Warning: Permanently added '10.128.1.26' (ED25519) to the list of known hosts.
2026/03/02 10:10:12 parsed 1 programs
[ 126.571288][ T6105] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 130.124916][ T6126] chnl_net:caif_netlink_parms(): no params data found
[ 130.636238][ T6126] bridge0: port 1(bridge_slave_0) entered blocking state
[ 130.636376][ T6126] bridge0: port 1(bridge_slave_0) entered disabled state
[ 130.636504][ T6126] bridge_slave_0: entered allmulticast mode
[ 130.637925][ T6126] bridge_slave_0: entered promiscuous mode
[ 130.641600][ T6126] bridge0: port 2(bridge_slave_1) entered blocking state
[ 130.641720][ T6126] bridge0: port 2(bridge_slave_1) entered disabled state
[ 130.641819][ T6126] bridge_slave_1: entered allmulticast mode
[ 130.643152][ T6126] bridge_slave_1: entered promiscuous mode
[ 130.878938][ T6126] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 130.882602][ T6126] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 131.031070][ T6126] team0: Port device team_slave_0 added
[ 131.033960][ T6126] team0: Port device team_slave_1 added
[ 131.328364][ T6126] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 131.328380][ T6126] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 131.328401][ T6126] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 131.329662][ T6126] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 131.329681][ T6126] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 131.329701][ T6126] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 131.531475][ T6126] hsr_slave_0: entered promiscuous mode
[ 131.532189][ T6126] hsr_slave_1: entered promiscuous mode
[ 132.901316][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[ 132.901402][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[ 133.069316][ T6126] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 133.103239][ T6126] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 133.140129][ T6126] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 133.189890][ T6126] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 133.323728][ T6126] 8021q: adding VLAN 0 to HW filter on device bond0
[ 133.351131][ T6126] 8021q: adding VLAN 0 to HW filter on device team0
[ 133.370341][ T68] bridge0: port 1(bridge_slave_0) entered blocking state
[ 133.370541][ T68] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 133.401923][ T68] bridge0: port 2(bridge_slave_1) entered blocking state
[ 133.402130][ T68] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 133.730378][ T6126] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 133.808860][ T6126] veth0_vlan: entered promiscuous mode
[ 133.835099][ T6126] veth1_vlan: entered promiscuous mode
[ 133.872228][ T6126] veth0_macvtap: entered promiscuous mode
[ 133.885637][ T6126] veth1_macvtap: entered promiscuous mode
[ 133.912441][ T6126] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 133.930392][ T6126] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 133.956240][ T68] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 133.957124][ T68] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 133.963650][ T68] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 133.995459][ T68] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 134.823738][ T2834] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 135.148590][ T2834] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 135.400690][ T2834] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 135.471107][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 135.471127][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 135.680926][ T2834] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 135.759113][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 135.759133][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 136.963302][ T2834] bridge_slave_1: left allmulticast mode
[ 136.963331][ T2834] bridge_slave_1: left promiscuous mode
[ 136.963565][ T2834] bridge0: port 2(bridge_slave_1) entered disabled state
[ 137.037254][ T2834] bridge_slave_0: left allmulticast mode
[ 137.037282][ T2834] bridge_slave_0: left promiscuous mode
[ 137.037517][ T2834] bridge0: port 1(bridge_slave_0) entered disabled state
[ 137.836442][ T2834] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 137.926560][ T2834] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 137.978195][ T2834] bond0 (unregistering): Released all slaves
[ 138.365910][ T2834] hsr_slave_0: left promiscuous mode
[ 138.395982][ T2834] hsr_slave_1: left promiscuous mode
