Warning: Permanently added '10.128.1.220' (ED25519) to the list of known hosts.
2025/12/26 18:44:52 parsed 1 programs
Setting up swapspace version 1, size = 127995904 bytes
[ 105.273772][ T4657] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS
[ 106.888218][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.907567][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 106.932942][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 106.957946][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.967770][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 106.977357][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 107.130034][ T4670] chnl_net:caif_netlink_parms(): no params data found
[ 107.175217][ T4670] bridge0: port 1(bridge_slave_0) entered blocking state
[ 107.182858][ T4670] bridge0: port 1(bridge_slave_0) entered disabled state
[ 107.190997][ T4670] device bridge_slave_0 entered promiscuous mode
[ 107.201423][ T4670] bridge0: port 2(bridge_slave_1) entered blocking state
[ 107.208916][ T4670] bridge0: port 2(bridge_slave_1) entered disabled state
[ 107.217884][ T4670] device bridge_slave_1 entered promiscuous mode
[ 107.238930][ T4670] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 107.255433][ T4670] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 107.278556][ T4670] team0: Port device team_slave_0 added
[ 107.289538][ T4670] team0: Port device team_slave_1 added
[ 107.308916][ T4670] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 107.316688][ T4670] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 107.344827][ T4670] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 107.358448][ T4670] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 107.365868][ T4670] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 107.393559][ T4670] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 107.437407][ T4670] device hsr_slave_0 entered promiscuous mode
[ 107.444821][ T4670] device hsr_slave_1 entered promiscuous mode
[ 108.155356][ T4670] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 108.194194][ T4670] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 108.214182][ T4670] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 108.240826][ T4670] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 108.407061][ T4670] 8021q: adding VLAN 0 to HW filter on device bond0
[ 108.438443][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 108.448734][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 108.465073][ T4670] 8021q: adding VLAN 0 to HW filter on device team0
[ 108.479257][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 108.490155][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 108.499522][ T154] bridge0: port 1(bridge_slave_0) entered blocking state
[ 108.507106][ T154] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 108.525406][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 108.535095][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 108.545235][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 108.555885][ T154] bridge0: port 2(bridge_slave_1) entered blocking state
[ 108.563709][ T154] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 108.579078][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 108.603017][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 108.622888][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 108.643327][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 108.662006][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 108.682222][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 108.709676][ T4670] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 108.733417][ T4670] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 108.748528][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 108.758207][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 108.767420][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 108.778935][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 108.788590][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 108.803248][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 108.967075][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 108.981386][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 109.007076][ T4670] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 109.046532][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 109.057890][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 109.103069][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 109.114095][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 109.126031][ T4670] device veth0_vlan entered promiscuous mode
[ 109.135203][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 109.144218][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 109.162546][ T4670] device veth1_vlan entered promiscuous mode
[ 109.189788][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 109.202176][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 109.210579][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 109.222514][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 109.236600][ T4670] device veth0_macvtap entered promiscuous mode
[ 109.258203][ T4670] device veth1_macvtap entered promiscuous mode
[ 109.285033][ T4670] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 109.294512][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 109.303221][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 109.311993][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 109.326851][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 109.340203][ T4670] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 109.350903][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 109.360463][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 109.374248][ T4670] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 109.385746][ T4670] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 109.397465][ T4670] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 109.409297][ T4670] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 112.350601][ T4360] ODEBUG: Out of memory. ODEBUG disabled
[ 112.457796][ T4360] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 114.348268][ T4360] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 114.408687][ T4360] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 114.479579][ T4360] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/12/26 18:45:05 executed programs: 0
[ 115.597790][ T5045] chnl_net:caif_netlink_parms(): no params data found
[ 115.690426][ T5045] bridge0: port 1(bridge_slave_0) entered blocking state
[ 115.698095][ T5045] bridge0: port 1(bridge_slave_0) entered disabled state
[ 115.709124][ T5045] device bridge_slave_0 entered promiscuous mode
[ 115.747631][ T5045] bridge0: port 2(bridge_slave_1) entered blocking state
[ 115.755316][ T5045] bridge0: port 2(bridge_slave_1) entered disabled state
[ 115.764947][ T5045] device bridge_slave_1 entered promiscuous mode
