Warning: Permanently added '10.128.10.6' (ED25519) to the list of known hosts.
2025/02/02 05:47:54 ignoring optional flag "sandboxArg"="0"
2025/02/02 05:47:54 parsed 1 programs
[  102.761987][ T6310] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  105.522895][   T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  105.534937][   T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  105.544419][   T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  105.554270][   T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  105.571389][   T54] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  105.578743][   T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  105.801762][ T3020] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  105.809761][ T3020] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  105.830092][ T3020] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  105.838069][ T3020] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  107.322352][ T6390] chnl_net:caif_netlink_parms(): no params data found
[  107.369769][ T6390] bridge0: port 1(bridge_slave_0) entered blocking state
[  107.377310][ T6390] bridge0: port 1(bridge_slave_0) entered disabled state
[  107.384650][ T6390] bridge_slave_0: entered allmulticast mode
[  107.391601][ T6390] bridge_slave_0: entered promiscuous mode
[  107.398752][ T6390] bridge0: port 2(bridge_slave_1) entered blocking state
[  107.405965][ T6390] bridge0: port 2(bridge_slave_1) entered disabled state
[  107.413620][ T6390] bridge_slave_1: entered allmulticast mode
[  107.421270][ T6390] bridge_slave_1: entered promiscuous mode
[  107.445170][ T6390] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  107.456556][ T6390] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  107.484920][ T6390] team0: Port device team_slave_0 added
[  107.495427][ T6390] team0: Port device team_slave_1 added
[  107.514082][ T6390] batman_adv: batadv0: Adding interface: batadv_slave_0
[  107.521136][ T6390] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  107.547214][ T6390] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  107.559711][ T6390] batman_adv: batadv0: Adding interface: batadv_slave_1
[  107.566724][ T6390] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  107.592773][ T6390] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  107.622754][ T6390] hsr_slave_0: entered promiscuous mode
[  107.628820][ T6390] hsr_slave_1: entered promiscuous mode
[  108.056324][ T6390] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  108.081567][ T6390] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  108.095049][ T6390] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  108.112827][ T6390] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  108.204156][ T6390] 8021q: adding VLAN 0 to HW filter on device bond0
[  108.224489][ T6390] 8021q: adding VLAN 0 to HW filter on device team0
[  108.238246][   T69] bridge0: port 1(bridge_slave_0) entered blocking state
[  108.245571][   T69] bridge0: port 1(bridge_slave_0) entered forwarding state
[  108.263112][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  108.270298][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  108.455904][ T6390] 8021q: adding VLAN 0 to HW filter on device batadv0
[  108.508868][ T6390] veth0_vlan: entered promiscuous mode
[  108.523984][ T6390] veth1_vlan: entered promiscuous mode
[  108.557598][ T6390] veth0_macvtap: entered promiscuous mode
[  108.568327][ T6390] veth1_macvtap: entered promiscuous mode
[  108.586917][ T6390] batman_adv: batadv0: Interface activated: batadv_slave_0
[  108.606260][ T6390] batman_adv: batadv0: Interface activated: batadv_slave_1