[ 138.396932][ T2834] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 138.396955][ T2834] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 138.449754][ T2834] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 138.449780][ T2834] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 138.537254][ T2834] veth1_macvtap: left promiscuous mode
[ 138.537353][ T2834] veth0_macvtap: left promiscuous mode
[ 138.537589][ T2834] veth1_vlan: left promiscuous mode
[ 138.537758][ T2834] veth0_vlan: left promiscuous mode
[ 139.056640][ T2834] team0 (unregistering): Port device team_slave_1 removed
[ 139.096342][ T2834] team0 (unregistering): Port device team_slave_0 removed
[ 140.167871][ T5853] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 140.170201][ T5853] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 140.170992][ T5853] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 140.172009][ T5853] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 140.173169][ T5853] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
2026/03/02 10:10:32 executed programs: 0
[ 143.392633][ T60] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 143.398724][ T60] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 143.399665][ T60] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 143.406031][ T60] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 143.409719][ T60] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 143.820365][ T6432] chnl_net:caif_netlink_parms(): no params data found
[ 144.206133][ T6432] bridge0: port 1(bridge_slave_0) entered blocking state
[ 144.206249][ T6432] bridge0: port 1(bridge_slave_0) entered disabled state
[ 144.206387][ T6432] bridge_slave_0: entered allmulticast mode
[ 144.207750][ T6432] bridge_slave_0: entered promiscuous mode
[ 144.211598][ T6432] bridge0: port 2(bridge_slave_1) entered blocking state
[ 144.211711][ T6432] bridge0: port 2(bridge_slave_1) entered disabled state
[ 144.211820][ T6432] bridge_slave_1: entered allmulticast mode
[ 144.213200][ T6432] bridge_slave_1: entered promiscuous mode
[ 144.478452][ T6432] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 144.518898][ T6432] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 144.689816][ T6432] team0: Port device team_slave_0 added
[ 144.692520][ T6432] team0: Port device team_slave_1 added
[ 144.838972][ T6432] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 144.838988][ T6432] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 144.839011][ T6432] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 144.841337][ T6432] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 144.841352][ T6432] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 144.841376][ T6432] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 145.141550][ T6432] hsr_slave_0: entered promiscuous mode
[ 145.142289][ T6432] hsr_slave_1: entered promiscuous mode
[ 145.535831][ T60] Bluetooth: hci0: command tx timeout
[ 147.011764][ T6432] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 147.052030][ T6432] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 147.090073][ T6432] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 147.131367][ T6432] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 147.297240][ T6432] 8021q: adding VLAN 0 to HW filter on device bond0
[ 147.321478][ T6432] 8021q: adding VLAN 0 to HW filter on device team0
[ 147.344855][ T2834] bridge0: port 1(bridge_slave_0) entered blocking state
[ 147.345053][ T2834] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 147.352939][ T2834] bridge0: port 2(bridge_slave_1) entered blocking state
[ 147.353062][ T2834] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 147.619787][ T60] Bluetooth: hci0: command tx timeout
[ 147.687475][ T6432] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 147.754545][ T6432] veth0_vlan: entered promiscuous mode
[ 147.773107][ T6432] veth1_vlan: entered promiscuous mode
[ 147.813310][ T6432] veth0_macvtap: entered promiscuous mode
[ 147.841265][ T6432] veth1_macvtap: entered promiscuous mode
[ 147.858335][ T6432] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 147.891105][ T6432] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 147.904758][ T49] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 147.905002][ T49] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 147.905206][ T49] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 147.905242][ T49] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 148.113224][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 148.113245][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 148.173780][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 148.173800][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 148.644909][ T6527] loop0: detected capacity change from 0 to 32768
