Warning: Permanently added '10.128.0.63' (ED25519) to the list of known hosts.
2026/02/22 03:11:59 parsed 1 programs
[   75.115444][ T5771] cgroup: Unknown subsys name 'net'
[   75.277084][ T5771] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   76.858923][ T5771] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   78.854595][ T5791] chnl_net:caif_netlink_parms(): no params data found
[   78.930527][ T5791] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.937653][ T5791] bridge0: port 1(bridge_slave_0) entered disabled state
[   78.945475][ T5791] bridge_slave_0: entered allmulticast mode
[   78.952877][ T5791] bridge_slave_0: entered promiscuous mode
[   78.961686][ T5791] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.968878][ T5791] bridge0: port 2(bridge_slave_1) entered disabled state
[   78.976244][ T5791] bridge_slave_1: entered allmulticast mode
[   78.984718][ T5791] bridge_slave_1: entered promiscuous mode
[   79.012786][ T5791] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   79.025111][ T5791] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   79.053590][ T5791] team0: Port device team_slave_0 added
[   79.061202][ T5791] team0: Port device team_slave_1 added
[   79.083523][ T5791] batman_adv: batadv0: Adding interface: batadv_slave_0
[   79.090541][ T5791] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   79.116472][ T5791] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   79.129205][ T5791] batman_adv: batadv0: Adding interface: batadv_slave_1
[   79.136164][ T5791] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   79.162530][ T5791] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   79.202918][ T5791] hsr_slave_0: entered promiscuous mode
[   79.210429][ T5791] hsr_slave_1: entered promiscuous mode
[   79.363786][ T5791] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   79.375799][ T5791] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   79.385765][ T5791] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   79.396124][ T5791] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   79.432128][ T5791] bridge0: port 2(bridge_slave_1) entered blocking state
[   79.439586][ T5791] bridge0: port 2(bridge_slave_1) entered forwarding state
[   79.447328][ T5791] bridge0: port 1(bridge_slave_0) entered blocking state
[   79.454512][ T5791] bridge0: port 1(bridge_slave_0) entered forwarding state
[   79.513420][ T5791] 8021q: adding VLAN 0 to HW filter on device bond0
[   79.532108][ T1087] bridge0: port 1(bridge_slave_0) entered disabled state
[   79.542530][ T1087] bridge0: port 2(bridge_slave_1) entered disabled state
[   79.557635][ T5791] 8021q: adding VLAN 0 to HW filter on device team0
[   79.573648][ T1087] bridge0: port 1(bridge_slave_0) entered blocking state
[   79.580797][ T1087] bridge0: port 1(bridge_slave_0) entered forwarding state
[   79.593587][ T4378] bridge0: port 2(bridge_slave_1) entered blocking state
[   79.600761][ T4378] bridge0: port 2(bridge_slave_1) entered forwarding state
[   79.794959][ T5791] 8021q: adding VLAN 0 to HW filter on device batadv0
[   79.844351][ T5791] veth0_vlan: entered promiscuous mode
[   79.856160][ T5791] veth1_vlan: entered promiscuous mode
[   79.891164][ T5791] veth0_macvtap: entered promiscuous mode
[   79.901394][ T5791] veth1_macvtap: entered promiscuous mode
[   79.924322][ T5791] batman_adv: batadv0: Interface activated: batadv_slave_0
[   79.938954][ T5791] batman_adv: batadv0: Interface activated: batadv_slave_1
