Warning: Permanently added '10.128.15.200' (ED25519) to the list of known hosts.
2025/01/27 03:28:08 ignoring optional flag "sandboxArg"="0"
2025/01/27 03:28:08 parsed 1 programs
[  103.527731][ T4594] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k FS
[  106.142964][ T4639] chnl_net:caif_netlink_parms(): no params data found
[  106.206022][ T4639] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.213346][ T4639] bridge0: port 1(bridge_slave_0) entered disabled state
[  106.223049][ T4639] device bridge_slave_0 entered promiscuous mode
[  106.232163][ T4639] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.239306][ T4639] bridge0: port 2(bridge_slave_1) entered disabled state
[  106.247920][ T4639] device bridge_slave_1 entered promiscuous mode
[  106.276992][ T4639] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  106.288722][ T4639] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  106.321911][ T4639] team0: Port device team_slave_0 added
[  106.331099][ T4639] team0: Port device team_slave_1 added
[  106.357164][ T4639] batman_adv: batadv0: Adding interface: batadv_slave_0
[  106.365634][ T4639] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  106.393457][ T4639] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  106.406565][ T4639] batman_adv: batadv0: Adding interface: batadv_slave_1
[  106.415306][ T4639] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  106.443117][ T4639] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  106.486685][ T4639] device hsr_slave_0 entered promiscuous mode
[  106.493790][ T4639] device hsr_slave_1 entered promiscuous mode
[  107.247571][ T4639] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  107.257545][ T4639] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  107.268213][ T4639] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  107.279181][ T4639] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  107.399279][ T4639] 8021q: adding VLAN 0 to HW filter on device bond0
[  107.414642][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  107.424076][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  107.436412][ T4639] 8021q: adding VLAN 0 to HW filter on device team0
[  107.471937][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  107.483076][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  107.491984][  T154] bridge0: port 1(bridge_slave_0) entered blocking state
[  107.499294][  T154] bridge0: port 1(bridge_slave_0) entered forwarding state
[  107.508026][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  107.516964][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  107.526100][  T154] bridge0: port 2(bridge_slave_1) entered blocking state
[  107.533310][  T154] bridge0: port 2(bridge_slave_1) entered forwarding state
[  107.573154][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  107.582323][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  107.593062][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  107.603581][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  107.614927][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  107.657031][ T4639] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  107.670348][ T4639] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  107.683192][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  107.692937][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  107.702284][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  107.711495][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  107.720620][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  107.729294][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  107.738283][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  107.747489][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  107.914524][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  107.925160][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  107.945401][ T4639] 8021q: adding VLAN 0 to HW filter on device batadv0
[  107.984844][ T4182] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  107.994767][ T4182] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  108.045568][ T4182] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  108.055064][ T4182] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  108.067499][ T4639] device veth0_vlan entered promiscuous mode
