5457] batman_adv: batadv0: Adding interface: batadv_slave_1
[   98.743903][ T5457] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   98.761546][ T5457] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   98.807546][ T5457] hsr_slave_0: entered promiscuous mode
[   98.810576][ T5457] hsr_slave_1: entered promiscuous mode
[   99.265725][ T5457] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   99.281180][ T5457] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   99.293014][ T5457] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   99.308473][ T5457] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   99.464223][ T5457] 8021q: adding VLAN 0 to HW filter on device bond0
[   99.500438][ T5457] 8021q: adding VLAN 0 to HW filter on device team0
[   99.508035][   T70] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.511733][   T70] bridge0: port 1(bridge_slave_0) entered forwarding state
[   99.518894][ T4684] Bluetooth: hci0: command tx timeout
[   99.537956][ T1081] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.541341][ T1081] bridge0: port 2(bridge_slave_1) entered forwarding state
[   99.918500][ T5457] 8021q: adding VLAN 0 to HW filter on device batadv0
[   99.982457][ T5457] veth0_vlan: entered promiscuous mode
[  100.007887][ T5457] veth1_vlan: entered promiscuous mode
[  100.045691][ T5457] veth0_macvtap: entered promiscuous mode
[  100.061291][ T5457] veth1_macvtap: entered promiscuous mode
[  100.089337][ T5457] batman_adv: batadv0: Interface activated: batadv_slave_0
[  100.109882][ T5457] batman_adv: batadv0: Interface activated: batadv_slave_1
[  100.129681][ T1081] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  100.133499][ T1081] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  100.139300][ T1081] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  100.142999][ T1081] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  100.249800][ T3070] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  100.253115][ T3070] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  100.309965][ T3070] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  100.314129][ T3070] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  100.423488][ T5508] loop0: detected capacity change from 0 to 1024
[  100.445384][ T5508] EXT4-fs (loop0): Test dummy encryption mode enabled
[  100.456123][ T5508] EXT4-fs (loop0): stripe (7) is not aligned with cluster size (16), stripe is disabled
[  100.501887][ T5508] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  100.532472][ T5508] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni"
[  100.587913][ T5508] loop0: detected capacity change from 1024 to 767
[  100.670543][ T5457] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  100.781294][ T5516] loop0: detected capacity change from 0 to 1024
[  100.819121][ T5516] EXT4-fs (loop0): Test dummy encryption mode enabled
[  100.829858][ T5516] EXT4-fs (loop0): stripe (7) is not aligned with cluster size (16), stripe is disabled
[  100.858689][ T5516] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  100.947161][ T5516] loop0: detected capacity change from 1024 to 767
[  101.011475][ T5457] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  101.099691][ T5521] loop0: detected capacity change from 0 to 1024
[  101.123175][ T5521] EXT4-fs (loop0): Test dummy encryption mode enabled
[  101.135295][ T5521] EXT4-fs (loop0): stripe (7) is not aligned with cluster size (16), stripe is disabled
[  101.175319][ T5521] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  101.247810][ T5521] loop0: detected capacity change from 1024 to 767
[  101.303767][ T5457] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  101.390375][ T5527] loop0: detected capacity change from 0 to 1024
[  101.408330][ T5527] EXT4-fs (loop0): Test dummy encryption mode enabled
[  101.429750][ T5527] EXT4-fs (loop0): stripe (7) is not aligned with cluster size (16), stripe is disabled
[  101.469187][ T5527] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  101.543822][ T5527] loop0: detected capacity change from 1024 to 767