[  108.618863][ T6390] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  108.629127][ T6390] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  108.640035][ T6390] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  108.648910][ T6390] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  108.849625][   T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  108.919245][   T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  108.982103][   T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  109.040471][   T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/02/02 05:48:05 executed programs: 0
[  109.498377][ T5135] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  109.509015][ T5135] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  109.517965][ T5135] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  109.531859][ T5135] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  109.539597][ T5135] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  109.550223][ T5135] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  109.771963][ T6486] chnl_net:caif_netlink_parms(): no params data found
[  109.863080][ T6486] bridge0: port 1(bridge_slave_0) entered blocking state
[  109.870685][ T6486] bridge0: port 1(bridge_slave_0) entered disabled state
[  109.877939][ T6486] bridge_slave_0: entered allmulticast mode
[  109.887739][ T6486] bridge_slave_0: entered promiscuous mode
[  109.898394][ T6486] bridge0: port 2(bridge_slave_1) entered blocking state
[  109.908203][ T6486] bridge0: port 2(bridge_slave_1) entered disabled state
[  109.915836][ T6486] bridge_slave_1: entered allmulticast mode
[  109.925665][ T6486] bridge_slave_1: entered promiscuous mode
[  109.966650][ T6486] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  109.979254][ T6486] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  110.017451][ T6486] team0: Port device team_slave_0 added
[  110.025755][ T6486] team0: Port device team_slave_1 added
[  110.061405][ T6486] batman_adv: batadv0: Adding interface: batadv_slave_0
[  110.068397][ T6486] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  110.098673][ T6486] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  110.116847][ T6486] batman_adv: batadv0: Adding interface: batadv_slave_1
[  110.124285][ T6486] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  110.153563][ T6486] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  110.200070][ T6486] hsr_slave_0: entered promiscuous mode
[  110.208157][ T6486] hsr_slave_1: entered promiscuous mode
[  110.217534][ T6486] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  110.226037][ T6486] Cannot create hsr debugfs directory
[  111.630027][ T5135] Bluetooth: hci0: command tx timeout
[  111.637655][   T12] bridge_slave_1: left allmulticast mode
[  111.646561][   T12] bridge_slave_1: left promiscuous mode
[  111.652839][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  111.667750][   T12] bridge_slave_0: left allmulticast mode
[  111.673637][   T12] bridge_slave_0: left promiscuous mode
[  111.679414][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  112.006099][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  112.017353][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  112.028184][   T12] bond0 (unregistering): Released all slaves
[  112.138985][   T12] hsr_slave_0: left promiscuous mode
[  112.147595][   T12] hsr_slave_1: left promiscuous mode
[  112.154057][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  112.164926][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  112.175134][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  112.185312][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  112.206762][   T12] veth1_macvtap: left promiscuous mode
[  112.212488][   T12] veth0_macvtap: left promiscuous mode
[  112.218124][   T12] veth1_vlan: left promiscuous mode
[  112.226260][   T12] veth0_vlan: left promiscuous mode
