Warning: Permanently added '10.128.0.118' (ED25519) to the list of known hosts.
2025/05/21 09:17:42 ignoring optional flag "sandboxArg"="0"
2025/05/21 09:17:43 parsed 1 programs
[  101.184492][ T4195] cgroup: Unknown subsys name 'net'
[  101.321467][ T4195] cgroup: Unknown subsys name 'rlimit'
[  102.457911][ T4195] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k FS
[  104.784422][ T4222] chnl_net:caif_netlink_parms(): no params data found
[  104.852367][ T4222] bridge0: port 1(bridge_slave_0) entered blocking state
[  104.861400][ T4222] bridge0: port 1(bridge_slave_0) entered disabled state
[  104.869745][ T4222] device bridge_slave_0 entered promiscuous mode
[  104.880970][ T4222] bridge0: port 2(bridge_slave_1) entered blocking state
[  104.888450][ T4222] bridge0: port 2(bridge_slave_1) entered disabled state
[  104.896595][ T4222] device bridge_slave_1 entered promiscuous mode
[  104.928169][ T4222] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  104.942157][ T4222] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  104.978867][ T4222] team0: Port device team_slave_0 added
[  104.986853][ T4222] team0: Port device team_slave_1 added
[  105.013386][ T4222] batman_adv: batadv0: Adding interface: batadv_slave_0
[  105.021765][ T4222] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  105.049544][ T4222] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  105.062960][ T4222] batman_adv: batadv0: Adding interface: batadv_slave_1
[  105.071397][ T4222] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  105.098857][ T4222] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  105.141247][ T4222] device hsr_slave_0 entered promiscuous mode
[  105.148314][ T4222] device hsr_slave_1 entered promiscuous mode
[  105.276999][ T4222] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  105.289464][ T4222] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  105.299431][ T4222] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  105.310479][ T4222] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  105.340965][ T4222] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.348218][ T4222] bridge0: port 2(bridge_slave_1) entered forwarding state
[  105.356301][ T4222] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.363470][ T4222] bridge0: port 1(bridge_slave_0) entered forwarding state
[  105.426491][ T4222] 8021q: adding VLAN 0 to HW filter on device bond0
[  105.442784][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  105.455795][ T3076] bridge0: port 1(bridge_slave_0) entered disabled state
[  105.464117][ T3076] bridge0: port 2(bridge_slave_1) entered disabled state
[  105.472807][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  105.486171][ T4222] 8021q: adding VLAN 0 to HW filter on device team0
[  105.499586][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  105.508596][  T154] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.515770][  T154] bridge0: port 1(bridge_slave_0) entered forwarding state
[  105.530255][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  105.539774][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.546849][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[  105.568570][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  105.579234][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  105.599973][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  105.614295][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  105.629296][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  105.641004][ T4222] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  105.720721][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  105.729699][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  105.757882][ T4222] 8021q: adding VLAN 0 to HW filter on device batadv0
[  105.786777][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  105.800705][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  105.828447][ T4222] device veth0_vlan entered promiscuous mode
[  105.836406][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  105.845936][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  105.859989][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  105.868204][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  105.877190][ T4222] device veth1_vlan entered promiscuous mode
[  105.892334][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  105.901024][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  105.909382][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  105.918543][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  105.930553][ T4222] device veth0_macvtap entered promiscuous mode
[  105.939345][ T4222] device veth1_macvtap entered promiscuous mode
