no interfaces have a carrier
[   48.087709][ T3933] 8021q: adding VLAN 0 to HW filter on device bond0
[   48.117594][ T3933] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting crond: OK
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.1.96' (ED25519) to the list of known hosts.
2025/09/28 22:47:34 parsed 1 programs
syzkaller login: [   77.152078][ T4270] cgroup: Unknown subsys name 'net'
[   77.287349][ T4270] cgroup: Unknown subsys name 'rlimit'
[   78.761111][ T4270] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k FS
[   80.896264][ T4296] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   80.904740][ T4296] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   80.912831][ T4296] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   80.921210][ T4296] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   80.928783][ T4296] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   80.936593][ T4296] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   82.536441][ T4333] chnl_net:caif_netlink_parms(): no params data found
[   82.594769][ T4333] bridge0: port 1(bridge_slave_0) entered blocking state
[   82.602199][ T4333] bridge0: port 1(bridge_slave_0) entered disabled state
[   82.611695][ T4333] device bridge_slave_0 entered promiscuous mode
[   82.628667][ T4333] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.635897][ T4333] bridge0: port 2(bridge_slave_1) entered disabled state
[   82.643838][ T4333] device bridge_slave_1 entered promiscuous mode
[   82.665865][ T4333] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   82.677472][ T4333] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   82.709673][ T4333] team0: Port device team_slave_0 added
[   82.717770][ T4333] team0: Port device team_slave_1 added
[   82.750910][ T4333] batman_adv: batadv0: Adding interface: batadv_slave_0
[   82.757915][ T4333] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   82.784771][ T4333] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   82.798118][ T4333] batman_adv: batadv0: Adding interface: batadv_slave_1
[   82.805990][ T4333] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   82.831994][ T4333] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   82.871633][ T4333] device hsr_slave_0 entered promiscuous mode
[   82.878456][ T4333] device hsr_slave_1 entered promiscuous mode
[   82.997867][ T4333] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   83.008535][ T4333] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   83.017723][ T4333] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   83.027223][ T4333] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   83.072336][ T4333] bridge0: port 2(bridge_slave_1) entered blocking state
[   83.079774][ T4333] bridge0: port 2(bridge_slave_1) entered forwarding state
[   83.087766][ T4333] bridge0: port 1(bridge_slave_0) entered blocking state
[   83.094904][ T4333] bridge0: port 1(bridge_slave_0) entered forwarding state
[   83.156154][ T4333] 8021q: adding VLAN 0 to HW filter on device bond0
[   83.172423][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   83.183866][   T33] bridge0: port 1(bridge_slave_0) entered disabled state
[   83.192152][   T33] bridge0: port 2(bridge_slave_1) entered disabled state
[   83.207190][ T4333] 8021q: adding VLAN 0 to HW filter on device team0
[   83.220974][   T51] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   83.234117][   T51] bridge0: port 1(bridge_slave_0) entered blocking state
[   83.241428][   T51] bridge0: port 1(bridge_slave_0) entered forwarding state
[   83.264947][   T51] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   83.273563][   T51] bridge0: port 2(bridge_slave_1) entered blocking state
[   83.280701][   T51] bridge0: port 2(bridge_slave_1) entered forwarding state
[   83.294633][   T51] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   83.303981][   T51] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   83.318589][   T51] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   83.331769][   T51] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   83.346825][   T51] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   83.357723][ T4333] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   83.541977][   T51] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   83.549472][   T51] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   83.567155][ T4333] 8021q: adding VLAN 0 to HW filter on device batadv0
