Warning: Permanently added '10.128.1.13' (ED25519) to the list of known hosts. 1970/01/01 00:01:01 parsed 1 programs [ 62.722335][ T4451] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 65.369843][ T4550] chnl_net:caif_netlink_parms(): no params data found [ 65.388633][ T4550] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.389756][ T4550] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.392000][ T4550] device bridge_slave_0 entered promiscuous mode [ 65.394050][ T4550] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.395105][ T4550] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.396441][ T4550] device bridge_slave_1 entered promiscuous mode [ 65.403718][ T4550] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 65.406003][ T4550] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 65.413341][ T4550] team0: Port device team_slave_0 added [ 65.415160][ T4550] team0: Port device team_slave_1 added [ 65.421248][ T4550] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 65.422408][ T4550] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 65.426176][ T4550] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 65.428311][ T4550] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 65.429392][ T4550] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 65.433719][ T4550] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 65.493431][ T4550] device hsr_slave_0 entered promiscuous mode [ 65.532278][ T4550] device hsr_slave_1 entered promiscuous mode [ 66.110456][ T4550] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 66.145075][ T4550] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 66.164239][ T4550] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 66.223222][ T4550] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 66.411424][ T4550] 8021q: adding VLAN 0 to HW filter on device bond0 [ 66.427282][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 66.428726][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 66.431672][ T4550] 8021q: adding VLAN 0 to HW filter on device team0 [ 66.434499][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 66.436062][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 66.437388][ T136] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.438440][ T136] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.441649][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 66.455390][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 66.456919][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 66.458356][ T148] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.459372][ T148] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.462571][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 66.473035][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 66.476081][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 66.478092][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 66.479785][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 66.487158][ T4550] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 66.488705][ T4550] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 66.490836][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 66.493201][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 66.494891][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 66.496637][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 66.503795][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 66.505367][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 66.507505][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 66.607089][ T4550] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.619433][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 66.620664][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 66.623959][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 66.625556][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 66.633145][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 66.634718][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 66.636325][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 66.637704][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 66.645073][ T4550] device veth0_vlan entered promiscuous mode [ 66.651153][ T4550] device veth1_vlan entered promiscuous mode [ 66.665761][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 66.667257][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 