[ 115.806658][ T5045] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 115.818918][ T5045] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 115.873371][ T5045] team0: Port device team_slave_0 added
[ 115.882092][ T5045] team0: Port device team_slave_1 added
[ 115.939647][ T5045] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 115.948447][ T5045] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 115.976771][ T5045] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 115.994612][ T5045] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 116.004459][ T5045] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 116.032410][ T5045] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 116.109278][ T5045] device hsr_slave_0 entered promiscuous mode
[ 116.118852][ T5045] device hsr_slave_1 entered promiscuous mode
[ 116.125962][ T5045] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 116.134432][ T5045] Cannot create hsr debugfs directory
[ 116.286539][ T4360] device hsr_slave_0 left promiscuous mode
[ 116.293193][ T4360] device hsr_slave_1 left promiscuous mode
[ 116.300071][ T4360] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 116.308427][ T4360] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 116.317594][ T4360] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 116.326960][ T4360] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 116.335593][ T4360] device bridge_slave_1 left promiscuous mode
[ 116.345623][ T4360] bridge0: port 2(bridge_slave_1) entered disabled state
[ 116.355474][ T4360] device bridge_slave_0 left promiscuous mode
[ 116.364499][ T4360] bridge0: port 1(bridge_slave_0) entered disabled state
[ 116.378345][ T4360] device veth1_macvtap left promiscuous mode
[ 116.387049][ T4360] device veth0_macvtap left promiscuous mode
[ 116.393557][ T4360] device veth1_vlan left promiscuous mode
[ 116.399745][ T4360] device veth0_vlan left promiscuous mode
[ 116.547576][ T4360] team0 (unregistering): Port device team_slave_1 removed
[ 116.568240][ T4360] team0 (unregistering): Port device team_slave_0 removed
[ 116.580147][ T4360] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 116.594253][ T4360] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 116.642980][ T4360] bond0 (unregistering): Released all slaves
[ 117.007662][ T5045] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 117.017476][ T5045] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 117.027555][ T5045] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 117.050691][ T5045] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 117.162342][ T5045] 8021q: adding VLAN 0 to HW filter on device bond0
[ 117.187014][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 117.200077][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 117.219371][ T5045] 8021q: adding VLAN 0 to HW filter on device team0
[ 117.236365][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 117.263140][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 117.279194][ T144] bridge0: port 1(bridge_slave_0) entered blocking state
[ 117.286437][ T144] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 117.296880][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 117.307937][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 117.322153][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 117.352709][ T144] bridge0: port 2(bridge_slave_1) entered blocking state
[ 117.360012][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 117.378508][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 117.406474][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 117.425150][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 117.453328][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 117.471688][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 117.492650][ T681] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 117.501306][ T4329] Bluetooth: hci0: command 0x0409 tx timeout
[ 117.504473][ T681] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 117.532102][ T681] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 117.552017][ T681] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 117.571723][ T681] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 117.601497][ T681] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 117.615096][ T5045] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 117.743258][ T681] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 117.752446][ T681] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 117.765692][ T5045] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 117.788762][ T681] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 117.799179][ T681] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 117.822221][ T681] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 117.832481][ T681] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 117.847287][ T5045] device veth0_vlan entered promiscuous mode
[ 117.855006][ T681] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 117.864089][ T681] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 117.877838][ T5045] device veth1_vlan entered promiscuous mode
[ 117.900162][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 117.910144][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 117.919010][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 117.929889][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 117.941967][ T5045] device veth0_macvtap entered promiscuous mode
[ 117.954521][ T5045] device veth1_macvtap entered promiscuous mode
[ 117.972027][ T5045] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 117.979391][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 117.988649][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 117.997730][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 118.008293][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 118.022340][ T5045] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 118.030218][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 118.040198][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 118.053576][ T5045] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 118.064567][ T5045] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 118.074735][ T5045] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 118.084056][ T5045] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 118.163175][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 118.181214][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 118.193521][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 118.204309][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 118.213280][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 118.223997][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 118.309531][ T5130] loop0: detected capacity change from 0 to 2048
[ 118.385036][ T5130] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found!