[ 148.801898][ T6527] MetaData crosses page boundary!!
[ 148.801911][ T6527] lblock = 8bffffffff, size = -683147264
[ 148.801948][ T6527] CPU: 0 UID: 0 PID: 6527 Comm: syz.0.16 Not tainted syzkaller #0 PREEMPT_{RT,(full)}
[ 148.801968][ T6527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 148.801987][ T6527] Call Trace:
[ 148.801998][ T6527]
[ 148.802006][ T6527] dump_stack_lvl+0xe8/0x150
[ 148.802048][ T6527] __get_metapage+0x9ed/0xde0
2026/03/02 10:10:38 executed programs: 3
[ 148.802077][ T6527] dtReadFirst+0xd5/0x930
[ 148.802107][ T6527] jfs_readdir+0x776/0x3c10
[ 148.802128][ T6527] ? check_path+0x21/0x40
[ 148.802160][ T6527] ? __lock_acquire+0x6b5/0x2cf0
[ 148.802192][ T6527] ? __pfx_jfs_readdir+0x10/0x10
[ 148.802230][ T6527] ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 148.802258][ T6527] ? lockdep_hardirqs_on+0x7a/0x110
[ 148.802294][ T6527] ? rwbase_write_lock+0x568/0x730
[ 148.802330][ T6527] ? __pfx_jfs_readdir+0x10/0x10
[ 148.802351][ T6527] wrap_directory_iterator+0x99/0xe0
[ 148.802385][ T6527] iterate_dir+0x3a5/0x580
[ 148.802420][ T6527] __se_sys_getdents64+0xf1/0x280
[ 148.802441][ T6527] ? __pfx___se_sys_getdents64+0x10/0x10
[ 148.802459][ T6527] ? __pfx_filldir64+0x10/0x10
[ 148.802479][ T6527] ? rcu_is_watching+0x15/0xb0
[ 148.802512][ T6527] do_syscall_64+0x14d/0xf80
[ 148.802538][ T6527] ? trace_irq_disable+0x3b/0x150
[ 148.802560][ T6527] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 148.802580][ T6527] ? clear_bhb_loop+0x40/0x90
[ 148.802603][ T6527] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 148.802622][ T6527] RIP: 0033:0x7f630945a079
[ 148.802645][ T6527] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 148.802661][ T6527] RSP: 002b:00007f63086be028 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 148.802688][ T6527] RAX: ffffffffffffffda RBX: 00007f6309685fa0 RCX: 00007f630945a079
[ 148.802702][ T6527] RDX: 00000000000000a2 RSI: 00002000000002c0 RDI: 0000000000000005
[ 148.802714][ T6527] RBP: 00007f63094eca4c R08: 0000000000000000 R09: 0000000000000000
[ 148.802726][ T6527] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 148.802737][ T6527] R13: 0000000000000000 R14: 00007f6309685fa0 R15: 00007ffe20509528
[ 148.802767][ T6527]
[ 148.802774][ T6527] bread failed!
[ 149.617269][ T6544] loop0: detected capacity change from 0 to 32768
[ 149.667598][ T6544] MetaData crosses page boundary!!
[ 149.667611][ T6544] lblock = 8bffffffff, size = -683147264
[ 149.667629][ T6544] CPU: 0 UID: 0 PID: 6544 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT_{RT,(full)}
[ 149.667650][ T6544] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 149.667662][ T6544] Call Trace:
[ 149.667670][ T6544]
[ 149.667677][ T6544] dump_stack_lvl+0xe8/0x150
[ 149.667712][ T6544] __get_metapage+0x9ed/0xde0
[ 149.667744][ T6544] dtReadFirst+0xd5/0x930
[ 149.667775][ T6544] jfs_readdir+0x776/0x3c10
[ 149.667808][ T6544] ? __lock_acquire+0x6b5/0x2cf0
[ 149.667833][ T6544] ? register_lock_class+0x31/0x2e0
[ 149.667867][ T6544] ? __lock_acquire+0x6b5/0x2cf0
[ 149.667885][ T6544] ? __pfx_jfs_readdir+0x10/0x10
[ 149.667923][ T6544] ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 149.667951][ T6544] ? lockdep_hardirqs_on+0x7a/0x110
[ 149.667980][ T6544] ? rwbase_write_lock+0x568/0x730
[ 149.668016][ T6544] ? __pfx_jfs_readdir+0x10/0x10
[ 149.668037][ T6544] wrap_directory_iterator+0x99/0xe0
[ 149.668071][ T6544] iterate_dir+0x3a5/0x580
[ 149.668107][ T6544] __se_sys_getdents64+0xf1/0x280
[ 149.668129][ T6544] ? __pfx___se_sys_getdents64+0x10/0x10
[ 149.668147][ T6544] ? __pfx_filldir64+0x10/0x10
[ 149.668167][ T6544] ? rcu_is_watching+0x15/0xb0
[ 149.668210][ T6544] do_syscall_64+0x14d/0xf80
[ 149.668234][ T6544] ? trace_irq_disable+0x3b/0x150
[ 149.668257][ T6544] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 149.668277][ T6544] ? clear_bhb_loop+0x40/0x90
[ 149.668302][ T6544] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 149.668320][ T6544] RIP: 0033:0x7f630945a079
[ 149.668338][ T6544] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 149.668354][ T6544] RSP: 002b:00007f63086be028 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 149.668374][ T6544] RAX: ffffffffffffffda RBX: 00007f6309685fa0 RCX: 00007f630945a079
[ 149.668388][ T6544] RDX: 00000000000000a2 RSI: 00002000000002c0 RDI: 0000000000000005
[ 149.668400][ T6544] RBP: 00007f63094eca4c R08: 0000000000000000 R09: 0000000000000000
[ 149.668412][ T6544] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 149.668423][ T6544] R13: 0000000000000000 R14: 00007f6309685fa0 R15: 00007ffe20509528
[ 149.668454][ T6544]
[ 149.668461][ T6544] bread failed!