[   79.950788][ T5791] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   79.960298][ T5791] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   79.969021][ T5791] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   79.981178][ T5791] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   80.162445][   T11] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   80.274325][ T3442] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   80.284523][ T3442] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   80.317481][ T4378] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   80.326116][ T4378] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   82.767419][   T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   82.775345][   T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   82.783447][   T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   82.792011][   T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   82.800929][   T51] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   82.808645][   T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   83.022581][   T11] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2026/02/22 03:12:10 executed programs: 0
[   84.057104][ T5083] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   84.065211][ T5083] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   84.074334][ T5083] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   84.083998][ T5083] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   84.092775][ T5083] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   84.100268][ T5083] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   84.246458][ T5877] chnl_net:caif_netlink_parms(): no params data found
[   84.318655][ T5877] bridge0: port 1(bridge_slave_0) entered blocking state
[   84.325956][ T5877] bridge0: port 1(bridge_slave_0) entered disabled state
[   84.333407][ T5877] bridge_slave_0: entered allmulticast mode
[   84.341340][ T5877] bridge_slave_0: entered promiscuous mode
[   84.350711][ T5877] bridge0: port 2(bridge_slave_1) entered blocking state
[   84.357875][ T5877] bridge0: port 2(bridge_slave_1) entered disabled state
[   84.365239][ T5877] bridge_slave_1: entered allmulticast mode
[   84.373041][ T5877] bridge_slave_1: entered promiscuous mode
[   84.400821][ T5877] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   84.412833][ T5877] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   84.443179][ T5877] team0: Port device team_slave_0 added
[   84.451566][ T5877] team0: Port device team_slave_1 added
[   84.474638][ T5877] batman_adv: batadv0: Adding interface: batadv_slave_0
[   84.481720][ T5877] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   84.508496][ T5877] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   84.521027][ T5877] batman_adv: batadv0: Adding interface: batadv_slave_1
[   84.527998][ T5877] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   84.554218][ T5877] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   84.595454][ T5877] hsr_slave_0: entered promiscuous mode
[   84.602645][ T5877] hsr_slave_1: entered promiscuous mode
[   84.610226][ T5877] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   84.618028][ T5877] Cannot create hsr debugfs directory
[   85.160690][   T11] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   85.232763][   T11] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   86.131305][   T11] hsr_slave_0: left promiscuous mode
[   86.138321][   T11] hsr_slave_1: left promiscuous mode
[   86.145376][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   86.153165][   T11] batman_adv: batadv0: Removing interface: batadv_slave_0
[   86.162255][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   86.170819][ T5083] Bluetooth: hci0: command tx timeout
[   86.179835][   T11] batman_adv: batadv0: Removing interface: batadv_slave_1
[   86.187901][   T11] bridge_slave_1: left allmulticast mode
[   86.196539][   T11] bridge_slave_1: left promiscuous mode
[   86.203401][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[   86.215982][   T11] bridge_slave_0: left allmulticast mode