[ 118.415408][ T5130] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 118.789877][ T5045] UDF-fs: error (device loop0): udf_verify_fi: directory (ino 1376) has entry at pos 0 with incorrect tag 0
[ 118.804427][ T5045] UDF-fs: error (device loop0): udf_verify_fi: directory (ino 1376) has entry at pos 0 with incorrect tag 0
[ 118.825316][ T5045] ==================================================================
[ 118.834780][ T5045] BUG: KASAN: use-after-free in crc_itu_t+0x1ad/0x280
[ 118.842041][ T5045] Read of size 1 at addr ffff8880734d5000 by task syz-executor/5045
[ 118.850207][ T5045]
[ 118.852680][ T5045] CPU: 0 PID: 5045 Comm: syz-executor Not tainted syzkaller #0
[ 118.860471][ T5045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 118.871826][ T5045] Call Trace:
[ 118.875240][ T5045]
[ 118.878322][ T5045] dump_stack_lvl+0x168/0x230
[ 118.883262][ T5045] ? show_regs_print_info+0x20/0x20
[ 118.888604][ T5045] ? load_image+0x3b0/0x3b0
[ 118.893373][ T5045] ? _raw_spin_lock_irqsave+0xb0/0xf0
[ 118.899071][ T5045] print_address_description+0x60/0x2d0
[ 118.905377][ T5045] ? crc_itu_t+0x1ad/0x280
[ 118.909935][ T5045] kasan_report+0xdf/0x130
[ 118.914455][ T5045] ? crc_itu_t+0x1ad/0x280
[ 118.918896][ T5045] crc_itu_t+0x1ad/0x280
[ 118.923272][ T5045] udf_sync_fs+0x194/0x350
[ 118.927915][ T5045] ? udf_put_super+0x160/0x160
[ 118.933240][ T5045] ? cpumask_next+0xb3/0xd0
[ 118.937943][ T5045] ? get_nr_dirty_inodes+0x248/0x2d0
[ 118.943418][ T5045] sync_filesystem+0xe6/0x220
[ 118.948429][ T5045] generic_shutdown_super+0x6b/0x300
[ 118.954848][ T5045] kill_block_super+0x7c/0xe0
[ 118.960002][ T5045] deactivate_locked_super+0x93/0xf0
[ 118.965781][ T5045] cleanup_mnt+0x418/0x4d0
[ 118.970551][ T5045] ? lockdep_hardirqs_on+0x94/0x140
[ 118.975963][ T5045] task_work_run+0x125/0x1a0
[ 118.980675][ T5045] do_exit+0x61e/0x20a0
[ 118.984929][ T5045] ? put_task_struct+0x80/0x80
[ 118.989728][ T5045] ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[ 118.996302][ T5045] ? lock_chain_count+0x20/0x20
[ 119.001605][ T5045] do_group_exit+0x12e/0x300
[ 119.006313][ T5045] __x64_sys_exit_group+0x3b/0x40
[ 119.011608][ T5045] do_syscall_64+0x4c/0xa0
[ 119.016349][ T5045] ? clear_bhb_loop+0x30/0x80
[ 119.021224][ T5045] ? clear_bhb_loop+0x30/0x80
[ 119.025925][ T5045] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 119.032144][ T5045] RIP: 0033:0x7f0ddebe9749
[ 119.036946][ T5045] Code: Unable to access opcode bytes at RIP 0x7f0ddebe971f.
[ 119.044618][ T5045] RSP: 002b:00007ffce53230f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 119.053560][ T5045] RAX: ffffffffffffffda RBX: 00007f0ddec6ddef RCX: 00007f0ddebe9749
[ 119.062454][ T5045] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[ 119.071382][ T5045] RBP: 0000000000000010 R08: 00007ffce5320e96 R09: 00007ffce53243b0
[ 119.080416][ T5045] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffce53243b0
[ 119.088905][ T5045] R13: 00007f0ddec6dd7d R14: 0000555592c314a8 R15: 00007ffce5325480
[ 119.097420][ T5045]
[ 119.100627][ T5045]
[ 119.103117][ T5045] Allocated by task 4822:
[ 119.107532][ T5045] __kasan_slab_alloc+0x9c/0xd0
[ 119.112794][ T5045] slab_post_alloc_hook+0x4c/0x380
[ 119.118119][ T5045] kmem_cache_alloc+0x100/0x290
[ 119.123590][ T5045] anon_vma_fork+0x1f6/0x500
[ 119.128633][ T5045] copy_mm+0x9e3/0x1380
[ 119.133080][ T5045] copy_process+0x17c6/0x3e00
[ 119.137966][ T5045] kernel_clone+0x219/0x930
[ 119.142655][ T5045] __x64_sys_clone+0x170/0x1c0