[  112.638876][   T12] team0 (unregistering): Port device team_slave_1 removed
[  112.670104][   T12] team0 (unregistering): Port device team_slave_0 removed
[  113.098394][ T6486] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  113.115330][ T6486] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  113.136046][ T6486] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  113.146492][ T6486] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  113.324233][ T6486] 8021q: adding VLAN 0 to HW filter on device bond0
[  113.360927][ T6486] 8021q: adding VLAN 0 to HW filter on device team0
[  113.388137][ T3020] bridge0: port 1(bridge_slave_0) entered blocking state
[  113.395320][ T3020] bridge0: port 1(bridge_slave_0) entered forwarding state
[  113.435884][ T3020] bridge0: port 2(bridge_slave_1) entered blocking state
[  113.443068][ T3020] bridge0: port 2(bridge_slave_1) entered forwarding state
[  113.654394][ T6486] 8021q: adding VLAN 0 to HW filter on device batadv0
[  113.703009][ T6486] veth0_vlan: entered promiscuous mode
[  113.710098][ T5135] Bluetooth: hci0: command tx timeout
[  113.716433][ T6486] veth1_vlan: entered promiscuous mode
[  113.746328][ T6486] veth0_macvtap: entered promiscuous mode
[  113.757008][ T6486] veth1_macvtap: entered promiscuous mode
[  113.782027][ T6486] batman_adv: batadv0: Interface activated: batadv_slave_0
[  113.797812][ T6486] batman_adv: batadv0: Interface activated: batadv_slave_1
[  113.809826][ T6486] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  113.821247][ T6486] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  113.836283][ T6486] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  113.845825][ T6486] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  113.920844][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  113.928723][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  113.959142][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  113.967356][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.055869][ T6695] loop0: detected capacity change from 0 to 512
[  114.065601][ T6695] EXT4-fs: Ignoring removed mblk_io_submit option
[  114.076700][ T6695] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[  114.094736][ T6695] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=b042c118, mo2=0002]
[  114.104401][ T6695] System zones: 1-12
[  114.113513][ T6695] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz.0.15: corrupted in-inode xattr: e_value size too large
[  114.131920][ T6695] EXT4-fs error (device loop0): ext4_orphan_get:1394: comm syz.0.15: couldn't read orphan inode 15 (err -117)
[  114.148359][ T6695] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  114.173436][ T6695] EXT4-fs warning (device loop0): dx_probe:833: inode #2: comm syz.0.15: Unrecognised inode hash code 4
[  114.185031][ T6695] EXT4-fs warning (device loop0): dx_probe:966: inode #2: comm syz.0.15: Corrupt directory, running e2fsck is recommended
[  114.199504][ T6695] EXT4-fs error (device loop0): ext4_readdir:261: inode #2: block 255: comm syz.0.15: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0
[  114.240643][ T6486] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  114.317100][ T6707] loop0: detected capacity change from 0 to 512
[  114.325733][ T6707] EXT4-fs: Ignoring removed mblk_io_submit option
[  114.340043][ T6707] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[  114.378079][ T6707] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=b042c118, mo2=0002]
[  114.386361][ T6707] System zones: 1-12
[  114.392818][ T6707] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz.0.16: corrupted in-inode xattr: e_value size too large
[  114.407460][ T6707] EXT4-fs error (device loop0): ext4_orphan_get:1394: comm syz.0.16: couldn't read orphan inode 15 (err -117)