[  108.075503][ T4182] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  108.086248][ T4182] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  108.099461][ T4639] device veth1_vlan entered promiscuous mode
[  108.141403][ T4182] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  108.149788][ T4182] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  108.167936][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  108.177064][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  108.189385][ T4639] device veth0_macvtap entered promiscuous mode
[  108.215079][ T4639] device veth1_macvtap entered promiscuous mode
[  108.273391][ T4639] batman_adv: batadv0: Interface activated: batadv_slave_0
[  108.291252][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  108.308060][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  108.316677][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  108.326223][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  108.338608][ T4639] batman_adv: batadv0: Interface activated: batadv_slave_1
[  108.348753][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  108.358469][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  108.371639][ T4639] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  108.383913][ T4639] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  108.393375][ T4639] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  108.403696][ T4639] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  109.645216][ T4182] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.670632][ T4182] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.680400][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  109.707369][ T4784] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.720516][ T4784] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.729911][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  110.682663][  T155] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/01/27 03:28:20 executed programs: 0
[  111.218582][ T4844] chnl_net:caif_netlink_parms(): no params data found
[  111.286937][ T4844] bridge0: port 1(bridge_slave_0) entered blocking state
[  111.294491][ T4844] bridge0: port 1(bridge_slave_0) entered disabled state
[  111.303183][ T4844] device bridge_slave_0 entered promiscuous mode
[  111.312500][ T4844] bridge0: port 2(bridge_slave_1) entered blocking state
[  111.319890][ T4844] bridge0: port 2(bridge_slave_1) entered disabled state
[  111.328665][ T4844] device bridge_slave_1 entered promiscuous mode
[  111.366365][ T4844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  111.378395][ T4844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  111.411576][ T4844] team0: Port device team_slave_0 added
[  111.420761][ T4844] team0: Port device team_slave_1 added
[  111.446746][ T4844] batman_adv: batadv0: Adding interface: batadv_slave_0
[  111.453913][ T4844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  111.481153][ T4844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  111.494148][ T4844] batman_adv: batadv0: Adding interface: batadv_slave_1
[  111.502797][ T4844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  111.529187][ T4844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  111.567215][ T4844] device hsr_slave_0 entered promiscuous mode
[  111.575231][ T4844] device hsr_slave_1 entered promiscuous mode
[  111.582406][ T4844] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  111.590516][ T4844] Cannot create hsr debugfs directory
[  113.101699][ T1108] Bluetooth: hci0: command 0x0409 tx timeout
[  113.784513][  T155] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  113.825663][  T155] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  113.886652][  T155] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  114.764503][ T4844] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  114.785804][ T4844] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  114.795571][ T4844] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  114.805286][ T4844] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  114.874768][ T4844] 8021q: adding VLAN 0 to HW filter on device bond0