[   83.584792][   T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   83.593616][   T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   83.616220][ T4333] device veth0_vlan entered promiscuous mode
[   83.628282][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   83.637169][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   83.646386][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   83.655061][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   83.672750][ T4333] device veth1_vlan entered promiscuous mode
[   83.693469][ T4333] device veth0_macvtap entered promiscuous mode
[   83.702013][ T4349] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   83.710196][ T4349] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   83.718898][ T4349] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   83.727701][ T4349] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   83.737033][ T4349] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   83.749480][ T4333] device veth1_macvtap entered promiscuous mode
[   83.767665][ T4333] batman_adv: batadv0: Interface activated: batadv_slave_0
[   83.776021][   T51] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   83.784737][   T51] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   83.793727][   T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   83.808211][ T4333] batman_adv: batadv0: Interface activated: batadv_slave_1
[   83.817386][   T51] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   83.826442][   T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   83.836757][ T4333] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   83.846194][ T4333] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   83.855899][ T4333] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   83.864942][ T4333] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   84.093424][ T1168] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   84.611749][   T56] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   84.620573][   T56] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.641298][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   84.657458][    T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   84.666299][    T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.675265][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
2025/09/28 22:47:44 executed programs: 0
[   85.090122][   T47] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   85.099244][   T47] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   85.107289][   T47] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   85.116789][   T47] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   85.124886][   T47] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   85.132804][   T47] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   85.267906][ T4372] chnl_net:caif_netlink_parms(): no params data found
[   85.320541][ T4372] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.327804][ T4372] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.336313][ T4372] device bridge_slave_0 entered promiscuous mode
[   85.346046][ T4372] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.353326][ T4372] bridge0: port 2(bridge_slave_1) entered disabled state
[   85.361607][ T4372] device bridge_slave_1 entered promiscuous mode
[   85.388740][ T4372] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   85.400641][ T4372] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   85.426253][ T4372] team0: Port device team_slave_0 added
[   85.434145][ T4372] team0: Port device team_slave_1 added
[   85.457021][ T4372] batman_adv: batadv0: Adding interface: batadv_slave_0
[   85.464054][ T4372] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   85.490553][ T4372] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   85.505860][ T4372] batman_adv: batadv0: Adding interface: batadv_slave_1
[   85.512925][ T4372] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   85.538966][ T4372] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   85.574966][ T4372] device hsr_slave_0 entered promiscuous mode
[   85.582024][ T4372] device hsr_slave_1 entered promiscuous mode
