Warning: Permanently added '10.128.10.1' (ED25519) to the list of known hosts.
2025/12/04 15:59:42 parsed 1 programs
[ 93.130888][ T4618] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS
[ 95.291218][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 95.315679][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 95.323692][ T155] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 95.324909][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 95.333270][ T155] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 95.352462][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 96.067449][ T4670] chnl_net:caif_netlink_parms(): no params data found
[ 96.120851][ T4670] bridge0: port 1(bridge_slave_0) entered blocking state
[ 96.128311][ T4670] bridge0: port 1(bridge_slave_0) entered disabled state
[ 96.136412][ T4670] device bridge_slave_0 entered promiscuous mode
[ 96.144346][ T4670] bridge0: port 2(bridge_slave_1) entered blocking state
[ 96.151971][ T4670] bridge0: port 2(bridge_slave_1) entered disabled state
[ 96.159892][ T4670] device bridge_slave_1 entered promiscuous mode
[ 96.187662][ T4670] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 96.199345][ T4670] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 96.228368][ T4670] team0: Port device team_slave_0 added
[ 96.237269][ T4670] team0: Port device team_slave_1 added
[ 96.257877][ T4670] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 96.264846][ T4670] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 96.291052][ T4670] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 96.304749][ T4670] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 96.311769][ T4670] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 96.338274][ T4670] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 96.391152][ T4670] device hsr_slave_0 entered promiscuous mode
[ 96.399791][ T4670] device hsr_slave_1 entered promiscuous mode
[ 97.081962][ T4670] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 97.093257][ T4670] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 97.103967][ T4670] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 97.143147][ T4670] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 97.250540][ T4670] 8021q: adding VLAN 0 to HW filter on device bond0
[ 97.269293][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 97.277842][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 97.290420][ T4670] 8021q: adding VLAN 0 to HW filter on device team0
[ 97.329505][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 97.339048][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 97.349773][ T9] bridge0: port 1(bridge_slave_0) entered blocking state
[ 97.356992][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 97.367784][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 97.376596][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 97.385087][ T9] bridge0: port 2(bridge_slave_1) entered blocking state
[ 97.392226][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 97.401465][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 97.411431][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 97.461310][ T4670] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 97.473807][ T4670] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 97.488313][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 97.496653][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 97.505566][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 97.513941][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 97.522747][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 97.531343][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 97.539873][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 97.548424][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 97.557064][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 97.565595][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 97.573602][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 97.751730][ T4670] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 97.759373][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 97.767844][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 97.787193][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 97.797561][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 97.817443][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 97.827309][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 97.837734][ T4670] device veth0_vlan entered promiscuous mode
[ 97.845869][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 97.854064][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 97.866840][ T4670] device veth1_vlan entered promiscuous mode