[ 149.696019][ T60] Bluetooth: hci0: command tx timeout
[ 150.491037][ T6560] loop0: detected capacity change from 0 to 32768
[ 150.514343][ T6560] =========================================================[ 150.514343][ T6560] ==================================================================
[ 150.514358][ T6560] BUG: KASAN: slab-use-after-free in dtReadFirst+0x502/0x930
[ 150.514384][ T6560] Read of size 4 at addr ffff888044a00720 by task syz.0.18/6560
[ 150.514400][ T6560]
[ 150.514411][ T6560] CPU: 0 UID: 0 PID: 6560 Comm: syz.0.18 Not tainted syzkaller #0 PREEMPT_{RT,(full)}
[ 150.514431][ T6560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 150.514443][ T6560] Call Trace:
[ 150.514450][ T6560]
[ 150.514458][ T6560] dump_stack_lvl+0xe8/0x150
[ 150.514487][ T6560] print_report+0xba/0x230
[ 150.514512][ T6560] ? dtReadFirst+0x502/0x930
[ 150.514547][ T6560] kasan_report+0x117/0x150
[ 150.514578][ T6560] ? dtReadFirst+0x502/0x930
[ 150.514599][ T6560] dtReadFirst+0x502/0x930
[ 150.514622][ T6560] jfs_readdir+0x776/0x3c10
[ 150.514646][ T6560] ? __lock_acquire+0x6b5/0x2cf0
[ 150.514666][ T6560] ? register_lock_class+0x31/0x2e0
[ 150.514696][ T6560] ? __lock_acquire+0x6b5/0x2cf0
[ 150.514713][ T6560] ? __pfx_jfs_readdir+0x10/0x10
[ 150.514739][ T6560] ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 150.514766][ T6560] ? lockdep_hardirqs_on+0x7a/0x110
[ 150.514793][ T6560] ? rwbase_write_lock+0x568/0x730
[ 150.514824][ T6560] ? __pfx_jfs_readdir+0x10/0x10
[ 150.514843][ T6560] wrap_directory_iterator+0x99/0xe0
[ 150.514874][ T6560] iterate_dir+0x3a5/0x580
[ 150.514905][ T6560] __se_sys_getdents64+0xf1/0x280
[ 150.514924][ T6560] ? __pfx___se_sys_getdents64+0x10/0x10
[ 150.514941][ T6560] ? __pfx_filldir64+0x10/0x10
[ 150.514959][ T6560] ? rcu_is_watching+0x15/0xb0
[ 150.514984][ T6560] do_syscall_64+0x14d/0xf80
[ 150.515009][ T6560] ? trace_irq_disable+0x3b/0x150
[ 150.515031][ T6560] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 150.515056][ T6560] ? clear_bhb_loop+0x40/0x90
[ 150.515078][ T6560] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 150.515097][ T6560] RIP: 0033:0x7f630945a079
[ 150.515113][ T6560] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 150.515129][ T6560] RSP: 002b:00007f63086be028 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 150.515150][ T6560] RAX: ffffffffffffffda RBX: 00007f6309685fa0 RCX: 00007f630945a079
[ 150.515164][ T6560] RDX: 00000000000000a2 RSI: 00002000000002c0 RDI: 0000000000000005
[ 150.515176][ T6560] RBP: 00007f63094eca4c R08: 0000000000000000 R09: 0000000000000000
[ 150.515189][ T6560] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 150.515200][ T6560] R13: 0000000000000000 R14: 00007f6309685fa0 R15: 00007ffe20509528
[ 150.515220][ T6560]
[ 150.515227][ T6560]
[ 150.515231][ T6560] Allocated by task 6432:
[ 150.515240][ T6560] kasan_save_track+0x3e/0x80
[ 150.515263][ T6560] __kasan_slab_alloc+0x6c/0x80
[ 150.515285][ T6560] kmem_cache_alloc_lru_noprof+0x33c/0x680
[ 150.515311][ T6560] sock_alloc_inode+0x28/0xc0
[ 150.515328][ T6560] alloc_inode+0x6a/0x1b0
[ 150.515344][ T6560] __sock_create+0x12d/0x9d0
[ 150.515361][ T6560] __sys_socket+0xd6/0x1b0
[ 150.515378][ T6560] __x64_sys_socket+0x7a/0x90
[ 150.515395][ T6560] do_syscall_64+0x14d/0xf80
[ 150.515418][ T6560] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 150.515435][ T6560]
[ 150.515439][ T6560] Freed by task 20:
[ 150.515447][ T6560] kasan_save_track+0x3e/0x80
