Warning: Permanently added '10.128.1.120' (ED25519) to the list of known hosts. 2025/09/24 08:25:50 parsed 1 programs [ 87.711275][ T5521] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 89.373374][ T2544] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.381454][ T2544] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.403805][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.411769][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.254112][ T5577] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.261826][ T5577] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.269210][ T5577] bridge_slave_0: entered allmulticast mode [ 90.275917][ T5577] bridge_slave_0: entered promiscuous mode [ 90.291182][ T5577] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.299148][ T5577] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.306284][ T5577] bridge_slave_1: entered allmulticast mode [ 90.313260][ T5577] bridge_slave_1: entered promiscuous mode [ 90.439187][ T5577] team0: Port device team_slave_0 added [ 90.447842][ T5577] team0: Port device team_slave_1 added [ 90.570144][ T5577] hsr_slave_0: entered promiscuous mode [ 90.576546][ T5577] hsr_slave_1: entered promiscuous mode [ 91.145317][ T5577] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 91.157805][ T5577] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 91.179103][ T5577] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 91.189242][ T5577] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 91.217917][ T5577] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.225450][ T5577] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.233255][ T5577] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.240539][ T5577] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.304209][ T60] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.314935][ T60] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.080631][ T5577] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.092069][ T2544] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.099311][ T2544] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.129629][ T2544] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.136834][ T2544] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.162325][ T5577] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 93.033077][ T5577] veth0_vlan: entered promiscuous mode [ 93.045350][ T5577] veth1_vlan: entered promiscuous mode [ 93.401938][ T5577] veth0_macvtap: entered promiscuous mode [ 93.411776][ T5577] veth1_macvtap: entered promiscuous mode [ 93.442172][ T5577] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.451868][ T5577] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.462171][ T5577] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.472027][ T5577] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.713845][ T2950] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 94.548148][ T2950] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 94.984505][ T2950] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 95.514900][ T2950] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 2025/09/24 08:25:59 executed programs: 0 [ 96.271841][ T5930] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.279157][ T5930] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.286312][ T5930] bridge_slave_0: entered allmulticast mode [ 96.293373][ T5930] bridge_slave_0: entered promiscuous mode [ 96.311396][ T5930] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.318725][ T5930] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.325902][ T5930] bridge_slave_1: entered allmulticast mode [ 96.333396][ T5930] bridge_slave_1: entered promiscuous mode [ 96.452786][ T2950] hsr_slave_0: left promiscuous mode [ 96.467159][ T2950] hsr_slave_1: left promiscuous mode [ 96.473148][ T2950] bridge_slave_1: left allmulticast mode [ 96.479342][ T2950] bridge_slave_1: left promiscuous mode [ 96.485063][ T2950] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.499149][ T2950] bridge_slave_0: left allmulticast mode [ 96.504825][ T2950] bridge_slave_0: left promiscuous mode [ 96.510956][ T2950] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.525679][ T2950] veth1_macvtap: left promiscuous mode [ 96.532474][ T2950] veth0_macvtap: left promiscuous mode [ 96.538498][ T2950] veth1_vlan: left promiscuous mode [ 96.543946][ T2950] veth0_vlan: left promiscuous mode [ 96.843310][ T2950] team0 (unregistering): Port device team_slave_1 removed [ 96.873601][ T2950] team0 (unregistering): Port device team_slave_0 removed [ 97.121348][ T5930] team0: Port device team_slave_0 added [ 97.129238][ T5930] team0: Port device team_slave_1 added [ 97.310023][ T5930] hsr_slave_0: entered promiscuous mode [ 97.317309][ T5930] hsr_slave_1: entered promiscuous mode [ 97.909270][ T5930] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 97.921520][ T5930] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 97.950303][ T5930] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 97.960448][ T5930] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 98.831934][ T5930] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.844849][ T2950] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.852571][ T2950] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.876292][ T2950] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.883476][ T2950] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.905686][ T5930] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 98.919431][ T5930] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 99.772825][ T5930] veth0_vlan: entered promiscuous mode [ 99.784173][ T5930] veth1_vlan: entered promiscuous mode [ 100.140907][ T5930] veth0_macvtap: entered promiscuous mode [ 100.153426][ T5930] veth1_macvtap: entered promiscuous mode [ 100.179612][ T5930] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.189215][ T5930] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.199656][ T5930] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.208894][ T5930] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.275862][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.288745][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.310956][ T2950] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.320629][ T2950] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.451945][ T6216] syz.1.16[6216]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 100.680070][ T6216] loop1: detected capacity change from 0 to 32768 [ 100.705245][ T6216] [ 100.705245][ T6216] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 100.705245][ T6216] [ 100.725174][ T6216] read_mapping_page failed! [ 100.735591][ T6216] ERROR: (device loop1): txCommit: [ 100.735591][ T6216] [ 100.745539][ T6216] read_mapping_page failed! [ 100.751414][ T6216] ERROR: (device loop1): txCommit: [ 100.751414][ T6216] [ 100.766875][ T6216] ================================================================== [ 100.774973][ T6216] BUG: KASAN: slab-out-of-bounds in dtSplitPage+0x1051/0x3150 [ 100.782477][ T6216] Read of size 1 at addr ffff8880719fbfd5 by task syz.1.16/6216 [ 100.790128][ T6216] [ 100.792557][ T6216] CPU: 0 PID: 6216 Comm: syz.1.16 Not tainted syzkaller #0 [ 100.799760][ T6216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 100.809841][ T6216] Call Trace: [ 100.813138][ T6216] [ 100.816109][ T6216] dump_stack_lvl+0x168/0x230 [ 100.820816][ T6216] ? read_lock_is_recursive+0x20/0x20 [ 100.826220][ T6216] ? show_regs_print_info+0x20/0x20 [ 100.831440][ T6216] ? load_image+0x630/0x630 [ 100.835957][ T6216] ? _raw_spin_lock_irqsave+0xa6/0xe0 [ 100.841349][ T6216] ? __virt_addr_valid+0x16c/0x380 [ 100.846475][ T6216] ? __virt_addr_valid+0x2c5/0x380 [ 100.851603][ T6216] print_report+0xac/0x220 [ 100.856032][ T6216] ? dtSplitPage+0x1051/0x3150 [ 100.860809][ T6216] kasan_report+0x117/0x150 [ 100.865410][ T6216] ? dtSplitPage+0x1051/0x3150 [ 100.870197][ T6216] dtSplitPage+0x1051/0x3150 [ 100.874805][ T6216] ? dbAllocAG+0x1ee/0xb80 [ 100.879233][ T6216] ? dbAlloc+0x766/0xad0 [ 100.883491][ T6216] dtInsert+0xfeb/0x5610 [ 100.887751][ T6216] ? __kmem_cache_free+0xba/0x1f0 [ 100.892793][ T6216] ? UniStrupr+0x2e0/0x2e0 [ 100.897222][ T6216] ? dtSearch+0x1c48/0x2040 [ 100.901744][ T6216] jfs_symlink+0x6f7/0xe20 [ 100.906264][ T6216] ? jfs_unlink+0xa60/0xa60 [ 100.910785][ T6216] ? make_vfsuid+0x51/0xb0 [ 100.915223][ T6216] ? inode_permission+0xf3/0x480 [ 100.920183][ T6216] ? security_inode_symlink+0xb6/0x100 [ 100.925668][ T6216] vfs_symlink+0x138/0x2b0 [ 100.930099][ T6216] do_symlinkat+0x1b2/0x3f0 [ 100.934619][ T6216] ? vfs_symlink+0x2b0/0x2b0 [ 100.939219][ T6216] ? getname_flags+0x20a/0x500 [ 100.944001][ T6216] __x64_sys_symlink+0x7e/0x90 [ 100.948790][ T6216] do_syscall_64+0x55/0xb0 [ 100.953226][ T6216] ? clear_bhb_loop+0x40/0x90 [ 100.957920][ T6216] ? clear_bhb_loop+0x40/0x90 [ 100.962611][ T6216] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 100.968537][ T6216] RIP: 0033:0x7f2c5f98e929 [ 100.972972][ T6216] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 100.992632][ T6216] RSP: 002b:00007f2c6085e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000058 [ 101.001149][ T6216] RAX: ffffffffffffffda RBX: 00007f2c5fbb5fa0 RCX: 00007f2c5f98e929 [ 101.009137][ T6216] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000200000000080 [ 101.017123][ T6216] RBP: 00007f2c5fa10b39 R08: 0000000000000000 R09: 0000000000000000 [ 101.025109][ T6216] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 