Warning: Permanently added '10.128.0.40' (ED25519) to the list of known hosts.
2025/07/13 16:51:17 ignoring optional flag "sandboxArg"="0"
2025/07/13 16:51:18 parsed 1 programs
[   90.349530][ T5798] cgroup: Unknown subsys name 'net'
[   90.486682][ T5798] cgroup: Unknown subsys name 'rlimit'
[   92.179787][    T8] cfg80211: failed to load regulatory.db
[   92.248709][ T5798] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   94.362549][ T5810] chnl_net:caif_netlink_parms(): no params data found
[   94.450836][ T5810] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.458632][ T5810] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.465909][ T5810] bridge_slave_0: entered allmulticast mode
[   94.473563][ T5810] bridge_slave_0: entered promiscuous mode
[   94.486402][ T5810] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.493645][ T5810] bridge0: port 2(bridge_slave_1) entered disabled state
[   94.501002][ T5810] bridge_slave_1: entered allmulticast mode
[   94.508523][ T5810] bridge_slave_1: entered promiscuous mode
[   94.546111][ T5810] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   94.558572][ T5810] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   94.598830][ T5810] team0: Port device team_slave_0 added
[   94.607114][ T5810] team0: Port device team_slave_1 added
[   94.635870][ T5810] batman_adv: batadv0: Adding interface: batadv_slave_0
[   94.642967][ T5810] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   94.671026][ T5810] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   94.686733][ T5810] batman_adv: batadv0: Adding interface: batadv_slave_1
[   94.693739][ T5810] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   94.719772][ T5810] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   94.765710][ T5810] hsr_slave_0: entered promiscuous mode
[   94.774035][ T5810] hsr_slave_1: entered promiscuous mode
[   94.952335][ T5810] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   94.965717][ T5810] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   94.978269][ T5810] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   94.990780][ T5810] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   95.024749][ T5810] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.032083][ T5810] bridge0: port 2(bridge_slave_1) entered forwarding state
[   95.040390][ T5810] bridge0: port 1(bridge_slave_0) entered blocking state
[   95.047598][ T5810] bridge0: port 1(bridge_slave_0) entered forwarding state
[   95.113087][ T5810] 8021q: adding VLAN 0 to HW filter on device bond0
[   95.133763][ T1121] bridge0: port 1(bridge_slave_0) entered disabled state
[   95.143285][ T1121] bridge0: port 2(bridge_slave_1) entered disabled state
[   95.162024][ T5810] 8021q: adding VLAN 0 to HW filter on device team0
[   95.178097][   T58] bridge0: port 1(bridge_slave_0) entered blocking state
[   95.185252][   T58] bridge0: port 1(bridge_slave_0) entered forwarding state
[   95.208710][   T58] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.215874][   T58] bridge0: port 2(bridge_slave_1) entered forwarding state
[   95.413514][ T5810] 8021q: adding VLAN 0 to HW filter on device batadv0
[   95.456067][ T5810] veth0_vlan: entered promiscuous mode
[   95.474988][ T5810] veth1_vlan: entered promiscuous mode
[   95.505346][ T5810] veth0_macvtap: entered promiscuous mode
[   95.516364][ T5810] veth1_macvtap: entered promiscuous mode
[   95.536354][ T5810] batman_adv: batadv0: Interface activated: batadv_slave_0
[   95.552759][ T5810] batman_adv: batadv0: Interface activated: batadv_slave_1