[ 150.515470][ T6560] kasan_save_free_info+0x46/0x50
[ 150.515487][ T6560] __kasan_slab_free+0x5c/0x80
[ 150.515510][ T6560] kmem_cache_free+0x185/0x6b0
[ 150.515536][ T6560] rcu_cpu_kthread+0x99e/0x1470
[ 150.515550][ T6560] smpboot_thread_fn+0x541/0xa50
[ 150.515576][ T6560] kthread+0x388/0x470
[ 150.515592][ T6560] ret_from_fork+0x51e/0xb90
[ 150.515616][ T6560] ret_from_fork_asm+0x1a/0x30
[ 150.515631][ T6560]
[ 150.515635][ T6560] Last potentially related work creation:
[ 150.515649][ T6560] kasan_save_stack+0x3e/0x60
[ 150.515668][ T6560] kasan_record_aux_stack+0xbd/0xd0
[ 150.515684][ T6560] call_rcu+0xee/0x890
[ 150.515699][ T6560] evict+0x95b/0xb10
[ 150.515720][ T6560] __dentry_kill+0x1a2/0x5e0
[ 150.515732][ T6560] finish_dput+0xc9/0x480
[ 150.515751][ T6560] __fput+0x6a3/0xa90
[ 150.515770][ T6560] fput_close_sync+0x11f/0x240
[ 150.515788][ T6560] __x64_sys_close+0x7e/0x110
[ 150.515809][ T6560] do_syscall_64+0x14d/0xf80
[ 150.515832][ T6560] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 150.515849][ T6560]
[ 150.515853][ T6560] The buggy address belongs to the object at ffff888044a00680
[ 150.515853][ T6560] which belongs to the cache sock_inode_cache of size 1536
[ 150.515869][ T6560] The buggy address is located 160 bytes inside of
[ 150.515869][ T6560] freed 1536-byte region [ffff888044a00680, ffff888044a00c80)
[ 150.515888][ T6560]
[ 150.515893][ T6560] The buggy address belongs to the physical page:
[ 150.515912][ T6560] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888044a05480 pfn:0x44a00
[ 150.515930][ T6560] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 150.515944][ T6560] memcg:ffff888044a07b81
[ 150.515952][ T6560] flags: 0x80000000000240(workingset|head|node=0|zone=1)
[ 150.515973][ T6560] page_type: f5(slab)
[ 150.515991][ T6560] raw: 0080000000000240 ffff88801eaa4000 ffffea0001642610 ffffea0000fbea10
[ 150.516006][ T6560] raw: ffff888044a05480 000000080013000c 00000000f5000000 ffff888044a07b81
[ 150.516023][ T6560] head: 0080000000000240 ffff88801eaa4000 ffffea0001642610 ffffea0000fbea10
[ 150.516039][ T6560] head: ffff888044a05480 000000080013000c 00000000f5000000 ffff888044a07b81
[ 150.516062][ T6560] head: 0080000000000003 ffffea0001128001 00000000ffffffff 00000000ffffffff
[ 150.516077][ T6560] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008
[ 150.516087][ T6560] page dumped because: kasan: bad access detected
[ 150.516100][ T6560] page_owner tracks the page as allocated
[ 150.516107][ T6560] page last allocated via order 3, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5858, tgid 5858 (syz-executor), ts 85959231867, free_ts 0
[ 150.516140][ T6560] post_alloc_hook+0x231/0x280
[ 150.516166][ T6560] get_page_from_freelist+0x28bb/0x2950
[ 150.516184][ T6560] __alloc_frozen_pages_noprof+0x18d/0x380
[ 150.516201][ T6560] allocate_slab+0x77/0x660
[ 150.516220][ T6560] refill_objects+0x334/0x3c0
[ 150.516237][ T6560] __pcs_replace_empty_main+0x328/0x5f0
[ 150.516258][ T6560] kmem_cache_alloc_lru_noprof+0x433/0x680
[ 150.516283][ T6560] sock_alloc_inode+0x28/0xc0
[ 150.516299][ T6560] alloc_inode+0x6a/0x1b0
[ 150.516316][ T6560] sock_create_lite+0x8b/0x510
[ 150.516332][ T6560] __netlink_kernel_create+0xc8/0x720
[ 150.516348][ T6560] crypto_netlink_init+0xba/0x140
[ 150.516369][ T6560] ops_init+0x35c/0x5c0
[ 150.516389][ T6560] setup_net+0x118/0x340
[ 150.516406][ T6560] copy_net_ns+0x50e/0x730
[ 150.516423][ T6560] create_new_namespaces+0x3e7/0x6a0