[   86.222934][   T11] bridge_slave_0: left promiscuous mode
[   86.228760][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[   86.264145][   T11] veth1_macvtap: left promiscuous mode
[   86.270068][   T11] veth0_macvtap: left promiscuous mode
[   86.275652][   T11] veth1_vlan: left promiscuous mode
[   86.281634][   T11] veth0_vlan: left promiscuous mode
[   86.667449][   T11] team0 (unregistering): Port device team_slave_1 removed
[   86.698243][   T11] team0 (unregistering): Port device team_slave_0 removed
[   86.731389][  T787] cfg80211: failed to load regulatory.db
[   86.738542][   T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   86.771969][   T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   86.967984][   T11] bond0 (unregistering): Released all slaves
[   87.068292][ T5877] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   87.078013][ T5877] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   87.090118][ T5877] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   87.101352][ T5877] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   87.187173][ T5877] 8021q: adding VLAN 0 to HW filter on device bond0
[   87.212256][ T5877] 8021q: adding VLAN 0 to HW filter on device team0
[   87.233592][ T1087] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.240849][ T1087] bridge0: port 1(bridge_slave_0) entered forwarding state
[   87.251608][ T1087] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.258731][ T1087] bridge0: port 2(bridge_slave_1) entered forwarding state
[   87.482852][ T5877] 8021q: adding VLAN 0 to HW filter on device batadv0
[   87.558425][ T5877] veth0_vlan: entered promiscuous mode
[   87.588097][ T5877] veth1_vlan: entered promiscuous mode
[   87.639021][ T5877] veth0_macvtap: entered promiscuous mode
[   87.651903][ T5877] veth1_macvtap: entered promiscuous mode
[   87.672748][ T5877] batman_adv: batadv0: Interface activated: batadv_slave_0
[   87.686587][ T5877] batman_adv: batadv0: Interface activated: batadv_slave_1
[   87.703729][ T5877] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   87.713474][ T5877] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   87.722511][ T5877] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   87.733159][ T5877] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   87.817524][ T1087] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   87.829841][ T1087] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   87.854840][ T3442] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   87.863060][ T3442] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   87.910723][ T5916] syz.0.17[5916]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[   87.926746][ T5916] loop0: detected capacity change from 0 to 512
[   87.937127][ T5916] EXT4-fs: Ignoring removed mblk_io_submit option
[   87.946668][ T5916] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[   87.961384][ T5916] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a003c11c, mo2=0002]
[   87.970070][ T5916] System zones: 1-12
[   87.983624][ T5916] EXT4-fs error (device loop0): ext4_iget_extra_inode:4732: inode #15: comm syz.0.17: corrupted in-inode xattr: e_value size too large
[   88.001761][ T5916] EXT4-fs error (device loop0): ext4_orphan_get:1403: comm syz.0.17: couldn't read orphan inode 15 (err -117)
[   88.015965][ T5916] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   88.036499][ T5916] EXT4-fs warning (device loop0): dx_probe:833: inode #2: comm syz.0.17: Unrecognised inode hash code 4
[   88.048520][ T5916] EXT4-fs warning (device loop0): dx_probe:966: inode #2: comm syz.0.17: Corrupt directory, running e2fsck is recommended