[  105.953076][ T4222] batman_adv: batadv0: Interface activated: batadv_slave_0
[  105.960605][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  105.969138][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  105.977618][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  105.985992][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  105.998591][ T4222] batman_adv: batadv0: Interface activated: batadv_slave_1
[  106.007099][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  106.016256][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  106.026353][ T4222] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  106.035729][ T4222] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  106.045148][ T4222] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  106.054062][ T4222] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  106.137536][ T4222] syz-executor (4222) used greatest stack depth: 19968 bytes left
[  107.076569][    T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  107.089846][    T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  107.104744][ T3076] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  107.106868][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  107.122620][ T3076] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  107.134114][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
2025/05/21 09:17:51 executed programs: 0
[  107.849940][ T4275] chnl_net:caif_netlink_parms(): no params data found
[  107.916501][ T4275] bridge0: port 1(bridge_slave_0) entered blocking state
[  107.935944][ T4275] bridge0: port 1(bridge_slave_0) entered disabled state
[  107.944971][ T4275] device bridge_slave_0 entered promiscuous mode
[  107.955267][ T4275] bridge0: port 2(bridge_slave_1) entered blocking state
[  107.962565][ T4275] bridge0: port 2(bridge_slave_1) entered disabled state
[  107.970733][ T4275] device bridge_slave_1 entered promiscuous mode
[  108.000487][ T4275] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  108.022398][ T4275] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  108.053089][ T4275] team0: Port device team_slave_0 added
[  108.061569][ T4275] team0: Port device team_slave_1 added
[  108.082590][ T4275] batman_adv: batadv0: Adding interface: batadv_slave_0
[  108.089885][ T4275] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  108.115835][ T4275] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  108.127857][ T4275] batman_adv: batadv0: Adding interface: batadv_slave_1
[  108.134816][ T4275] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  108.162109][ T4275] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  108.211231][ T4275] device hsr_slave_0 entered promiscuous mode
[  108.220564][ T4275] device hsr_slave_1 entered promiscuous mode
[  108.228168][ T4275] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  108.236269][ T4275] Cannot create hsr debugfs directory
[  108.332675][ T4275] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  109.757920][ T4235] Bluetooth: hci0: command 0x0409 tx timeout
[  111.812378][ T4275] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  111.837711][ T1335] Bluetooth: hci0: command 0x041b tx timeout
[  111.904321][ T4275] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  111.962014][ T4275] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  112.188197][ T4275] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  112.196457][ T4275] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  112.206139][ T4275] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  112.214454][ T4275] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  112.271478][ T4275] 8021q: adding VLAN 0 to HW filter on device bond0
[  112.296435][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  112.304659][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  112.314049][ T4275] 8021q: adding VLAN 0 to HW filter on device team0
[  112.324220][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  112.332800][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  112.343464][  T155] bridge0: port 1(bridge_slave_0) entered blocking state
[  112.350542][  T155] bridge0: port 1(bridge_slave_0) entered forwarding state
[  112.358745][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  112.384485][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  112.393343][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  112.403069][  T155] bridge0: port 2(bridge_slave_1) entered blocking state
[  112.410186][  T155] bridge0: port 2(bridge_slave_1) entered forwarding state
