Warning: Permanently added '10.128.0.93' (ED25519) to the list of known hosts.
2026/01/29 12:39:00 parsed 1 programs
Setting up swapspace version 1, size = 127995904 bytes
[   90.903676][ T4604] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k FS
[   92.520830][ T4619] chnl_net:caif_netlink_parms(): no params data found
[   92.553734][ T4619] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.561191][ T4619] bridge0: port 1(bridge_slave_0) entered disabled state
[   92.569004][ T4619] device bridge_slave_0 entered promiscuous mode
[   92.577247][ T4619] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.584399][ T4619] bridge0: port 2(bridge_slave_1) entered disabled state
[   92.592213][ T4619] device bridge_slave_1 entered promiscuous mode
[   92.611395][ T4619] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   92.622268][ T4619] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   92.643861][ T4619] team0: Port device team_slave_0 added
[   92.651258][ T4619] team0: Port device team_slave_1 added
[   92.665448][ T4619] batman_adv: batadv0: Adding interface: batadv_slave_0
[   92.672412][ T4619] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   92.699454][ T4619] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   92.715935][ T4619] batman_adv: batadv0: Adding interface: batadv_slave_1
[   92.722896][ T4619] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   92.749251][ T4619] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   92.773525][ T4619] device hsr_slave_0 entered promiscuous mode
[   92.780974][ T4619] device hsr_slave_1 entered promiscuous mode
[   93.370346][ T4619] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   93.389267][ T4619] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   93.413362][ T4619] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   93.429132][ T4619] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   93.510763][ T4619] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.517916][ T4619] bridge0: port 2(bridge_slave_1) entered forwarding state
[   93.525485][ T4619] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.532587][ T4619] bridge0: port 1(bridge_slave_0) entered forwarding state
[   93.544328][ T1277] bridge0: port 1(bridge_slave_0) entered disabled state
[   93.556090][ T1277] bridge0: port 2(bridge_slave_1) entered disabled state
[   93.666735][ T4619] 8021q: adding VLAN 0 to HW filter on device bond0
[   93.697619][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   93.706013][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   93.728664][ T4619] 8021q: adding VLAN 0 to HW filter on device team0
[   93.746011][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   93.767316][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   93.777402][  T144] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.784594][  T144] bridge0: port 1(bridge_slave_0) entered forwarding state
[   93.806014][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   93.814982][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   93.836427][ T1277] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.843710][ T1277] bridge0: port 2(bridge_slave_1) entered forwarding state
[   93.864289][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   93.888854][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   93.921017][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   93.948429][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   93.957676][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   93.979178][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   93.996568][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   94.023677][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   94.047616][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   94.061099][ T4619] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   94.079807][ T4619] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   94.089539][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   94.117437][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   94.386495][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   94.394242][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   94.421607][ T4619] 8021q: adding VLAN 0 to HW filter on device batadv0
[   94.468080][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   94.477735][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   94.517675][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   94.528314][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   94.549320][ T4619] device veth0_vlan entered promiscuous mode
[   94.568435][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   94.576854][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   94.601982][ T4619] device veth1_vlan entered promiscuous mode
[   94.645074][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   94.653852][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   94.687772][ T4619] device veth0_macvtap entered promiscuous mode
[   94.698446][ T4619] device veth1_macvtap entered promiscuous mode
[   94.740186][ T4619] batman_adv: batadv0: Interface activated: batadv_slave_0
[   94.748957][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   94.760582][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   94.774662][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   94.783685][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   94.797105][ T4619] batman_adv: batadv0: Interface activated: batadv_slave_1
[   94.804468][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   94.825876][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   94.839342][ T4619] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   94.855165][ T4619] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   94.865080][ T4619] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   94.883887][ T4619] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   95.330013][  T155] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   97.183559][  T155] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   97.244951][ T1277] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.265250][ T1277] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.274144][  T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.274883][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   97.284709][  T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.302461][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
2026/01/29 12:39:09 executed programs: 0
[   98.319079][ T4885] chnl_net:caif_netlink_parms(): no params data found
[   98.380373][ T4885] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.387610][ T4885] bridge0: port 1(bridge_slave_0) entered disabled state
[   98.395838][ T4885] device bridge_slave_0 entered promiscuous mode
[   98.404441][ T4885] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.412058][ T4885] bridge0: port 2(bridge_slave_1) entered disabled state
[   98.420484][ T4885] device bridge_slave_1 entered promiscuous mode
[   98.453530][ T4885] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   98.470406][ T4885] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   98.506314][ T4885] team0: Port device team_slave_0 added
