Warning: Permanently added '10.128.1.240' (ED25519) to the list of known hosts. 1970/01/01 00:01:25 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:01:26 parsed 1 programs [ 88.828299][ T4461] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 97.138578][ T295] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.139759][ T295] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.141645][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 97.155971][ T396] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.157447][ T396] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.159426][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 97.743495][ T4500] chnl_net:caif_netlink_parms(): no params data found [ 97.785852][ T4500] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.787883][ T4500] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.789626][ T4500] device bridge_slave_0 entered promiscuous mode [ 97.792317][ T4500] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.793375][ T4500] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.794940][ T4500] device bridge_slave_1 entered promiscuous mode [ 97.809747][ T4500] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 97.812825][ T4500] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 97.830062][ T4500] team0: Port device team_slave_0 added [ 97.833728][ T4500] team0: Port device team_slave_1 added [ 97.844599][ T4500] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 97.845598][ T4500] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.849465][ T4500] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 97.852119][ T4500] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.853095][ T4500] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.856646][ T4500] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.930198][ T4500] device hsr_slave_0 entered promiscuous mode [ 97.967790][ T4500] device hsr_slave_1 entered promiscuous mode [ 98.760189][ T4500] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 98.798285][ T4500] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 98.841888][ T4500] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 98.879276][ T4500] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 98.961863][ T4500] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.970935][ T4500] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.972707][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 98.974162][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 98.980308][ T396] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 98.982018][ T396] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 98.983573][ T396] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.984539][ T396] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.985944][ T396] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 98.993206][ T396] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 98.994947][ T396] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 98.999603][ T396] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.000808][ T396] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.005680][ T396] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 99.012016][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 99.016774][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 99.018591][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 99.020568][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 99.024809][ T396] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 99.029580][ T396] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 99.035429][ T396] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 99.038441][ T396] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 99.043386][ T396] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 99.045044][ T396] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 99.050712][ T4500] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 99.129480][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 99.130724][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 99.137235][ T4500] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 99.151362][ T396] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 99.152987][ T396] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 99.164624][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 