Warning: Permanently added '[localhost]:4986' (ED25519) to the list of known hosts.
2025/06/29 08:38:48 ignoring optional flag "sandboxArg"="0"
2025/06/29 08:38:48 ignoring optional flag "type"="qemu"
2025/06/29 08:38:49 parsed 1 programs
[  137.958865][ T1315] ieee802154 phy0 wpan0: encryption failed: -22
[  137.961875][ T1315] ieee802154 phy1 wpan1: encryption failed: -22
[  138.322710][ T5660] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  144.977496][ T5705] chnl_net:caif_netlink_parms(): no params data found
[  145.049645][ T5705] bridge0: port 1(bridge_slave_0) entered blocking state
[  145.053176][ T5705] bridge0: port 1(bridge_slave_0) entered disabled state
[  145.057893][ T5705] bridge_slave_0: entered allmulticast mode
[  145.062633][ T5705] bridge_slave_0: entered promiscuous mode
[  145.067926][ T5705] bridge0: port 2(bridge_slave_1) entered blocking state
[  145.071267][ T5705] bridge0: port 2(bridge_slave_1) entered disabled state
[  145.074663][ T5705] bridge_slave_1: entered allmulticast mode
[  145.080556][ T5705] bridge_slave_1: entered promiscuous mode
[  145.106557][ T5705] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  145.113379][ T5705] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  145.142093][ T5705] team0: Port device team_slave_0 added
[  145.148744][ T5705] team0: Port device team_slave_1 added
[  145.171495][ T5705] batman_adv: batadv0: Adding interface: batadv_slave_0
[  145.175538][ T5705] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  145.189321][ T5705] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  145.196734][ T5705] batman_adv: batadv0: Adding interface: batadv_slave_1
[  145.200346][ T5705] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  145.213427][ T5705] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  145.253792][ T5705] hsr_slave_0: entered promiscuous mode
[  145.257477][ T5705] hsr_slave_1: entered promiscuous mode
[  145.941415][ T5705] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  145.955207][ T5705] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  145.975579][ T5705] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  145.997654][ T5705] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  146.180825][ T5705] 8021q: adding VLAN 0 to HW filter on device bond0
[  146.217904][ T5705] 8021q: adding VLAN 0 to HW filter on device team0
[  146.230169][ T1039] bridge0: port 1(bridge_slave_0) entered blocking state
[  146.233582][ T1039] bridge0: port 1(bridge_slave_0) entered forwarding state
[  146.268857][ T1039] bridge0: port 2(bridge_slave_1) entered blocking state
[  146.272097][ T1039] bridge0: port 2(bridge_slave_1) entered forwarding state
[  146.641270][ T5705] 8021q: adding VLAN 0 to HW filter on device batadv0
[  146.727080][ T5705] veth0_vlan: entered promiscuous mode
[  146.747664][ T5705] veth1_vlan: entered promiscuous mode
[  146.807653][ T5705] veth0_macvtap: entered promiscuous mode
[  146.813600][ T5705] veth1_macvtap: entered promiscuous mode
[  146.870232][ T5705] batman_adv: batadv0: Interface activated: batadv_slave_0
[  146.890448][ T5705] batman_adv: batadv0: Interface activated: batadv_slave_1
[  146.915291][ T5705] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  146.924325][ T5705] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  146.930350][ T5705] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  146.934198][ T5705] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  147.204681][   T45] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  147.214670][   T45] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  147.219360][   T45] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  147.223583][   T45] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  147.230127][   T45] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  147.281462][ T1039] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  147.399738][ T1039] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  147.474644][ T1039] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  147.560715][ T1039] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  149.463289][ T1039] bridge_slave_1: left allmulticast mode
[  149.477765][ T1039] bridge_slave_1: left promiscuous mode
[  149.496971][ T1039] bridge0: port 2(bridge_slave_1) entered disabled state
[  149.520434][ T1039] bridge_slave_0: left allmulticast mode
[  149.522903][ T1039] bridge_slave_0: left promiscuous mode
[  149.525501][ T1039] bridge0: port 1(bridge_slave_0) entered disabled state
[  150.306216][ T1039] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  150.324027][ T1039] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  150.340256][ T1039] bond0 (unregistering): Released all slaves
[  150.468579][ T1039] hsr_slave_0: left promiscuous mode
[  150.471767][ T1039] hsr_slave_1: left promiscuous mode