[   98.514758][ T4885] team0: Port device team_slave_1 added
[   98.543158][ T4885] batman_adv: batadv0: Adding interface: batadv_slave_0
[   98.550711][ T4885] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   98.577315][ T4885] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   98.592695][ T4885] batman_adv: batadv0: Adding interface: batadv_slave_1
[   98.600076][ T4885] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   98.626097][ T4885] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   98.669683][ T4885] device hsr_slave_0 entered promiscuous mode
[   98.679864][ T4885] device hsr_slave_1 entered promiscuous mode
[   98.687290][ T4885] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   98.695025][ T4885] Cannot create hsr debugfs directory
[   98.832654][  T155] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   98.903851][  T155] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   99.610190][  T155] device hsr_slave_0 left promiscuous mode
[   99.616955][  T155] device hsr_slave_1 left promiscuous mode
[   99.623499][  T155] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   99.631661][  T155] batman_adv: batadv0: Removing interface: batadv_slave_0
[   99.640082][  T155] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   99.647859][  T155] batman_adv: batadv0: Removing interface: batadv_slave_1
[   99.668123][  T155] device bridge_slave_1 left promiscuous mode
[   99.678774][  T155] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.691335][  T155] device bridge_slave_0 left promiscuous mode
[   99.698581][  T155] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.715936][  T155] device veth1_macvtap left promiscuous mode
[   99.722026][  T155] device veth0_macvtap left promiscuous mode
[   99.731802][  T155] device veth1_vlan left promiscuous mode
[   99.738125][  T155] device veth0_vlan left promiscuous mode
[   99.981698][  T155] team0 (unregistering): Port device team_slave_1 removed
[   99.997541][  T155] team0 (unregistering): Port device team_slave_0 removed
[  100.018030][  T155] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  100.036864][  T155] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  100.129337][  T155] bond0 (unregistering): Released all slaves
[  100.220455][ T4885] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  100.233438][ T4885] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  100.240490][ T2361] Bluetooth: hci0: command 0x0409 tx timeout
[  100.253495][ T4885] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  100.272797][ T4885] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  100.378889][ T4885] 8021q: adding VLAN 0 to HW filter on device bond0
[  100.392741][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  100.401047][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  100.414733][ T4885] 8021q: adding VLAN 0 to HW filter on device team0
[  100.447944][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  100.457023][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  100.468675][  T144] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.476173][  T144] bridge0: port 1(bridge_slave_0) entered forwarding state
[  100.487817][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  100.500467][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  100.510320][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  100.522905][ T1277] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.530083][ T1277] bridge0: port 2(bridge_slave_1) entered forwarding state
[  100.553453][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  100.568131][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  100.584607][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  100.596036][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  100.633341][ T4885] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  100.645003][ T4885] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  100.657347][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  100.666283][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  100.676727][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  100.685498][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  100.705523][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  100.718387][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  100.732533][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  100.744266][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  100.967207][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  100.974845][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  100.988769][ T4885] 8021q: adding VLAN 0 to HW filter on device batadv0
[  101.011864][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  101.023923][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  101.048685][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  101.059773][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  101.071636][ T4885] device veth0_vlan entered promiscuous mode
[  101.080951][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  101.089613][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  101.102594][ T4885] device veth1_vlan entered promiscuous mode
[  101.132253][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  101.143383][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  101.152545][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  101.162636][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  101.174044][ T4885] device veth0_macvtap entered promiscuous mode
[  101.196508][ T4885] device veth1_macvtap entered promiscuous mode
[  101.227327][ T4885] batman_adv: batadv0: Interface activated: batadv_slave_0
[  101.234733][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  101.243196][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  101.256875][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  101.272473][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  101.288083][ T4885] batman_adv: batadv0: Interface activated: batadv_slave_1
[  101.299252][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  101.309359][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  101.322758][ T4885] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  101.332710][ T4885] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  101.343429][ T4885] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  101.353519][ T4885] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  101.437424][    T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.451340][    T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.471183][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  101.501222][  T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.510609][  T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.524606][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  101.938802][ T5052] loop0: detected capacity change from 0 to 32768
[  101.954022][ T5052] =======================================================
[  101.954022][ T5052] WARNING: The mand mount option has been deprecated and
[  101.954022][ T5052]          and is ignored by this kernel. Remove the mand
[  101.954022][ T5052]          option from the mount to silence this warning.