[  112.443075][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  112.451576][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  112.461121][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  112.471762][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  112.480692][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  112.490024][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  112.499048][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  112.507795][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  112.515856][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  112.524147][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  112.532399][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  112.542373][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  112.634283][  T144] device hsr_slave_0 left promiscuous mode
[  112.642171][  T144] device hsr_slave_1 left promiscuous mode
[  112.650895][  T144] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  112.658602][  T144] batman_adv: batadv0: Removing interface: batadv_slave_0
[  112.666415][  T144] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  112.674517][  T144] batman_adv: batadv0: Removing interface: batadv_slave_1
[  112.682153][  T144] device bridge_slave_1 left promiscuous mode
[  112.689221][  T144] bridge0: port 2(bridge_slave_1) entered disabled state
[  112.701937][  T144] device bridge_slave_0 left promiscuous mode
[  112.708220][  T144] bridge0: port 1(bridge_slave_0) entered disabled state
[  112.722333][  T144] device veth1_macvtap left promiscuous mode
[  112.729309][  T144] device veth0_macvtap left promiscuous mode
[  112.735341][  T144] device veth1_vlan left promiscuous mode
[  112.741299][  T144] device veth0_vlan left promiscuous mode
[  112.854529][  T144] team0 (unregistering): Port device team_slave_1 removed
[  112.867074][  T144] team0 (unregistering): Port device team_slave_0 removed
[  112.884375][  T144] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  112.896147][  T144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  112.942050][  T144] bond0 (unregistering): Released all slaves
[  113.005656][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  113.013588][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  113.024999][ T4275] 8021q: adding VLAN 0 to HW filter on device batadv0
[  113.044571][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  113.053530][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  113.069985][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  113.078967][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  113.093195][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  113.101784][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  113.112585][ T4275] device veth0_vlan entered promiscuous mode
[  113.125322][ T4275] device veth1_vlan entered promiscuous mode
[  113.140456][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  113.148791][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  113.157023][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  113.165909][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  113.178200][ T4275] device veth0_macvtap entered promiscuous mode
[  113.193523][ T4275] device veth1_macvtap entered promiscuous mode
[  113.206524][ T4275] batman_adv: batadv0: Interface activated: batadv_slave_0
[  113.214211][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  113.222345][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  113.230585][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  113.239673][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  113.250322][ T4275] batman_adv: batadv0: Interface activated: batadv_slave_1
[  113.261049][ T4275] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  113.269945][ T4275] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  113.278983][ T4275] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  113.287987][ T4275] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  113.304651][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  113.313865][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  113.355041][  T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  113.371584][  T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  113.382153][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
2025/05/21 09:17:57 executed programs: 2
[  113.406511][ T4286] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  113.414954][ T4286] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  113.424399][ T4286] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  113.753165][ T4291] loop0: detected capacity change from 0 to 32768
[  113.880194][   T26] audit: type=1800 audit(1747819077.685:2): pid=4291 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.16" name="file1" dev="loop0" ino=4 res=0 errno=0
[  113.917790][ T4284] Bluetooth: hci0: command 0x040f tx timeout