[ 97.900821][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 97.909788][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 97.919527][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 97.928585][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 97.939387][ T4670] device veth0_macvtap entered promiscuous mode
[ 97.981043][ T4670] device veth1_macvtap entered promiscuous mode
[ 98.000849][ T4670] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 98.008945][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 98.017835][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 98.026621][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 98.036504][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 98.049171][ T4670] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 98.058864][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 98.068319][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 98.079730][ T4670] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 98.090300][ T4670] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 98.099582][ T4670] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 98.108995][ T4670] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
2025/12/04 15:59:51 executed programs: 0
[ 99.799990][ T4825] chnl_net:caif_netlink_parms(): no params data found
[ 99.897952][ T4825] bridge0: port 1(bridge_slave_0) entered blocking state
[ 99.909773][ T4825] bridge0: port 1(bridge_slave_0) entered disabled state
[ 99.920693][ T4825] device bridge_slave_0 entered promiscuous mode
[ 99.946009][ T4825] bridge0: port 2(bridge_slave_1) entered blocking state
[ 99.953457][ T4825] bridge0: port 2(bridge_slave_1) entered disabled state
[ 99.977108][ T4825] device bridge_slave_1 entered promiscuous mode
[ 100.024587][ T4825] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 100.050581][ T4825] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 100.104594][ T4825] team0: Port device team_slave_0 added
[ 100.127403][ T4825] team0: Port device team_slave_1 added
[ 100.163614][ T151] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 100.177942][ T4825] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 100.184893][ T4825] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 100.210957][ T4825] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 100.223543][ T4825] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 100.230617][ T4825] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 100.257266][ T4825] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 100.298214][ T4825] device hsr_slave_0 entered promiscuous mode
[ 100.305105][ T4825] device hsr_slave_1 entered promiscuous mode
[ 100.312653][ T4825] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 100.322732][ T4825] Cannot create hsr debugfs directory
[ 101.575501][ T4313] Bluetooth: hci0: command 0x0409 tx timeout
[ 103.299796][ T151] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 103.369079][ T151] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 103.415171][ T151] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 103.645502][ T4313] Bluetooth: hci0: command 0x041b tx timeout
[ 104.213427][ T4825] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 104.222527][ T4825] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 104.233057][ T4825] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 104.241708][ T4825] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 104.297682][ T4825] 8021q: adding VLAN 0 to HW filter on device bond0
[ 104.319914][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 104.328316][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 104.339914][ T4825] 8021q: adding VLAN 0 to HW filter on device team0
[ 104.357451][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 104.366856][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 104.375214][ T144] bridge0: port 1(bridge_slave_0) entered blocking state
[ 104.382287][ T144] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 104.391704][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 104.402024][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 104.411358][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 104.420157][ T144] bridge0: port 2(bridge_slave_1) entered blocking state
[ 104.427266][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 104.443803][ T151] device hsr_slave_0 left promiscuous mode
[ 104.450372][ T151] device hsr_slave_1 left promiscuous mode
[ 104.457042][ T151] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 104.464590][ T151] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 104.472672][ T151] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 104.480914][ T151] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 104.488614][ T151] device bridge_slave_1 left promiscuous mode