[  150.477341][ T1039] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  150.480663][ T1039] batman_adv: batadv0: Removing interface: batadv_slave_0
[  150.506669][ T1039] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  150.510471][ T1039] batman_adv: batadv0: Removing interface: batadv_slave_1
[  150.533168][ T1039] veth1_macvtap: left promiscuous mode
[  150.547242][ T1039] veth0_macvtap: left promiscuous mode
[  150.550145][ T1039] veth1_vlan: left promiscuous mode
[  150.552562][ T1039] veth0_vlan: left promiscuous mode
[  150.937300][ T1039] team0 (unregistering): Port device team_slave_1 removed
[  150.958918][ T1039] team0 (unregistering): Port device team_slave_0 removed
[  151.452494][ T1095] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  151.476041][ T1095] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  151.557666][ T1150] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  151.572727][ T1150] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/06/29 08:39:07 executed programs: 0
[  151.877820][ T4668] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  151.882865][ T4668] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  151.887641][ T4668] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  151.891766][ T4668] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  151.895357][ T4668] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  152.963133][ T5818] chnl_net:caif_netlink_parms(): no params data found
[  153.412938][ T5818] bridge0: port 1(bridge_slave_0) entered blocking state
[  153.426402][ T5818] bridge0: port 1(bridge_slave_0) entered disabled state
[  153.429788][ T5818] bridge_slave_0: entered allmulticast mode
[  153.463555][ T5818] bridge_slave_0: entered promiscuous mode
[  153.469779][ T5818] bridge0: port 2(bridge_slave_1) entered blocking state
[  153.473084][ T5818] bridge0: port 2(bridge_slave_1) entered disabled state
[  153.486866][ T5818] bridge_slave_1: entered allmulticast mode
[  153.496606][ T5818] bridge_slave_1: entered promiscuous mode
[  153.567925][ T5818] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  153.574330][ T5818] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  153.633117][ T5818] team0: Port device team_slave_0 added
[  153.649769][ T5818] team0: Port device team_slave_1 added
[  153.699326][ T5818] batman_adv: batadv0: Adding interface: batadv_slave_0
[  153.702476][ T5818] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  153.739118][ T5818] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  153.747101][ T5818] batman_adv: batadv0: Adding interface: batadv_slave_1
[  153.750453][ T5818] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  153.776485][ T5818] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  153.862298][ T5818] hsr_slave_0: entered promiscuous mode
[  153.865630][ T5818] hsr_slave_1: entered promiscuous mode
[  153.956841][ T4668] Bluetooth: hci0: command tx timeout
[  154.357923][ T5818] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  154.377047][ T5818] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  154.382879][ T5818] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  154.397742][ T5818] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  154.545453][ T5818] 8021q: adding VLAN 0 to HW filter on device bond0
[  154.584283][ T5818] 8021q: adding VLAN 0 to HW filter on device team0
[  154.601458][ T1095] bridge0: port 1(bridge_slave_0) entered blocking state
[  154.604893][ T1095] bridge0: port 1(bridge_slave_0) entered forwarding state
[  154.640005][ T1095] bridge0: port 2(bridge_slave_1) entered blocking state
[  154.643287][ T1095] bridge0: port 2(bridge_slave_1) entered forwarding state
[  154.992604][ T5818] 8021q: adding VLAN 0 to HW filter on device batadv0
[  155.077219][ T5818] veth0_vlan: entered promiscuous mode
[  155.099441][ T5818] veth1_vlan: entered promiscuous mode
[  155.153999][ T5818] veth0_macvtap: entered promiscuous mode
[  155.174121][ T5818] veth1_macvtap: entered promiscuous mode
[  155.203143][ T5818] batman_adv: batadv0: Interface activated: batadv_slave_0
[  155.221718][ T5818] batman_adv: batadv0: Interface activated: batadv_slave_1
[  155.244234][ T5818] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  155.257126][ T5818] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  155.261063][ T5818] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  155.265126][ T5818] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  155.407528][ T1095] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  155.411005][ T1095] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  155.465026][ T1039] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  155.470437][ T1039] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  155.654176][ T5880] loop0: detected capacity change from 0 to 4096
[  155.704108][ T5880] ntfs3(loop0): Different NTFS sector size (2048) and media sector size (512).
