Warning: Permanently added '10.128.1.235' (ED25519) to the list of known hosts.
2025/10/01 12:33:03 parsed 1 programs
[   86.632535][ T4603] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k FS
[   88.374364][ T4623] chnl_net:caif_netlink_parms(): no params data found
[   88.427458][ T4623] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.435043][ T4623] bridge0: port 1(bridge_slave_0) entered disabled state
[   88.444090][ T4623] device bridge_slave_0 entered promiscuous mode
[   88.454563][ T4623] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.462101][ T4623] bridge0: port 2(bridge_slave_1) entered disabled state
[   88.471469][ T4623] device bridge_slave_1 entered promiscuous mode
[   88.497037][ T4623] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   88.508493][ T4623] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   88.540565][ T4623] team0: Port device team_slave_0 added
[   88.550015][ T4623] team0: Port device team_slave_1 added
[   88.576432][ T4623] batman_adv: batadv0: Adding interface: batadv_slave_0
[   88.583919][ T4623] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.612197][ T4623] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   88.626505][ T4623] batman_adv: batadv0: Adding interface: batadv_slave_1
[   88.633654][ T4623] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.662187][ T4623] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   88.701007][ T4623] device hsr_slave_0 entered promiscuous mode
[   88.708673][ T4623] device hsr_slave_1 entered promiscuous mode
[   89.274812][ T4623] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   89.286314][ T4623] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   89.297104][ T4623] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   89.306697][ T4623] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   89.470145][ T4623] 8021q: adding VLAN 0 to HW filter on device bond0
[   89.498673][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   89.507174][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   89.528824][ T4623] 8021q: adding VLAN 0 to HW filter on device team0
[   89.547781][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   89.557959][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   89.572834][ T1224] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.579959][ T1224] bridge0: port 1(bridge_slave_0) entered forwarding state
[   89.609333][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   89.617979][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   89.629478][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   89.638466][ T1224] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.645714][ T1224] bridge0: port 2(bridge_slave_1) entered forwarding state
[   89.655174][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   89.663918][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   89.694997][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   89.717945][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   89.727961][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   89.737197][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   89.755662][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   89.770205][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   89.782716][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   89.792338][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   89.801504][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   89.813199][ T4623] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   89.940465][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   89.949973][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   89.962286][ T4623] 8021q: adding VLAN 0 to HW filter on device batadv0
[   89.983709][  T150] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   89.992622][  T150] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   90.010638][  T150] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   90.019693][  T150] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   90.031281][ T4623] device veth0_vlan entered promiscuous mode
[   90.044240][  T150] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   90.052451][  T150] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   90.067085][ T4623] device veth1_vlan entered promiscuous mode
[   90.094196][  T150] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   90.103436][  T150] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   90.112569][  T150] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   90.122558][  T150] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   90.133664][ T4623] device veth0_macvtap entered promiscuous mode
[   90.149781][ T4623] device veth1_macvtap entered promiscuous mode
[   90.168244][ T4623] batman_adv: batadv0: Interface activated: batadv_slave_0