[   88.061504][ T5916] EXT4-fs error (device loop0): ext4_readdir:263: inode #2: block 255: comm syz.0.17: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0
[   88.095209][ T5877] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   88.142326][ T5919] loop0: detected capacity change from 0 to 512
[   88.153870][ T5919] EXT4-fs: Ignoring removed mblk_io_submit option
[   88.166650][ T5919] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[   88.211417][ T5919] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a003c11c, mo2=0002]
[   88.229042][ T5919] System zones: 1-12
[   88.243288][ T5919] EXT4-fs error (device loop0): ext4_iget_extra_inode:4732: inode #15: comm syz.0.18: corrupted in-inode xattr: e_value size too large
[   88.258523][ T5083] Bluetooth: hci0: command tx timeout
[   88.263581][ T5919] EXT4-fs error (device loop0): ext4_orphan_get:1403: comm syz.0.18: couldn't read orphan inode 15 (err -117)
[   88.282478][ T5919] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   88.299426][ T5919] EXT4-fs warning (device loop0): dx_probe:833: inode #2: comm syz.0.18: Unrecognised inode hash code 4
[   88.311101][ T5919] EXT4-fs warning (device loop0): dx_probe:966: inode #2: comm syz.0.18: Corrupt directory, running e2fsck is recommended
[   88.323969][ T5919] EXT4-fs error (device loop0): ext4_readdir:263: inode #2: block 255: comm syz.0.18: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0
[   88.392383][ T5877] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   88.452967][ T5921] loop0: detected capacity change from 0 to 512
[   88.461465][ T5921] EXT4-fs: Ignoring removed mblk_io_submit option
[   88.482243][ T5921] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[   88.503387][ T5921] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a003c11c, mo2=0002]
[   88.519233][ T5921] System zones: 1-12
[   88.526882][ T5921] EXT4-fs error (device loop0): ext4_iget_extra_inode:4732: inode #15: comm syz.0.19: corrupted in-inode xattr: e_value size too large
[   88.559381][ T5921] EXT4-fs error (device loop0): ext4_orphan_get:1403: comm syz.0.19: couldn't read orphan inode 15 (err -117)
[   88.583968][ T5921] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   88.602468][ T5921] EXT4-fs warning (device loop0): dx_probe:833: inode #2: comm syz.0.19: Unrecognised inode hash code 4
[   88.613916][ T5921] EXT4-fs warning (device loop0): dx_probe:966: inode #2: comm syz.0.19: Corrupt directory, running e2fsck is recommended
[   88.626792][ T5921] ==================================================================
[   88.634874][ T5921] BUG: KASAN: use-after-free in __ext4_check_dir_entry+0x73c/0x8e0
[   88.642821][ T5921] Read of size 2 at addr ffff88805cc07003 by task syz.0.19/5921
[   88.650491][ T5921] 
[   88.652856][ T5921] CPU: 0 PID: 5921 Comm: syz.0.19 Not tainted syzkaller #0
[   88.660068][ T5921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[   88.670151][ T5921] Call Trace:
[   88.673476][ T5921]  <TASK>
[   88.676434][ T5921]  dump_stack_lvl+0x18c/0x250
[   88.681147][ T5921]  ? read_lock_is_recursive+0x20/0x20
[   88.686562][ T5921]  ? show_regs_print_info+0x20/0x20
[   88.691792][ T5921]  ? load_image+0x400/0x400
[   88.696326][ T5921]  ? _raw_spin_lock_irqsave+0xc0/0x100
[   88.701818][ T5921]  ? __virt_addr_valid+0x18c/0x540
[   88.706953][ T5921]  ? __virt_addr_valid+0x469/0x540
[   88.712096][ T5921]  print_report+0xa8/0x210
[   88.716556][ T5921]  ? __ext4_check_dir_entry+0x73c/0x8e0
[   88.722139][ T5921]  kasan_report+0x117/0x150
[   88.726668][ T5921]  ? __ext4_check_dir_entry+0x73c/0x8e0
[   88.732248][ T5921]  __ext4_check_dir_entry+0x73c/0x8e0
[   88.737655][ T5921]  ? ext4_initialize_dirent_tail+0xe0/0xe0
[   88.743473][ T5921]  ext4_readdir+0x11f7/0x3a80
[   88.748172][ T5921]  ? aa_file_perm+0x3e3/0xee0
[   88.752867][ T5921]  ? ext4_dir_llseek+0x4b0/0x4b0