[  155.828572][   T25] audit: type=1800 audit(1751186351.327:2): pid=5880 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.15" name="file1" dev="loop0" ino=30 res=0 errno=0
[  155.891731][   T25] audit: type=1800 audit(1751186351.337:3): pid=5880 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.15" name="file1" dev="loop0" ino=30 res=0 errno=0
[  156.036345][ T4668] Bluetooth: hci0: command tx timeout
[  156.190855][ T5888] loop0: detected capacity change from 0 to 4096
[  156.223326][ T5888] ntfs3(loop0): Different NTFS sector size (2048) and media sector size (512).
[  156.336758][   T25] audit: type=1800 audit(1751186351.827:4): pid=5888 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.16" name="file1" dev="loop0" ino=30 res=0 errno=0
[  156.393624][   T25] audit: type=1800 audit(1751186351.827:5): pid=5888 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.16" name="file1" dev="loop0" ino=30 res=0 errno=0
[  156.848379][ T5895] loop0: detected capacity change from 0 to 4096
[  156.871725][ T5895] ntfs3(loop0): Different NTFS sector size (2048) and media sector size (512).
[  156.966302][   T25] audit: type=1800 audit(1751186352.467:6): pid=5895 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.17" name="file1" dev="loop0" ino=30 res=0 errno=0
[  157.019926][   T25] audit: type=1800 audit(1751186352.477:7): pid=5895 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.17" name="file1" dev="loop0" ino=30 res=0 errno=0
2025/06/29 08:39:12 executed programs: 5
[  157.459115][ T5901] loop0: detected capacity change from 0 to 4096
[  157.497819][ T5901] ntfs3(loop0): Different NTFS sector size (2048) and media sector size (512).
[  157.609783][   T25] audit: type=1800 audit(1751186353.107:8): pid=5901 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.18" name="file1" dev="loop0" ino=30 res=0 errno=0
[  157.659665][   T25] audit: type=1800 audit(1751186353.107:9): pid=5901 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.18" name="file1" dev="loop0" ino=30 res=0 errno=0
[  157.958195][ T5907] loop0: detected capacity change from 0 to 4096
[  157.986977][ T5907] ntfs3(loop0): Different NTFS sector size (2048) and media sector size (512).
[  158.113323][   T25] audit: type=1800 audit(1751186353.607:10): pid=5907 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.19" name="file1" dev="loop0" ino=30 res=0 errno=0
[  158.126678][ T4668] Bluetooth: hci0: command tx timeout
[  158.166943][   T25] audit: type=1800 audit(1751186353.607:11): pid=5907 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.19" name="file1" dev="loop0" ino=30 res=0 errno=0
[  158.490362][ T5914] loop0: detected capacity change from 0 to 4096
[  158.550751][ T5914] ntfs3(loop0): Different NTFS sector size (2048) and media sector size (512).
[  159.056427][ T5920] loop0: detected capacity change from 0 to 4096
[  159.074674][ T5920] ntfs3(loop0): Different NTFS sector size (2048) and media sector size (512).
[  159.655462][ T5928] loop0: detected capacity change from 0 to 4096
[  159.712392][ T5928] ntfs3(loop0): Different NTFS sector size (2048) and media sector size (512).
[  160.017583][ T5931] loop0: detected capacity change from 0 to 4096
[  160.024676][ T5931] ntfs3(loop0): Different NTFS sector size (2048) and media sector size (512).
[  160.196732][ T4668] Bluetooth: hci0: command tx timeout
[  160.478388][ T5934] loop0: detected capacity change from 0 to 4096
[  160.519292][ T5934] ntfs3(loop0): Different NTFS sector size (2048) and media sector size (512).