[  101.954022][ T5052] =======================================================
[  102.033728][ T5052] JBD2: Ignoring recovery information on journal
[  102.078645][ T5052] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  102.168148][ T4885] ocfs2: Unmounting device (7,0) on (node local)
[  102.315976][ T4262] Bluetooth: hci0: command 0x041b tx timeout
[  102.503846][ T5058] loop0: detected capacity change from 0 to 32768
[  102.630636][ T5058] JBD2: Ignoring recovery information on journal
[  102.682171][ T5058] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  102.784412][ T4885] ocfs2: Unmounting device (7,0) on (node local)
[  103.048448][ T5079] loop0: detected capacity change from 0 to 32768
[  103.073090][ T5079] JBD2: Ignoring recovery information on journal
[  103.118159][ T5079] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  103.157599][ T4885] ocfs2: Unmounting device (7,0) on (node local)
2026/01/29 12:39:14 executed programs: 5
[  103.451421][ T5084] loop0: detected capacity change from 0 to 32768
[  103.522167][ T5084] JBD2: Ignoring recovery information on journal
[  103.573921][ T5084] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  103.608513][ T5084] ==================================================================
[  103.616971][ T5084] BUG: KASAN: use-after-free in ocfs2_fault+0xda/0x3d0
[  103.624108][ T5084] Read of size 8 at addr ffff888076af0d00 by task syz.0.20/5084
[  103.631917][ T5084] 
[  103.634275][ T5084] CPU: 1 PID: 5084 Comm: syz.0.20 Not tainted syzkaller #0
[  103.641503][ T5084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  103.651670][ T5084] Call Trace:
[  103.654989][ T5084]  <TASK>
[  103.657938][ T5084]  dump_stack_lvl+0x188/0x250
[  103.662743][ T5084]  ? show_regs_print_info+0x20/0x20
[  103.667983][ T5084]  ? load_image+0x400/0x400
[  103.672504][ T5084]  ? _raw_spin_lock_irqsave+0xbc/0x100
[  103.678109][ T5084]  ? recalc_sigpending+0x1a0/0x230
[  103.683562][ T5084]  print_address_description+0x60/0x2d0
[  103.689306][ T5084]  ? ocfs2_fault+0xda/0x3d0
[  103.693818][ T5084]  kasan_report+0xdf/0x130
[  103.698221][ T5084]  ? ocfs2_fault+0xda/0x3d0
[  103.702718][ T5084]  ocfs2_fault+0xda/0x3d0
[  103.707223][ T5084]  ? ocfs2_mmap+0x250/0x250
[  103.712665][ T5084]  ? count_memcg_event_mm+0x324/0x370
[  103.718031][ T5084]  ? remove_device_exclusive_entry+0xa90/0xa90
[  103.724273][ T5084]  ? mark_lock+0x94/0x320
[  103.728600][ T5084]  __do_fault+0x141/0x330
[  103.733003][ T5084]  handle_mm_fault+0x2985/0x4410
[  103.738204][ T5084]  ? get_page+0xe0/0xe0
[  103.742349][ T5084]  ? follow_page_mask+0x5dc/0x12d0
[  103.747466][ T5084]  ? check_vma_flags+0x3f5/0x480
[  103.752401][ T5084]  __get_user_pages+0x94b/0x11e0
[  103.757330][ T5084]  ? populate_vma_page_range+0x290/0x290
[  103.762954][ T5084]  ? read_lock_is_recursive+0x10/0x10