[   85.588846][ T4372] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   85.596867][ T4372] Cannot create hsr debugfs directory
[   86.202207][ T1168] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   86.732860][   T14] cfg80211: failed to load regulatory.db
[   87.210984][ T4296] Bluetooth: hci0: command 0x0409 tx timeout
[   88.825047][ T1168] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   88.892653][ T1168] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   89.291881][ T4296] Bluetooth: hci0: command 0x041b tx timeout
[   89.718269][ T1168] device hsr_slave_0 left promiscuous mode
[   89.725215][ T1168] device hsr_slave_1 left promiscuous mode
[   89.732211][ T1168] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   89.739666][ T1168] batman_adv: batadv0: Removing interface: batadv_slave_0
[   89.748863][ T1168] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   89.756741][ T1168] batman_adv: batadv0: Removing interface: batadv_slave_1
[   89.766957][ T1168] device bridge_slave_1 left promiscuous mode
[   89.775107][ T1168] bridge0: port 2(bridge_slave_1) entered disabled state
[   89.789174][ T1168] device bridge_slave_0 left promiscuous mode
[   89.796500][ T1168] bridge0: port 1(bridge_slave_0) entered disabled state
[   89.826388][ T1168] device veth1_macvtap left promiscuous mode
[   89.833076][ T1168] device veth0_macvtap left promiscuous mode
[   89.839911][ T1168] device veth1_vlan left promiscuous mode
[   89.848547][ T1168] device veth0_vlan left promiscuous mode
[   90.234868][ T1168] team0 (unregistering): Port device team_slave_1 removed
[   90.262910][ T1168] team0 (unregistering): Port device team_slave_0 removed
[   90.289496][ T1168] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   90.318465][ T1168] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   90.577563][ T1168] bond0 (unregistering): Released all slaves
[   90.654080][ T4372] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   90.664211][ T4372] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   90.677586][ T4372] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   90.689398][ T4372] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   90.757621][ T4372] 8021q: adding VLAN 0 to HW filter on device bond0
[   90.776461][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   90.784677][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   90.796179][ T4372] 8021q: adding VLAN 0 to HW filter on device team0
[   90.807884][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   90.817161][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   90.826015][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.833157][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[   90.846510][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   90.863622][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   90.872790][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   90.881950][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.889047][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[   90.909536][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   90.918485][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   90.929018][   T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   90.940008][   T51] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   90.949234][   T51] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   90.966764][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   90.975929][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   90.984529][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   90.993304][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   91.016300][   T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   91.024819][   T51] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   91.036960][ T4372] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   91.266042][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   91.275114][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   91.286922][ T4372] 8021q: adding VLAN 0 to HW filter on device batadv0
[   91.303516][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   91.313142][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   91.331281][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   91.341828][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   91.350201][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   91.358712][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   91.368221][ T4372] device veth0_vlan entered promiscuous mode