[  114.888732][ T4784] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  114.897081][ T4784] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  114.923828][ T4844] 8021q: adding VLAN 0 to HW filter on device team0
[  114.934047][ T4784] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  114.943994][ T4784] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  114.953272][ T4784] bridge0: port 1(bridge_slave_0) entered blocking state
[  114.960648][ T4784] bridge0: port 1(bridge_slave_0) entered forwarding state
[  114.968380][ T4784] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  114.993668][ T4784] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  115.003064][ T4784] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  115.011852][ T4784] bridge0: port 2(bridge_slave_1) entered blocking state
[  115.018972][ T4784] bridge0: port 2(bridge_slave_1) entered forwarding state
[  115.028842][ T4784] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  115.041942][ T4784] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  115.066429][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  115.078068][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  115.087099][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  115.099129][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  115.108952][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  115.131809][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  115.140737][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  115.151394][ T4784] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  115.160228][ T4784] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  115.172350][ T4844] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  115.181546][ T4285] Bluetooth: hci0: command 0x041b tx timeout
[  115.248626][  T155] device hsr_slave_0 left promiscuous mode
[  115.257102][  T155] device hsr_slave_1 left promiscuous mode
[  115.264860][  T155] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  115.275386][  T155] batman_adv: batadv0: Removing interface: batadv_slave_0
[  115.285116][  T155] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  115.293784][  T155] batman_adv: batadv0: Removing interface: batadv_slave_1
[  115.301947][  T155] device bridge_slave_1 left promiscuous mode
[  115.308144][  T155] bridge0: port 2(bridge_slave_1) entered disabled state
[  115.316707][  T155] device bridge_slave_0 left promiscuous mode
[  115.323132][  T155] bridge0: port 1(bridge_slave_0) entered disabled state
[  115.337366][  T155] device veth1_macvtap left promiscuous mode
[  115.343702][  T155] device veth0_macvtap left promiscuous mode
[  115.349874][  T155] device veth1_vlan left promiscuous mode
[  115.355872][  T155] device veth0_vlan left promiscuous mode
[  115.513709][  T155] team0 (unregistering): Port device team_slave_1 removed
[  115.528225][  T155] team0 (unregistering): Port device team_slave_0 removed
[  115.541739][  T155] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  115.557670][  T155] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  115.617827][  T155] bond0 (unregistering): Released all slaves
[  115.691450][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  115.698966][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  115.712336][ T4844] 8021q: adding VLAN 0 to HW filter on device batadv0
[  115.735306][ T4784] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  115.745406][ T4784] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  115.765001][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  115.773762][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  115.783343][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  115.791485][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  115.801664][ T4844] device veth0_vlan entered promiscuous mode
[  115.815463][ T4844] device veth1_vlan entered promiscuous mode
[  115.841590][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  115.849774][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  115.857929][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  115.867069][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  115.877962][ T4844] device veth0_macvtap entered promiscuous mode
[  115.889842][ T4844] device veth1_macvtap entered promiscuous mode