[  103.768341][ T5084]  populate_vma_page_range+0x213/0x290
[  103.773794][ T5084]  __mm_populate+0x275/0x3b0
[  103.778379][ T5084]  ? check_vma_flags+0x480/0x480
[  103.783310][ T5084]  ? up_write+0x1bb/0x420
[  103.787628][ T5084]  vm_mmap_pgoff+0x212/0x2d0
[  103.792210][ T5084]  ? account_locked_vm+0xe0/0xe0
[  103.797138][ T5084]  ? __fget_files+0x40f/0x480
[  103.801808][ T5084]  ksys_mmap_pgoff+0x54b/0x790
[  103.806580][ T5084]  ? mmap_region+0x1650/0x1650
[  103.811329][ T5084]  ? lockdep_hardirqs_on+0x94/0x140
[  103.816511][ T5084]  do_syscall_64+0x4c/0xa0
[  103.821038][ T5084]  ? clear_bhb_loop+0x30/0x80
[  103.825699][ T5084]  ? clear_bhb_loop+0x30/0x80
[  103.830357][ T5084]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  103.836407][ T5084] RIP: 0033:0x7f42ef9d9ef9
[  103.840813][ T5084] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  103.860587][ T5084] RSP: 002b:00007f42ef03d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  103.869026][ T5084] RAX: ffffffffffffffda RBX: 00007f42efc44fa0 RCX: 00007f42ef9d9ef9
[  103.877092][ T5084] RDX: 0000000000000002 RSI: 0000000000b36000 RDI: 0000200000000000
[  103.885064][ T5084] RBP: 00007f42efa6eee0 R08: 0000000000000004 R09: 0000000000000000
[  103.893114][ T5084] R10: 0000000000028011 R11: 0000000000000246 R12: 0000000000000000
[  103.901079][ T5084] R13: 00007f42efc45038 R14: 00007f42efc44fa0 R15: 00007ffd43df4c48
[  103.909496][ T5084]  </TASK>
[  103.912972][ T5084] 
[  103.915278][ T5084] Allocated by task 5084:
[  103.919587][ T5084]  __kasan_slab_alloc+0x9c/0xd0
[  103.924433][ T5084]  slab_post_alloc_hook+0x4c/0x380
[  103.929619][ T5084]  kmem_cache_alloc+0x100/0x290
[  103.934454][ T5084]  vm_area_alloc+0x20/0xe0
[  103.938856][ T5084]  mmap_region+0xac0/0x1650
[  103.943434][ T5084]  do_mmap+0x819/0xe90
[  103.947581][ T5084]  vm_mmap_pgoff+0x1c1/0x2d0
[  103.952148][ T5084]  ksys_mmap_pgoff+0x54b/0x790
[  103.957181][ T5084]  do_syscall_64+0x4c/0xa0
[  103.961671][ T5084]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  103.967735][ T5084] 
[  103.970051][ T5084] Freed by task 5087:
[  103.974090][ T5084]  kasan_set_track+0x4b/0x70
[  103.978842][ T5084]  kasan_set_free_info+0x1f/0x40
[  103.983835][ T5084]  ____kasan_slab_free+0xd5/0x110
[  103.988835][ T5084]  slab_free_freelist_hook+0xea/0x170
[  103.994193][ T5084]  kmem_cache_free+0x8f/0x210
[  103.998855][ T5084]  __do_munmap+0xc81/0xdf0
[  104.003278][ T5084]  mmap_region+0x8b4/0x1650
[  104.007787][ T5084]  do_mmap+0x819/0xe90
[  104.012015][ T5084]  vm_mmap_pgoff+0x1c1/0x2d0
[  104.016586][ T5084]  ksys_mmap_pgoff+0x54b/0x790
[  104.021341][ T5084]  do_syscall_64+0x4c/0xa0
[  104.025824][ T5084]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  104.031712][ T5084] 
[  104.034018][ T5084] The buggy address belongs to the object at ffff888076af0c60