[  160.854140][ T5937] loop0: detected capacity change from 0 to 4096
[  160.875601][ T5937] ntfs3(loop0): Different NTFS sector size (2048) and media sector size (512).
[  160.924821][   T25] kauditd_printk_skb: 10 callbacks suppressed
[  160.924835][   T25] audit: type=1800 audit(1751186356.417:22): pid=5937 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.25" name="file1" dev="loop0" ino=30 res=0 errno=0
[  160.960650][   T25] audit: type=1800 audit(1751186356.437:23): pid=5937 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.25" name="file1" dev="loop0" ino=30 res=0 errno=0
[  161.190832][ T5940] loop0: detected capacity change from 0 to 4096
[  161.199592][ T5940] ntfs3(loop0): Different NTFS sector size (2048) and media sector size (512).
[  161.257832][   T25] audit: type=1800 audit(1751186356.757:24): pid=5940 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.26" name="file1" dev="loop0" ino=30 res=0 errno=0
[  161.295967][   T25] audit: type=1800 audit(1751186356.757:25): pid=5940 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.26" name="file1" dev="loop0" ino=30 res=0 errno=0
[  161.603138][ T5943] loop0: detected capacity change from 0 to 4096
[  161.650878][ T5943] ntfs3(loop0): Different NTFS sector size (2048) and media sector size (512).
[  161.713762][   T25] audit: type=1800 audit(1751186357.207:26): pid=5943 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.27" name="file1" dev="loop0" ino=30 res=0 errno=0
[  161.742828][   T25] audit: type=1800 audit(1751186357.237:27): pid=5943 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.27" name="file1" dev="loop0" ino=30 res=0 errno=0
[  162.068331][ T5946] loop0: detected capacity change from 0 to 4096
[  162.088669][ T5946] ntfs3(loop0): Different NTFS sector size (2048) and media sector size (512).
[  162.155115][   T25] audit: type=1800 audit(1751186357.647:28): pid=5946 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.28" name="file1" dev="loop0" ino=30 res=0 errno=0
[  162.191434][   T25] audit: type=1800 audit(1751186357.647:29): pid=5946 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.28" name="file1" dev="loop0" ino=30 res=0 errno=0
[  162.472924][ T5949] loop0: detected capacity change from 0 to 4096
[  162.494022][ T5949] ntfs3(loop0): Different NTFS sector size (2048) and media sector size (512).
[  162.561969][   T25] audit: type=1800 audit(1751186358.057:30): pid=5949 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.29" name="file1" dev="loop0" ino=30 res=0 errno=0
[  162.607719][   T25] audit: type=1800 audit(1751186358.077:31): pid=5949 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.29" name="file1" dev="loop0" ino=30 res=0 errno=0
2025/06/29 08:39:18 executed programs: 17
[  163.102997][ T5954] loop0: detected capacity change from 0 to 4096
[  163.128642][ T5954] ntfs3(loop0): Different NTFS sector size (2048) and media sector size (512).
[  163.383401][ T5957] loop0: detected capacity change from 0 to 4096
[  163.394498][ T5957] ntfs3(loop0): Different NTFS sector size (2048) and media sector size (512).
[  163.609846][ T5960] loop0: detected capacity change from 0 to 4096
[  163.628765][ T5960] ntfs3(loop0): Different NTFS sector size (2048) and media sector size (512).
[  163.841090][ T5963] loop0: detected capacity change from 0 to 4096
[  163.853208][ T5963] ntfs3(loop0): Different NTFS sector size (2048) and media sector size (512).
[  164.059525][ T5966] loop0: detected capacity change from 0 to 4096
[  164.073644][ T5966] ntfs3(loop0): Different NTFS sector size (2048) and media sector size (512).