[  115.897769][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  115.907698][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  115.930437][ T4844] batman_adv: batadv0: Interface activated: batadv_slave_0
[  115.938032][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  115.947253][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  115.958862][ T4844] batman_adv: batadv0: Interface activated: batadv_slave_1
[  115.970642][ T4844] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  115.979385][ T4844] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  115.988615][ T4844] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  115.999016][ T4844] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  116.009576][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  116.018547][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  116.086355][  T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.112060][  T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.127657][ T4784] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
2025/01/27 03:28:25 executed programs: 2
[  116.129111][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  116.144264][ T4784] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.158871][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  116.219902][ T5071] loop0: detected capacity change from 0 to 512
[  116.326376][ T5071] EXT4-fs (loop0): 1 orphan inode deleted
[  116.333643][ T5071] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  116.348426][ T5071] ext4 filesystem being mounted at /0/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  116.439503][ T4844] EXT4-fs error (device loop0): ext4_map_blocks:628: inode #2: block 3: comm syz-executor: lblock 0 mapped to illegal pblock 3 (length 1)
[  116.460696][ T4844] EXT4-fs error (device loop0): __ext4_get_inode_loc:4320: comm syz-executor: Invalid inode table block 0 in block_group 0
[  116.479501][ T4844] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5806: Corrupt filesystem
[  116.492949][ T4844] EXT4-fs error (device loop0): ext4_dirty_inode:6010: inode #2: comm syz-executor: mark_inode_dirty error
[  116.513856][ T4784] ==================================================================
[  116.522458][ T4784] BUG: KASAN: use-after-free in ext4_find_extent+0xbe7/0xe20
[  116.529876][ T4784] Read of size 4 at addr ffff88806d96cccc by task kworker/u4:5/4784
[  116.537960][ T4784] 
[  116.540307][ T4784] CPU: 0 PID: 4784 Comm: kworker/u4:5 Not tainted 5.15.177-syzkaller #0
[  116.548671][ T4784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  116.558922][ T4784] Workqueue: writeback wb_workfn (flush-7:0)
[  116.564968][ T4784] Call Trace:
[  116.568258][ T4784]  <TASK>
[  116.571201][ T4784]  dump_stack_lvl+0x1e3/0x2d0
[  116.576120][ T4784]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  116.581905][ T4784]  ? _printk+0xd1/0x120
[  116.586082][ T4784]  ? __wake_up_klogd+0xcc/0x100
[  116.590952][ T4784]  ? panic+0x860/0x860
[  116.595034][ T4784]  ? _raw_spin_lock_irqsave+0xdd/0x120
[  116.600519][ T4784]  print_address_description+0x63/0x3b0
[  116.606090][ T4784]  ? ext4_find_extent+0xbe7/0xe20
[  116.611215][ T4784]  kasan_report+0x16b/0x1c0
[  116.615909][ T4784]  ? ext4_find_extent+0xbe7/0xe20
[  116.621998][ T4784]  ext4_find_extent+0xbe7/0xe20
[  116.627007][ T4784]  ext4_ext_map_blocks+0x2da/0x7630
[  116.632760][ T4784]  ? mark_lock+0x98/0x340
[  116.637149][ T4784]  ? __lock_acquire+0x1295/0x1ff0
[  116.642825][ T4784]  ? ext4_ext_release+0x10/0x10
[  116.648039][ T4784]  ? ext4_es_lookup_extent+0x621/0xa40
[  116.653605][ T4784]  ext4_map_blocks+0xa66/0x1c70
[  116.658576][ T4784]  ? slab_post_alloc_hook+0x73/0x380
[  116.664055][ T4784]  ? ext4_issue_zeroout+0x250/0x250
[  116.669309][ T4784]  ? ext4_inode_journal_mode+0x187/0x460
[  116.674958][ T4784]  ext4_writepages+0x160e/0x3d10
[  116.679932][ T4784]  ? validate_chain+0x112/0x5930
[  116.685081][ T4784]  ? ext4_readpage+0x300/0x300
[  116.689884][ T4784]  ? mark_lock+0x98/0x340
[  116.694232][ T4784]  ? __lock_acquire+0x1295/0x1ff0
[  116.699347][ T4784]  ? ext4_readpage+0x300/0x300
[  116.704152][ T4784]  do_writepages+0x481/0x730
[  116.708780][ T4784]  ? __writepage+0x120/0x120
[  116.713400][ T4784]  ? read_lock_is_recursive+0x10/0x10