[  104.034018][ T5084]  which belongs to the cache vm_area_struct of size 200
[  104.048585][ T5084] The buggy address is located 160 bytes inside of
[  104.048585][ T5084]  200-byte region [ffff888076af0c60, ffff888076af0d28)
[  104.062244][ T5084] The buggy address belongs to the page:
[  104.067874][ T5084] page:ffffea0001dabc00 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888076af0630 pfn:0x76af0
[  104.079407][ T5084] memcg:ffff88802b349601
[  104.083624][ T5084] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[  104.091161][ T5084] raw: 00fff00000000200 ffffea0001d2ffc0 0000000800000008 ffff888140007a00
[  104.099721][ T5084] raw: ffff888076af0630 00000000800f0003 00000001ffffffff ffff88802b349601
[  104.108290][ T5084] page dumped because: kasan: bad access detected
[  104.114677][ T5084] page_owner tracks the page as allocated
[  104.120450][ T5084] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 4357, ts 72813634061, free_ts 72808065047
[  104.136400][ T5084]  get_page_from_freelist+0x1bbd/0x1ca0
[  104.141953][ T5084]  __alloc_pages+0x1ee/0x480
[  104.146603][ T5084]  new_slab+0xc0/0x4b0
[  104.150648][ T5084]  ___slab_alloc+0x80a/0xdd0
[  104.155211][ T5084]  kmem_cache_alloc+0x195/0x290
[  104.160131][ T5084]  vm_area_dup+0x1e/0xb0
[  104.164354][ T5084]  __split_vma+0xb1/0x410
[  104.168672][ T5084]  mprotect_fixup+0x5bb/0x800
[  104.173364][ T5084]  do_mprotect_pkey+0x657/0x910
[  104.178326][ T5084]  __x64_sys_mprotect+0x7c/0x90
[  104.183247][ T5084]  do_syscall_64+0x4c/0xa0
[  104.187816][ T5084]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  104.193682][ T5084] page last free stack trace:
[  104.198329][ T5084]  free_unref_page_prepare+0x637/0x6c0
[  104.203773][ T5084]  free_unref_page+0x8f/0x2a0
[  104.208550][ T5084]  __unfreeze_partials+0x1a5/0x200
[  104.213633][ T5084]  put_cpu_partial+0x12d/0x190
[  104.218376][ T5084]  qlist_free_all+0x35/0x90
[  104.222862][ T5084]  kasan_quarantine_reduce+0x150/0x160
[  104.228382][ T5084]  __kasan_slab_alloc+0x2f/0xd0
[  104.233292][ T5084]  slab_post_alloc_hook+0x4c/0x380
[  104.238418][ T5084]  kmem_cache_alloc+0x100/0x290
[  104.243334][ T5084]  vm_area_alloc+0x20/0xe0
[  104.247724][ T5084]  mmap_region+0xac0/0x1650
[  104.252207][ T5084]  do_mmap+0x819/0xe90
[  104.256248][ T5084]  vm_mmap_pgoff+0x1c1/0x2d0
[  104.260937][ T5084]  ksys_mmap_pgoff+0x54b/0x790
[  104.265673][ T5084]  do_syscall_64+0x4c/0xa0
[  104.270069][ T5084]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  104.275957][ T5084] 
[  104.278273][ T5084] Memory state around the buggy address:
[  104.284144][ T5084]  ffff888076af0c00: fb fb fb fb fc fc fc fc fc fc fc fc fa fb fb fb
[  104.292379][ T5084]  ffff888076af0c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  104.300518][ T5084] >ffff888076af0d00: fb fb fb fb fb fc fc fc fc fc fc fc fc fb fb fb