[  101.560281][ T5527] ==================================================================
[  101.563943][ T5527] BUG: KASAN: use-after-free in ext4_search_dir+0xf1/0x1b0
[  101.567101][ T5527] Read of size 1 at addr ffff8880406c82b1 by task syz.0.20/5527
[  101.571288][ T5527] 
[  101.572354][ T5527] CPU: 0 UID: 0 PID: 5527 Comm: syz.0.20 Not tainted syzkaller #0 PREEMPT(full) 
[  101.572369][ T5527] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  101.572376][ T5527] Call Trace:
[  101.572385][ T5527]  <TASK>
[  101.572390][ T5527]  dump_stack_lvl+0x189/0x250
[  101.572409][ T5527]  ? __virt_addr_valid+0x1c8/0x5c0
[  101.572423][ T5527]  ? rcu_is_watching+0x15/0xb0
[  101.572431][ T5527]  ? __pfx_dump_stack_lvl+0x10/0x10
[  101.572440][ T5527]  ? rcu_is_watching+0x15/0xb0
[  101.572451][ T5527]  ? lock_release+0x4b/0x3e0
[  101.572461][ T5527]  ? _raw_spin_lock_irqsave+0xb3/0xf0
[  101.572520][ T5527]  ? __virt_addr_valid+0x1c8/0x5c0
[  101.572534][ T5527]  ? __virt_addr_valid+0x4a5/0x5c0
[  101.572549][ T5527]  print_report+0xca/0x240
[  101.572561][ T5527]  ? ext4_search_dir+0xf1/0x1b0
[  101.572571][ T5527]  kasan_report+0x118/0x150
[  101.572589][ T5527]  ? ext4_search_dir+0xf1/0x1b0
[  101.572599][ T5527]  ext4_search_dir+0xf1/0x1b0
[  101.572610][ T5527]  ext4_find_inline_entry+0x492/0x5f0
[  101.572622][ T5527]  ? __pfx_ext4_find_inline_entry+0x10/0x10
[  101.572633][ T5527]  ? kasan_quarantine_put+0xdd/0x220
[  101.572644][ T5527]  __ext4_find_entry+0x2fd/0x1f20
[  101.572661][ T5527]  ? __pfx___ext4_find_entry+0x10/0x10
[  101.572674][ T5527]  ? ext4_fname_prepare_lookup+0x3b8/0x4c0
[  101.572692][ T5527]  ext4_lookup+0x13d/0x6c0
[  101.572703][ T5527]  ? apparmor_path_mknod+0x1b1/0x230
[  101.572714][ T5527]  ? __pfx_ext4_lookup+0x10/0x10
[  101.572730][ T5527]  ? inode_permission+0x149/0x470
[  101.572743][ T5527]  ? bpf_lsm_path_mknod+0x9/0x20
[  101.572755][ T5527]  ? bpf_lsm_inode_create+0x9/0x20
[  101.572770][ T5527]  path_openat+0x1101/0x3830
[  101.572779][ T5527]  ? arch_stack_walk+0xfc/0x150
[  101.572800][ T5527]  ? __pfx_path_openat+0x10/0x10
[  101.572809][ T5527]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.572825][ T5527]  do_filp_open+0x1fa/0x410
[  101.572834][ T5527]  ? __lock_acquire+0xab9/0xd20
[  101.572845][ T5527]  ? __pfx_do_filp_open+0x10/0x10
[  101.572859][ T5527]  ? _raw_spin_unlock+0x28/0x50
[  101.572872][ T5527]  ? alloc_fd+0x64c/0x6c0
[  101.572886][ T5527]  do_sys_openat2+0x121/0x1c0
[  101.572900][ T5527]  ? __se_sys_futex+0x36f/0x400
[  101.572946][ T5527]  ? __pfx_do_sys_openat2+0x10/0x10
[  101.572961][ T5527]  ? __pfx___se_sys_futex+0x10/0x10
[  101.572981][ T5527]  ? rcu_is_watching+0x15/0xb0
[  101.572994][ T5527]  __x64_sys_openat+0x138/0x170
[  101.573015][ T5527]  do_syscall_64+0xfa/0x3b0
[  101.573023][ T5527]  ? lockdep_hardirqs_on+0x9c/0x150
[  101.573033][ T5527]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.573040][ T5527]  ? clear_bhb_loop+0x60/0xb0
[  101.573047][ T5527]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.573054][ T5527] RIP: 0033:0x7f0ec218eec9
[  101.573064][ T5527] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  101.573073][ T5527] RSP: 002b:00007ffdd1a7a898 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  101.573084][ T5527] RAX: ffffffffffffffda RBX: 00007f0ec23e5fa0 RCX: 00007f0ec218eec9
[  101.573092][ T5527] RDX: 0000000000000042 RSI: 0000200000000040 RDI: ffffffffffffff9c
[  101.573100][ T5527] RBP: 00007f0ec2211f91 R08: 0000000000000000 R09: 0000000000000000
[  101.573106][ T5527] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  101.573112][ T5527] R13: 00007f0ec23e5fa0 R14: 00007f0ec23e5fa0 R15: 0000000000000004
[  101.573121][ T5527]  </TASK>
[  101.573125][ T5527] 
[  101.713869][ T5527] The buggy address belongs to the physical page:
[  101.716565][ T5527] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x7f0eb9207 pfn:0x406c8
[  101.720285][ T5527] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  101.723179][ T5527] raw: 04fff00000000000 ffffea000101a388 ffffea000133ed08 0000000000000000