[   88.757817][ T5921]  ? __might_sleep+0xe0/0xe0
[   88.762414][ T5921]  ? read_lock_is_recursive+0x20/0x20
[   88.767788][ T5921]  ? mutex_lock_nested+0x20/0x20
[   88.772738][ T5921]  ? end_current_label_crit_section+0x149/0x170
[   88.778982][ T5921]  ? down_read_killable+0x1d0/0x340
[   88.784191][ T5921]  ? fsnotify_perm+0x271/0x5e0
[   88.788954][ T5921]  iterate_dir+0x1c2/0x580
[   88.793375][ T5921]  __se_sys_getdents64+0xf6/0x270
[   88.798428][ T5921]  ? __x64_sys_getdents64+0x80/0x80
[   88.803644][ T5921]  ? filldir+0x660/0x660
[   88.807893][ T5921]  ? lockdep_hardirqs_on+0x98/0x150
[   88.813128][ T5921]  do_syscall_64+0x55/0xa0
[   88.817549][ T5921]  ? clear_bhb_loop+0x40/0x90
[   88.822232][ T5921]  ? clear_bhb_loop+0x40/0x90
[   88.826908][ T5921]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   88.832799][ T5921] RIP: 0033:0x7f430df9c629
[   88.837237][ T5921] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   88.856840][ T5921] RSP: 002b:00007ffe7186ec68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[   88.865256][ T5921] RAX: ffffffffffffffda RBX: 00007f430e215fa0 RCX: 00007f430df9c629
[   88.873223][ T5921] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006
[   88.881187][ T5921] RBP: 00007f430e032b39 R08: 0000000000000000 R09: 0000000000000000
[   88.889159][ T5921] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   88.897141][ T5921] R13: 00007f430e215fac R14: 00007f430e215fa0 R15: 00007f430e215fa0
[   88.905133][ T5921]  </TASK>
[   88.908152][ T5921] 
[   88.910519][ T5921] The buggy address belongs to the physical page:
[   88.916985][ T5921] page:ffffea00017301c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x5cc07
[   88.927131][ T5921] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   88.934231][ T5921] page_type: 0xffffffff()
[   88.938558][ T5921] raw: 00fff00000000000 ffffea0001b6c588 ffffea0001730008 0000000000000000
[   88.947247][ T5921] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[   88.955824][ T5921] page dumped because: kasan: bad access detected
[   88.962223][ T5921] page_owner tracks the page as freed
[   88.967583][ T5921] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 5916, tgid 5916 (syz.0.17), ts 87922739760, free_ts 88114513540
[   88.984969][ T5921]  post_alloc_hook+0x1c1/0x200
[   88.989744][ T5921]  get_page_from_freelist+0x1951/0x19e0
[   88.995296][ T5921]  __alloc_pages+0x1f0/0x460
[   88.999875][ T5921]  __folio_alloc+0x10/0x20
[   89.004279][ T5921]  vma_alloc_folio+0x47a/0x8f0
[   89.009036][ T5921]  shmem_alloc_folio+0x1a9/0x2a0
[   89.013976][ T5921]  shmem_alloc_and_acct_folio+0x1e6/0x6d0
[   89.019695][ T5921]  shmem_get_folio_gfp+0xcde/0x2aa0
[   89.024887][ T5921]  shmem_write_begin+0xf2/0x420
[   89.029755][ T5921]  generic_perform_write+0x2fe/0x5c0
[   89.035071][ T5921]  shmem_file_write_iter+0xfb/0x120
[   89.040267][ T5921]  vfs_write+0x46c/0x990
[   89.044512][ T5921]  ksys_write+0x150/0x260
[   89.048844][ T5921]  do_syscall_64+0x55/0xa0
[   89.053285][ T5921]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   89.059201][ T5921] page last free stack trace:
[   89.063883][ T5921]  free_unref_page_prepare+0x7b2/0x8c0
[   89.069355][ T5921]  free_unref_page_list+0xbe/0x860
[   89.074492][ T5921]  release_pages+0x1f7a/0x2200
[   89.079264][ T5921]  __folio_batch_release+0x71/0xe0
[   89.084380][ T5921]  shmem_undo_range+0x630/0x1b20
[   89.089317][ T5921]  shmem_evict_inode+0x245/0x9e0
[   89.094273][ T5921]  evict+0x4ca/0x8d0
[   89.098168][ T5921]  __dentry_kill+0x431/0x650
[   89.102761][ T5921]  dentry_kill+0xb8/0x290
[   89.107090][ T5921]  dput+0xfe/0x1e0
[   89.110825][ T5921]  __fput+0x5e5/0x970
[   89.114834][ T5921]  task_work_run+0x1d4/0x260
[   89.119433][ T5921]  exit_to_user_mode_loop+0xe6/0x110