[  164.119505][ T1045] ==================================================================
[  164.123433][ T1045] BUG: KASAN: stack-out-of-bounds in end_buffer_read_sync+0xc3/0xe0
[  164.127601][ T1045] Write of size 4 at addr ffffc9000cda7640 by task kworker/u4:8/1045
[  164.132560][ T1045] 
[  164.133740][ T1045] CPU: 0 UID: 0 PID: 1045 Comm: kworker/u4:8 Not tainted 6.16.0-rc3-syzkaller-gdfba48a70cb6 #0 PREEMPT(full) 
[  164.133756][ T1045] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  164.133764][ T1045] Workqueue: loop0 loop_workfn
[  164.133785][ T1045] Call Trace:
[  164.133794][ T1045]  <TASK>
[  164.133800][ T1045]  dump_stack_lvl+0x189/0x250
[  164.133820][ T1045]  ? end_buffer_read_sync+0xc3/0xe0
[  164.133835][ T1045]  ? __pfx_dump_stack_lvl+0x10/0x10
[  164.133851][ T1045]  ? __pfx__printk+0x10/0x10
[  164.133872][ T1045]  ? _raw_spin_lock_irqsave+0xb3/0xf0
[  164.133949][ T1045]  ? __virt_addr_valid+0xdc/0x5c0
[  164.133962][ T1045]  print_report+0xd2/0x2b0
[  164.133976][ T1045]  ? end_buffer_read_sync+0xc3/0xe0
[  164.133987][ T1045]  kasan_report+0x118/0x150
[  164.133999][ T1045]  ? end_buffer_read_sync+0xc3/0xe0
[  164.134012][ T1045]  kasan_check_range+0x2b0/0x2c0
[  164.134024][ T1045]  ? __pfx_end_buffer_read_sync+0x10/0x10
[  164.134035][ T1045]  end_buffer_read_sync+0xc3/0xe0
[  164.134046][ T1045]  end_bio_bh_io_sync+0xba/0x120
[  164.134062][ T1045]  blk_update_request+0x5eb/0xe70
[  164.134078][ T1045]  blk_mq_end_request+0x3e/0x70
[  164.134089][ T1045]  lo_rw_aio+0xe0b/0x1040
[  164.134105][ T1045]  ? __pfx_lo_rw_aio+0x10/0x10
[  164.134118][ T1045]  ? kthread_associate_blkcg+0x491/0x600
[  164.134131][ T1045]  ? lockdep_hardirqs_on+0x9c/0x150
[  164.134146][ T1045]  loop_process_work+0x810/0xf40
[  164.134163][ T1045]  ? __pfx_loop_process_work+0x10/0x10
[  164.134175][ T1045]  ? do_raw_spin_lock+0x121/0x290
[  164.134190][ T1045]  ? look_up_lock_class+0x74/0x170
[  164.134205][ T1045]  ? register_lock_class+0x51/0x320
[  164.134221][ T1045]  ? __lock_acquire+0xab9/0xd20
[  164.134238][ T1045]  ? process_scheduled_works+0x9ef/0x17b0
[  164.134256][ T1045]  ? _raw_spin_unlock_irq+0x23/0x50
[  164.134269][ T1045]  ? process_scheduled_works+0x9ef/0x17b0
[  164.134285][ T1045]  ? process_scheduled_works+0x9ef/0x17b0
[  164.134300][ T1045]  process_scheduled_works+0xae1/0x17b0
[  164.134324][ T1045]  ? __pfx_process_scheduled_works+0x10/0x10
[  164.134344][ T1045]  worker_thread+0x8a0/0xda0
[  164.134361][ T1045]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  164.134376][ T1045]  ? __kthread_parkme+0x7b/0x200
[  164.134388][ T1045]  kthread+0x70e/0x8a0
[  164.134401][ T1045]  ? __pfx_worker_thread+0x10/0x10
[  164.134416][ T1045]  ? __pfx_kthread+0x10/0x10
[  164.134428][ T1045]  ? _raw_spin_unlock_irq+0x23/0x50
[  164.134441][ T1045]  ? lockdep_hardirqs_on+0x9c/0x150
[  164.134455][ T1045]  ? __pfx_kthread+0x10/0x10
[  164.134467][ T1045]  ret_from_fork+0x3fc/0x770
[  164.134482][ T1045]  ? __pfx_ret_from_fork+0x10/0x10
[  164.134498][ T1045]  ? __pfx_kthread+0x10/0x10
[  164.134509][ T1045]  ret_from_fork_asm+0x1a/0x30
[  164.134525][ T1045]  </TASK>
[  164.134530][ T1045] 