[ 104.494960][ T151] bridge0: port 2(bridge_slave_1) entered disabled state
[ 104.504633][ T151] device bridge_slave_0 left promiscuous mode
[ 104.511456][ T151] bridge0: port 1(bridge_slave_0) entered disabled state
[ 104.522883][ T151] device veth1_macvtap left promiscuous mode
[ 104.529730][ T151] device veth0_macvtap left promiscuous mode
[ 104.536199][ T151] device veth1_vlan left promiscuous mode
[ 104.542004][ T151] device veth0_vlan left promiscuous mode
[ 104.663803][ T151] team0 (unregistering): Port device team_slave_1 removed
[ 104.677467][ T151] team0 (unregistering): Port device team_slave_0 removed
[ 104.688910][ T151] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 104.701949][ T151] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 104.749576][ T151] bond0 (unregistering): Released all slaves
[ 104.810351][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 104.822261][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 104.833401][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 104.843500][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 104.852713][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 104.864845][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 104.873412][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 104.884681][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 104.894514][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 104.910864][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 104.920023][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 104.930396][ T4825] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 105.012420][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 105.020897][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 105.033297][ T4825] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 105.059413][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 105.068314][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 105.084707][ T4825] device veth0_vlan entered promiscuous mode
[ 105.091378][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 105.100363][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 105.110553][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 105.118635][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 105.128994][ T4825] device veth1_vlan entered promiscuous mode
[ 105.146389][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 105.154437][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 105.162737][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 105.171588][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 105.182412][ T4825] device veth0_macvtap entered promiscuous mode
[ 105.199761][ T4825] device veth1_macvtap entered promiscuous mode
[ 105.216516][ T4825] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 105.223867][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 105.233051][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 105.241773][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 105.250517][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 105.261928][ T4825] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 105.271546][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 105.282917][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 105.294173][ T4825] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 105.303978][ T4825] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 105.314254][ T4825] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 105.324806][ T4825] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 105.382448][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 105.395743][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 105.407983][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
2025/12/04 15:59:57 executed programs: 2
[ 105.430937][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 105.439271][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 105.448720][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 105.730501][ T5089] loop0: detected capacity change from 0 to 32768
[ 105.735935][ T4308] Bluetooth: hci0: command 0x040f tx timeout
[ 105.794848][ T5089] ==================================================================
[ 105.803113][ T5089] BUG: KASAN: use-after-free in jfs_readdir+0x11ca/0x3c10
[ 105.810248][ T5089] Read of size 8 at addr ffff8880774f3bd0 by task syz.0.17/5089
[ 105.817913][ T5089]
[ 105.820258][ T5089] CPU: 1 PID: 5089 Comm: syz.0.17 Not tainted syzkaller #0