[   89.124735][ T5921]  exit_to_user_mode_prepare+0xee/0x180
[   89.130295][ T5921]  syscall_exit_to_user_mode+0x1a/0x50
[   89.135786][ T5921]  do_syscall_64+0x61/0xa0
[   89.140206][ T5921] 
[   89.142523][ T5921] Memory state around the buggy address:
[   89.148155][ T5921]  ffff88805cc06f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   89.156219][ T5921]  ffff88805cc06f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   89.164272][ T5921] >ffff88805cc07000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   89.172323][ T5921]                    ^
[   89.176411][ T5921]  ffff88805cc07080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   89.184478][ T5921]  ffff88805cc07100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   89.192536][ T5921] ==================================================================
[   89.212444][ T5921] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   89.219767][ T5921] CPU: 1 PID: 5921 Comm: syz.0.19 Not tainted syzkaller #0
[   89.226983][ T5921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[   89.237053][ T5921] Call Trace:
[   89.240351][ T5921]  <TASK>
[   89.243309][ T5921]  dump_stack_lvl+0x18c/0x250
[   89.248029][ T5921]  ? show_regs_print_info+0x20/0x20
[   89.253268][ T5921]  ? load_image+0x400/0x400
[   89.257812][ T5921]  panic+0x2dc/0x730
[   89.261743][ T5921]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   89.267940][ T5921]  ? bpf_jit_dump+0xd0/0xd0
[   89.272482][ T5921]  ? _raw_spin_unlock_irqrestore+0x111/0x120
[   89.278504][ T5921]  ? _raw_spin_unlock+0x40/0x40
[   89.283392][ T5921]  ? __ext4_check_dir_entry+0x73c/0x8e0
[   89.288970][ T5921]  check_panic_on_warn+0x84/0xa0
[   89.293941][ T5921]  ? __ext4_check_dir_entry+0x73c/0x8e0
[   89.299541][ T5921]  end_report+0x6f/0x130
[   89.303834][ T5921]  kasan_report+0x128/0x150
[   89.308394][ T5921]  ? __ext4_check_dir_entry+0x73c/0x8e0
[   89.314001][ T5921]  __ext4_check_dir_entry+0x73c/0x8e0
[   89.319411][ T5921]  ? ext4_initialize_dirent_tail+0xe0/0xe0
[   89.325259][ T5921]  ext4_readdir+0x11f7/0x3a80
[   89.329983][ T5921]  ? aa_file_perm+0x3e3/0xee0
[   89.334699][ T5921]  ? ext4_dir_llseek+0x4b0/0x4b0
[   89.339650][ T5921]  ? __might_sleep+0xe0/0xe0
[   89.344275][ T5921]  ? read_lock_is_recursive+0x20/0x20
[   89.349655][ T5921]  ? mutex_lock_nested+0x20/0x20
[   89.354615][ T5921]  ? end_current_label_crit_section+0x149/0x170
[   89.360885][ T5921]  ? down_read_killable+0x1d0/0x340
[   89.366126][ T5921]  ? fsnotify_perm+0x271/0x5e0
[   89.370905][ T5921]  iterate_dir+0x1c2/0x580
[   89.375343][ T5921]  __se_sys_getdents64+0xf6/0x270
[   89.380403][ T5921]  ? __x64_sys_getdents64+0x80/0x80
[   89.385633][ T5921]  ? filldir+0x660/0x660
[   89.390076][ T5921]  ? lockdep_hardirqs_on+0x98/0x150
[   89.395281][ T5921]  do_syscall_64+0x55/0xa0
[   89.399710][ T5921]  ? clear_bhb_loop+0x40/0x90
[   89.404391][ T5921]  ? clear_bhb_loop+0x40/0x90
[   89.409072][ T5921]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   89.415010][ T5921] RIP: 0033:0x7f430df9c629
[   89.419500][ T5921] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   89.439151][ T5921] RSP: 002b:00007ffe7186ec68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[   89.447583][ T5921] RAX: ffffffffffffffda RBX: 00007f430e215fa0 RCX: 00007f430df9c629
[   89.455566][ T5921] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006
[   89.463557][ T5921] RBP: 00007f430e032b39 R08: 0000000000000000 R09: 0000000000000000
[   89.471534][ T5921] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   89.479506][ T5921] R13: 00007f430e215fac R14: 00007f430e215fa0 R15: 00007f430e215fa0
[   89.487493][ T5921]  </TASK>
[   89.491126][ T5921] Kernel Offset: disabled
[   89.495459][ T5921] Rebooting in 86400 seconds..