[  164.262989][ T1045] The buggy address belongs to the virtual mapping at
[  164.262989][ T1045]  [ffffc9000cda0000, ffffc9000cda9000) created by:
[  164.262989][ T1045]  copy_process+0x54b/0x3c00
[  164.272159][ T1045] 
[  164.273260][ T1045] The buggy address belongs to the physical page:
[  164.276191][ T1045] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1a0e4
[  164.280449][ T1045] memcg:ffff88803f536202
[  164.282829][ T1045] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  164.286284][ T1045] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[  164.290088][ T1045] raw: 0000000000000000 0000000000000000 00000001ffffffff ffff88803f536202
[  164.293851][ T1045] page dumped because: kasan: bad access detected
[  164.296702][ T1045] page_owner tracks the page as allocated
[  164.299415][ T1045] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 1045, tgid 1045 (kworker/u4:8), ts 162578731351, free_ts 161895965230
[  164.308710][ T1045]  post_alloc_hook+0x240/0x2a0
[  164.311046][ T1045]  get_page_from_freelist+0x21e4/0x22c0
[  164.313761][ T1045]  __alloc_frozen_pages_noprof+0x181/0x370
[  164.317105][ T1045]  alloc_pages_mpol+0x232/0x4a0
[  164.319915][ T1045]  alloc_pages_noprof+0xa9/0x190
[  164.322661][ T1045]  __vmalloc_node_range_noprof+0x97d/0x12f0
[  164.325411][ T1045]  __vmalloc_node_noprof+0xc2/0x110
[  164.327747][ T1045]  dup_task_struct+0x3e7/0x860
[  164.329945][ T1045]  copy_process+0x54b/0x3c00
[  164.332302][ T1045]  kernel_clone+0x21e/0x870
[  164.334387][ T1045]  user_mode_thread+0xdd/0x140
[  164.336548][ T1045]  call_usermodehelper_exec_work+0x9c/0x230
[  164.339714][ T1045]  process_scheduled_works+0xae1/0x17b0
[  164.342449][ T1045]  worker_thread+0x8a0/0xda0
[  164.344980][ T1045]  kthread+0x70e/0x8a0
[  164.347206][ T1045]  ret_from_fork+0x3fc/0x770
[  164.349307][ T1045] page last free pid 72 tgid 72 stack trace:
[  164.351952][ T1045]  __free_frozen_pages+0xc71/0xe70
[  164.354340][ T1045]  __tlb_remove_table+0x2d2/0x3b0
[  164.357902][ T1045]  tlb_remove_table_rcu+0x85/0x100
[  164.360869][ T1045]  rcu_core+0xca8/0x1710
[  164.362823][ T1045]  handle_softirqs+0x286/0x870
[  164.365100][ T1045]  __irq_exit_rcu+0xca/0x1f0
[  164.367182][ T1045]  irq_exit_rcu+0x9/0x30
[  164.369249][ T1045]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  164.371893][ T1045]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  164.375762][ T1045] 
[  164.377558][ T1045] Memory state around the buggy address:
[  164.380552][ T1045]  ffffc9000cda7500: f1 f1 f1 f1 00 00 00 f2 f2 f2 f2 f2 00 00 00 00
[  164.384136][ T1045]  ffffc9000cda7580: 00 00 00 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00
[  164.387864][ T1045] >ffffc9000cda7600: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 04 f2 04 f3
[  164.391350][ T1045]                                            ^
[  164.393975][ T1045]  ffffc9000cda7680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  164.397720][ T1045]  ffffc9000cda7700: 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00 00 00
[  164.401915][ T1045] ==================================================================