66.668605][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 66.670136][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 66.673428][ T4550] device veth0_macvtap entered promiscuous mode [ 66.678384][ T4550] device veth1_macvtap entered promiscuous mode [ 66.686733][ T4550] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 66.687993][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 66.689376][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 66.690685][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 66.693185][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 66.704142][ T4550] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 66.706356][ T4550] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.707699][ T4550] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.709000][ T4550] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.710231][ T4550] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.712127][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 66.713865][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 67.187594][ T9] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 67.208638][ T292] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.210006][ T292] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.211513][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 67.222757][ T4236] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.224056][ T4236] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.225800][ T4236] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 1970/01/01 00:01:07 executed programs: 0 [ 67.765809][ T4805] chnl_net:caif_netlink_parms(): no params data found [ 67.785843][ T4805] bridge0: port 1(bridge_slave_0) entered blocking state [ 67.787038][ T4805] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.788527][ T4805] device bridge_slave_0 entered promiscuous mode [ 67.790595][ T4805] bridge0: port 2(bridge_slave_1) entered blocking state [ 67.791632][ T4805] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.793547][ T4805] device bridge_slave_1 entered promiscuous mode [ 67.801771][ T4805] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 67.804266][ T4805] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 67.812497][ T4805] team0: Port device team_slave_0 added [ 67.814534][ T4805] team0: Port device team_slave_1 added [ 67.821876][ T4805] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 67.823640][ T4805] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 67.827776][ T4805] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 67.830164][ T4805] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 67.831163][ T4805] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 67.835089][ T4805] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 67.893304][ T4805] device hsr_slave_0 entered promiscuous mode [ 67.912582][ T4805] device hsr_slave_1 entered promiscuous mode [ 67.952163][ T4805] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 67.953395][ T4805] Cannot create hsr debugfs directory [ 69.623767][ T2388] cfg80211: failed to load regulatory.db [ 69.625711][ T2063] ieee802154 phy0 wpan0: encryption failed: -22 [ 69.626727][ T2063] ieee802154 phy1 wpan1: encryption failed: -22 [ 69.782111][ T21] Bluetooth: hci0: command 0x0409 tx timeout [ 69.995088][ T9] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.872178][ T2388] Bluetooth: hci0: command 0x041b tx timeout [ 72.444857][ T9] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 72.485781][ T9] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 73.625628][ T4805] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 73.663483][ T4805] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 73.723516][ T4805] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 73.763446][ T4805] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 73.835738][ T4805] 8021q: adding VLAN 0 to HW filter on device bond0 [ 73.839535][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 73.841049][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 73.844135][ T4805] 8021q: adding VLAN 0 to HW filter on device team0 [ 73.846553][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 73.848119][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 73.849560][ T292] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.850631][ T292] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.853196][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 