[   95.566023][ T5810] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   95.576356][ T5810] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   95.585447][ T5810] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   95.594598][ T5810] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   95.749939][   T48] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   95.780310][   T50] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   95.788807][   T50] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   95.797471][   T50] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   95.805744][   T50] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   95.814741][   T50] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   95.823840][   T50] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   96.100376][   T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.110341][   T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.142412][  T136] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.150456][  T136] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   98.526116][   T48] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/07/13 16:51:30 executed programs: 0
[   99.375209][ T5101] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   99.383596][ T5101] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   99.391824][ T5101] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   99.400161][ T5101] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   99.409359][ T5101] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   99.418449][ T5101] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   99.588052][ T5896] chnl_net:caif_netlink_parms(): no params data found
[   99.668808][ T5896] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.676091][ T5896] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.683488][ T5896] bridge_slave_0: entered allmulticast mode
[   99.691110][ T5896] bridge_slave_0: entered promiscuous mode
[   99.699404][ T5896] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.706814][ T5896] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.714039][ T5896] bridge_slave_1: entered allmulticast mode
[   99.721187][ T5896] bridge_slave_1: entered promiscuous mode
[   99.755285][ T5896] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   99.768280][ T5896] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   99.808372][ T5896] team0: Port device team_slave_0 added
[   99.818289][ T5896] team0: Port device team_slave_1 added
[   99.848010][ T5896] batman_adv: batadv0: Adding interface: batadv_slave_0
[   99.855009][ T5896] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   99.881428][ T5896] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   99.894270][ T5896] batman_adv: batadv0: Adding interface: batadv_slave_1
[   99.901606][ T5896] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   99.928187][ T5896] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   99.973915][ T5896] hsr_slave_0: entered promiscuous mode
[   99.980764][ T5896] hsr_slave_1: entered promiscuous mode
[   99.987538][ T5896] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   99.995519][ T5896] Cannot create hsr debugfs directory
[  100.742649][   T48] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.801251][   T48] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  101.467277][ T5101] Bluetooth: hci0: command tx timeout
[  101.744820][   T48] hsr_slave_0: left promiscuous mode
[  101.753732][   T48] hsr_slave_1: left promiscuous mode
[  101.760892][   T48] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  101.771914][   T48] batman_adv: batadv0: Removing interface: batadv_slave_0
[  101.782204][   T48] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  101.792523][   T48] batman_adv: batadv0: Removing interface: batadv_slave_1
[  101.801327][   T48] bridge_slave_1: left allmulticast mode
[  101.809709][   T48] bridge_slave_1: left promiscuous mode
[  101.816392][   T48] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.833459][   T48] bridge_slave_0: left allmulticast mode
[  101.839481][   T48] bridge_slave_0: left promiscuous mode
[  101.845386][   T48] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.883290][   T48] veth1_macvtap: left promiscuous mode
[  101.891823][   T48] veth0_macvtap: left promiscuous mode
[  101.899754][   T48] veth1_vlan: left promiscuous mode
[  101.905445][   T48] veth0_vlan: left promiscuous mode
[  102.365736][   T48] team0 (unregistering): Port device team_slave_1 removed
[  102.405723][   T48] team0 (unregistering): Port device team_slave_0 removed
[  102.440821][   T48] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  102.477908][   T48] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  102.802495][   T48] bond0 (unregistering): Released all slaves