[  164.556454][ T1045] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  164.559791][ T1045] CPU: 0 UID: 0 PID: 1045 Comm: kworker/u4:8 Not tainted 6.16.0-rc3-syzkaller-gdfba48a70cb6 #0 PREEMPT(full) 
[  164.565025][ T1045] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  164.569973][ T1045] Workqueue: loop0 loop_workfn
[  164.572272][ T1045] Call Trace:
[  164.574098][ T1045]  <TASK>
[  164.575765][ T1045]  dump_stack_lvl+0x99/0x250
[  164.578141][ T1045]  ? __asan_memcpy+0x40/0x70
[  164.580340][ T1045]  ? __pfx_dump_stack_lvl+0x10/0x10
[  164.582504][ T1045]  ? __pfx__printk+0x10/0x10
[  164.584690][ T1045]  panic+0x2db/0x790
[  164.586496][ T1045]  ? __pfx_preempt_schedule+0x10/0x10
[  164.588904][ T1045]  ? __pfx_panic+0x10/0x10
[  164.591156][ T1045]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  164.594067][ T1045]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  164.597612][ T1045]  ? end_buffer_read_sync+0xc3/0xe0
[  164.600276][ T1045]  check_panic_on_warn+0x89/0xb0
[  164.602751][ T1045]  ? end_buffer_read_sync+0xc3/0xe0
[  164.605112][ T1045]  end_report+0x78/0x160
[  164.607031][ T1045]  kasan_report+0x129/0x150
[  164.609101][ T1045]  ? end_buffer_read_sync+0xc3/0xe0
[  164.611388][ T1045]  kasan_check_range+0x2b0/0x2c0
[  164.613752][ T1045]  ? __pfx_end_buffer_read_sync+0x10/0x10
[  164.616954][ T1045]  end_buffer_read_sync+0xc3/0xe0
[  164.619931][ T1045]  end_bio_bh_io_sync+0xba/0x120
[  164.622198][ T1045]  blk_update_request+0x5eb/0xe70
[  164.624425][ T1045]  blk_mq_end_request+0x3e/0x70
[  164.626605][ T1045]  lo_rw_aio+0xe0b/0x1040
[  164.628485][ T1045]  ? __pfx_lo_rw_aio+0x10/0x10
[  164.630646][ T1045]  ? kthread_associate_blkcg+0x491/0x600
[  164.633150][ T1045]  ? lockdep_hardirqs_on+0x9c/0x150
[  164.635655][ T1045]  loop_process_work+0x810/0xf40
[  164.638196][ T1045]  ? __pfx_loop_process_work+0x10/0x10
[  164.640923][ T1045]  ? do_raw_spin_lock+0x121/0x290
[  164.643382][ T1045]  ? look_up_lock_class+0x74/0x170
[  164.645856][ T1045]  ? register_lock_class+0x51/0x320
[  164.648809][ T1045]  ? __lock_acquire+0xab9/0xd20
[  164.651547][ T1045]  ? process_scheduled_works+0x9ef/0x17b0
[  164.654218][ T1045]  ? _raw_spin_unlock_irq+0x23/0x50
[  164.656472][ T1045]  ? process_scheduled_works+0x9ef/0x17b0
[  164.658857][ T1045]  ? process_scheduled_works+0x9ef/0x17b0
[  164.661413][ T1045]  process_scheduled_works+0xae1/0x17b0
[  164.663835][ T1045]  ? __pfx_process_scheduled_works+0x10/0x10
[  164.666769][ T1045]  worker_thread+0x8a0/0xda0
[  164.669231][ T1045]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  164.672367][ T1045]  ? __kthread_parkme+0x7b/0x200
[  164.674523][ T1045]  kthread+0x70e/0x8a0
[  164.676475][ T1045]  ? __pfx_worker_thread+0x10/0x10
[  164.678910][ T1045]  ? __pfx_kthread+0x10/0x10
[  164.681445][ T1045]  ? _raw_spin_unlock_irq+0x23/0x50
[  164.684260][ T1045]  ? lockdep_hardirqs_on+0x9c/0x150
[  164.686679][ T1045]  ? __pfx_kthread+0x10/0x10
[  164.688723][ T1045]  ret_from_fork+0x3fc/0x770
[  164.690796][ T1045]  ? __pfx_ret_from_fork+0x10/0x10
[  164.693418][ T1045]  ? __pfx_kthread+0x10/0x10
[  164.695697][ T1045]  ret_from_fork_asm+0x1a/0x30
[  164.698372][ T1045]  </TASK>
[  164.700584][ T1045] Kernel Offset: disabled
[  164.702624][ T1045] Rebooting in 86400 seconds..