73.856211][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 73.857816][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 73.859150][ T292] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.860252][ T292] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.863154][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 73.865923][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 73.868522][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 73.870477][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 73.873516][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 73.876109][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 73.877670][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 73.880242][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 73.881694][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 73.897363][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 73.899015][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 73.901443][ T4805] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 73.938600][ T4236] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 73.939951][ T4236] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 73.943105][ T4166] Bluetooth: hci0: command 0x040f tx timeout [ 73.957333][ T4805] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 73.963698][ T4236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 73.965434][ T4236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 73.971836][ T4236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 73.973959][ T4236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 73.976137][ T4236] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 73.977549][ T4236] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 73.979231][ T4805] device veth0_vlan entered promiscuous mode [ 73.983174][ T4805] device veth1_vlan entered promiscuous mode [ 73.994123][ T4236] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 73.995841][ T4236] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 73.997229][ T4236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 73.998716][ T4236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 74.000994][ T4805] device veth0_macvtap entered promiscuous mode [ 74.003903][ T4805] device veth1_macvtap entered promiscuous mode [ 74.008566][ T4805] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 74.010207][ T4805] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.014357][ T4805] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 74.023243][ T4236] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 74.024837][ T4236] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 74.026229][ T4236] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 74.027671][ T4236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 74.030011][ T4805] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.031748][ T4805] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.034222][ T4805] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 74.035662][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 74.037317][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 74.039727][ T4805] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.041099][ T4805] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.042676][ T4805] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.044063][ T4805] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.061835][ T4236] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.068112][ T4236] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.069686][ T4236] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 74.071060][ T292] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.072328][ T292] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.074081][ T4236] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 1970/01/01 00:01:14 executed programs: 2 [ 74.198602][ T5020] loop0: detected capacity change from 0 to 32768 [ 74.234475][ T5020] ======================================================= [ 74.234475][ T5020] WARNING: The mand mount option has been deprecated and [ 74.234475][ T5020] and is ignored by this kernel. Remove the mand [ 74.234475][ T5020] option from the mount to silence this warning. [ 74.234475][ T5020] ======================================================= [ 74.252466][ T136] ================================================================================ [ 74.253882][ T136] UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:2325:2 [ 74.254992][ T136] index 2621480 is out of range for type 's64[128]' (aka 'long long[128]') [ 74.256311][ T136] CPU: 0 PID: 136 Comm: kworker/u4:1 Not tainted syzkaller #0 [ 74.257444][ T136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 74.259027][ T136] Workqueue: writeback wb_workfn (flush-7:0) [ 74.259995][ T136] Call trace: [ 74.260521][ T136] dump_backtrace+0x0/0x43c [ 74.261188][ T136] show_stack+0x2c/0x3c [ 74.261833][ T136] __dump_stack+0x30/0x40 [ 74.262548][ T136] dump_stack_lvl+0xf8/0x160 [ 74.263322][ T136] dump_stack+0x1c/0x5c [ 74.263921][ T136] ubsan_epilogue+0x14/0x48 [ 74.264565][ T136] __ubsan_handle_out_of_bounds+0xd4/0x108 [ 74.265405][ T136] dbAllocBits+0x874/0x8bc [ 74.266022][ T136] dbAllocNear+0x25c/0x350 [ 74.266744][ T136] dbAlloc+0x760/0x978 [ 74.267413][ T136] extAlloc+0x3f4/0xdc4 [ 74.268075][ T136] jfs_get_block+0x2bc/0x8ec [ 74.268785][ T136] __mpage_writepage+0x390/0x154c [ 74.269600][ T136] write_cache_pages+0x7c8/0xde4 [ 74.270455][ T136] mpage_writepages+0xe4/0x218 [ 74.271267][ T136] jfs_writepages+0x30/0x40 [ 74.272022][ T136] do_writepages+0x36c/0x578 [ 74.272811][ T136] __writeback_single_inode+0x148/0x11f0 [ 74.273773][ T136] writeback_sb_inodes+0x7fc/0x1378 [ 74.274617][ T136] wb_writeback+0x3d8/0xe44 [ 74.275368][ T136] wb_workfn+0x350/0xdd8 [ 74.275985][ T136] process_one_work+0x79c/0x1140 [ 74.276739][ T136] worker_thread+0x8f4/0x101c [ 74.277495][ T136] kthread+0x374/0x454 [ 74.278122][ T136] ret_from_fork+0x10/0x20 [ 74.279580][ T136] ================================================================================ [ 74.281066][ T136] ================================================================================ [ 74.282651][ T136] UBSAN: array-index-out-of-bounds in fs/jfs/jfs_extent.c:545:16 [ 74.283770][ T136] index 2621480 is out of range for type 'atomic_t[128]' [ 74.284868][ T136] CPU: 0 PID: 136 Comm: kworker/u4:1 Not tainted syzkaller #0 [ 74.286051][ T136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 74.287707][ T136] Workqueue: writeback wb_workfn (flush-7:0) [ 74.288687][ T136] Call trace: [ 74.289188][ T136] dump_backtrace+0x0/0x43c [ 74.289860][ T136] show_stack+0x2c/0x3c [ 74.290497][ T136] __dump_stack+0x30/0x40 [ 74.291168][ T136] dump_stack_lvl+0xf8/0x160 [ 74.291868][ T136] dump_stack+0x1c/0x5c [ 74.292482][ T136] ubsan_epilogue+0x14/0x48 [ 74.293122][ T136] __ubsan_handle_out_of_bounds+0xd4/0x108 [ 74.293980][ T136] extAlloc+0xc90/0xdc4 [ 74.294663][ T136] jfs_get_block+0x2bc/0x8ec [ 74.295432][ T136] __mpage_writepage+0x390/0x154c [ 74.296265][ T136] write_cache_pages+0x7c8/0xde4 [ 74.297072][ T136] mpage_writepages+0xe4/0x218 [ 74.297905][ T136] jfs_writepages+0x30/0x40 [ 74.298712][ T136] do_writepages+0x36c/0x578 [ 74.299445][ T136] __writeback_single_inode+0x148/0x11f0 [ 74.300297][ T136] writeback_sb_inodes+0x7fc/0x1378 [ 74.301142][ T136] wb_writeback+0x3d8/0xe44 [ 74.301796][ T136] wb_workfn+0x350/0xdd8 [ 74.302422][ T136] process_one_work+0x79c/0x1140 [ 74.303176][ T136] worker_thread+0x8f4/0x101c [ 74.303910][ T136] kthread+0x374/0x454 [ 74.304522][ T136] ret_from_fork+0x10/0x20 [ 74.305287][ T136] ================================================================================ [ 74.306873][ T136] ================================================================== [ 74.308166][ T136] BUG: KASAN: slab-out-of-bounds in extAlloc+0x6a4/0xdc4 [ 74.309293][ T136] Write of size 4 at addr ffff0000c2e5d580 by task kworker/u4:1/136 [ 74.310562][ T136] [ 74.310915][ T136] CPU: 0 PID: 136 Comm: kworker/u4:1 Not tainted syzkaller #0 [ 74.312032][ T136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 74.313654][ T136] Workqueue: writeback wb_workfn (flush-7:0) [ 74.314671][ T136] Call trace: [ 74.315230][ T136] dump_backtrace+0x0/0x43c [ 74.316019][ T136] show_stack+0x2c/0x3c [ 74.316698][ T136] __dump_stack+0x30/0x40 [ 74.317415][ T136] dump_stack_lvl+0xf8/0x160 [ 74.318095][ T136] print_address_description+0x78/0x30c [ 74.318980][ T136] kasan_report+0xec/0x15c [ 74.319723][ T136] kasan_check_range+0x270/0x2b0 [ 74.320488][ T136] __kasan_check_write+0x44/0x54 [ 74.321210][ T136] extAlloc+0x6a4/0xdc4 [ 74.321916][ T136] jfs_get_block+0x2bc/0x8ec [ 74.322672][ T136] __mpage_writepage+0x390/0x154c [ 74.323493][ T136] write_cache_pages+0x7c8/0xde4 [ 74.324307][ T136] mpage_writepages+0xe4/0x218 [ 74.325096][ T136] jfs_writepages+0x30/0x40 [ 74.325829][ T136] do_writepages+0x36c/0x578 [ 74.326584][ T136] __writeback_single_inode+0x148/0x11f0 [ 74.327501][ T136] writeback_sb_inodes+0x7fc/0x1378 [ 74.328271][ T136] wb_writeback+0x3d8/0xe44 [ 74.329002][ T136] wb_workfn+0x350/0xdd8 [ 74.329665][ T136] process_one_work+0x79c/0x1140 [ 74.330419][ T136] worker_thread+0x8f4/0x101c [ 74.331119][ T136] kthread+0x374/0x454 [ 74.331704][ T136] ret_from_fork+0x10/0x20 [ 74.332379][ T136] [ 74.332720][ T136] Allocated by task 4650: [ 74.333384][ T136] __kasan_kmalloc+0xb0/0xf0 [ 74.334046][ T136] __kmalloc+0x298/0x44c [ 74.334649][ T136] tomoyo_realpath_from_path+0xcc/0x510 [ 74.335439][ T136] tomoyo_path_perm+0x1b4/0x440 [ 74.336147][ T136] tomoyo_inode_getattr+0x28/0x38 [ 74.336906][ T136] security_inode_getattr+0xd8/0x124 [ 74.337769][ T136] __arm64_sys_newfstat+0xe8/0x1d0 [ 74.338607][ T136] invoke_syscall+0x98/0x2b8 [ 74.339394][ T136] el0_svc_common+0x138/0x258 [ 74.340164][ T136] do_el0_svc+0x58/0x14c [ 74.340870][ T136] el0_svc+0x78/0x1e0 [ 74.341517][ T136] el0t_64_sync_handler+0xcc/0xe4 [ 74.342306][ T136] el0t_64_sync+0x1a0/0x1a4 [ 74.343066][ T136] [ 74.343443][ T136] Freed by task 4650: [ 74.344072][ T136] kasan_set_track+0x4c/0x84 [ 74.344842][ T136] kasan_set_free_info+0x28/0x4c [ 74.345659][ T136] ____kasan_slab_free+0x118/0x164 [ 74.346495][ T136] __kasan_slab_free+0x18/0x28 [ 74.347268][ T136] slab_free_freelist_hook+0x128/0x1e8 [ 74.348106][ T136] kfree+0x170/0x40c [ 74.348712][ T136] tomoyo_realpath_from_path+0x4c8/0x510 [ 74.349611][ T136] tomoyo_path_perm+0x1b4/0x440 [ 74.350397][ T136] tomoyo_inode_getattr+0x28/0x38 [ 74.351170][ T136] security_inode_getattr+0xd8/0x124 [ 74.352006][ T136] __arm64_sys_newfstat+0xe8/0x1d0 [ 74.352769][ T136] invoke_syscall+0x98/0x2b8 [ 74.353463][ T136] el0_svc_common+0x138/0x258 [ 74.354180][ T136] do_el0_svc+0x58/0x14c [ 74.354855][ T136] el0_svc+0x78/0x1e0 [ 74.355454][ T136] el0t_64_sync_handler+0xcc/0xe4 [ 74.356214][ T136] el0t_64_sync+0x1a0/0x1a4 [ 74.356846][ T136] [ 74.357158][ T136] The buggy address belongs to the object at ffff0000c2e5c000 [ 74.357158][ T136] which belongs to the cache kmalloc-4k of size 4096 [ 74.359281][ T136] The buggy address is located 1408 bytes to the right of [ 74.359281][ T136] 4096-byte region [ffff0000c2e5c000, ffff0000c2e5d000) [ 74.361571][ T136] The buggy address belongs to the page: [ 74.362471][ T136] page:000000007c527c55 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102e58 [ 74.363984][ T136] head:000000007c527c55 order:3 compound_mapcount:0 compound_pincount:0 [ 74.365239][ T136] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 74.366476][ T136] raw: 05ffc00000010200 0000000000000000 dead000000000122 ffff0000c0002a80 [ 74.367753][ T136] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 74.369079][ T136] page dumped because: kasan: bad access detected [ 74.370042][ T136] [ 74.370372][ T136] Memory state around the buggy address: [ 74.371191][ T136] ffff0000c2e5d480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.372423][ T136] ffff0000c2e5d500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.373708][ T136] >ffff0000c2e5d580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.375063][ T136] ^ [ 74.375708][ T136] ffff0000c2e5d600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.376911][ T136] ffff0000c2e5d680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.378228][ T136] ================================================================== [ 74.379506][ T136] Disabling lock debugging due to kernel taint [ 74.381889][ T136] attempt to access beyond end of device [ 74.381889][ T136] loop0: rw=1, want=171801313640, limit=32768 [ 74.384472][ T247] blkno = 50005002c, nblocks = 1 [ 74.385297][ T247] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 74.385297][ T247] [ 74.386948][ T247] ERROR: (device loop0): remounting filesystem as read-only [ 75.071872][ T5023] loop0: detected capacity change from 0 to 32768 [ 75.124141][ T292] attempt to access beyond end of device [ 75.124141][ T292] loop0: rw=1, want=171801313640, limit=32768 [ 75.126186][ T248] blkno = 50005002c, nblocks = 1 [ 75.126985][ T248] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 75.126985][ T248] [ 75.128624][ T248] ERROR: (device loop0): remounting filesystem as read-only [ 75.254129][ T5025] loop0: detected capacity change from 0 to 32768 [ 75.311438][ T4236] attempt to access beyond end of device [ 75.311438][ T4236] loop0: rw=1, want=171801313640, limit=32768 [ 