[  101.726983][ T5527] raw: 00000007f0eb9207 0000000000000000 00000000ffffffff 0000000000000000
[  101.730714][ T5527] page dumped because: kasan: bad access detected
[  101.733501][ T5527] page_owner tracks the page as freed
[  101.735973][ T5527] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|__GFP_COMP), pid 5527, tgid 5527 (syz.0.20), ts 101511226789, free_ts 101514007504
[  101.743872][ T5527]  post_alloc_hook+0x240/0x2a0
[  101.746022][ T5527]  get_page_from_freelist+0x21e4/0x22c0
[  101.748419][ T5527]  __alloc_frozen_pages_noprof+0x181/0x370
[  101.751004][ T5527]  alloc_pages_mpol+0x232/0x4a0
[  101.753166][ T5527]  vma_alloc_folio_noprof+0xe4/0x200
[  101.755527][ T5527]  folio_prealloc+0x30/0x180
[  101.757559][ T5527]  __handle_mm_fault+0x2ab9/0x5440
[  101.759759][ T5527]  handle_mm_fault+0x40a/0x8e0
[  101.761847][ T5527]  do_user_addr_fault+0xa7c/0x1380
[  101.764123][ T5527]  exc_page_fault+0x76/0xf0
[  101.766019][ T5527]  asm_exc_page_fault+0x26/0x30
[  101.768170][ T5527] page last free pid 5527 tgid 5527 stack trace:
[  101.770880][ T5527]  free_unref_folios+0xdbd/0x1520
[  101.773018][ T5527]  folios_put_refs+0x559/0x640
[  101.774880][ T5527]  free_pages_and_swap_cache+0x4be/0x520
[  101.777259][ T5527]  tlb_flush_mmu+0x3a0/0x680
[  101.779508][ T5527]  tlb_finish_mmu+0xc3/0x1d0
[  101.781858][ T5527]  vms_clear_ptes+0x42c/0x540
[  101.783974][ T5527]  vms_complete_munmap_vmas+0x206/0x8a0
[  101.786439][ T5527]  do_vmi_align_munmap+0x358/0x420
[  101.788755][ T5527]  do_vmi_munmap+0x253/0x2e0
[  101.790819][ T5527]  __vm_munmap+0x23b/0x3d0
[  101.792745][ T5527]  __x64_sys_munmap+0x60/0x70
[  101.794872][ T5527]  do_syscall_64+0xfa/0x3b0
[  101.796827][ T5527]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.799500][ T5527] 
[  101.800581][ T5527] Memory state around the buggy address:
[  101.802903][ T5527]  ffff8880406c8180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  101.807151][ T5527]  ffff8880406c8200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  101.810604][ T5527] >ffff8880406c8280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  101.814088][ T5527]                                      ^
[  101.816551][ T5527]  ffff8880406c8300: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  101.820061][ T5527]  ffff8880406c8380: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  101.823552][ T5527] ==================================================================
[  101.845746][ T4684] Bluetooth: hci0: command tx timeout
[  102.073451][ T5527] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  102.076612][ T5527] CPU: 0 UID: 0 PID: 5527 Comm: syz.0.20 Not tainted syzkaller #0 PREEMPT(full) 
[  102.080432][ T5527] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  102.085165][ T5527] Call Trace:
[  102.086650][ T5527]  <TASK>
[  102.087908][ T5527]  dump_stack_lvl+0x99/0x250
[  102.089830][ T5527]  ? __asan_memcpy+0x40/0x70
[  102.091803][ T5527]  ? __pfx_dump_stack_lvl+0x10/0x10
[  102.094085][ T5527]  ? __pfx__printk+0x10/0x10
[  102.095986][ T5527]  vpanic+0x281/0x750
[  102.097757][ T5527]  ? preempt_schedule+0xae/0xc0
[  102.099785][ T5527]  ? __pfx_vpanic+0x10/0x10
[  102.101837][ T5527]  ? preempt_schedule_common+0x83/0xd0
[  102.104162][ T5527]  ? preempt_schedule+0xae/0xc0
[  102.106247][ T5527]  ? __pfx_preempt_schedule+0x10/0x10
[  102.108367][ T5527]  panic+0xb9/0xc0
[  102.109885][ T5527]  ? __pfx_panic+0x10/0x10
[  102.111646][ T5527]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  102.113996][ T5527]  ? is_module_address+0x17/0xf0
[  102.115971][ T5527]  ? ext4_search_dir+0xf1/0x1b0
[  102.117929][ T5527]  check_panic_on_warn+0x89/0xb0
[  102.119900][ T5527]  ? ext4_search_dir+0xf1/0x1b0
[  102.122067][ T5527]  end_report+0x78/0x160
[  102.123954][ T5527]  kasan_report+0x129/0x150
[  102.125912][ T5527]  ? ext4_search_dir+0xf1/0x1b0
[  102.127964][ T5527]  ext4_search_dir+0xf1/0x1b0
[  102.129943][ T5527]  ext4_find_inline_entry+0x492/0x5f0
[  102.132236][ T5527]  ? __pfx_ext4_find_inline_entry+0x10/0x10
[  102.134666][ T5527]  ? kasan_quarantine_put+0xdd/0x220
[  102.136939][ T5527]  __ext4_find_entry+0x2fd/0x1f20