[  102.863306][ T5896] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  102.874366][ T5896] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  102.886316][ T5896] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  102.899438][ T5896] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  103.037637][ T5896] 8021q: adding VLAN 0 to HW filter on device bond0
[  103.059638][ T5896] 8021q: adding VLAN 0 to HW filter on device team0
[  103.074381][  T136] bridge0: port 1(bridge_slave_0) entered blocking state
[  103.081613][  T136] bridge0: port 1(bridge_slave_0) entered forwarding state
[  103.102340][  T136] bridge0: port 2(bridge_slave_1) entered blocking state
[  103.109565][  T136] bridge0: port 2(bridge_slave_1) entered forwarding state
[  103.396699][ T5896] 8021q: adding VLAN 0 to HW filter on device batadv0
[  103.498590][ T5896] veth0_vlan: entered promiscuous mode
[  103.513675][ T5896] veth1_vlan: entered promiscuous mode
[  103.540618][ T5101] Bluetooth: hci0: command tx timeout
[  103.581274][ T5896] veth0_macvtap: entered promiscuous mode
[  103.601853][ T5896] veth1_macvtap: entered promiscuous mode
[  103.624076][ T5896] batman_adv: batadv0: Interface activated: batadv_slave_0
[  103.642025][ T5896] batman_adv: batadv0: Interface activated: batadv_slave_1
[  103.654142][ T5896] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  103.663537][ T5896] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  103.672374][ T5896] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  103.681351][ T5896] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  103.752720][ T1121] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  103.762020][ T1121] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  103.793607][ T1295] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  103.802115][ T1295] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  103.864443][ T5942] syz.0.16[5942]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[  103.879724][ T5942] loop0: detected capacity change from 0 to 128
[  103.894099][ T5942] VFS: Found a Xenix FS (block size = 1024) on device loop0
[  103.909812][ T5942] syz.0.16: attempt to access beyond end of device
[  103.909812][ T5942] loop0: rw=0, sector=6491536, nr_sectors = 2 limit=128
[  103.925492][ T5942] Buffer I/O error on dev loop0, logical block 3245768, async page read
[  103.970169][ T5942] syz.0.16: attempt to access beyond end of device
[  103.970169][ T5942] loop0: rw=0, sector=6491536, nr_sectors = 2 limit=128
[  103.995033][ T5942] Buffer I/O error on dev loop0, logical block 3245768, async page read
[  104.012053][ T5896] sysv_free_block: flc_count > flc_size
[  104.019169][ T5896] sysv_free_block: flc_count > flc_size
[  104.025323][ T5896] sysv_free_block: flc_count > flc_size
[  104.031860][ T5896] sysv_free_block: flc_count > flc_size
[  104.038299][ T5896] sysv_free_block: flc_count > flc_size
[  104.045425][ T5896] sysv_free_block: flc_count > flc_size
[  104.051498][ T5896] sysv_free_block: flc_count > flc_size
[  104.061724][ T5896] sysv_free_block: flc_count > flc_size
[  104.068047][ T5896] sysv_free_block: flc_count > flc_size
[  104.073651][ T5896] sysv_free_block: flc_count > flc_size
[  104.081059][ T5896] sysv_free_inode: inode 0,1,2 or nonexistent inode
[  104.154953][ T5943] loop0: detected capacity change from 0 to 128
[  104.166225][ T5943] VFS: Found a Xenix FS (block size = 1024) on device loop0
[  104.181022][ T5943] syz.0.17: attempt to access beyond end of device
[  104.181022][ T5943] loop0: rw=0, sector=6491536, nr_sectors = 2 limit=128
[  104.194607][ T5943] Buffer I/O error on dev loop0, logical block 3245768, async page read
[  104.203862][ T5943] ==================================================================
[  104.211970][ T5943] BUG: KASAN: use-after-free in sysv_new_inode+0x10c5/0x1270
[  104.219409][ T5943] Read of size 2 at addr ffff88806d3c61ce by task syz.0.17/5943
[  104.227075][ T5943] 
[  104.229476][ T5943] CPU: 1 PID: 5943 Comm: syz.0.17 Not tainted 6.6.97-syzkaller #0