[   90.176287][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   90.184715][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   90.194589][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   90.204141][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   90.217636][ T4623] batman_adv: batadv0: Interface activated: batadv_slave_1
[   90.230992][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   90.240418][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   90.252136][ T4623] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   90.262124][ T4623] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   90.271460][ T4623] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   90.281942][ T4623] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   91.287543][    T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   91.305132][    T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   91.317347][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   91.336882][ T1224] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   91.345892][ T1224] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   91.355094][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   92.177169][ T3044] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/10/01 12:33:12 executed programs: 0
[   92.635029][ T4820] chnl_net:caif_netlink_parms(): no params data found
[   92.688990][ T4820] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.696754][ T4820] bridge0: port 1(bridge_slave_0) entered disabled state
[   92.704494][ T4820] device bridge_slave_0 entered promiscuous mode
[   92.714579][ T4820] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.721787][ T4820] bridge0: port 2(bridge_slave_1) entered disabled state
[   92.730297][ T4820] device bridge_slave_1 entered promiscuous mode
[   92.754348][ T4820] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   92.765882][ T4820] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   92.793412][ T4820] team0: Port device team_slave_0 added
[   92.801593][ T4820] team0: Port device team_slave_1 added
[   92.822842][ T4820] batman_adv: batadv0: Adding interface: batadv_slave_0
[   92.829941][ T4820] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   92.856467][ T4820] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   92.869193][ T4820] batman_adv: batadv0: Adding interface: batadv_slave_1
[   92.876653][ T4820] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   92.903545][ T4820] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   92.938316][ T4820] device hsr_slave_0 entered promiscuous mode
[   92.945451][ T4820] device hsr_slave_1 entered promiscuous mode
[   92.952064][ T4820] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   92.960055][ T4820] Cannot create hsr debugfs directory
[   94.575100][ T4267] Bluetooth: hci0: command 0x0409 tx timeout
[   95.358859][ T3044] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   95.408430][ T3044] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   95.479547][ T3044] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   96.357901][ T4820] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   96.366783][ T4820] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   96.377487][ T4820] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   96.386450][ T4820] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   96.433754][ T4820] 8021q: adding VLAN 0 to HW filter on device bond0
[   96.459835][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   96.468170][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   96.478361][ T4820] 8021q: adding VLAN 0 to HW filter on device team0
[   96.487691][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   96.496840][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   96.505474][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[   96.512557][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[   96.520357][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   96.548254][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   96.557104][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   96.566288][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[   96.573342][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[   96.582962][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   96.594369][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   96.607406][  T150] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   96.617318][  T150] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   96.627005][  T150] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   96.645044][   T23] Bluetooth: hci0: command 0x041b tx timeout