101.033094][ T6216] R13: 0000000000000000 R14: 00007f2c5fbb5fa0 R15: 00007ffc2b9b29a8 [ 101.041082][ T6216] [ 101.044111][ T6216] [ 101.046434][ T6216] Allocated by task 6216: [ 101.050759][ T6216] kasan_set_track+0x4e/0x70 [ 101.055357][ T6216] __kasan_slab_alloc+0x6c/0x80 [ 101.060218][ T6216] slab_post_alloc_hook+0x66/0x430 [ 101.065392][ T6216] kmem_cache_alloc_lru+0x115/0x290 [ 101.070605][ T6216] jfs_alloc_inode+0x28/0x60 [ 101.075206][ T6216] iget_locked+0x170/0x840 [ 101.079731][ T6216] jfs_iget+0x24/0x3c0 [ 101.083803][ T6216] jfs_lookup+0x1c6/0x380 [ 101.088136][ T6216] __lookup_slow+0x281/0x3b0 [ 101.092816][ T6216] lookup_slow+0x53/0x70 [ 101.097065][ T6216] walk_component+0x2be/0x3f0 [ 101.101882][ T6216] path_lookupat+0x169/0x440 [ 101.106477][ T6216] filename_lookup+0x1f4/0x510 [ 101.111454][ T6216] user_path_at_empty+0x42/0x60 [ 101.116318][ T6216] __se_sys_chdir+0x95/0x290 [ 101.120920][ T6216] do_syscall_64+0x55/0xb0 [ 101.125350][ T6216] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 101.131254][ T6216] [ 101.133624][ T6216] The buggy address belongs to the object at ffff8880719fb720 [ 101.133624][ T6216] which belongs to the cache jfs_ip of size 2224 [ 101.147345][ T6216] The buggy address is located 5 bytes to the right of [ 101.147345][ T6216] allocated 2224-byte region [ffff8880719fb720, ffff8880719fbfd0) [ 101.162019][ T6216] [ 101.164346][ T6216] The buggy address belongs to the physical page: [ 101.170779][ T6216] page:ffffea0001c67e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x719f8 [ 101.181060][ T6216] head:ffffea0001c67e00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 101.190007][ T6216] memcg:ffff88801b6f6501 [ 101.194274][ T6216] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 101.202299][ T6216] page_type: 0xffffffff() [ 101.206638][ T6216] raw: 00fff00000000840 ffff888141689dc0 dead000000000122 0000000000000000 [ 101.215318][ T6216] raw: 0000000000000000 00000000800d000d 00000001ffffffff ffff88801b6f6501 [ 101.223997][ T6216] page dumped because: kasan: bad access detected [ 101.230429][ T6216] page_owner tracks the page as allocated [ 101.236147][ T6216] page last allocated via order 3, migratetype Reclaimable, gfp_mask 0x1d2050(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 6216, tgid 6215 (syz.1.16), ts 100688275129, free_ts 99219066697 [ 101.259685][ T6216] post_alloc_hook+0x26b/0x290 [ 101.264464][ T6216] get_page_from_freelist+0x2a35/0x2b70 [ 101.270029][ T6216] __alloc_pages+0x1e3/0x430 [ 101.274721][ T6216] alloc_slab_page+0x5d/0x170 [ 101.279413][ T6216] new_slab+0x70/0x260 [ 101.283492][ T6216] ___slab_alloc+0xa3e/0xee0 [ 101.288104][ T6216] kmem_cache_alloc_lru+0x193/0x290 [ 101.293314][ T6216] jfs_alloc_inode+0x28/0x60 [ 101.297930][ T6216] new_inode_pseudo+0x63/0x1d0 [ 101.302706][ T6216] new_inode+0x22/0x1b0 [ 101.306872][ T6216] jfs_fill_super+0x396/0xac0 [ 101.311570][ T6216] mount_bdev+0x22b/0x2d0 [ 101.315907][ T6216] legacy_get_tree+0xea/0x180 [ 101.320685][ T6216] vfs_get_tree+0x8d/0x1d0 [ 101.325116][ T6216] do_new_mount+0x244/0x940 [ 101.329635][ T6216] __se_sys_mount+0x324/0x390 [ 101.334322][ T6216] page last free stack trace: [ 101.339005][ T6216] free_unref_page_prepare+0x7d5/0x8e0 [ 101.344479][ T6216] free_unref_page+0x32/0x290 [ 101.349430][ T6216] __slab_free+0x2d8/0x380 [ 101.354033][ T6216] qlist_free_all+0x75/0xe0 [ 101.358553][ T6216] kasan_quarantine_reduce+0x143/0x160 [ 101.364111][ T6216] __kasan_slab_alloc+0x22/0x80 [ 101.369055][ T6216] slab_post_alloc_hook+0x66/0x430 [ 101.374185][ T6216] kmem_cache_alloc+0x11e/0x2a0 [ 101.379063][ T6216] vm_area_dup+0x26/0x170 [ 101.383422][ T6216] __split_vma+0x140/0xbc0 [ 101.387851][ T6216] mprotect_fixup+0x9a9/0xb80 [ 101.392544][ T6216] do_mprotect_pkey+0x76e/0xc10 [ 101.397609][ T6216] __x64_sys_mprotect+0x80/0x90 [ 101.402487][ T6216] do_syscall_64+0x55/0xb0 [ 101.406915][ T6216] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 101.412825][ T6216] [ 101.415151][ T6216] Memory state around the buggy address: [ 101.420789][ T6216] ffff8880719fbe80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 101.428862][ T6216] ffff8880719fbf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 101.437028][ T6216] >ffff8880719fbf80: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc [ 101.445094][ T6216] ^ [ 101.451801][ T6216] ffff8880719fc000: fc fc fc fc fc fc fc fc fc fc fa fb fb fb fb fb [ 101.459913][ T6216] ffff8880719fc080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 101.467977][ T6216] ================================================================== [ 101.487270][ T6216] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 101.494698][ T6216] Kernel Offset: disabled [ 101.499018][ T6216] Rebooting in 86400 seconds..