[  104.237314][ T5943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  104.247422][ T5943] Call Trace:
[  104.250736][ T5943]  <TASK>
[  104.253719][ T5943]  dump_stack_lvl+0x16c/0x230
[  104.258443][ T5943]  ? __lock_acquire+0x7c80/0x7c80
[  104.263496][ T5943]  ? show_regs_print_info+0x20/0x20
[  104.268751][ T5943]  ? load_image+0x3b0/0x3b0
[  104.273268][ T5943]  ? __virt_addr_valid+0x469/0x540
[  104.278400][ T5943]  print_report+0xac/0x230
[  104.282844][ T5943]  ? sysv_new_inode+0x10c5/0x1270
[  104.287893][ T5943]  kasan_report+0x117/0x150
[  104.292438][ T5943]  ? sysv_new_inode+0x10c5/0x1270
[  104.297563][ T5943]  sysv_new_inode+0x10c5/0x1270
[  104.302427][ T5943]  ? __lock_acquire+0x7c80/0x7c80
[  104.307467][ T5943]  ? do_raw_spin_lock+0x121/0x2c0
[  104.312519][ T5943]  ? sysv_free_inode+0x7e0/0x7e0
[  104.317481][ T5943]  ? _raw_spin_unlock+0x28/0x40
[  104.322360][ T5943]  ? __d_add+0x4ec/0x810
[  104.326628][ T5943]  ? sysv_inode_by_name+0xe1/0x140
[  104.331770][ T5943]  sysv_mknod+0x4e/0xe0
[  104.335935][ T5943]  ? sysv_lookup+0xe0/0xe0
[  104.340359][ T5943]  path_openat+0x1277/0x3190
[  104.344973][ T5943]  ? do_filp_open+0x3d0/0x3d0
[  104.349677][ T5943]  do_filp_open+0x1c5/0x3d0
[  104.354210][ T5943]  ? vfs_tmpfile+0x490/0x490
[  104.358840][ T5943]  ? _raw_spin_unlock+0x28/0x40
[  104.363698][ T5943]  ? alloc_fd+0x58f/0x630
[  104.368067][ T5943]  do_sys_openat2+0x12c/0x1c0
[  104.372758][ T5943]  ? do_sys_open+0xe0/0xe0
[  104.377239][ T5943]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  104.383249][ T5943]  ? lock_chain_count+0x20/0x20
[  104.388123][ T5943]  __x64_sys_openat+0x139/0x160
[  104.393028][ T5943]  do_syscall_64+0x55/0xb0
[  104.397457][ T5943]  ? clear_bhb_loop+0x40/0x90
[  104.402142][ T5943]  ? clear_bhb_loop+0x40/0x90
[  104.406843][ T5943]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  104.412764][ T5943] RIP: 0033:0x7f8f6898e929
[  104.417194][ T5943] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  104.436985][ T5943] RSP: 002b:00007ffd5b7195e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  104.445405][ T5943] RAX: ffffffffffffffda RBX: 00007f8f68bb5fa0 RCX: 00007f8f6898e929
[  104.453471][ T5943] RDX: 0000000000101042 RSI: 0000200000000180 RDI: ffffffffffffff9c
[  104.461539][ T5943] RBP: 00007f8f68a10b39 R08: 0000000000000000 R09: 0000000000000000
[  104.469513][ T5943] R10: 00000000000001b6 R11: 0000000000000246 R12: 0000000000000000
[  104.477580][ T5943] R13: 00007f8f68bb5fa0 R14: 00007f8f68bb5fa0 R15: 0000000000000004
[  104.485582][ T5943]  </TASK>
[  104.488621][ T5943] 
[  104.490962][ T5943] The buggy address belongs to the physical page:
[  104.497382][ T5943] page:ffffea0001b4f180 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x6d3c6
[  104.507558][ T5943] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  104.514693][ T5943] page_type: 0xffffffff()
[  104.519026][ T5943] raw: 00fff00000000000 ffffea0001b4f0c8 ffffea0001b4fd48 0000000000000000
[  104.527629][ T5943] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[  104.536311][ T5943] page dumped because: kasan: bad access detected
[  104.542852][ T5943] page_owner tracks the page as freed
[  104.548232][ T5943] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO), pid 5905, tgid 5905 (dhcpcd-run-hook), ts 101055668992, free_ts 101459567536
[  104.567458][ T5943]  post_alloc_hook+0x1cd/0x210
[  104.572267][ T5943]  get_page_from_freelist+0x195c/0x19f0
[  104.577837][ T5943]  __alloc_pages+0x1e3/0x460
[  104.582467][ T5943]  __folio_alloc+0x10/0x20
[  104.586894][ T5943]  vma_alloc_folio+0x47a/0x8f0
[  104.591681][ T5943]  handle_mm_fault+0x1a38/0x4920
[  104.596631][ T5943]  do_user_addr_fault+0xad0/0x12e0
[  104.601761][ T5943]  exc_page_fault+0x67/0x110
[  104.606371][ T5943]  asm_exc_page_fault+0x26/0x30
[  104.611266][ T5943] page last free stack trace:
[  104.615935][ T5943]  free_unref_page_prepare+0x7ce/0x8e0
[  104.621403][ T5943]  free_unref_page_list+0xbe/0x860
[  104.626620][ T5943]  release_pages+0x1fa0/0x2220
[  104.631403][ T5943]  tlb_flush_mmu+0x368/0x4f0
[  104.635997][ T5943]  tlb_finish_mmu+0xc3/0x1d0
[  104.640597][ T5943]  exit_mmap+0x3f0/0xb50