[  114.421811][ T6707] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  114.450059][ T6707] EXT4-fs warning (device loop0): dx_probe:833: inode #2: comm syz.0.16: Unrecognised inode hash code 4
[  114.466053][ T6707] EXT4-fs warning (device loop0): dx_probe:966: inode #2: comm syz.0.16: Corrupt directory, running e2fsck is recommended
[  114.482662][ T6707] ==================================================================
[  114.490808][ T6707] BUG: KASAN: slab-use-after-free in __ext4_check_dir_entry+0x5b5/0x6f0
[  114.499161][ T6707] Read of size 2 at addr ffff888055aa5003 by task syz.0.16/6707
[  114.506801][ T6707] 
[  114.509143][ T6707] CPU: 0 UID: 0 PID: 6707 Comm: syz.0.16 Not tainted 6.13.0-syzkaller-10003-ga86bf2283d2c #0
[  114.509158][ T6707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  114.509170][ T6707] Call Trace:
[  114.509178][ T6707]  <TASK>
[  114.509185][ T6707]  dump_stack_lvl+0x241/0x360
[  114.509209][ T6707]  ? __pfx_dump_stack_lvl+0x10/0x10
[  114.509227][ T6707]  ? __pfx__printk+0x10/0x10
[  114.509245][ T6707]  ? _printk+0xd5/0x120
[  114.509261][ T6707]  ? __virt_addr_valid+0x183/0x530
[  114.509277][ T6707]  ? __virt_addr_valid+0x183/0x530
[  114.509293][ T6707]  print_report+0x169/0x550
[  114.509307][ T6707]  ? __virt_addr_valid+0x183/0x530
[  114.509322][ T6707]  ? __virt_addr_valid+0x183/0x530
[  114.509337][ T6707]  ? __virt_addr_valid+0x45f/0x530
[  114.509352][ T6707]  ? __phys_addr+0xba/0x170
[  114.509368][ T6707]  ? __ext4_check_dir_entry+0x5b5/0x6f0
[  114.509384][ T6707]  kasan_report+0x143/0x180
[  114.509399][ T6707]  ? __ext4_check_dir_entry+0x5b5/0x6f0
[  114.509416][ T6707]  __ext4_check_dir_entry+0x5b5/0x6f0
[  114.509435][ T6707]  ext4_readdir+0x1402/0x38d0
[  114.509461][ T6707]  ? __pfx_ext4_readdir+0x10/0x10
[  114.509483][ T6707]  ? iterate_dir+0x4a6/0x760
[  114.509496][ T6707]  ? __pfx_down_read_killable+0x10/0x10
[  114.509518][ T6707]  ? __x64_sys_lseek+0x180/0x1e0
[  114.509536][ T6707]  ? __fget_files+0x2a/0x410
[  114.509552][ T6707]  iterate_dir+0x5a9/0x760
[  114.509565][ T6707]  __se_sys_getdents64+0x1e2/0x4b0
[  114.509580][ T6707]  ? __pfx___se_sys_getdents64+0x10/0x10
[  114.509592][ T6707]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  114.509607][ T6707]  ? __pfx_filldir64+0x10/0x10
[  114.509620][ T6707]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  114.509635][ T6707]  ? do_syscall_64+0x100/0x230
[  114.509652][ T6707]  ? do_syscall_64+0xb6/0x230
[  114.509668][ T6707]  do_syscall_64+0xf3/0x230
[  114.509683][ T6707]  ? clear_bhb_loop+0x35/0x90
[  114.509701][ T6707]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  114.509723][ T6707] RIP: 0033:0x7f705e57dff9
[  114.509740][ T6707] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  114.509750][ T6707] RSP: 002b:00007f705f2ff038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[  114.509765][ T6707] RAX: ffffffffffffffda RBX: 00007f705e735f80 RCX: 00007f705e57dff9
[  114.509774][ T6707] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000005
[  114.509782][ T6707] RBP: 00007f705e5f0296 R08: 0000000000000000 R09: 0000000000000000
[  114.509790][ T6707] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  114.509797][ T6707] R13: 0000000000000000 R14: 00007f705e735f80 R15: 00007ffd1528e1c8
[  114.509810][ T6707]  </TASK>
[  114.509815][ T6707] 
[  114.774309][ T6707] Allocated by task 6681:
[  114.778625][ T6707]  kasan_save_track+0x3f/0x80
[  114.783302][ T6707]  __kasan_slab_alloc+0x66/0x80
[  114.788140][ T6707]  kmem_cache_alloc_noprof+0x1d9/0x380
[  114.793591][ T6707]  vm_area_dup+0x27/0x290
[  114.797913][ T6707]  __split_vma+0x1cb/0xc50
[  114.802317][ T6707]  vms_gather_munmap_vmas+0x2e6/0x1600