99.166371][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 99.169217][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 99.170815][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 99.175352][ T4500] device veth0_vlan entered promiscuous mode [ 99.181929][ T4500] device veth1_vlan entered promiscuous mode [ 99.198210][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 99.200009][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 99.201637][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 99.203116][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 99.209593][ T4500] device veth0_macvtap entered promiscuous mode [ 99.213206][ T4500] device veth1_macvtap entered promiscuous mode [ 99.223263][ T4500] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.224515][ T396] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 99.226291][ T396] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 99.227934][ T396] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 99.229700][ T396] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 99.234982][ T4500] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.238603][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 99.240343][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 99.245172][ T4500] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.246979][ T4500] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.248356][ T4500] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.249585][ T4500] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 1970/01/01 00:01:40 executed programs: 0 [ 100.410720][ T4673] chnl_net:caif_netlink_parms(): no params data found [ 100.449579][ T4673] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.450882][ T4673] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.452507][ T4673] device bridge_slave_0 entered promiscuous mode [ 100.455261][ T4673] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.457240][ T4673] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.459074][ T4673] device bridge_slave_1 entered promiscuous mode [ 100.472701][ T4673] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 100.476377][ T4673] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 100.490614][ T4673] team0: Port device team_slave_0 added [ 100.493222][ T4673] team0: Port device team_slave_1 added [ 100.508992][ T4673] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 100.510025][ T4673] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 100.513740][ T4673] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 100.521149][ T4673] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 100.522253][ T4673] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 100.525869][ T4673] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 100.598058][ T4673] device hsr_slave_0 entered promiscuous mode [ 100.646476][ T4673] device hsr_slave_1 entered promiscuous mode [ 100.686152][ T4673] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 100.687242][ T4673] Cannot create hsr debugfs directory [ 100.749969][ T4673] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.346130][ T4060] Bluetooth: hci0: command 0x0409 tx timeout [ 103.657040][ T4673] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 104.413510][ T4673] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 104.436532][ T4888] Bluetooth: hci0: command 0x041b tx timeout [ 104.455928][ T4673] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 104.641985][ T4673] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 104.688583][ T4673] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 104.738137][ T4673] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 104.778032][ T4673] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 104.860370][ T4673] 8021q: adding VLAN 0 to HW filter on device bond0 [ 104.868704][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 104.870292][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 104.874163][ T4673] 8021q: adding VLAN 0 to HW filter on device team0 [ 104.879268][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 104.880925][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 104.882521][ T148] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.883523][ T148] bridge0: port 1(bridge_slave_0) entered forwarding state [ 