[   91.378636][ T4372] device veth1_vlan entered promiscuous mode
[   91.380465][ T4296] Bluetooth: hci0: command 0x040f tx timeout
[   91.399158][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   91.407625][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   91.416413][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   91.425003][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   91.435880][ T4372] device veth0_macvtap entered promiscuous mode
[   91.445540][ T4372] device veth1_macvtap entered promiscuous mode
[   91.474010][ T4372] batman_adv: batadv0: Interface activated: batadv_slave_0
[   91.482201][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   91.491003][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   91.498994][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   91.508015][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   91.519334][ T4372] batman_adv: batadv0: Interface activated: batadv_slave_1
[   91.536933][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   91.545701][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   91.558676][ T4372] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   91.568707][ T4372] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   91.578010][ T4372] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   91.587621][ T4372] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   91.661807][   T56] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   91.669728][   T56] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   91.680685][   T51] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
2025/09/28 22:47:51 executed programs: 2
[   91.712952][    T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   91.721188][    T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   91.729684][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   91.992869][ T4422] loop0: detected capacity change from 0 to 32768
[   92.039228][ T4422] 
[   92.039228][ T4422]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   92.039228][ T4422] 
[   92.066936][ T4422] read_mapping_page failed!
[   92.072594][ T4422] ERROR: (device loop0): txCommit: 
[   92.072594][ T4422] 
[   92.083623][ T4422] read_mapping_page failed!
[   92.088186][ T4422] ERROR: (device loop0): txCommit: 
[   92.088186][ T4422] 
[   92.097963][ T4422] ==================================================================
[   92.106063][ T4422] BUG: KASAN: slab-out-of-bounds in dtInsertEntry+0xd74/0x1270
[   92.113650][ T4422] Read of size 4 at addr ffff88806971920c by task syz.0.17/4422
[   92.121298][ T4422] 
[   92.123662][ T4422] CPU: 1 PID: 4422 Comm: syz.0.17 Not tainted syzkaller #0
[   92.130907][ T4422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   92.140993][ T4422] Call Trace:
[   92.144280][ T4422]  <TASK>
[   92.147215][ T4422]  dump_stack_lvl+0x168/0x22e
[   92.151930][ T4422]  ? __lock_acquire+0x7c50/0x7c50
[   92.156978][ T4422]  ? show_regs_print_info+0x12/0x12
[   92.162189][ T4422]  ? load_image+0x3b0/0x3b0
[   92.166720][ T4422]  ? __virt_addr_valid+0x465/0x540
[   92.171933][ T4422]  ? dtInsertEntry+0xd74/0x1270
[   92.176799][ T4422]  print_report+0xa8/0x210
[   92.181236][ T4422]  kasan_report+0x10b/0x140
[   92.185755][ T4422]  ? dtInsertEntry+0xd74/0x1270
[   92.190619][ T4422]  dtInsertEntry+0xd74/0x1270
[   92.195315][ T4422]  ? __get_metapage+0x918/0xfa0
[   92.200168][ T4422]  dtSplitPage+0x24f2/0x31d0
[   92.204792][ T4422]  dtInsert+0xfbd/0x58a0
[   92.209053][ T4422]  ? txLock+0x2ad/0x2090
[   92.213305][ T4422]  ? do_raw_spin_lock+0x11d/0x280
[   92.218344][ T4422]  ? __rwlock_init+0x140/0x140
[   92.223129][ T4422]  ? txLock+0xea9/0x2090
[   92.227378][ T4422]  ? UniStrupr+0x2e0/0x2e0
[   92.231853][ T4422]  ? dtInitRoot+0x226/0x660
[   92.236372][ T4422]  jfs_mkdir+0x6e5/0xa70
[   92.240630][ T4422]  ? jfs_symlink+0xe60/0xe60
[   92.245237][ T4422]  ? make_kgid+0x640/0x640
[   92.249668][ T4422]  ? apparmor_path_mkdir+0x1a3/0x220
[   92.254967][ T4422]  ? generic_permission+0x230/0x510
[   92.260183][ T4422]  ? inode_permission+0xef/0x480
[   92.265156][ T4422]  ? bpf_lsm_inode_mkdir+0x5/0x10
[   92.270186][ T4422]  ? security_inode_mkdir+0xb3/0x100