[  113.925836][ T4291] attempt to access beyond end of device
[  113.925836][ T4291] loop0: rw=34817, want=4680184, limit=32768
[  113.953669][  T278] blkno = 8ed30, nblocks = f
[  113.958754][  T278] ERROR: (device loop0): dbFree: block to be freed is outside the map
[  113.958754][  T278] 
[  113.979802][  T278] ERROR: (device loop0): remounting filesystem as read-only
[  114.409234][ T4292] loop0: detected capacity change from 0 to 32768
[  114.438613][   T26] audit: type=1800 audit(1747819078.245:3): pid=4292 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.17" name="file1" dev="loop0" ino=4 res=0 errno=0
[  114.463265][ T4292] attempt to access beyond end of device
[  114.463265][ T4292] loop0: rw=34817, want=4680184, limit=32768
[  114.478645][  T278] blkno = 8ed30, nblocks = f
[  114.483263][  T278] ERROR: (device loop0): dbFree: block to be freed is outside the map
[  114.483263][  T278] 
[  114.507567][  T278] ERROR: (device loop0): remounting filesystem as read-only
[  115.016126][ T4293] loop0: detected capacity change from 0 to 32768
[  115.072595][   T26] audit: type=1800 audit(1747819078.875:4): pid=4293 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.18" name="file1" dev="loop0" ino=4 res=0 errno=0
[  115.095659][ T4293] attempt to access beyond end of device
[  115.095659][ T4293] loop0: rw=34817, want=4680184, limit=32768
[  115.109327][  T278] blkno = 8ed30, nblocks = f
[  115.113959][  T278] ERROR: (device loop0): dbFree: block to be freed is outside the map
[  115.113959][  T278] 
[  115.126131][  T278] ERROR: (device loop0): remounting filesystem as read-only
[  115.648030][ T4294] loop0: detected capacity change from 0 to 32768
[  115.704146][   T26] audit: type=1800 audit(1747819079.505:5): pid=4294 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.19" name="file1" dev="loop0" ino=4 res=0 errno=0
[  115.728042][ T4294] attempt to access beyond end of device
[  115.728042][ T4294] loop0: rw=34817, want=4680184, limit=32768
[  115.742097][  T278] blkno = 8ed30, nblocks = f
[  115.746732][  T278] ERROR: (device loop0): dbFree: block to be freed is outside the map
[  115.746732][  T278] 
[  115.768024][  T278] ERROR: (device loop0): remounting filesystem as read-only
[  115.997457][ T4284] Bluetooth: hci0: command 0x0419 tx timeout
[  116.005932][ T4295] loop0: detected capacity change from 0 to 32768
[  116.073205][   T26] audit: type=1800 audit(1747819079.875:6): pid=4295 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.20" name="file1" dev="loop0" ino=4 res=0 errno=0
[  116.095811][ T4295] attempt to access beyond end of device
[  116.095811][ T4295] loop0: rw=34817, want=4680184, limit=32768
[  116.109675][  T278] blkno = 8ed30, nblocks = f
[  116.114303][  T278] ERROR: (device loop0): dbFree: block to be freed is outside the map
[  116.114303][  T278] 
[  116.125459][  T278] ERROR: (device loop0): remounting filesystem as read-only
[  116.325193][ T4296] loop0: detected capacity change from 0 to 32768
[  116.375812][   T26] audit: type=1800 audit(1747819080.175:7): pid=4296 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.21" name="file1" dev="loop0" ino=4 res=0 errno=0
[  116.379571][ T4296] attempt to access beyond end of device
[  116.379571][ T4296] loop0: rw=34817, want=4680184, limit=32768
[  116.408880][  T278] blkno = 8ed30, nblocks = f
[  116.413506][  T278] ERROR: (device loop0): dbFree: block to be freed is outside the map
[  116.413506][  T278] 
[  116.425588][  T278] ERROR: (device loop0): remounting filesystem as read-only
[  116.934176][ T4297] loop0: detected capacity change from 0 to 32768
[  116.990560][   T26] audit: type=1800 audit(1747819080.795:8): pid=4297 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.22" name="file1" dev="loop0" ino=4 res=0 errno=0
[  116.992656][ T4297] attempt to access beyond end of device
[  116.992656][ T4297] loop0: rw=34817, want=4680184, limit=32768
[  117.015289][  T278] blkno = 8ed30, nblocks = f
[  117.027380][  T278] ERROR: (device loop0): dbFree: block to be freed is outside the map
[  117.027380][  T278] 
[  117.038938][  T278] ERROR: (device loop0): remounting filesystem as read-only
[  117.243171][ T4298] loop0: detected capacity change from 0 to 32768
[  117.307678][   T26] audit: type=1800 audit(1747819081.115:9): pid=4298 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.23" name="file1" dev="loop0" ino=4 res=0 errno=0
[  117.331149][ T4298] attempt to access beyond end of device
[  117.331149][ T4298] loop0: rw=34817, want=4680184, limit=32768
[  117.343934][  T277] blkno = 8ed30, nblocks = f
[  117.348889][  T277] ERROR: (device loop0): dbFree: block to be freed is outside the map
[  117.348889][  T277] 