[ 150.516446][ T6560] page_owner free stack trace missing
[ 150.516452][ T6560]
[ 150.516457][ T6560] Memory state around the buggy address:
[ 150.516466][ T6560] ffff888044a00600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 150.516479][ T6560] ffff888044a00680: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 150.516492][ T6560] >ffff888044a00700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 150.516501][ T6560] ^
[ 150.516511][ T6560] ffff888044a00780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 150.516523][ T6560] ffff888044a00800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 150.516533][ T6560] ==================================================================
[ 150.523494][ T6560] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 150.523514][ T6560] CPU: 0 UID: 0 PID: 6560 Comm: syz.0.18 Not tainted syzkaller #0 PREEMPT_{RT,(full)}
[ 150.523536][ T6560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 150.523548][ T6560] Call Trace:
[ 150.523555][ T6560]
[ 150.523562][ T6560] vpanic+0x56c/0xa60
[ 150.523596][ T6560] ? __pfx_vpanic+0x10/0x10
[ 150.523648][ T6560] panic+0xc5/0xd0
[ 150.523673][ T6560] ? __pfx_panic+0x10/0x10
[ 150.523700][ T6560] ? preempt_schedule_thunk+0x16/0x30
[ 150.523724][ T6560] ? preempt_schedule_thunk+0x16/0x30
[ 150.523758][ T6560] ? dtReadFirst+0x502/0x930
[ 150.523776][ T6560] check_panic_on_warn+0x89/0xb0
[ 150.523798][ T6560] ? dtReadFirst+0x502/0x930
[ 150.523815][ T6560] end_report+0x73/0x180
[ 150.523847][ T6560] ? dtReadFirst+0x502/0x930
[ 150.523866][ T6560] kasan_report+0x128/0x150
[ 150.523895][ T6560] ? dtReadFirst+0x502/0x930
[ 150.523915][ T6560] dtReadFirst+0x502/0x930
[ 150.523937][ T6560] jfs_readdir+0x776/0x3c10
[ 150.523960][ T6560] ? __lock_acquire+0x6b5/0x2cf0
[ 150.523980][ T6560] ? register_lock_class+0x31/0x2e0
[ 150.524010][ T6560] ? __lock_acquire+0x6b5/0x2cf0
[ 150.524025][ T6560] ? __pfx_jfs_readdir+0x10/0x10
[ 150.524058][ T6560] ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 150.524084][ T6560] ? lockdep_hardirqs_on+0x7a/0x110
[ 150.524110][ T6560] ? rwbase_write_lock+0x568/0x730
[ 150.524140][ T6560] ? __pfx_jfs_readdir+0x10/0x10
[ 150.524157][ T6560] wrap_directory_iterator+0x99/0xe0
[ 150.524187][ T6560] iterate_dir+0x3a5/0x580
[ 150.524217][ T6560] __se_sys_getdents64+0xf1/0x280
[ 150.524236][ T6560] ? __pfx___se_sys_getdents64+0x10/0x10
[ 150.524252][ T6560] ? __pfx_filldir64+0x10/0x10
[ 150.524269][ T6560] ? rcu_is_watching+0x15/0xb0
[ 150.524294][ T6560] do_syscall_64+0x14d/0xf80
[ 150.524318][ T6560] ? trace_irq_disable+0x3b/0x150
[ 150.524339][ T6560] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 150.524357][ T6560] ? clear_bhb_loop+0x40/0x90
[ 150.524378][ T6560] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 150.524395][ T6560] RIP: 0033:0x7f630945a079
[ 150.524412][ T6560] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 150.524427][ T6560] RSP: 002b:00007f63086be028 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 150.524446][ T6560] RAX: ffffffffffffffda RBX: 00007f6309685fa0 RCX: 00007f630945a079
[ 150.524460][ T6560] RDX: 00000000000000a2 RSI: 00002000000002c0 RDI: 0000000000000005
[ 150.524472][ T6560] RBP: 00007f63094eca4c R08: 0000000000000000 R09: 0000000000000000
[ 150.524483][ T6560] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 150.524495][ T6560] R13: 0000000000000000 R14: 00007f6309685fa0 R15: 00007ffe20509528
[ 150.524515][ T6560]
[ 150.524896][ T6560] Kernel Offset: disabled