[  104.644851][ T5943]  __mmput+0x118/0x3c0
[  104.649024][ T5943]  exit_mm+0x1da/0x2c0
[  104.653122][ T5943]  do_exit+0x88e/0x23c0
[  104.657302][ T5943]  do_group_exit+0x21b/0x2d0
[  104.661927][ T5943]  __x64_sys_exit_group+0x3f/0x40
[  104.667057][ T5943]  do_syscall_64+0x55/0xb0
[  104.671503][ T5943]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  104.677402][ T5943] 
[  104.679736][ T5943] Memory state around the buggy address:
[  104.685361][ T5943]  ffff88806d3c6080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  104.693424][ T5943]  ffff88806d3c6100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  104.701487][ T5943] >ffff88806d3c6180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  104.709559][ T5943]                                               ^
[  104.715969][ T5943]  ffff88806d3c6200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  104.724032][ T5943]  ffff88806d3c6280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  104.732092][ T5943] ==================================================================
[  104.747799][ T5943] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  104.755058][ T5943] CPU: 1 PID: 5943 Comm: syz.0.17 Not tainted 6.6.97-syzkaller #0
[  104.763251][ T5943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  104.773342][ T5943] Call Trace:
[  104.776656][ T5943]  <TASK>
[  104.779620][ T5943]  dump_stack_lvl+0x16c/0x230
[  104.784429][ T5943]  ? show_regs_print_info+0x20/0x20
[  104.789760][ T5943]  ? load_image+0x3b0/0x3b0
[  104.794317][ T5943]  panic+0x2c0/0x710
[  104.798253][ T5943]  ? bpf_jit_dump+0xd0/0xd0
[  104.802798][ T5943]  ? _raw_spin_unlock_irqrestore+0xfa/0x110
[  104.808730][ T5943]  ? _raw_spin_unlock+0x40/0x40
[  104.813621][ T5943]  ? print_memory_metadata+0x314/0x400
[  104.819135][ T5943]  ? sysv_new_inode+0x10c5/0x1270
[  104.824193][ T5943]  check_panic_on_warn+0x84/0xa0
[  104.829171][ T5943]  ? sysv_new_inode+0x10c5/0x1270
[  104.834248][ T5943]  end_report+0x6f/0x140
[  104.838550][ T5943]  kasan_report+0x128/0x150
[  104.843137][ T5943]  ? sysv_new_inode+0x10c5/0x1270
[  104.848207][ T5943]  sysv_new_inode+0x10c5/0x1270
[  104.853087][ T5943]  ? __lock_acquire+0x7c80/0x7c80
[  104.858136][ T5943]  ? do_raw_spin_lock+0x121/0x2c0
[  104.863286][ T5943]  ? sysv_free_inode+0x7e0/0x7e0
[  104.868261][ T5943]  ? _raw_spin_unlock+0x28/0x40
[  104.873149][ T5943]  ? __d_add+0x4ec/0x810
[  104.877422][ T5943]  ? sysv_inode_by_name+0xe1/0x140
[  104.882556][ T5943]  sysv_mknod+0x4e/0xe0
[  104.886730][ T5943]  ? sysv_lookup+0xe0/0xe0
[  104.891246][ T5943]  path_openat+0x1277/0x3190
[  104.895879][ T5943]  ? do_filp_open+0x3d0/0x3d0
[  104.900775][ T5943]  do_filp_open+0x1c5/0x3d0
[  104.905304][ T5943]  ? vfs_tmpfile+0x490/0x490
[  104.909949][ T5943]  ? _raw_spin_unlock+0x28/0x40
[  104.914819][ T5943]  ? alloc_fd+0x58f/0x630
[  104.919176][ T5943]  do_sys_openat2+0x12c/0x1c0
[  104.923876][ T5943]  ? do_sys_open+0xe0/0xe0
[  104.928315][ T5943]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  104.934308][ T5943]  ? lock_chain_count+0x20/0x20
[  104.939175][ T5943]  __x64_sys_openat+0x139/0x160
[  104.944050][ T5943]  do_syscall_64+0x55/0xb0
[  104.948492][ T5943]  ? clear_bhb_loop+0x40/0x90
[  104.953193][ T5943]  ? clear_bhb_loop+0x40/0x90
[  104.957885][ T5943]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  104.963800][ T5943] RIP: 0033:0x7f8f6898e929
[  104.968239][ T5943] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  104.988045][ T5943] RSP: 002b:00007ffd5b7195e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  104.996483][ T5943] RAX: ffffffffffffffda RBX: 00007f8f68bb5fa0 RCX: 00007f8f6898e929
[  105.004467][ T5943] RDX: 0000000000101042 RSI: 0000200000000180 RDI: ffffffffffffff9c
[  105.012452][ T5943] RBP: 00007f8f68a10b39 R08: 0000000000000000 R09: 0000000000000000
[  105.020441][ T5943] R10: 00000000000001b6 R11: 0000000000000246 R12: 0000000000000000
[  105.028440][ T5943] R13: 00007f8f68bb5fa0 R14: 00007f8f68bb5fa0 R15: 0000000000000004
[  105.036446][ T5943]  </TASK>
[  105.039768][ T5943] Kernel Offset: disabled
[  105.044117][ T5943] Rebooting in 86400 seconds..