[ 105.827710][ T5089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 105.837784][ T5089] Call Trace:
[ 105.841064][ T5089]
[ 105.843995][ T5089] dump_stack_lvl+0x168/0x230
[ 105.848684][ T5089] ? show_regs_print_info+0x20/0x20
[ 105.853905][ T5089] ? load_image+0x3b0/0x3b0
[ 105.858438][ T5089] ? _raw_spin_lock_irqsave+0xb0/0xf0
[ 105.863837][ T5089] ? unlock_page+0x17c/0x1f0
[ 105.868527][ T5089] print_address_description+0x60/0x2d0
[ 105.874179][ T5089] ? jfs_readdir+0x11ca/0x3c10
[ 105.878956][ T5089] kasan_report+0xdf/0x130
[ 105.883376][ T5089] ? jfs_readdir+0x11ca/0x3c10
[ 105.888150][ T5089] jfs_readdir+0x11ca/0x3c10
[ 105.892773][ T5089] ? asm_sysvec_reschedule_ipi+0x16/0x20
[ 105.898437][ T5089] ? lockdep_hardirqs_on+0x94/0x140
[ 105.903665][ T5089] ? dtInitRoot+0x660/0x660
[ 105.908258][ T5089] ? lock_acquire+0x1f2/0x3f0
[ 105.912954][ T5089] ? end_current_label_crit_section+0x14b/0x170
[ 105.919293][ T5089] ? common_file_perm+0x171/0x1c0
[ 105.924445][ T5089] iterate_dir+0x218/0x560
[ 105.928976][ T5089] __se_sys_getdents+0xe5/0x250
[ 105.933849][ T5089] ? __x64_sys_getdents+0x80/0x80
[ 105.938889][ T5089] ? fillonedir+0x4c0/0x4c0
[ 105.943424][ T5089] ? vtime_user_exit+0x2dc/0x400
[ 105.948383][ T5089] ? lockdep_hardirqs_on+0x94/0x140
[ 105.953604][ T5089] do_syscall_64+0x4c/0xa0
[ 105.958033][ T5089] ? clear_bhb_loop+0x30/0x80
[ 105.962838][ T5089] ? clear_bhb_loop+0x30/0x80
[ 105.967523][ T5089] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 105.973616][ T5089] RIP: 0033:0x7f15216a7ba9
[ 105.978046][ T5089] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 105.998116][ T5089] RSP: 002b:00007f1520d17038 EFLAGS: 00000246 ORIG_RAX: 000000000000004e
[ 106.006549][ T5089] RAX: ffffffffffffffda RBX: 00007f15218eefa0 RCX: 00007f15216a7ba9
[ 106.014594][ T5089] RDX: fffffffffffffd90 RSI: 0000000000000000 RDI: 0000000000000004
[ 106.022575][ T5089] RBP: 00007f152172ae19 R08: 0000000000000000 R09: 0000000000000000
[ 106.030641][ T5089] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 106.038781][ T5089] R13: 00007f15218ef038 R14: 00007f15218eefa0 R15: 00007ffce6eabdb8
[ 106.046946][ T5089]
[ 106.050080][ T5089]
[ 106.052410][ T5089] Allocated by task 5089:
[ 106.056724][ T5089] __kasan_slab_alloc+0x9c/0xd0
[ 106.061677][ T5089] slab_post_alloc_hook+0x4c/0x380
[ 106.067063][ T5089] kmem_cache_alloc+0x100/0x290
[ 106.072089][ T5089] mempool_alloc+0x18f/0x4e0
[ 106.076694][ T5089] __get_metapage+0x5e8/0x1060
[ 106.081733][ T5089] dtSplitRoot+0x1e5/0x1510
[ 106.086468][ T5089] dtInsert+0xe20/0x57a0
[ 106.090725][ T5089] jfs_symlink+0x70f/0xe60
[ 106.095144][ T5089] vfs_symlink+0x247/0x3d0
[ 106.099645][ T5089] do_symlinkat+0x1be/0x6c0
[ 106.104149][ T5089] __x64_sys_symlink+0x7a/0x90
[ 106.108997][ T5089] do_syscall_64+0x4c/0xa0
[ 106.113414][ T5089] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 106.119392][ T5089]
[ 106.121710][ T5089] Freed by task 5089:
[ 106.125683][ T5089] kasan_set_track+0x4b/0x70
[ 106.130272][ T5089] kasan_set_free_info+0x1f/0x40
[ 106.135288][ T5089] ____kasan_slab_free+0xd5/0x110
[ 106.140397][ T5089] slab_free_freelist_hook+0xea/0x170
[ 106.145850][ T5089] kmem_cache_free+0x8f/0x210
[ 106.150538][ T5089] release_metapage+0x97b/0xe10
[ 106.155394][ T5089] jfs_readdir+0xf6f/0x3c10
[ 106.160227][ T5089] iterate_dir+0x218/0x560
[ 106.165056][ T5089] __se_sys_getdents+0xe5/0x250
[ 106.169909][ T5089] do_syscall_64+0x4c/0xa0
[ 106.174330][ T5089] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 106.180215][ T5089]
[ 106.182521][ T5089] The buggy address belongs to the object at ffff8880774f3ba0
[ 106.182521][ T5089] which belongs to the cache jfs_mp of size 184
[ 106.196309][ T5089] The buggy address is located 48 bytes inside of
[ 106.196309][ T5089] 184-byte region [ffff8880774f3ba0, ffff8880774f3c58)
[ 106.209672][ T5089] The buggy address belongs to the page:
[ 106.215299][ T5089] page:ffffea0001dd3cc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x774f3
[ 106.225465][ T5089] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 106.233120][ T5089] raw: 00fff00000000200 0000000000000000 dead000000000122 ffff88801daafc80
[ 106.241796][ T5089] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[ 106.250672][ T5089] page dumped because: kasan: bad access detected
[ 106.257686][ T5089] page_owner tracks the page as allocated
[ 106.263469][ T5089] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192800(GFP_NOWAIT|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5089, ts 105765033595, free_ts 105728774830
[ 106.282550][ T5089] get_page_from_freelist+0x1b77/0x1c60
[ 106.288178][ T5089] __alloc_pages+0x1e1/0x470
[ 106.292764][ T5089] new_slab+0xc0/0x4b0