[  102.139037][ T5527]  ? __pfx___ext4_find_entry+0x10/0x10
[  102.141353][ T5527]  ? ext4_fname_prepare_lookup+0x3b8/0x4c0
[  102.143815][ T5527]  ext4_lookup+0x13d/0x6c0
[  102.145704][ T5527]  ? apparmor_path_mknod+0x1b1/0x230
[  102.147976][ T5527]  ? __pfx_ext4_lookup+0x10/0x10
[  102.150045][ T5527]  ? inode_permission+0x149/0x470
[  102.152156][ T5527]  ? bpf_lsm_path_mknod+0x9/0x20
[  102.154267][ T5527]  ? bpf_lsm_inode_create+0x9/0x20
[  102.156420][ T5527]  path_openat+0x1101/0x3830
[  102.158392][ T5527]  ? arch_stack_walk+0xfc/0x150
[  102.160446][ T5527]  ? __pfx_path_openat+0x10/0x10
[  102.162526][ T5527]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.165095][ T5527]  do_filp_open+0x1fa/0x410
[  102.166948][ T5527]  ? __lock_acquire+0xab9/0xd20
[  102.168963][ T5527]  ? __pfx_do_filp_open+0x10/0x10
[  102.171016][ T5527]  ? _raw_spin_unlock+0x28/0x50
[  102.173032][ T5527]  ? alloc_fd+0x64c/0x6c0
[  102.174799][ T5527]  do_sys_openat2+0x121/0x1c0
[  102.176727][ T5527]  ? __se_sys_futex+0x36f/0x400
[  102.178757][ T5527]  ? __pfx_do_sys_openat2+0x10/0x10
[  102.180949][ T5527]  ? __pfx___se_sys_futex+0x10/0x10
[  102.183130][ T5527]  ? rcu_is_watching+0x15/0xb0
[  102.185287][ T5527]  __x64_sys_openat+0x138/0x170
[  102.187347][ T5527]  do_syscall_64+0xfa/0x3b0
[  102.189192][ T5527]  ? lockdep_hardirqs_on+0x9c/0x150
[  102.191346][ T5527]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.193840][ T5527]  ? clear_bhb_loop+0x60/0xb0
[  102.195822][ T5527]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.198369][ T5527] RIP: 0033:0x7f0ec218eec9
[  102.200159][ T5527] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  102.207983][ T5527] RSP: 002b:00007ffdd1a7a898 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  102.211616][ T5527] RAX: ffffffffffffffda RBX: 00007f0ec23e5fa0 RCX: 00007f0ec218eec9
[  102.214971][ T5527] RDX: 0000000000000042 RSI: 0000200000000040 RDI: ffffffffffffff9c
[  102.218358][ T5527] RBP: 00007f0ec2211f91 R08: 0000000000000000 R09: 0000000000000000
[  102.221700][ T5527] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  102.225102][ T5527] R13: 00007f0ec23e5fa0 R14: 00007f0ec23e5fa0 R15: 0000000000000004
[  102.228419][ T5527]  </TASK>
[  102.230030][ T5527] Kernel Offset: disabled
[  102.231800][ T5527] Rebooting in 86400 seconds..

VM DIAGNOSIS:
15:58:22  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000064 RBX=0000000000000064 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc90002c2ed10
R8 =ffff888033318237 R9 =1ffff11006663046 R10=dffffc0000000000 R11=ffffffff850e5b50
R12=dffffc0000000000 R13=ffffffff995ad90c R14=ffffffff998a0400 R15=0000000000000000
RIP=ffffffff850e5bcc RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 000055555e324500 ffffffff 00c00000
GS =0000 ffff88808d967000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fc1e652fbe8 CR3=000000004fcf5000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000fffffc00 Opmask01=0000000000000000 Opmask02=000000000000003f Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffdd1a79e00 00007ffdd1a79de0
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffdd1a79f40 00007ffdd1a79dc0
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffdd1a79e00
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffdd1a79f40
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffdd1a79f40 00007ffdd1a79dc0
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffdd1a79e00 00007ffdd1a79de0
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffff00
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 7272727272727272 7272727272727272
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 7272727272727272 727272727272725e
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5ecfc5f2cf1c1674 dbf9100024c02636 26a95a0c2c32727d 9117627b61b11004
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000003070 6f6f000700080006
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000001353 4c4c4f0c5546470c
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 d8d68f8fffff0000 1a7d7d7000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000