[   92.275477][ T4422]  vfs_mkdir+0x387/0x570
[   92.279728][ T4422]  do_mkdirat+0x1d0/0x430
[   92.284068][ T4422]  ? vfs_mkdir+0x570/0x570
[   92.288496][ T4422]  __x64_sys_mkdirat+0x85/0x90
[   92.293263][ T4422]  do_syscall_64+0x4c/0xa0
[   92.297680][ T4422]  ? clear_bhb_loop+0x60/0xb0
[   92.302363][ T4422]  ? clear_bhb_loop+0x60/0xb0
[   92.307046][ T4422]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   92.312946][ T4422] RIP: 0033:0x7f438698d617
[   92.317374][ T4422] Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 02 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   92.336993][ T4422] RSP: 002b:00007ffdda8ca568 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[   92.345500][ T4422] RAX: ffffffffffffffda RBX: 00007ffdda8ca5f0 RCX: 00007f438698d617
[   92.353475][ T4422] RDX: 00000000000001ff RSI: 0000200000000040 RDI: 00000000ffffff9c
[   92.361450][ T4422] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   92.369425][ T4422] R10: 0000000000000000 R11: 0000000000000246 R12: 0000200000000040
[   92.377397][ T4422] R13: 00007ffdda8ca5b0 R14: 0000000000000000 R15: 0000000000000000
[   92.385374][ T4422]  </TASK>
[   92.388392][ T4422] 
[   92.390718][ T4422] Allocated by task 4422:
[   92.395059][ T4422]  kasan_set_track+0x4b/0x70
[   92.399658][ T4422]  __kasan_slab_alloc+0x6b/0x80
[   92.404514][ T4422]  slab_post_alloc_hook+0x4b/0x480
[   92.409625][ T4422]  kmem_cache_alloc_lru+0x11a/0x2e0
[   92.414830][ T4422]  jfs_alloc_inode+0x24/0x60
[   92.419424][ T4422]  iget_locked+0x1a9/0x830
[   92.423840][ T4422]  jfs_iget+0x20/0x3c0
[   92.427914][ T4422]  jfs_lookup+0x1c2/0x380
[   92.432248][ T4422]  __lookup_slow+0x27d/0x3a0
[   92.436849][ T4422]  lookup_slow+0x53/0x70
[   92.441101][ T4422]  walk_component+0x2be/0x3f0
[   92.445783][ T4422]  path_lookupat+0x169/0x440
[   92.450391][ T4422]  filename_lookup+0x1f0/0x500
[   92.455166][ T4422]  user_path_at_empty+0x3e/0x60
[   92.460037][ T4422]  __se_sys_chdir+0x91/0x280
[   92.464638][ T4422]  do_syscall_64+0x4c/0xa0
[   92.469057][ T4422]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   92.474957][ T4422] 
[   92.477299][ T4422] The buggy address belongs to the object at ffff888069718940
[   92.477299][ T4422]  which belongs to the cache jfs_ip of size 2240
[   92.491008][ T4422] The buggy address is located 12 bytes to the right of
[   92.491008][ T4422]  2240-byte region [ffff888069718940, ffff888069719200)
[   92.504802][ T4422] 
[   92.507152][ T4422] The buggy address belongs to the physical page:
[   92.513569][ T4422] page:ffffea0001a5c600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x69718
[   92.523720][ T4422] head:ffffea0001a5c600 order:3 compound_mapcount:0 compound_pincount:0
[   92.532041][ T4422] memcg:ffff888027c3b401
[   92.536278][ T4422] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   92.544269][ T4422] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff88801b724780
[   92.552856][ T4422] raw: 0000000000000000 00000000800d000d 00000001ffffffff ffff888027c3b401
[   92.561435][ T4422] page dumped because: kasan: bad access detected
[   92.568364][ T4422] page_owner tracks the page as allocated
[   92.574082][ T4422] page last allocated via order 3, migratetype Reclaimable, gfp_mask 0x1d2050(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 4422, tgid 4422 (syz.0.17), ts 92056983318, free_ts 22365774670
[   92.597441][ T4422]  post_alloc_hook+0x173/0x1a0
[   92.602216][ T4422]  get_page_from_freelist+0x1a26/0x1ac0
[   92.607772][ T4422]  __alloc_pages+0x1df/0x4e0
[   92.612373][ T4422]  alloc_slab_page+0x5d/0x160
[   92.617050][ T4422]  new_slab+0x87/0x2c0
[   92.621138][ T4422]  ___slab_alloc+0xbc6/0x1230
[   92.625816][ T4422]  kmem_cache_alloc_lru+0x1ae/0x2e0
[   92.631021][ T4422]  jfs_alloc_inode+0x24/0x60
[   92.635623][ T4422]  iget_locked+0x1a9/0x830
[   92.640039][ T4422]  jfs_iget+0x20/0x3c0
[   92.644115][ T4422]  jfs_fill_super+0x708/0xac0
[   92.648798][ T4422]  mount_bdev+0x287/0x3c0
[   92.653131][ T4422]  legacy_get_tree+0xe6/0x180
[   92.657817][ T4422]  vfs_get_tree+0x88/0x270
[   92.662234][ T4422]  do_new_mount+0x24a/0xa40
[   92.666740][ T4422]  __se_sys_mount+0x2d6/0x3c0
[   92.671417][ T4422] page last free stack trace:
[   92.676084][ T4422]  free_unref_page_prepare+0x8b4/0x9a0
[   92.681548][ T4422]  free_unref_page+0x2e/0x3f0