[   96.656418][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   96.666356][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   96.676890][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   96.685615][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   96.697009][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   96.706859][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   96.717042][ T4820] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   96.820076][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   96.827652][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   96.839391][ T4820] 8021q: adding VLAN 0 to HW filter on device batadv0
[   96.862071][  T150] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   96.871583][  T150] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   96.889260][  T150] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   96.898630][  T150] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   96.908845][ T4820] device veth0_vlan entered promiscuous mode
[   96.917010][  T150] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   96.924842][  T150] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   96.952386][ T4820] device veth1_vlan entered promiscuous mode
[   96.969925][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   96.978676][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   96.987508][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   96.996259][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   97.018971][ T3044] device hsr_slave_0 left promiscuous mode
[   97.025521][ T3044] device hsr_slave_1 left promiscuous mode
[   97.031745][ T3044] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   97.039397][ T3044] batman_adv: batadv0: Removing interface: batadv_slave_0
[   97.047484][ T3044] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   97.055416][ T3044] batman_adv: batadv0: Removing interface: batadv_slave_1
[   97.062922][ T3044] device bridge_slave_1 left promiscuous mode
[   97.069286][ T3044] bridge0: port 2(bridge_slave_1) entered disabled state
[   97.077569][ T3044] device bridge_slave_0 left promiscuous mode
[   97.083805][ T3044] bridge0: port 1(bridge_slave_0) entered disabled state
[   97.094653][ T3044] device veth1_macvtap left promiscuous mode
[   97.100917][ T3044] device veth0_macvtap left promiscuous mode
[   97.107058][ T3044] device veth1_vlan left promiscuous mode
[   97.112925][ T3044] device veth0_vlan left promiscuous mode
[   97.222268][ T3044] team0 (unregistering): Port device team_slave_1 removed
[   97.234598][ T3044] team0 (unregistering): Port device team_slave_0 removed
[   97.248816][ T3044] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   97.261606][ T3044] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   97.303906][ T3044] bond0 (unregistering): Released all slaves
[   97.358836][ T4820] device veth0_macvtap entered promiscuous mode
[   97.373699][ T4820] device veth1_macvtap entered promiscuous mode
[   97.387104][ T4820] batman_adv: batadv0: Interface activated: batadv_slave_0
[   97.394413][  T150] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   97.403326][  T150] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   97.411626][  T150] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   97.421262][  T150] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   97.432406][ T4820] batman_adv: batadv0: Interface activated: batadv_slave_1
[   97.440650][  T150] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   97.449522][  T150] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   97.460079][ T4820] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   97.469687][ T4820] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   97.478707][ T4820] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   97.487656][ T4820] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   97.543021][  T150] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.560442][  T150] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.566307][ T1224] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.569396][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   97.583491][ T1224] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/10/01 12:33:17 executed programs: 2
[   97.592432][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   97.654356][ T5094] loop0: detected capacity change from 0 to 2048
[   97.710462][ T5094] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[   98.020122][ T4820] UDF-fs: error (device loop0): udf_verify_fi: directory (ino 1376) has entry at pos 0 with incorrect tag 0
[   98.042930][ T4820] UDF-fs: error (device loop0): udf_verify_fi: directory (ino 1376) has entry at pos 0 with incorrect tag 0
[   98.061484][ T4820] ==================================================================
[   98.069946][ T4820] BUG: KASAN: use-after-free in crc_itu_t+0x1ad/0x280
[   98.076734][ T4820] Read of size 1 at addr ffff8880765f5000 by task syz-executor/4820
[   98.084730][ T4820] 
[   98.087254][ T4820] CPU: 1 PID: 4820 Comm: syz-executor Not tainted syzkaller #0
[   98.094901][ T4820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   98.104979][ T4820] Call Trace:
[   98.108279][ T4820]  <TASK>