[  116.718876][ T4784]  ? writeback_sb_inodes+0x732/0x1a40
[  116.724275][ T4784]  ? __lock_acquire+0x1ff0/0x1ff0
[  116.729309][ T4784]  ? do_raw_spin_lock+0x14a/0x370
[  116.734446][ T4784]  __writeback_single_inode+0x15b/0xe30
[  116.740053][ T4784]  writeback_sb_inodes+0xbce/0x1a40
[  116.745367][ T4784]  ? __lock_acquire+0x1ff0/0x1ff0
[  116.750467][ T4784]  ? queue_io+0x560/0x560
[  116.754907][ T4784]  ? __writeback_inodes_wb+0x400/0x400
[  116.760483][ T4784]  ? queue_io+0x3d3/0x560
[  116.764838][ T4784]  wb_writeback+0x451/0xc50
[  116.769414][ T4784]  ? rcu_lock_release+0x20/0x20
[  116.774291][ T4784]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[  116.780300][ T4784]  ? do_raw_spin_unlock+0x137/0x8b0
[  116.785527][ T4784]  wb_workfn+0x46c/0x1130
[  116.789896][ T4784]  ? mark_lock+0x98/0x340
[  116.794425][ T4784]  ? inode_wait_for_writeback+0x280/0x280
[  116.800176][ T4784]  ? read_lock_is_recursive+0x10/0x10
[  116.805759][ T4784]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[  116.811876][ T4784]  ? print_irqtrace_events+0x210/0x210
[  116.817511][ T4784]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[  116.823462][ T4784]  ? do_raw_spin_unlock+0x137/0x8b0
[  116.828738][ T4784]  process_one_work+0x8a1/0x10c0
[  116.833722][ T4784]  ? worker_detach_from_pool+0x260/0x260
[  116.839497][ T4784]  ? _raw_spin_lock_irqsave+0x120/0x120
[  116.845073][ T4784]  ? kthread_data+0x4e/0xc0
[  116.849612][ T4784]  ? wq_worker_running+0x97/0x170
[  116.854693][ T4784]  worker_thread+0xaca/0x1280
[  116.859405][ T4784]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[  116.865353][ T4784]  kthread+0x3f6/0x4f0
[  116.869983][ T4784]  ? rcu_lock_release+0x20/0x20
[  116.874852][ T4784]  ? kthread_blkcg+0xd0/0xd0
[  116.879516][ T4784]  ret_from_fork+0x1f/0x30
[  116.884055][ T4784]  </TASK>
[  116.887082][ T4784] 
[  116.889408][ T4784] The buggy address belongs to the page:
[  116.895059][ T4784] page:ffffea0001b65b00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x6d96c
[  116.905328][ T4784] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  116.912589][ T4784] raw: 00fff00000000000 ffffea0001b65e48 ffffea0001b65ec8 0000000000000000
[  116.921232][ T4784] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[  116.929837][ T4784] page dumped because: kasan: bad access detected
[  116.936281][ T4784] page_owner tracks the page as freed
[  116.941678][ T4784] page last allocated via order 0, migratetype Movable, gfp_mask 0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), pid 4994, ts 113272924860, free_ts 113276716210
[  116.957579][ T4784]  get_page_from_freelist+0x3b78/0x3d40
[  116.963244][ T4784]  __alloc_pages+0x272/0x700
[  116.967854][ T4784]  alloc_pages_vma+0x39a/0x800
[  116.972730][ T4784]  handle_mm_fault+0x2f49/0x5960
[  116.977896][ T4784]  exc_page_fault+0x271/0x700
[  116.982796][ T4784]  asm_exc_page_fault+0x22/0x30
[  116.987667][ T4784] page last free stack trace:
[  116.992379][ T4784]  free_unref_page_prepare+0xc34/0xcf0
[  116.997857][ T4784]  free_unref_page_list+0x1f7/0x8e0
[  117.003539][ T4784]  release_pages+0x1bb9/0x1f40
[  117.008361][ T4784]  tlb_finish_mmu+0x177/0x320
[  117.013060][ T4784]  exit_mmap+0x3cd/0x620
[  117.017377][ T4784]  __mmput+0x112/0x3b0
[  117.021561][ T4784]  exit_mm+0x688/0x7f0
[  117.025742][ T4784]  do_exit+0x626/0x2480
[  117.029922][ T4784]  do_group_exit+0x144/0x310
[  117.034675][ T4784]  __x64_sys_exit_group+0x3b/0x40
[  117.039782][ T4784]  do_syscall_64+0x3b/0xb0
[  117.044228][ T4784]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  117.050158][ T4784] 
[  117.052498][ T4784] Memory state around the buggy address:
[  117.058493][ T4784]  ffff88806d96cb80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  117.066563][ T4784]  ffff88806d96cc00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  117.074641][ T4784] >ffff88806d96cc80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  117.082759][ T4784]                                               ^
[  117.089274][ T4784]  ffff88806d96cd00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  117.097347][ T4784]  ffff88806d96cd80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  117.105513][ T4784] ==================================================================