[   92.686232][ T4422]  free_contig_range+0x9d/0x150
[   92.691095][ T4422]  destroy_args+0x100/0xa31
[   92.695603][ T4422]  debug_vm_pgtable+0x32a/0x37e
[   92.700456][ T4422]  do_one_initcall+0x214/0x7a0
[   92.705244][ T4422]  do_initcall_level+0x137/0x1e4
[   92.710188][ T4422]  do_initcalls+0x4b/0x8a
[   92.714534][ T4422]  kernel_init_freeable+0x3fa/0x5ac
[   92.719741][ T4422]  kernel_init+0x19/0x1b0
[   92.724081][ T4422]  ret_from_fork+0x1f/0x30
[   92.728501][ T4422] 
[   92.730833][ T4422] Memory state around the buggy address:
[   92.736465][ T4422]  ffff888069719100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   92.744528][ T4422]  ffff888069719180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   92.752593][ T4422] >ffff888069719200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   92.760648][ T4422]                       ^
[   92.764991][ T4422]  ffff888069719280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   92.773058][ T4422]  ffff888069719300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   92.781128][ T4422] ==================================================================
[   92.792482][ T4422] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   92.799727][ T4422] CPU: 0 PID: 4422 Comm: syz.0.17 Not tainted syzkaller #0
[   92.806946][ T4422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   92.817016][ T4422] Call Trace:
[   92.820314][ T4422]  <TASK>
[   92.823255][ T4422]  dump_stack_lvl+0x168/0x22e
[   92.827948][ T4422]  ? memcpy+0x3c/0x60
[   92.831957][ T4422]  ? show_regs_print_info+0x12/0x12
[   92.837166][ T4422]  ? load_image+0x3b0/0x3b0
[   92.841685][ T4422]  panic+0x2c9/0x710
[   92.845592][ T4422]  ? bpf_jit_dump+0xd0/0xd0
[   92.850109][ T4422]  ? _raw_spin_unlock_irqrestore+0xf6/0x100
[   92.856020][ T4422]  ? _raw_spin_unlock+0x40/0x40
[   92.860881][ T4422]  ? print_memory_metadata+0x314/0x400
[   92.866350][ T4422]  check_panic_on_warn+0x80/0xa0
[   92.871299][ T4422]  ? dtInsertEntry+0xd74/0x1270
[   92.876160][ T4422]  end_report+0x66/0x110
[   92.880408][ T4422]  kasan_report+0x118/0x140
[   92.884922][ T4422]  ? dtInsertEntry+0xd74/0x1270
[   92.889786][ T4422]  dtInsertEntry+0xd74/0x1270
[   92.894475][ T4422]  ? __get_metapage+0x918/0xfa0
[   92.899331][ T4422]  dtSplitPage+0x24f2/0x31d0
[   92.903951][ T4422]  dtInsert+0xfbd/0x58a0
[   92.908207][ T4422]  ? txLock+0x2ad/0x2090
[   92.912453][ T4422]  ? do_raw_spin_lock+0x11d/0x280
[   92.917486][ T4422]  ? __rwlock_init+0x140/0x140
[   92.922266][ T4422]  ? txLock+0xea9/0x2090
[   92.926597][ T4422]  ? UniStrupr+0x2e0/0x2e0
[   92.931037][ T4422]  ? dtInitRoot+0x226/0x660
[   92.935557][ T4422]  jfs_mkdir+0x6e5/0xa70
[   92.939810][ T4422]  ? jfs_symlink+0xe60/0xe60
[   92.944419][ T4422]  ? make_kgid+0x640/0x640
[   92.948840][ T4422]  ? apparmor_path_mkdir+0x1a3/0x220
[   92.954135][ T4422]  ? generic_permission+0x230/0x510
[   92.959348][ T4422]  ? inode_permission+0xef/0x480
[   92.964297][ T4422]  ? bpf_lsm_inode_mkdir+0x5/0x10
[   92.969339][ T4422]  ? security_inode_mkdir+0xb3/0x100
[   92.974642][ T4422]  vfs_mkdir+0x387/0x570
[   92.978897][ T4422]  do_mkdirat+0x1d0/0x430
[   92.983232][ T4422]  ? vfs_mkdir+0x570/0x570
[   92.987661][ T4422]  __x64_sys_mkdirat+0x85/0x90
[   92.992434][ T4422]  do_syscall_64+0x4c/0xa0
[   92.996859][ T4422]  ? clear_bhb_loop+0x60/0xb0
[   93.001545][ T4422]  ? clear_bhb_loop+0x60/0xb0
[   93.006233][ T4422]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   93.012131][ T4422] RIP: 0033:0x7f438698d617
[   93.016561][ T4422] Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 02 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   93.036165][ T4422] RSP: 002b:00007ffdda8ca568 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[   93.044577][ T4422] RAX: ffffffffffffffda RBX: 00007ffdda8ca5f0 RCX: 00007f438698d617
[   93.052553][ T4422] RDX: 00000000000001ff RSI: 0000200000000040 RDI: 00000000ffffff9c
[   93.060524][ T4422] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   93.068490][ T4422] R10: 0000000000000000 R11: 0000000000000246 R12: 0000200000000040
[   93.076463][ T4422] R13: 00007ffdda8ca5b0 R14: 0000000000000000 R15: 0000000000000000
[   93.084443][ T4422]  </TASK>
[   93.087765][ T4422] Kernel Offset: disabled
[   93.092091][ T4422] Rebooting in 86400 seconds..