[   98.111218][ T4820]  dump_stack_lvl+0x168/0x230
[   98.115914][ T4820]  ? show_regs_print_info+0x20/0x20
[   98.121137][ T4820]  ? load_image+0x3b0/0x3b0
[   98.125728][ T4820]  ? _raw_spin_lock_irqsave+0xb0/0xf0
[   98.131146][ T4820]  print_address_description+0x60/0x2d0
[   98.136698][ T4820]  ? crc_itu_t+0x1ad/0x280
[   98.141115][ T4820]  kasan_report+0xdf/0x130
[   98.145547][ T4820]  ? crc_itu_t+0x1ad/0x280
[   98.149982][ T4820]  crc_itu_t+0x1ad/0x280
[   98.154336][ T4820]  udf_sync_fs+0x194/0x350
[   98.158756][ T4820]  ? udf_put_super+0x160/0x160
[   98.163518][ T4820]  ? cpumask_next+0xb3/0xd0
[   98.168033][ T4820]  ? get_nr_dirty_inodes+0x248/0x2d0
[   98.173338][ T4820]  sync_filesystem+0xe6/0x220
[   98.178018][ T4820]  generic_shutdown_super+0x6b/0x300
[   98.183305][ T4820]  kill_block_super+0x7c/0xe0
[   98.187981][ T4820]  deactivate_locked_super+0x93/0xf0
[   98.193299][ T4820]  cleanup_mnt+0x418/0x4d0
[   98.197726][ T4820]  ? lockdep_hardirqs_on+0x94/0x140
[   98.202954][ T4820]  task_work_run+0x125/0x1a0
[   98.207579][ T4820]  do_exit+0x61e/0x20a0
[   98.211827][ T4820]  ? put_task_struct+0x80/0x80
[   98.216598][ T4820]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[   98.222670][ T4820]  ? lock_chain_count+0x20/0x20
[   98.227523][ T4820]  do_group_exit+0x12e/0x300
[   98.232113][ T4820]  __x64_sys_exit_group+0x3b/0x40
[   98.237131][ T4820]  do_syscall_64+0x4c/0xa0
[   98.241539][ T4820]  ? clear_bhb_loop+0x30/0x80
[   98.246206][ T4820]  ? clear_bhb_loop+0x30/0x80
[   98.250964][ T4820]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   98.256865][ T4820] RIP: 0033:0x7fa1073b9929
[   98.261357][ T4820] Code: Unable to access opcode bytes at RIP 0x7fa1073b98ff.
[   98.268718][ T4820] RSP: 002b:00007ffca206e8a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   98.277145][ T4820] RAX: ffffffffffffffda RBX: 00007fa10743b997 RCX: 00007fa1073b9929
[   98.285225][ T4820] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[   98.293192][ T4820] RBP: 0000000000000010 R08: 00007ffca206c646 R09: 00007ffca206fb60
[   98.301163][ T4820] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffca206fb60
[   98.309135][ T4820] R13: 00007fa10743b925 R14: 00005555598b44a8 R15: 00007ffca2070c30
[   98.317147][ T4820]  </TASK>
[   98.320172][ T4820] 
[   98.322484][ T4820] Allocated by task 4873:
[   98.326794][ T4820]  __kasan_slab_alloc+0x9c/0xd0
[   98.331816][ T4820]  slab_post_alloc_hook+0x4c/0x380
[   98.336919][ T4820]  kmem_cache_alloc+0x100/0x290
[   98.341757][ T4820]  vm_area_alloc+0x20/0xe0
[   98.346159][ T4820]  mmap_region+0xac7/0x1660
[   98.350661][ T4820]  do_mmap+0x81f/0xea0
[   98.354718][ T4820]  vm_mmap_pgoff+0x1b2/0x2b0
[   98.359419][ T4820]  load_elf_binary+0x1082/0x2890
[   98.364347][ T4820]  bprm_execve+0xa92/0x17d0
[   98.368859][ T4820]  do_execveat_common+0x51e/0x6d0
[   98.373969][ T4820]  __x64_sys_execve+0x8e/0xa0
[   98.378748][ T4820]  do_syscall_64+0x4c/0xa0
[   98.383168][ T4820]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   98.389057][ T4820] 
[   98.391373][ T4820] Freed by task 4873:
[   98.395338][ T4820]  kasan_set_track+0x4b/0x70
[   98.399948][ T4820]  kasan_set_free_info+0x1f/0x40
[   98.404876][ T4820]  ____kasan_slab_free+0xd5/0x110
[   98.409893][ T4820]  slab_free_freelist_hook+0xea/0x170
[   98.415259][ T4820]  kmem_cache_free+0x8f/0x210
[   98.419936][ T4820]  exit_mmap+0x4d8/0x5f0
[   98.424196][ T4820]  __mmput+0x115/0x3b0
[   98.428444][ T4820]  exit_mm+0x567/0x6c0
[   98.432517][ T4820]  do_exit+0x5a1/0x20a0
[   98.436793][ T4820]  do_group_exit+0x12e/0x300
[   98.441480][ T4820]  __x64_sys_exit_group+0x3b/0x40
[   98.446609][ T4820]  do_syscall_64+0x4c/0xa0
[   98.451209][ T4820]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   98.457112][ T4820] 
[   98.459428][ T4820] The buggy address belongs to the object at ffff8880765f5000
[   98.459428][ T4820]  which belongs to the cache vm_area_struct of size 200
[   98.473832][ T4820] The buggy address is located 0 bytes inside of
[   98.473832][ T4820]  200-byte region [ffff8880765f5000, ffff8880765f50c8)
[   98.486935][ T4820] The buggy address belongs to the page:
[   98.492577][ T4820] page:ffffea0001d97d40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x765f5
[   98.502910][ T4820] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[   98.510664][ T4820] raw: 00fff00000000200 dead000000000100 dead000000000122 ffff888140007a00
[   98.519261][ T4820] raw: 0000000000000000 00000000000f000f 00000001ffffffff 0000000000000000
[   98.528127][ T4820] page dumped because: kasan: bad access detected
[   98.534547][ T4820] page_owner tracks the page as allocated
[   98.540262][ T4820] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 3651, ts 19859735319, free_ts 12487938559
[   98.556325][ T4820]  get_page_from_freelist+0x1b77/0x1c60
[   98.561876][ T4820]  __alloc_pages+0x1e1/0x470
[   98.566461][ T4820]  new_slab+0xc0/0x4b0