[  117.113670][ T4784] Disabling lock debugging due to kernel taint
[  117.138563][ T4784] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  117.145893][ T4784] CPU: 0 PID: 4784 Comm: kworker/u4:5 Tainted: G    B             5.15.177-syzkaller #0
[  117.155801][ T4784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  117.165970][ T4784] Workqueue: writeback wb_workfn (flush-7:0)
[  117.171979][ T4784] Call Trace:
[  117.175249][ T4784]  <TASK>
[  117.178167][ T4784]  dump_stack_lvl+0x1e3/0x2d0
[  117.182858][ T4784]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  117.188590][ T4784]  ? panic+0x860/0x860
[  117.192757][ T4784]  ? preempt_schedule_common+0xa6/0xd0
[  117.198219][ T4784]  ? preempt_schedule+0xd9/0xe0
[  117.203063][ T4784]  panic+0x318/0x860
[  117.206955][ T4784]  ? check_panic_on_warn+0x1d/0xa0
[  117.212087][ T4784]  ? fb_is_primary_device+0xd0/0xd0
[  117.217324][ T4784]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[  117.223314][ T4784]  ? _raw_spin_unlock+0x40/0x40
[  117.228165][ T4784]  check_panic_on_warn+0x7e/0xa0
[  117.233180][ T4784]  ? ext4_find_extent+0xbe7/0xe20
[  117.238197][ T4784]  end_report+0x6d/0xf0
[  117.242353][ T4784]  kasan_report+0x18e/0x1c0
[  117.246858][ T4784]  ? ext4_find_extent+0xbe7/0xe20
[  117.251876][ T4784]  ext4_find_extent+0xbe7/0xe20
[  117.256730][ T4784]  ext4_ext_map_blocks+0x2da/0x7630
[  117.261934][ T4784]  ? mark_lock+0x98/0x340
[  117.266258][ T4784]  ? __lock_acquire+0x1295/0x1ff0
[  117.271272][ T4784]  ? ext4_ext_release+0x10/0x10
[  117.276125][ T4784]  ? ext4_es_lookup_extent+0x621/0xa40
[  117.281688][ T4784]  ext4_map_blocks+0xa66/0x1c70
[  117.286570][ T4784]  ? slab_post_alloc_hook+0x73/0x380
[  117.291975][ T4784]  ? ext4_issue_zeroout+0x250/0x250
[  117.297444][ T4784]  ? ext4_inode_journal_mode+0x187/0x460
[  117.303083][ T4784]  ext4_writepages+0x160e/0x3d10
[  117.308064][ T4784]  ? validate_chain+0x112/0x5930
[  117.313106][ T4784]  ? ext4_readpage+0x300/0x300
[  117.317890][ T4784]  ? mark_lock+0x98/0x340
[  117.322230][ T4784]  ? __lock_acquire+0x1295/0x1ff0
[  117.327262][ T4784]  ? ext4_readpage+0x300/0x300
[  117.332026][ T4784]  do_writepages+0x481/0x730
[  117.336791][ T4784]  ? __writepage+0x120/0x120
[  117.341521][ T4784]  ? read_lock_is_recursive+0x10/0x10
[  117.347016][ T4784]  ? writeback_sb_inodes+0x732/0x1a40
[  117.352382][ T4784]  ? __lock_acquire+0x1ff0/0x1ff0
[  117.357396][ T4784]  ? do_raw_spin_lock+0x14a/0x370
[  117.362412][ T4784]  __writeback_single_inode+0x15b/0xe30
[  117.367952][ T4784]  writeback_sb_inodes+0xbce/0x1a40
[  117.373139][ T4784]  ? __lock_acquire+0x1ff0/0x1ff0
[  117.378165][ T4784]  ? queue_io+0x560/0x560
[  117.382484][ T4784]  ? __writeback_inodes_wb+0x400/0x400
[  117.387958][ T4784]  ? queue_io+0x3d3/0x560
[  117.392281][ T4784]  wb_writeback+0x451/0xc50
[  117.396800][ T4784]  ? rcu_lock_release+0x20/0x20
[  117.401812][ T4784]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[  117.407803][ T4784]  ? do_raw_spin_unlock+0x137/0x8b0
[  117.413005][ T4784]  wb_workfn+0x46c/0x1130
[  117.417331][ T4784]  ? mark_lock+0x98/0x340
[  117.421656][ T4784]  ? inode_wait_for_writeback+0x280/0x280
[  117.427407][ T4784]  ? read_lock_is_recursive+0x10/0x10
[  117.432802][ T4784]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[  117.438776][ T4784]  ? print_irqtrace_events+0x210/0x210
[  117.444231][ T4784]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[  117.450228][ T4784]  ? do_raw_spin_unlock+0x137/0x8b0
[  117.455474][ T4784]  process_one_work+0x8a1/0x10c0
[  117.460542][ T4784]  ? worker_detach_from_pool+0x260/0x260
[  117.466186][ T4784]  ? _raw_spin_lock_irqsave+0x120/0x120
[  117.471731][ T4784]  ? kthread_data+0x4e/0xc0
[  117.476232][ T4784]  ? wq_worker_running+0x97/0x170
[  117.481350][ T4784]  worker_thread+0xaca/0x1280
[  117.486042][ T4784]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[  117.492035][ T4784]  kthread+0x3f6/0x4f0
[  117.496204][ T4784]  ? rcu_lock_release+0x20/0x20
[  117.501045][ T4784]  ? kthread_blkcg+0xd0/0xd0
[  117.505891][ T4784]  ret_from_fork+0x1f/0x30
[  117.510308][ T4784]  </TASK>
[  117.513595][ T4784] Kernel Offset: disabled
[  117.517975][ T4784] Rebooting in 86400 seconds..