75.313639][ T247] blkno = 50005002c, nblocks = 1 [ 75.314385][ T247] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 75.314385][ T247] [ 75.316084][ T247] ERROR: (device loop0): remounting filesystem as read-only [ 75.720879][ T5027] loop0: detected capacity change from 0 to 32768 [ 75.768510][ T136] attempt to access beyond end of device [ 75.768510][ T136] loop0: rw=1, want=171801313640, limit=32768 [ 75.770513][ T248] blkno = 50005002c, nblocks = 1 [ 75.771275][ T248] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 75.771275][ T248] [ 75.772857][ T248] ERROR: (device loop0): remounting filesystem as read-only [ 75.893669][ T9] device hsr_slave_0 left promiscuous mode [ 75.932291][ T9] device hsr_slave_1 left promiscuous mode [ 76.022106][ T13] Bluetooth: hci0: command 0x0419 tx timeout [ 76.042116][ T9] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 76.043311][ T9] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 76.044650][ T9] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 76.045726][ T9] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 76.047041][ T9] device bridge_slave_1 left promiscuous mode [ 76.048070][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.092506][ T9] device bridge_slave_0 left promiscuous mode [ 76.093521][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.212190][ T9] device veth1_macvtap left promiscuous mode [ 76.213195][ T9] device veth0_macvtap left promiscuous mode [ 76.214109][ T9] device veth1_vlan left promiscuous mode [ 76.214998][ T9] device veth0_vlan left promiscuous mode [ 76.281641][ T9] team0 (unregistering): Port device team_slave_1 removed [ 76.286636][ T9] team0 (unregistering): Port device team_slave_0 removed [ 76.289688][ T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 76.325047][ T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 76.405174][ T9] bond0 (unregistering): Released all slaves [ 76.421816][ T5029] loop0: detected capacity change from 0 to 32768 [ 76.469310][ T408] attempt to access beyond end of device [ 76.469310][ T408] loop0: rw=1, want=171801313640, limit=32768 [ 76.471387][ T248] blkno = 50005002c, nblocks = 1 [ 76.472226][ T248] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 76.472226][ T248] [ 76.473886][ T248] ERROR: (device loop0): remounting filesystem as read-only [ 77.131028][ T5033] loop0: detected capacity change from 0 to 32768 [ 77.189282][ T136] attempt to access beyond end of device [ 77.189282][ T136] loop0: rw=1, want=171801313640, limit=32768 [ 77.191346][ T247] blkno = 50005002c, nblocks = 1 [ 77.192040][ T247] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 77.192040][ T247] [ 77.193722][ T247] ERROR: (device loop0): remounting filesystem as read-only [ 77.868913][ T5035] loop0: detected capacity change from 0 to 32768 [ 77.934487][ T148] attempt to access beyond end of device [ 77.934487][ T148] loop0: rw=1, want=171801313640, limit=32768 [ 77.936598][ T248] blkno = 50005002c, nblocks = 1 [ 77.937417][ T248] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 77.937417][ T248] [ 77.939046][ T248] ERROR: (device loop0): remounting filesystem as read-only [ 78.608422][ T5037] loop0: detected capacity change from 0 to 32768 [ 78.666935][ T148] attempt to access beyond end of device [ 78.666935][ T148] loop0: rw=1, want=171801313640, limit=32768 [ 78.669269][ T248] blkno = 50005002c, nblocks = 1 [ 78.670075][ T248] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 78.670075][ T248] [ 78.671803][ T248] ERROR: (device loop0): remounting filesystem as read-only [ 78.753215][ T5039] loop0: detected capacity change from 0 to 32768 [ 78.763067][ T136] attempt to access beyond end of device [ 78.763067][ T136] loop0: rw=1, want=171801313640, limit=32768 [ 78.765195][ T247] blkno = 50005002c, nblocks = 1 [ 78.765979][ T247] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 78.765979][ T247] [ 78.767533][ T247] ERROR: (device loop0): remounting filesystem as read-only [ 79.449809][ T5041] loop0: detected capacity change from 0 to 32768 [ 79.490007][ T136] attempt to access beyond end of device [ 79.490007][ T136] loop0: rw=1, want=171801313640, limit=32768 [ 79.491977][ T248] blkno = 50005002c, nblocks = 1 [ 79.492770][ T248] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 79.492770][ T248] [ 79.494808][ T248] ERROR: (device loop0): remounting filesystem as read-only 1970/01/01 00:01:19 executed programs: 12 [ 80.159157][ T5043] loop0: detected capacity change from 0 to 32768 [ 80.209318][ T4236] attempt to access beyond end of device [ 80.209318][ T4236] loop0: rw=1, want=171801313640, limit=32768 [ 80.211347][ T247] blkno = 50005002c, nblocks = 1 [ 80.212228][ T247] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 80.212228][ T247] [ 80.213873][ T247] ERROR: (device loop0): remounting filesystem as read-only [ 80.890866][ T5045] loop0: detected capacity change from 0 to 32768 [ 80.944865][ T408] attempt to access beyond end of device [ 80.944865][ T408] loop0: rw=1, want=171801313640, limit=32768 [ 80.946969][ T247] blkno = 50005002c, nblocks = 1 [ 80.947711][ T247] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 80.947711][ T247] [ 80.949564][ T247] ERROR: (device loop0): remounting filesystem as read-only [ 81.607592][ T5047] loop0: detected capacity change from 0 to 32768 [ 81.687021][ T136] attempt to access beyond end of device [ 81.687021][ T136] loop0: rw=1, want=171801313640, limit=32768 [ 81.689697][ T248] blkno = 50005002c, nblocks = 1 [ 81.690472][ T248] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 81.690472][ T248] [ 81.692374][ T248] ERROR: (device loop0): remounting filesystem as read-only [ 81.783953][ T9] Unable to handle kernel paging request at virtual address ffdf8018486a421f [ 81.785404][ T9] Mem abort info: [ 81.785944][ T9] ESR = 0x0000000096000004 [ 81.786596][ T9] EC = 0x25: DABT (current EL), IL = 32 bits [ 81.787454][ T9] SET = 0, FnV = 0 [ 81.788015][ T9] EA = 0, S1PTW = 0 [ 81.788585][ T9] FSC = 0x04: level 0 translation fault [ 81.789381][ T9] Data abort info: [ 81.789918][ T9] ISV = 0, ISS = 0x00000004 [ 81.790547][ T9] CM = 0, WnR = 0 [ 81.791080][ T9] [ffdf8018486a421f] address between user and kernel address ranges [ 81.792154][ T9] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 81.793131][ T9] Modules linked in: [ 81.793663][ T9] CPU: 1 PID: 9 Comm: kworker/u4:0 Tainted: G B syzkaller #0 [ 81.794800][ T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 81.796298][ T9] Workqueue: netns cleanup_net [ 81.797013][ T9] pstate: 02400005 (nzcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 81.798110][ T9] pc : rb_erase+0x524/0xb9c [ 81.798754][ T9] lr : drop_sysctl_table+0x1e8/0x39c [ 81.799521][ T9] sp : ffff80001b2f7150 [ 81.800111][ T9] x29: ffff80001b2f7160 x28: 1fffe00018486a2e x27: dfff800000000000 [ 81.801259][ T9] x26: 1fffe00018486a2f x25: 0000000000000001 x24: ff0000c2435210ff [ 81.802395][ T9] x23: ffff0000c24350d7 x22: ffff0000c24350cf x21: ffff0000c2435178 [ 81.803651][ T9] x20: ffff0000c2435170 x19: 1fffe00018486a19 x18: 0000000000000000 [ 81.804840][ T9] x17: 0000000000000000 x16: ffff8000082d5fac x15: 0000000000000001 [ 81.806153][ T9] x14: 000000000820d950 x13: 0000000000000003 x12: ffff70000365ee1c [ 81.807462][ T9] x11: 1ffff0000365ee1c x10: 0000000000000004 x9 : 5432dafcd1627200 [ 81.808789][ T9] x8 : 1fe00018486a421f x7 : 0000000000000000 x6 : ffff800008ae91c4 [ 81.810005][ T9] x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff8000082d60cc [ 81.811288][ T9] x2 : 0000000000000001 x1 : ffff0000cb909e50 x0 : ffff0000c2435058 [ 81.812615][ T9] Call trace: [ 81.813120][ T9] rb_erase+0x524/0xb9c [ 81.813729][ T9] drop_sysctl_table+0x1e8/0x39c [ 81.814454][ T9] unregister_sysctl_table+0x94/0x134 [ 81.815334][ T9] unregister_net_sysctl_table+0x20/0x30 [ 81.816207][ T9] neigh_sysctl_unregister+0x78/0x9c [ 81.817026][ T9] addrconf_ifdown+0x1368/0x1688 [ 81.817757][ T9] addrconf_notify+0x2f4/0xc6c [ 81.818453][ T9] raw_notifier_call_chain+0xd4/0x164 [ 81.819275][ T9] unregister_netdevice_many+0xe10/0x17d0 [ 81.820265][ T9] ieee80211_remove_interfaces+0x38c/0x5ec [ 81.821251][ T9] ieee80211_unregister_hw+0x5c/0x1ec [ 81.822064][ T9] mac80211_hwsim_del_radio+0x210/0x3a8 [ 81.822882][ T9] hwsim_exit_net+0x49c/0x558 [ 81.823576][ T9] cleanup_net+0x5c4/0xa98 [ 81.824315][ T9] process_one_work+0x79c/0x1140 [ 81.825117][ T9] worker_thread+0x8f4/0x101c [ 81.825858][ T9] kthread+0x374/0x454 [ 81.826516][ T9] ret_from_fork+0x10/0x20 [ 81.827224][ T9] Code: 977ca16c f94002f8 b4000118 d343ff08 (387b6908) [ 81.828356][ T9] ---[ end trace d815181235f13108 ]--- [ 82.047692][ T9] Kernel panic - not syncing: Oops: Fatal exception [ 82.048693][ T9] SMP: stopping secondary CPUs [ 82.049548][ T9] Kernel Offset: disabled [ 82.050228][ T9] CPU features: 0x8,000003c1,7d33ffd9 [ 82.051018][ T9] Memory Limit: none [ 82.270064][ T9] Rebooting in 86400 seconds..