[   98.570546][ T4820]  ___slab_alloc+0x81e/0xdf0
[   98.575127][ T4820]  kmem_cache_alloc+0x195/0x290
[   98.579965][ T4820]  vm_area_dup+0x1e/0xb0
[   98.584458][ T4820]  __split_vma+0xb1/0x410
[   98.588788][ T4820]  __do_munmap+0x3eb/0xdc0
[   98.593195][ T4820]  mmap_region+0x8bb/0x1660
[   98.597863][ T4820]  do_mmap+0x81f/0xea0
[   98.601927][ T4820]  vm_mmap_pgoff+0x1b2/0x2b0
[   98.606506][ T4820]  ksys_mmap_pgoff+0x542/0x780
[   98.611264][ T4820]  do_syscall_64+0x4c/0xa0
[   98.615676][ T4820]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   98.621565][ T4820] page last free stack trace:
[   98.626299][ T4820]  free_unref_page_prepare+0x637/0x6c0
[   98.631745][ T4820]  free_unref_page+0x94/0x280
[   98.636427][ T4820]  free_contig_range+0x96/0xf0
[   98.641261][ T4820]  destroy_args+0x100/0xa20
[   98.646093][ T4820]  debug_vm_pgtable+0x318/0x370
[   98.650923][ T4820]  do_one_initcall+0x1ee/0x680
[   98.655668][ T4820]  do_initcall_level+0x137/0x1f0
[   98.660591][ T4820]  do_initcalls+0x4b/0x90
[   98.664901][ T4820]  kernel_init_freeable+0x3ce/0x560
[   98.670088][ T4820]  kernel_init+0x19/0x1b0
[   98.674397][ T4820]  ret_from_fork+0x1f/0x30
[   98.678887][ T4820] 
[   98.681202][ T4820] Memory state around the buggy address:
[   98.686994][ T4820]  ffff8880765f4f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   98.695384][ T4820]  ffff8880765f4f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   98.703428][ T4820] >ffff8880765f5000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   98.711556][ T4820]                    ^
[   98.715706][ T4820]  ffff8880765f5080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc
[   98.723863][ T4820]  ffff8880765f5100: fc fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   98.732111][ T4820] ==================================================================
[   98.740235][ T4820] Disabling lock debugging due to kernel taint
[   98.748550][   T23] Bluetooth: hci0: command 0x040f tx timeout
[   98.749422][ T4820] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   98.761834][ T4820] CPU: 0 PID: 4820 Comm: syz-executor Tainted: G    B             syzkaller #0
[   98.770855][ T4820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   98.780919][ T4820] Call Trace:
[   98.784198][ T4820]  <TASK>
[   98.787132][ T4820]  dump_stack_lvl+0x168/0x230
[   98.791816][ T4820]  ? show_regs_print_info+0x20/0x20
[   98.797059][ T4820]  ? load_image+0x3b0/0x3b0
[   98.801664][ T4820]  panic+0x2c9/0x7f0
[   98.805627][ T4820]  ? bpf_jit_dump+0xd0/0xd0
[   98.810134][ T4820]  ? _raw_spin_unlock_irqrestore+0xf6/0x100
[   98.816015][ T4820]  ? _raw_spin_unlock+0x40/0x40
[   98.820845][ T4820]  ? crc_itu_t+0x1ad/0x280
[   98.825331][ T4820]  check_panic_on_warn+0x80/0xa0
[   98.830385][ T4820]  ? crc_itu_t+0x1ad/0x280
[   98.835282][ T4820]  end_report+0x6d/0xf0
[   98.839450][ T4820]  kasan_report+0x102/0x130
[   98.844024][ T4820]  ? crc_itu_t+0x1ad/0x280
[   98.848972][ T4820]  crc_itu_t+0x1ad/0x280
[   98.854510][ T4820]  udf_sync_fs+0x194/0x350
[   98.859150][ T4820]  ? udf_put_super+0x160/0x160
[   98.864021][ T4820]  ? cpumask_next+0xb3/0xd0
[   98.868542][ T4820]  ? get_nr_dirty_inodes+0x248/0x2d0
[   98.874114][ T4820]  sync_filesystem+0xe6/0x220
[   98.878799][ T4820]  generic_shutdown_super+0x6b/0x300
[   98.884073][ T4820]  kill_block_super+0x7c/0xe0
[   98.888744][ T4820]  deactivate_locked_super+0x93/0xf0
[   98.894179][ T4820]  cleanup_mnt+0x418/0x4d0
[   98.898606][ T4820]  ? lockdep_hardirqs_on+0x94/0x140
[   98.904029][ T4820]  task_work_run+0x125/0x1a0
[   98.909163][ T4820]  do_exit+0x61e/0x20a0
[   98.913496][ T4820]  ? put_task_struct+0x80/0x80
[   98.918535][ T4820]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[   98.924848][ T4820]  ? lock_chain_count+0x20/0x20
[   98.929741][ T4820]  do_group_exit+0x12e/0x300
[   98.934411][ T4820]  __x64_sys_exit_group+0x3b/0x40
[   98.939586][ T4820]  do_syscall_64+0x4c/0xa0
[   98.944003][ T4820]  ? clear_bhb_loop+0x30/0x80
[   98.948668][ T4820]  ? clear_bhb_loop+0x30/0x80
[   98.953498][ T4820]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   98.959391][ T4820] RIP: 0033:0x7fa1073b9929
[   98.963784][ T4820] Code: Unable to access opcode bytes at RIP 0x7fa1073b98ff.
[   98.971230][ T4820] RSP: 002b:00007ffca206e8a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   98.979624][ T4820] RAX: ffffffffffffffda RBX: 00007fa10743b997 RCX: 00007fa1073b9929
[   98.987587][ T4820] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[   98.995539][ T4820] RBP: 0000000000000010 R08: 00007ffca206c646 R09: 00007ffca206fb60
[   99.003488][ T4820] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffca206fb60
[   99.011524][ T4820] R13: 00007fa10743b925 R14: 00005555598b44a8 R15: 00007ffca2070c30
[   99.019819][ T4820]  </TASK>
[   99.023077][ T4820] Kernel Offset: disabled
[   99.027398][ T4820] Rebooting in 86400 seconds..