[ 106.296811][ T5089] ___slab_alloc+0x81e/0xdf0
[ 106.301395][ T5089] kmem_cache_alloc+0x195/0x290
[ 106.306321][ T5089] mempool_alloc+0x18f/0x4e0
[ 106.310891][ T5089] __get_metapage+0x5e8/0x1060
[ 106.315699][ T5089] diReadSpecial+0x257/0x700
[ 106.320267][ T5089] jfs_mount+0x6f/0x860
[ 106.324403][ T5089] jfs_fill_super+0x50b/0xaf0
[ 106.329069][ T5089] mount_bdev+0x287/0x3c0
[ 106.333378][ T5089] legacy_get_tree+0xe6/0x180
[ 106.338033][ T5089] vfs_get_tree+0x88/0x270
[ 106.342483][ T5089] do_new_mount+0x24a/0xa40
[ 106.346965][ T5089] __se_sys_mount+0x2d6/0x3c0
[ 106.351619][ T5089] do_syscall_64+0x4c/0xa0
[ 106.356020][ T5089] page last free stack trace:
[ 106.360672][ T5089] free_unref_page_prepare+0x637/0x6c0
[ 106.366199][ T5089] free_unref_page+0x94/0x280
[ 106.370854][ T5089] __unfreeze_partials+0x1a5/0x200
[ 106.375951][ T5089] put_cpu_partial+0x12d/0x190
[ 106.380691][ T5089] qlist_free_all+0x35/0x90
[ 106.385281][ T5089] kasan_quarantine_reduce+0x150/0x160
[ 106.390721][ T5089] __kasan_slab_alloc+0x2f/0xd0
[ 106.395548][ T5089] slab_post_alloc_hook+0x4c/0x380
[ 106.400639][ T5089] kmem_cache_alloc+0x100/0x290
[ 106.405478][ T5089] getname_flags+0xb5/0x500
[ 106.409960][ T5089] do_sys_openat2+0xcf/0x4a0
[ 106.414636][ T5089] __x64_sys_openat+0x135/0x160
[ 106.419485][ T5089] do_syscall_64+0x4c/0xa0
[ 106.423956][ T5089] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 106.429846][ T5089]
[ 106.432178][ T5089] Memory state around the buggy address:
[ 106.438061][ T5089] ffff8880774f3a80: fc fc fc fc fc 00 00 00 00 00 00 00 00 00 00 00
[ 106.446119][ T5089] ffff8880774f3b00: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[ 106.454166][ T5089] >ffff8880774f3b80: fc fc fc fc fa fb fb fb fb fb fb fb fb fb fb fb
[ 106.462210][ T5089] ^
[ 106.468869][ T5089] ffff8880774f3c00: fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc
[ 106.477020][ T5089] ffff8880774f3c80: fc fc fc 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 106.485069][ T5089] ==================================================================
[ 106.493112][ T5089] Disabling lock debugging due to kernel taint
[ 106.506086][ T5089] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 106.513482][ T5089] CPU: 0 PID: 5089 Comm: syz.0.17 Tainted: G B syzkaller #0
[ 106.522082][ T5089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 106.532226][ T5089] Call Trace:
[ 106.535509][ T5089]
[ 106.538433][ T5089] dump_stack_lvl+0x168/0x230
[ 106.543120][ T5089] ? show_regs_print_info+0x20/0x20
[ 106.548339][ T5089] ? load_image+0x3b0/0x3b0
[ 106.552851][ T5089] panic+0x2c9/0x7f0
[ 106.556752][ T5089] ? bpf_jit_dump+0xd0/0xd0
[ 106.561260][ T5089] ? _raw_spin_unlock_irqrestore+0xf6/0x100
[ 106.567256][ T5089] ? _raw_spin_unlock+0x40/0x40
[ 106.572186][ T5089] ? jfs_readdir+0x11ca/0x3c10
[ 106.576948][ T5089] check_panic_on_warn+0x80/0xa0
[ 106.581971][ T5089] ? jfs_readdir+0x11ca/0x3c10
[ 106.586802][ T5089] end_report+0x6d/0xf0
[ 106.590939][ T5089] kasan_report+0x102/0x130
[ 106.595517][ T5089] ? jfs_readdir+0x11ca/0x3c10
[ 106.600696][ T5089] jfs_readdir+0x11ca/0x3c10
[ 106.605360][ T5089] ? asm_sysvec_reschedule_ipi+0x16/0x20
[ 106.610985][ T5089] ? lockdep_hardirqs_on+0x94/0x140
[ 106.616172][ T5089] ? dtInitRoot+0x660/0x660
[ 106.620655][ T5089] ? lock_acquire+0x1f2/0x3f0
[ 106.625323][ T5089] ? end_current_label_crit_section+0x14b/0x170
[ 106.631551][ T5089] ? common_file_perm+0x171/0x1c0
[ 106.636556][ T5089] iterate_dir+0x218/0x560
[ 106.640953][ T5089] __se_sys_getdents+0xe5/0x250
[ 106.645784][ T5089] ? __x64_sys_getdents+0x80/0x80
[ 106.650787][ T5089] ? fillonedir+0x4c0/0x4c0
[ 106.655265][ T5089] ? vtime_user_exit+0x2dc/0x400
[ 106.660192][ T5089] ? lockdep_hardirqs_on+0x94/0x140
[ 106.665391][ T5089] do_syscall_64+0x4c/0xa0
[ 106.669788][ T5089] ? clear_bhb_loop+0x30/0x80
[ 106.674446][ T5089] ? clear_bhb_loop+0x30/0x80
[ 106.679099][ T5089] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 106.684970][ T5089] RIP: 0033:0x7f15216a7ba9
[ 106.689368][ T5089] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 106.708956][ T5089] RSP: 002b:00007f1520d17038 EFLAGS: 00000246 ORIG_RAX: 000000000000004e
[ 106.717349][ T5089] RAX: ffffffffffffffda RBX: 00007f15218eefa0 RCX: 00007f15216a7ba9
[ 106.725317][ T5089] RDX: fffffffffffffd90 RSI: 0000000000000000 RDI: 0000000000000004
[ 106.733285][ T5089] RBP: 00007f152172ae19 R08: 0000000000000000 R09: 0000000000000000
[ 106.741241][ T5089] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 106.749196][ T5089] R13: 00007f15218ef038 R14: 00007f15218eefa0 R15: 00007ffce6eabdb8
[ 106.757282][ T5089]
[ 106.760507][ T5089] Kernel Offset: disabled
[ 106.764829][ T5089] Rebooting in 86400 seconds..