[ 119.148098][ T5045] do_syscall_64+0x4c/0xa0
[ 119.153170][ T5045] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 119.159104][ T5045]
[ 119.161577][ T5045] Freed by task 4824:
[ 119.165920][ T5045] kasan_set_track+0x4b/0x70
[ 119.170710][ T5045] kasan_set_free_info+0x1f/0x40
[ 119.176112][ T5045] ____kasan_slab_free+0xd5/0x110
[ 119.181335][ T5045] slab_free_freelist_hook+0xea/0x170
[ 119.186823][ T5045] kmem_cache_free+0x8f/0x210
[ 119.191684][ T5045] unlink_anon_vmas+0x611/0x660
[ 119.196737][ T5045] free_pgtables+0x177/0x2a0
[ 119.201443][ T5045] exit_mmap+0x39e/0x5f0
[ 119.205790][ T5045] __mmput+0x115/0x3b0
[ 119.210124][ T5045] exec_mmap+0x4d1/0x5c0
[ 119.214747][ T5045] begin_new_exec+0x7e8/0x1160
[ 119.219605][ T5045] load_elf_binary+0x98e/0x2890
[ 119.224684][ T5045] bprm_execve+0xa92/0x17d0
[ 119.229266][ T5045] do_execveat_common+0x51e/0x6d0
[ 119.234376][ T5045] __x64_sys_execve+0x8e/0xa0
[ 119.239345][ T5045] do_syscall_64+0x4c/0xa0
[ 119.244044][ T5045] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 119.250312][ T5045]
[ 119.252647][ T5045] The buggy address belongs to the object at ffff8880734d5000
[ 119.252647][ T5045] which belongs to the cache anon_vma_chain of size 80
[ 119.266870][ T5045] The buggy address is located 0 bytes inside of
[ 119.266870][ T5045] 80-byte region [ffff8880734d5000, ffff8880734d5050)
[ 119.280362][ T5045] The buggy address belongs to the page:
[ 119.286189][ T5045] page:ffffea0001cd3540 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x734d5
[ 119.296610][ T5045] memcg:ffff888028819801
[ 119.301281][ T5045] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 119.309107][ T5045] raw: 00fff00000000200 ffffea0001e72880 0000001400000014 ffff888140007140
[ 119.318100][ T5045] raw: 0000000000000000 0000000000240024 00000001ffffffff ffff888028819801
[ 119.327325][ T5045] page dumped because: kasan: bad access detected
[ 119.334175][ T5045] page_owner tracks the page as allocated
[ 119.340483][ T5045] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 4441, ts 85817941400, free_ts 85814886177
[ 119.357656][ T5045] get_page_from_freelist+0x1b77/0x1c60
[ 119.363445][ T5045] __alloc_pages+0x1e1/0x470
[ 119.368240][ T5045] new_slab+0xc0/0x4b0
[ 119.373064][ T5045] ___slab_alloc+0x81e/0xdf0
[ 119.377862][ T5045] kmem_cache_alloc+0x195/0x290
[ 119.382906][ T5045] anon_vma_fork+0x1f6/0x500
[ 119.387707][ T5045] copy_mm+0x9e3/0x1380
[ 119.392401][ T5045] copy_process+0x17c6/0x3e00
[ 119.397380][ T5045] kernel_clone+0x219/0x930
[ 119.402457][ T5045] __x64_sys_clone+0x170/0x1c0
[ 119.407904][ T5045] do_syscall_64+0x4c/0xa0
[ 119.412765][ T5045] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 119.418998][ T5045] page last free stack trace:
[ 119.424210][ T5045] free_unref_page_prepare+0x637/0x6c0
[ 119.430296][ T5045] free_unref_page_list+0x122/0x7e0
[ 119.435527][ T5045] release_pages+0x184b/0x1bb0
[ 119.440299][ T5045] tlb_finish_mmu+0x164/0x2e0
[ 119.445230][ T5045] exit_mmap+0x3a6/0x5f0
[ 119.449642][ T5045] __mmput+0x115/0x3b0
[ 119.454182][ T5045] exit_mm+0x567/0x6c0
[ 119.458735][ T5045] do_exit+0x5a1/0x20a0
[ 119.463200][ T5045] do_group_exit+0x12e/0x300
[ 119.468005][ T5045] __x64_sys_exit_group+0x3b/0x40
[ 119.473070][ T5045] do_syscall_64+0x4c/0xa0
[ 119.477743][ T5045] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 119.483828][ T5045]
[ 119.486174][ T5045] Memory state around the buggy address:
[ 119.491981][ T5045] ffff8880734d4f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 119.500165][ T5045] ffff8880734d4f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 119.508658][ T5045] >ffff8880734d5000: fa fb fb fb fb fb fb fb fb fb fc fc fc fc fa fb
[ 119.516804][ T5045] ^
[ 119.521129][ T5045] ffff8880734d5080: fb fb fb fb fb fb fb fb fc fc fc fc fa fb fb fb
[ 119.529567][ T5045] ffff8880734d5100: fb fb fb fb fb fb fc fc fc fc fa fb fb fb fb fb
[ 119.537742][ T5045] ==================================================================
[ 119.545891][ T5045] Disabling lock debugging due to kernel taint
[ 119.560788][ T5045] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 119.569604][ T5045] CPU: 1 PID: 5045 Comm: syz-executor Tainted: G B syzkaller #0
[ 119.579192][ T5045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 119.581965][ T7] Bluetooth: hci0: command 0x041b tx timeout
[ 119.589599][ T5045] Call Trace:
[ 119.589614][ T5045]
[ 119.602674][ T5045] dump_stack_lvl+0x168/0x230
[ 119.607895][ T5045] ? show_regs_print_info+0x20/0x20
[ 119.613506][ T5045] ? load_image+0x3b0/0x3b0
[ 119.618895][ T5045] panic+0x2c9/0x7f0
[ 119.623803][ T5045] ? bpf_jit_dump+0xd0/0xd0
[ 119.630087][ T5045] ? _raw_spin_unlock_irqrestore+0xf6/0x100
[ 119.636394][ T5045] ? _raw_spin_unlock+0x40/0x40
[ 119.641415][ T5045] ? crc_itu_t+0x1ad/0x280
[ 119.646004][ T5045] check_panic_on_warn+0x80/0xa0
[ 119.652013][ T5045] ? crc_itu_t+0x1ad/0x280
[ 119.656694][ T5045] end_report+0x6d/0xf0
[ 119.661246][ T5045] kasan_report+0x102/0x130
[ 119.665974][ T5045] ? crc_itu_t+0x1ad/0x280
[ 119.670664][ T5045] crc_itu_t+0x1ad/0x280
[ 119.675038][ T5045] udf_sync_fs+0x194/0x350
[ 119.679554][ T5045] ? udf_put_super+0x160/0x160
[ 119.684423][ T5045] ? cpumask_next+0xb3/0xd0
[ 119.689025][ T5045] ? get_nr_dirty_inodes+0x248/0x2d0
[ 119.694576][ T5045] sync_filesystem+0xe6/0x220
[ 119.699255][ T5045] generic_shutdown_super+0x6b/0x300
[ 119.704745][ T5045] kill_block_super+0x7c/0xe0
[ 119.709521][ T5045] deactivate_locked_super+0x93/0xf0
[ 119.714992][ T5045] cleanup_mnt+0x418/0x4d0
[ 119.719664][ T5045] ? lockdep_hardirqs_on+0x94/0x140
[ 119.724959][ T5045] task_work_run+0x125/0x1a0
[ 119.729667][ T5045] do_exit+0x61e/0x20a0
[ 119.734038][ T5045] ? put_task_struct+0x80/0x80
[ 119.739118][ T5045] ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[ 119.745332][ T5045] ? lock_chain_count+0x20/0x20
[ 119.750412][ T5045] do_group_exit+0x12e/0x300
[ 119.755026][ T5045] __x64_sys_exit_group+0x3b/0x40
[ 119.760051][ T5045] do_syscall_64+0x4c/0xa0
[ 119.764465][ T5045] ? clear_bhb_loop+0x30/0x80
[ 119.769182][ T5045] ? clear_bhb_loop+0x30/0x80
[ 119.774091][ T5045] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 119.780348][ T5045] RIP: 0033:0x7f0ddebe9749
[ 119.784768][ T5045] Code: Unable to access opcode bytes at RIP 0x7f0ddebe971f.
[ 119.792354][ T5045] RSP: 002b:00007ffce53230f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 119.801057][ T5045] RAX: ffffffffffffffda RBX: 00007f0ddec6ddef RCX: 00007f0ddebe9749
[ 119.809208][ T5045] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[ 119.817622][ T5045] RBP: 0000000000000010 R08: 00007ffce5320e96 R09: 00007ffce53243b0
[ 119.825995][ T5045] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffce53243b0
[ 119.834245][ T5045] R13: 00007f0ddec6dd7d R14: 0000555592c314a8 R15: 00007ffce5325480
[ 119.842827][ T5045]
[ 119.846709][ T5045] Kernel Offset: disabled
[ 119.851224][ T5045] Rebooting in 86400 seconds..