[  117.360184][  T277] ERROR: (device loop0): remounting filesystem as read-only
[  117.853291][ T4299] loop0: detected capacity change from 0 to 32768
[  117.915070][   T26] audit: type=1800 audit(1747819081.715:10): pid=4299 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.24" name="file1" dev="loop0" ino=4 res=0 errno=0
[  117.917230][ T4299] attempt to access beyond end of device
[  117.917230][ T4299] loop0: rw=34817, want=4680184, limit=32768
[  117.948887][  T277] blkno = 8ed30, nblocks = f
[  117.953515][  T277] ERROR: (device loop0): dbFree: block to be freed is outside the map
[  117.953515][  T277] 
[  117.964819][  T277] ERROR: (device loop0): remounting filesystem as read-only
[  118.204163][ T4300] loop0: detected capacity change from 0 to 32768
[  118.262829][   T26] audit: type=1800 audit(1747819082.065:11): pid=4300 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.25" name="file1" dev="loop0" ino=4 res=0 errno=0
[  118.285797][ T4300] attempt to access beyond end of device
[  118.285797][ T4300] loop0: rw=34817, want=4680184, limit=32768
[  118.298471][  T277] blkno = 8ed30, nblocks = f
[  118.303089][  T277] ERROR: (device loop0): dbFree: block to be freed is outside the map
[  118.303089][  T277] 
[  118.314665][  T277] ERROR: (device loop0): remounting filesystem as read-only
[  118.856978][ T4301] loop0: detected capacity change from 0 to 32768
[  118.917079][   T26] audit: type=1800 audit(1747819082.715:12): pid=4301 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.26" name="file1" dev="loop0" ino=4 res=0 errno=0
[  118.929667][  T277] blkno = 8ed30, nblocks = f
[  118.943767][  T277] ERROR: (device loop0): dbFree: block to be freed is outside the map
[  118.943767][  T277] 
[  118.955448][  T277] ERROR: (device loop0): remounting filesystem as read-only
2025/05/21 09:18:02 executed programs: 13
[  119.166356][ T4302] loop0: detected capacity change from 0 to 32768
[  119.212334][   T26] audit: type=1800 audit(1747819083.015:13): pid=4302 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.27" name="file1" dev="loop0" ino=4 res=0 errno=0
[  119.214791][ T4302] handle_bad_sector: 1 callbacks suppressed
[  119.214809][ T4302] attempt to access beyond end of device
[  119.214809][ T4302] loop0: rw=34817, want=4680184, limit=32768
[  119.251869][  T277] blkno = 8ed30, nblocks = f
[  119.256501][  T277] ERROR: (device loop0): dbFree: block to be freed is outside the map
[  119.256501][  T277] 
[  119.268914][  T277] ERROR: (device loop0): remounting filesystem as read-only
[  119.286064][  T277] ==================================================================
[  119.294326][  T277] BUG: KASAN: use-after-free in jfs_lazycommit+0x763/0xb20
[  119.301505][  T277] Read of size 4 at addr ffff88801b39d894 by task jfsCommit/277
[  119.309131][  T277] 
[  119.311463][  T277] CPU: 0 PID: 277 Comm: jfsCommit Not tainted 5.15.183-syzkaller #0
[  119.319411][  T277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  119.329446][  T277] Call Trace:
[  119.332705][  T277]  <TASK>
[  119.335612][  T277]  dump_stack_lvl+0x168/0x230
[  119.340281][  T277]  ? show_regs_print_info+0x20/0x20
[  119.345458][  T277]  ? load_image+0x3b0/0x3b0
[  119.349935][  T277]  ? _raw_spin_lock_irqsave+0xb0/0xf0
[  119.355284][  T277]  ? _raw_spin_lock_irqsave+0x7f/0xf0
[  119.360631][  T277]  ? lockdep_hardirqs_off+0x70/0x100
[  119.365904][  T277]  print_address_description+0x60/0x2d0
[  119.371443][  T277]  ? jfs_lazycommit+0x763/0xb20
[  119.376357][  T277]  kasan_report+0xdf/0x130
[  119.380749][  T277]  ? jfs_lazycommit+0x763/0xb20
[  119.385590][  T277]  jfs_lazycommit+0x763/0xb20
[  119.390333][  T277]  ? txFreelock+0x5a0/0x5a0
[  119.394815][  T277]  ? _raw_spin_unlock_irqrestore+0x82/0x100
[  119.400689][  T277]  ? sched_dynamic_update+0x210/0x210
[  119.406041][  T277]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[  119.411921][  T277]  ? __kthread_parkme+0x157/0x1b0
[  119.416924][  T277]  kthread+0x436/0x520
[  119.420965][  T277]  ? txFreelock+0x5a0/0x5a0
[  119.425550][  T277]  ? kthread_blkcg+0xd0/0xd0
[  119.430154][  T277]  ret_from_fork+0x1f/0x30
[  119.434580][  T277]  </TASK>
[  119.437580][  T277] 
[  119.439882][  T277] Allocated by task 4302:
[  119.444180][  T277]  __kasan_kmalloc+0xb5/0xf0
[  119.448747][  T277]  jfs_fill_super+0xd2/0xaf0
[  119.453313][  T277]  mount_bdev+0x287/0x3c0
[  119.457621][  T277]  legacy_get_tree+0xe6/0x180
[  119.462274][  T277]  vfs_get_tree+0x88/0x270
[  119.466662][  T277]  do_new_mount+0x24a/0xa40
[  119.471172][  T277]  __se_sys_mount+0x2d6/0x3c0
[  119.475839][  T277]  do_syscall_64+0x4c/0xa0
[  119.480251][  T277]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  119.486125][  T277] 
[  119.488430][  T277] Freed by task 4275:
[  119.492494][  T277]  kasan_set_track+0x4b/0x70
[  119.497058][  T277]  kasan_set_free_info+0x1f/0x40
[  119.502020][  T277]  ____kasan_slab_free+0xd5/0x110
[  119.507018][  T277]  slab_free_freelist_hook+0xea/0x170
[  119.512377][  T277]  kfree+0xef/0x2a0
[  119.516159][  T277]  generic_shutdown_super+0x130/0x300
[  119.521505][  T277]  kill_block_super+0x7c/0xe0
[  119.526160][  T277]  deactivate_locked_super+0x93/0xf0
[  119.531417][  T277]  cleanup_mnt+0x418/0x4d0
[  119.535817][  T277]  task_work_run+0x125/0x1a0
[  119.540408][  T277]  exit_to_user_mode_loop+0x10f/0x130
[  119.545765][  T277]  exit_to_user_mode_prepare+0xb1/0x140
[  119.551304][  T277]  syscall_exit_to_user_mode+0x16/0x40
[  119.557006][  T277]  do_syscall_64+0x58/0xa0
[  119.561487][  T277]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  119.567365][  T277] 
[  119.569703][  T277] The buggy address belongs to the object at ffff88801b39d800
[  119.569703][  T277]  which belongs to the cache kmalloc-256 of size 256
[  119.583729][  T277] The buggy address is located 148 bytes inside of
[  119.583729][  T277]  256-byte region [ffff88801b39d800, ffff88801b39d900)
[  119.596975][  T277] The buggy address belongs to the page:
[  119.602579][  T277] page:ffffea00006ce700 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88801b39da00 pfn:0x1b39c
[  119.614015][  T277] head:ffffea00006ce700 order:1 compound_mapcount:0
[  119.620596][  T277] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  119.628573][  T277] raw: 00fff00000010200 ffffea00006b6480 0000000500000005 ffff888016841b40
[  119.637164][  T277] raw: ffff88801b39da00 000000008010000f 00000001ffffffff 0000000000000000
[  119.645833][  T277] page dumped because: kasan: bad access detected
[  119.652225][  T277] page_owner tracks the page as allocated
[  119.657916][  T277] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 225, ts 3541346670, free_ts 0
[  119.676147][  T277]  get_page_from_freelist+0x1b77/0x1c60
[  119.681683][  T277]  __alloc_pages+0x1e1/0x470
[  119.686246][  T277]  new_slab+0xc0/0x4b0
[  119.690299][  T277]  ___slab_alloc+0x81e/0xdf0
[  119.694860][  T277]  kmem_cache_alloc_trace+0x1a5/0x2a0
[  119.700211][  T277]  kthread+0x10b/0x520
[  119.704252][  T277]  ret_from_fork+0x1f/0x30
[  119.710376][  T277] page_owner free stack trace missing
[  119.715720][  T277] 
[  119.718019][  T277] Memory state around the buggy address:
[  119.723633][  T277]  ffff88801b39d780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  119.731665][  T277]  ffff88801b39d800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  119.739696][  T277] >ffff88801b39d880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  119.747733][  T277]                          ^
[  119.752316][  T277]  ffff88801b39d900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  119.760350][  T277]  ffff88801b39d980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  119.768383][  T277] ==================================================================
[  119.776419][  T277] Disabling lock debugging due to kernel taint
[  119.782540][  T277] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  119.789711][  T277] CPU: 0 PID: 277 Comm: jfsCommit Tainted: G    B             5.15.183-syzkaller #0
[  119.799059][  T277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  119.809084][  T277] Call Trace:
[  119.812339][  T277]  <TASK>
[  119.815247][  T277]  dump_stack_lvl+0x168/0x230
[  119.819898][  T277]  ? show_regs_print_info+0x20/0x20
[  119.825068][  T277]  ? load_image+0x3b0/0x3b0
[  119.829546][  T277]  panic+0x2c9/0x7f0
[  119.833416][  T277]  ? bpf_jit_dump+0xd0/0xd0
[  119.837906][  T277]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[  119.843772][  T277]  ? _raw_spin_unlock+0x40/0x40
[  119.848610][  T277]  ? jfs_lazycommit+0x763/0xb20
[  119.853454][  T277]  check_panic_on_warn+0x80/0xa0
[  119.858393][  T277]  ? jfs_lazycommit+0x763/0xb20
[  119.863229][  T277]  end_report+0x6d/0xf0
[  119.867370][  T277]  kasan_report+0x102/0x130
[  119.871867][  T277]  ? jfs_lazycommit+0x763/0xb20
[  119.876694][  T277]  jfs_lazycommit+0x763/0xb20
[  119.881358][  T277]  ? txFreelock+0x5a0/0x5a0
[  119.885832][  T277]  ? _raw_spin_unlock_irqrestore+0x82/0x100
[  119.891696][  T277]  ? sched_dynamic_update+0x210/0x210
[  119.897056][  T277]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[  119.902920][  T277]  ? __kthread_parkme+0x157/0x1b0
[  119.907919][  T277]  kthread+0x436/0x520
[  119.911960][  T277]  ? txFreelock+0x5a0/0x5a0
[  119.916434][  T277]  ? kthread_blkcg+0xd0/0xd0
[  119.920995][  T277]  ret_from_fork+0x1f/0x30
[  119.925400][  T277]  </TASK>
[  119.928572][  T277] Kernel Offset: disabled
[  119.932881][  T277] Rebooting in 86400 seconds..