104.885041][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 104.889369][ T396] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 104.891112][ T396] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 104.892589][ T396] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.893738][ T396] bridge0: port 2(bridge_slave_1) entered forwarding state [ 104.899986][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 104.903857][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 104.908162][ T396] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 104.910617][ T396] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 104.912489][ T396] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 104.918330][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 104.920202][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 104.924147][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 104.925728][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 104.931699][ T396] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 104.933249][ T396] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 104.937386][ T4673] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 105.023591][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 105.024846][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 105.031111][ T4673] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 105.041990][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 105.043922][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 105.054803][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 105.059654][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 105.061448][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 105.063024][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 105.067432][ T4673] device veth0_vlan entered promiscuous mode [ 105.073458][ T4673] device veth1_vlan entered promiscuous mode [ 105.087077][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 105.088852][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 105.090489][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 105.092293][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 105.095609][ T4673] device veth0_macvtap entered promiscuous mode [ 105.100972][ T4673] device veth1_macvtap entered promiscuous mode [ 105.108819][ T4673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 105.110306][ T4673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 105.112697][ T4673] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 105.113887][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 105.115585][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 105.120862][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 105.122711][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 105.126679][ T4673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 105.128310][ T4673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 105.130549][ T4673] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 105.132428][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 105.134302][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 105.138333][ T4673] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.139720][ T4673] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.140964][ T4673] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.142273][ T4673] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.184825][ T148] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.186982][ T148] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.189931][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 105.233416][ T148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.234731][ T148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.237516][ T1875] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 105.319556][ T4901] loop0: detected capacity change from 0 to 8192 [ 105.327285][ T4901] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 105.328968][ T4901] REISERFS (device loop0): using ordered data mode [ 105.329831][ T4901] reiserfs: using flush barriers [ 105.331970][ T4901] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 105.335605][ T4901] REISERFS (device loop0): checking transaction log (loop0) [ 105.341014][ T4901] REISERFS (device loop0): Using r5 hash to sort names [ 105.343298][ T4901] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 105.350041][ T4901] ================================================================== [ 105.351309][ T4901] BUG: KASAN: out-of-bounds in leaf_paste_in_buffer+0x198/0xa0c [ 105.352465][ T4901] Read of size 18446744073709551365 at addr ffff0000e8496000 by task syz.0.16/4901 [ 105.353958][ T4901] [ 105.354376][ T4901] CPU: 1 PID: 4901 Comm: syz.0.16 Not tainted 5.15.189-syzkaller #0 [ 105.355582][ T4901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 105.357087][ T4901] Call trace: [ 105.357624][ T4901] dump_backtrace+0x0/0x43c [ 105.358355][ T4901] show_stack+0x2c/0x3c [ 105.358979][ T4901] __dump_stack+0x30/0x40 [ 105.359719][ T4901] dump_stack_lvl+0xf8/0x160 [ 105.360441][ T4901] print_address_description+0x78/0x30c [ 105.361264][ T4901] kasan_report+0xec/0x15c [ 105.361886][ T4901] kasan_check_range+0x270/0x2b0 [ 105.362646][ T4901] memmove+0x90/0xe8 [ 105.363272][ T4901] leaf_paste_in_buffer+0x198/0xa0c [ 105.364038][ T4901] balance_leaf+0x46f8/0xd2f4 [ 105.364763][ T4901] do_balance+0x260/0x778 [ 105.365428][ T4901] reiserfs_paste_into_item+0x5b4/0x6d0 [ 105.366425][ T4901] reiserfs_get_block+0x1458/0x34b0 [ 105.367426][ T4901] __block_write_begin_int+0x3e4/0x1588 [ 105.368318][ T4901] __block_write_begin+0x40/0x54 [ 105.369206][ T4901] reiserfs_write_begin+0x3c8/0x654 [ 105.369997][ T4901] generic_perform_write+0x204/0x480 [ 105.370905][ T4901] __generic_file_write_iter+0x23c/0x454 [ 105.371804][ T4901] generic_file_write_iter+0xb0/0x1b4 [ 105.372638][ T4901] vfs_write+0x7c8/0xa2c [ 105.373357][ T4901] __arm64_sys_pwrite64+0x170/0x200 [ 105.374163][ T4901] invoke_syscall+0x98/0x2b8 [ 105.374957][ T4901] el0_svc_common+0x138/0x258 [ 105.375722][ T4901] do_el0_svc+0x58/0x14c [ 105.376453][ T4901] el0_svc+0x78/0x1e0 [ 105.377135][ T4901] el0t_64_sync_handler+0xcc/0xe4 [ 105.378060][ T4901] el0t_64_sync+0x1a0/0x1a4 [ 105.378800][ T4901] [ 105.379191][ T4901] The buggy address belongs to the page: [ 105.380213][ T4901] page:000000001880a658 refcount:1 mapcount:1 mapping:0000000000000000 index:0xaaaad42fc pfn:0x128496 [ 105.382003][ T4901] memcg:ffff0000c08a4000 [ 105.382794][ T4901] anon flags: 0x5ffc00000080014(uptodate|lru|swapbacked|node=0|zone=2|lastcpupid=0x7ff) [ 105.384352][ T4901] raw: 05ffc00000080014 fffffc0003a125c8 fffffc0003a126c8 ffff0000d2196441 [ 105.385682][ T4901] raw: 0000000aaaad42fc 0000000000000000 0000000100000000 ffff0000c08a4000 [ 105.387256][ T4901] page dumped because: kasan: bad access detected [ 105.388279][ T4901] [ 105.388722][ T4901] Memory state around the buggy address: [ 105.389591][ T4901] ffff0000e8495f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 105.390912][ T4901] ffff0000e8495f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 105.392205][ T4901] >ffff0000e8496000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 105.393492][ T4901] ^ [ 105.394138][ T4901] ffff0000e8496080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 105.395482][ T4901] ffff0000e8496100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 105.396692][ T4901] ================================================================== [ 105.398121][ T4901] Disabling lock debugging due to kernel taint [ 105.401388][ T4901] REISERFS warning: reiserfs-5090 is_tree_node: node level 0 does not match to the expected one 1 [ 105.402993][ T4901] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 105.404464][ T4901] REISERFS (device loop0): Remounting filesystem read-only 1970/01/01 00:01:45 executed programs: 3 [ 105.575165][ T4904] loop0: detected capacity change from 0 to 8192 [ 105.623134][ T4904] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 105.624926][ T4904] REISERFS (device loop0): using ordered data mode [ 105.625894][ T4904] reiserfs: using flush barriers [ 105.632017][ T4904] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 105.634420][ T4904] REISERFS (device loop0): checking transaction log (loop0) [ 105.643529][ T4904] REISERFS (device loop0): Using r5 hash to sort names [ 105.644817][ T4904] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 105.649303][ T4496] Unable to handle kernel paging request at virtual address dfff800000000000 [ 105.650563][ T4496] Mem abort info: [ 105.651040][ T4496] ESR = 0x0000000096000006 [ 105.651652][ T4496] EC = 0x25: DABT (current EL), IL = 32 bits [ 105.652578][ T4496] SET = 0, FnV = 0 [ 105.653141][ T4496] EA = 0, S1PTW = 0 [ 105.653638][ T4496] FSC = 0x06: level 2 translation fault [ 105.654447][ T4673] ------------[ cut here ]------------ [ 105.654593][ T4496] Data abort info: [ 105.655438][ T4673] AppArmor WARN aa_cred_raw_label: ((!label)): [ 105.655675][ T4673] WARNING: CPU: 0 PID: 4673 at security/apparmor/include/cred.h:51 apparmor_task_kill+0x35c/0x450 [ 105.655891][ T4496] ISV = 0, ISS = 0x00000006 [ 105.656822][ T4673] Modules linked in: [ 105.656833][ T4673] CPU: 0 PID: 4673 Comm: syz-executor Tainted: G B 5.15.189-syzkaller #0 [ 105.656846][ T4673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 105.656853][ T4673] pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 105.656865][ T4673] pc : apparmor_task_kill+0x35c/0x450 [ 105.656872][ C1] Unable to handle kernel paging request at virtual address dfff800000000001 [ 105.656875][ T4673] lr : apparmor_task_kill+0x35c/0x450 [ 105.656880][ C1] Mem abort info: [ 105.656883][ C1] ESR = 0x0000000096000006 [ 105.656883][ T4673] sp : ffff80001f757aa0 [ 105.656888][ T4673] x29: ffff80001f757aa0 [ 105.656887][ C1] EC = 0x25: DABT (current EL), IL = 32 bits [ 105.656893][ T4673] x28: ffff0000cb45ba00 [ 105.656894][ C1] SET = 0, FnV = 0 [ 105.656899][ C1] EA = 0, S1PTW = 0 [ 105.656899][ T4673] x27: dfff800000000000 [ 105.656903][ C1] FSC = 0x06: level 2 translation fault [ 105.656906][ T4673] x26: 1fffe00019c5eb3e [ 105.656908][ C1] Data abort info: [ 105.656911][ C1] ISV = 0, ISS = 0x00000006 [ 105.656912][ T4673] x25: dfff800000000000 [ 105.656914][ C1] CM = 0, WnR = 0 [ 105.656917][ T4673] x24: ffff800013b5fdf8 [ 105.656919][ C1] [dfff800000000001] address between user and kernel address ranges [ 105.656922][ T4673] [ 105.656925][ T4673] x23: dfff800000000000 [ 105.656926][ C1] Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP [ 105.656930][ T4673] x22: ffff800013b5f000 [ 105.656935][ C1] Modules linked in: [ 105.656935][ T4673] x21: 0000000000000000 [ 105.656938][ C1] [ 105.656940][ T4673] [ 105.656943][ T4673] x20: ffff0000da7c0000 [ 105.656941][ C1] CPU: 1 PID: 4496 Comm: udevd Tainted: G B 5.15.189-syzkaller #0 [ 105.656947][ T4673] x19: 0000000000000009 x18: 0000000000000001 [ 105.656952][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 105.656957][ T4673] [ 105.656959][ T4673] x17: 0000000000000000 [ 105.656958][ C1] pstate: 004000c5 (nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 105.656963][ T4673] x16: ffff8000111bc798 x15: 0000000000000012 [ 105.656975][ T4673] x14: 0000000000ff0100 [ 105.656970][ C1] pc : rb_insert_color+0xac/0x500 [ 105.656979][ T4673] x13: ffffffffffffffff x12: 0000000000ff0100 [ 105.656982][ C1] lr : timerqueue_add+0x1c8/0x1fc [ 105.656989][ T4673] [ 105.656991][ T4673] x11: 0000000000000001 [ 105.656992][ C1] sp : ffff800008017b80 [ 105.656996][ T4673] x10: 0000000000000000 [ 105.656996][ C1] x29: ffff800008017b90 [ 105.657001][ T4673] x9 : 6586161666062900 [ 105.657001][ C1] x28: 1ffff00003ef8f0c [ 105.657006][ T4673] [ 105.657006][ C1] x27: dfff800000000000 [ 105.657009][ T4673] x8 : 6586161666062900 [ 105.657011][ C1] [ 105.657014][ T4673] x7 : 203a29296c656261 [ 105.657014][ C1] x26: ffff0001a10e9710 x25: 0000000000000000 [ 105.657019][ T4673] x6 : ffff8000082f6fc4 [ 105.657024][ C1] x24: 0000000000000008 [ 105.657026][ T4673] x5 : 0000000000000000 [ 105.657028][ C1] [ 105.657031][ C1] x23: 0000000000000008 [ 105.657031][ T4673] x4 : 0000000000000001 [ 105.657035][ C1] x22: ffff80001f7c7860 [ 105.657036][ T4673] x3 : ffff80000850433c [ 105.657040][ C1] x21: 0000000000000000 [ 105.657043][ T4673] x2 : 0000000000000001 [ 105.657045][ C1] [ 105.657047][ C1] x20: ffff0001a10ea020 [ 105.657047][ T4673] x1 : 0000000100000001 [ 105.657052][ C1] x19: ffff0001a10ea020 [ 105.657052][ T4673] x0 : 000000000000002d [ 105.657057][ C1] x18: 0000000000010002 [ 105.657060][ T4673] Call trace: [ 105.657062][ C1] [ 105.657064][ C1] x17: 0000000000010002 [ 105.657064][ T4673] apparmor_task_kill+0x35c/0x450 [ 105.657068][ C1] x16: ffff8000111bc798 x15: 0000989680000000 [ 105.657073][ T4673] security_task_kill+0x8c/0xcc [ 105.657079][ C1] x14: 0000000000000000 x13: f5f846065752d000 x12: 0000000000ff0100 [ 105.657084][ T4673] check_kill_permission+0x2ec/0x474 [ 105.657092][ C1] [ 105.657094][ C1] x11: 0000000000010002 [ 105.657095][ T4673] group_send_sig_info+0xe0/0x24c [ 105.657098][ C1] x10: 0000000000010002 x9 : ffff80000a919da8 [ 105.657104][ T4673] do_exit+0xb6c/0x1f58 [ 105.657109][ C1] x8 : 0000000000000001 x7 : 0000000000000000 [ 105.657114][ T4673] do_group_exit+0x100/0x268 [ 105.657117][ C1] x6 : ffff8000083849d0 [ 105.657124][ C1] x5 : 0000000000000000 [ 105.657123][ T4673] __wake_up_parent+0x0/0x60 [ 105.657128][ C1] x4 : 0000000000000008 x3 : 0000000000000000 [ 105.657132][ T4673] invoke_syscall+0x98/0x2b8 [ 105.657138][ C1] x2 : 0000000000000008 x1 : ffff0001a10e9710 [ 105.657143][ T4673] el0_svc_common+0x138/0x258 [ 105.657146][ C1] x0 : ffff0001a10ea020 [ 105.657153][ C1] Call trace: [ 105.657152][ T4673] do_el0_svc+0x58/0x14c [ 105.657157][ C1] rb_insert_color+0xac/0x500 [ 105.657161][ T4673] el0_svc+0x78/0x1e0 [ 105.657166][ C1] timerqueue_add+0x1c8/0x1fc [ 105.657172][ T4673] el0t_64_sync_handler+0xcc/0xe4 [ 105.657174][ C1] enqueue_hrtimer+0x1a4/0x41c [ 105.657189][ T4673] el0t_64_sync+0x1a0/0x1a4 [ 105.657191][ C1] __hrtimer_run_queues+0x52c/0xb6c [ 105.657199][ T4673] irq event stamp: 118538 [ 105.657200][ C1] hrtimer_interrupt+0x2bc/0xb5c [ 105.657203][ T4673] hardirqs last enabled at (118537): [] _raw_spin_unlock_irqrestore+0xa8/0x14c [ 105.657208][ C1] arch_timer_handler_virt+0x74/0x88 [ 105.657218][ T4673] hardirqs last disabled at (118538): [] __schedule+0x2ec/0x1c0c [ 105.657219][ C1] handle_percpu_devid_irq+0x29c/0x76c [ 105.657229][ C1] handle_domain_irq+0x144/0x1fc [ 105.657231][ T4673] softirqs last enabled at (118522): [] local_bh_enable+0x10/0x34 [ 105.657237][ C1] gic_handle_irq+0x78/0x1c8 [ 105.657244][ T4673] softirqs last disabled at (118520): [] local_bh_disable+0x10/0x34 [ 105.657245][ C1] call_on_irq_stack+0x24/0x30 [ 105.657254][ C1] do_interrupt_handler+0x6c/0x88 [ 105.657256][ T4673] ---[ end trace a51fa6dc50a092ad ]--- [ 105.657262][ C1] el1_interrupt+0x30/0x58 [ 105.657268][ T4673] Unable to handle kernel paging request at virtual address dfff800000000008 [ 105.657271][ C1] el1h_64_irq_handler+0x18/0x24 [ 105.657275][ T4673] Mem abort info: [ 105.657278][ T4673] ESR = 0x0000000096000006 [ 105.657280][ C1] el1h_64_irq+0x78/0x7c [ 105.657282][ T4673] EC = 0x25: DABT (current EL), IL = 32 bits [ 105.657288][ T4673] SET = 0, FnV = 0 [ 105.657288][ C1] console_trylock_spinning+0x1f4/0x268 [ 105.657293][ T4673] EA = 0, S1PTW = 0 [ 105.657297][ T4673] FSC = 0x06: level 2 translation fault [ 105.657302][ T4673] Data abort info: [ 105.657299][ C1] vprintk_emit+0x120/0x218 [ 105.657305][ T4673] ISV = 0, ISS = 0x00000006 [ 105.657308][ T4673] CM = 0, WnR = 0 [ 105.657308][ C1] vprintk_default+0x54/0x80 [ 105.657313][ T4673] [dfff800000000008] address between user and kernel address ranges [ 105.657317][ C1] vprintk+0x1e8/0x284 [ 105.657324][ C1] _printk+0xd0/0x118 [ 105.657333][ C1] data_abort_decode+0x48/0xb4 [ 105.657345][ C1] mem_abort_decode+0x128/0x12c [ 105.657353][ C1] die_kernel_fault+0x48/0x78 [ 105.657361][ C1] __do_kernel_fault+0x39c/0x404 [ 105.657370][ C1] do_bad_area+0x84/0x29c [ 105.657378][ C1] do_translation_fault+0xf8/0x130 [ 105.657387][ C1] do_mem_abort+0x6c/0x1ac [ 105.657395][ C1] el1_abort+0x3c/0x5c [ 105.657403][ C1] el1h_64_sync_handler+0x80/0xcc [ 105.657411][ C1] el1h_64_sync+0x78/0x7c [ 105.657418][ C1] unlink_anon_vmas+0x70/0x53c [ 105.657427][ C1] free_pgtables+0x14c/0x278 [ 105.657437][ C1] exit_mmap+0x2bc/0x4e0 [ 105.657444][ C1] __mmput+0xec/0x3b8 [ 105.657454][ C1] mmput+0x80/0xc8 [ 105.657462][ C1] exit_mm+0x4a0/0x684 [ 105.657470][ C1] do_exit+0x4ec/0x1f58 [ 105.657478][ C1] do_group_exit+0x100/0x268 [ 105.657485][ C1] get_signal+0x73c/0x1340 [ 105.657493][ C1] do_notify_resume+0x29c/0x3128 [ 105.657502][ C1] el0_da+0x10c/0x1fc [ 105.657510][ C1] el0t_64_sync_handler+0xd8/0xe4 [ 105.657519][ C1] el0t_64_sync+0x1a0/0x1a4 [ 105.657531][ C1] Code: f94002d5 370021f5 910022b7 d343fee8 (387b6908) [ 105.657537][ C1] ---[ end trace a51fa6dc50a092ae ]--- [ 105.998682][ C1] Kernel panic - not syncing: Oops: Fatal exception in interrupt [ 105.998693][ C1] SMP: stopping secondary CPUs [ 107.062960][ C1] SMP: failed to stop secondary CPUs 0-1 [ 107.062980][ C1] Kernel Offset: disabled [ 107.062983][ C1] CPU features: 0x8,000081c1,21302e40 [ 107.062989][ C1] Memory Limit: none [ 107.515548][ C1] Rebooting in 86400 seconds..