[  114.807879][ T6707]  mmap_region+0xa32/0x2f80
[  114.812387][ T6707]  do_mmap+0xecc/0x13a0
[  114.816536][ T6707]  vm_mmap_pgoff+0x214/0x430
[  114.821129][ T6707]  ksys_mmap_pgoff+0x4eb/0x720
[  114.825897][ T6707]  do_syscall_64+0xf3/0x230
[  114.830485][ T6707]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  114.836369][ T6707] 
[  114.838678][ T6707] Freed by task 6681:
[  114.842787][ T6707]  kasan_save_track+0x3f/0x80
[  114.847468][ T6707]  kasan_save_free_info+0x40/0x50
[  114.852486][ T6707]  __kasan_slab_free+0x59/0x70
[  114.857324][ T6707]  kmem_cache_free+0x195/0x410
[  114.862080][ T6707]  exit_mmap+0x6b9/0xd40
[  114.866311][ T6707]  __mmput+0x115/0x410
[  114.870383][ T6707]  exit_mm+0x220/0x310
[  114.874439][ T6707]  do_exit+0x9ad/0x28e0
[  114.878605][ T6707]  do_group_exit+0x207/0x2c0
[  114.883211][ T6707]  __x64_sys_exit_group+0x3f/0x40
[  114.888235][ T6707]  x64_sys_call+0x26a8/0x26b0
[  114.892906][ T6707]  do_syscall_64+0xf3/0x230
[  114.897407][ T6707]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  114.903289][ T6707] 
[  114.905602][ T6707] The buggy address belongs to the object at ffff888055aa5000
[  114.905602][ T6707]  which belongs to the cache vm_area_struct of size 184
[  114.919996][ T6707] The buggy address is located 3 bytes inside of
[  114.919996][ T6707]  freed 184-byte region [ffff888055aa5000, ffff888055aa50b8)
[  114.933786][ T6707] 
[  114.936102][ T6707] The buggy address belongs to the physical page:
[  114.942515][ T6707] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x55aa5
[  114.951287][ T6707] memcg:ffff888029c0d801
[  114.955611][ T6707] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  114.962740][ T6707] page_type: f5(slab)
[  114.966750][ T6707] raw: 00fff00000000000 ffff88801be82b40 dead000000000122 0000000000000000
[  114.975331][ T6707] raw: 0000000000000000 0000000000100010 00000000f5000000 ffff888029c0d801
[  114.983916][ T6707] page dumped because: kasan: bad access detected
[  114.990327][ T6707] page_owner tracks the page as allocated
[  114.996032][ T6707] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6681, tgid 6681 (sed), ts 113756987582, free_ts 113107319179
[  115.014792][ T6707]  post_alloc_hook+0x1f4/0x240
[  115.019564][ T6707]  get_page_from_freelist+0x3651/0x37a0
[  115.025213][ T6707]  __alloc_frozen_pages_noprof+0x292/0x710
[  115.031028][ T6707]  alloc_pages_mpol+0x311/0x660
[  115.035873][ T6707]  allocate_slab+0x8f/0x3a0
[  115.040385][ T6707]  ___slab_alloc+0xc27/0x14a0
[  115.045066][ T6707]  __slab_alloc+0x58/0xa0
[  115.049392][ T6707]  kmem_cache_alloc_noprof+0x268/0x380
[  115.054863][ T6707]  vm_area_dup+0x27/0x290
[  115.059185][ T6707]  __split_vma+0x1cb/0xc50
[  115.063634][ T6707]  vms_gather_munmap_vmas+0x2e6/0x1600
[  115.069108][ T6707]  mmap_region+0xa32/0x2f80
[  115.073619][ T6707]  do_mmap+0xecc/0x13a0
[  115.077799][ T6707]  vm_mmap_pgoff+0x214/0x430
[  115.082386][ T6707]  ksys_mmap_pgoff+0x4eb/0x720
[  115.087145][ T6707]  do_syscall_64+0xf3/0x230
[  115.091731][ T6707] page last free pid 6323 tgid 6323 stack trace:
[  115.098056][ T6707]  free_frozen_pages+0xe04/0x10e0
[  115.103075][ T6707]  __put_partials+0x160/0x1c0
[  115.107752][ T6707]  put_cpu_partial+0x17c/0x250
[  115.112550][ T6707]  __slab_free+0x290/0x380
[  115.116955][ T6707]  qlist_free_all+0x9a/0x140
[  115.121531][ T6707]  kasan_quarantine_reduce+0x14f/0x170
[  115.126998][ T6707]  __kasan_slab_alloc+0x23/0x80
[  115.131837][ T6707]  __kmalloc_cache_noprof+0x1d9/0x390
[  115.137202][ T6707]  kernfs_fop_open+0x3e0/0xd10
[  115.141962][ T6707]  do_dentry_open+0xdec/0x1960
[  115.146720][ T6707]  vfs_open+0x3b/0x370
[  115.150781][ T6707]  path_openat+0x2c81/0x3590
[  115.155363][ T6707]  do_filp_open+0x27f/0x4e0
[  115.159875][ T6707]  do_sys_openat2+0x13e/0x1d0
[  115.164549][ T6707]  __x64_sys_openat+0x247/0x2a0
[  115.169392][ T6707]  do_syscall_64+0xf3/0x230
[  115.173887][ T6707] 
[  115.176196][ T6707] Memory state around the buggy address:
[  115.181813][ T6707]  ffff888055aa4f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  115.189957][ T6707]  ffff888055aa4f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  115.198005][ T6707] >ffff888055aa5000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  115.206050][ T6707]                    ^
[  115.210102][ T6707]  ffff888055aa5080: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fa
[  115.218147][ T6707]  ffff888055aa5100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  115.226191][ T6707] ==================================================================
[  115.275671][ T6707] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  115.283006][ T6707] CPU: 0 UID: 0 PID: 6707 Comm: syz.0.16 Not tainted 6.13.0-syzkaller-10003-ga86bf2283d2c #0
[  115.293272][ T6707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  115.303343][ T6707] Call Trace:
[  115.306639][ T6707]  <TASK>
[  115.309589][ T6707]  dump_stack_lvl+0x241/0x360
[  115.314294][ T6707]  ? __pfx_dump_stack_lvl+0x10/0x10
[  115.319528][ T6707]  ? __pfx__printk+0x10/0x10
[  115.324182][ T6707]  ? preempt_schedule+0xe1/0xf0
[  115.329141][ T6707]  ? vscnprintf+0x5d/0x90
[  115.333492][ T6707]  panic+0x349/0x880
[  115.337418][ T6707]  ? check_panic_on_warn+0x21/0xb0
[  115.342550][ T6707]  ? __pfx_panic+0x10/0x10
[  115.346997][ T6707]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[  115.353007][ T6707]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  115.359356][ T6707]  ? print_report+0x502/0x550
[  115.364056][ T6707]  check_panic_on_warn+0x86/0xb0
[  115.369015][ T6707]  ? __ext4_check_dir_entry+0x5b5/0x6f0
[  115.374584][ T6707]  end_report+0x77/0x160
[  115.378845][ T6707]  kasan_report+0x154/0x180
[  115.383371][ T6707]  ? __ext4_check_dir_entry+0x5b5/0x6f0
[  115.389024][ T6707]  __ext4_check_dir_entry+0x5b5/0x6f0
[  115.394424][ T6707]  ext4_readdir+0x1402/0x38d0
[  115.399136][ T6707]  ? __pfx_ext4_readdir+0x10/0x10
[  115.404189][ T6707]  ? iterate_dir+0x4a6/0x760
[  115.408796][ T6707]  ? __pfx_down_read_killable+0x10/0x10
[  115.414384][ T6707]  ? __x64_sys_lseek+0x180/0x1e0
[  115.419346][ T6707]  ? __fget_files+0x2a/0x410
[  115.423961][ T6707]  iterate_dir+0x5a9/0x760
[  115.428399][ T6707]  __se_sys_getdents64+0x1e2/0x4b0
[  115.433536][ T6707]  ? __pfx___se_sys_getdents64+0x10/0x10
[  115.439186][ T6707]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  115.445182][ T6707]  ? __pfx_filldir64+0x10/0x10
[  115.449968][ T6707]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  115.456298][ T6707]  ? do_syscall_64+0x100/0x230
[  115.461057][ T6707]  ? do_syscall_64+0xb6/0x230
[  115.465732][ T6707]  do_syscall_64+0xf3/0x230
[  115.470231][ T6707]  ? clear_bhb_loop+0x35/0x90
[  115.474915][ T6707]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  115.480804][ T6707] RIP: 0033:0x7f705e57dff9
[  115.485212][ T6707] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  115.505075][ T6707] RSP: 002b:00007f705f2ff038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[  115.513501][ T6707] RAX: ffffffffffffffda RBX: 00007f705e735f80 RCX: 00007f705e57dff9
[  115.521468][ T6707] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000005
[  115.529542][ T6707] RBP: 00007f705e5f0296 R08: 0000000000000000 R09: 0000000000000000
[  115.537620][ T6707] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  115.545677][ T6707] R13: 0000000000000000 R14: 00007f705e735f80 R15: 00007ffd1528e1c8
[  115.553828][ T6707]  </TASK>
[  115.557124][ T6707] Kernel Offset: disabled
[  115.561439][ T6707] Rebooting in 86400 seconds..