[  104.308653][ T5084]                    ^
[  104.312692][ T5084]  ffff888076af0d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  104.320814][ T5084]  ffff888076af0e00: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fb fb
[  104.328846][ T5084] ==================================================================
[  104.336988][ T5084] Disabling lock debugging due to kernel taint
[  104.344507][ T5084] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  104.351727][ T5084] CPU: 1 PID: 5084 Comm: syz.0.20 Tainted: G    B             syzkaller #0
[  104.360416][ T5084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  104.370736][ T5084] Call Trace:
[  104.374010][ T5084]  <TASK>
[  104.376933][ T5084]  dump_stack_lvl+0x188/0x250
[  104.381611][ T5084]  ? show_regs_print_info+0x20/0x20
[  104.386877][ T5084]  ? load_image+0x400/0x400
[  104.391461][ T5084]  panic+0x2e5/0x810
[  104.395368][ T4265] Bluetooth: hci0: command 0x040f tx timeout
[  104.395425][ T5084]  ? bpf_jit_dump+0xd0/0xd0
[  104.405990][ T5084]  ? _raw_spin_unlock_irqrestore+0x10d/0x120
[  104.411973][ T5084]  ? _raw_spin_unlock+0x40/0x40
[  104.416806][ T5084]  ? ocfs2_fault+0xda/0x3d0
[  104.421462][ T5084]  check_panic_on_warn+0x80/0xa0
[  104.426382][ T5084]  ? ocfs2_fault+0xda/0x3d0
[  104.430925][ T5084]  end_report+0x6d/0xf0
[  104.435081][ T5084]  kasan_report+0x102/0x130
[  104.439594][ T5084]  ? ocfs2_fault+0xda/0x3d0
[  104.444145][ T5084]  ocfs2_fault+0xda/0x3d0
[  104.448478][ T5084]  ? ocfs2_mmap+0x250/0x250
[  104.452983][ T5084]  ? count_memcg_event_mm+0x324/0x370
[  104.458513][ T5084]  ? remove_device_exclusive_entry+0xa90/0xa90
[  104.464650][ T5084]  ? mark_lock+0x94/0x320
[  104.468954][ T5084]  __do_fault+0x141/0x330
[  104.473257][ T5084]  handle_mm_fault+0x2985/0x4410
[  104.478171][ T5084]  ? get_page+0xe0/0xe0
[  104.482303][ T5084]  ? follow_page_mask+0x5dc/0x12d0
[  104.487404][ T5084]  ? check_vma_flags+0x3f5/0x480
[  104.492418][ T5084]  __get_user_pages+0x94b/0x11e0
[  104.497601][ T5084]  ? populate_vma_page_range+0x290/0x290
[  104.503213][ T5084]  ? read_lock_is_recursive+0x10/0x10
[  104.508563][ T5084]  populate_vma_page_range+0x213/0x290
[  104.513999][ T5084]  __mm_populate+0x275/0x3b0
[  104.518564][ T5084]  ? check_vma_flags+0x480/0x480
[  104.523480][ T5084]  ? up_write+0x1bb/0x420
[  104.527784][ T5084]  vm_mmap_pgoff+0x212/0x2d0
[  104.532348][ T5084]  ? account_locked_vm+0xe0/0xe0
[  104.537345][ T5084]  ? __fget_files+0x40f/0x480
[  104.542003][ T5084]  ksys_mmap_pgoff+0x54b/0x790
[  104.546746][ T5084]  ? mmap_region+0x1650/0x1650
[  104.551591][ T5084]  ? lockdep_hardirqs_on+0x94/0x140
[  104.556854][ T5084]  do_syscall_64+0x4c/0xa0
[  104.561244][ T5084]  ? clear_bhb_loop+0x30/0x80
[  104.565924][ T5084]  ? clear_bhb_loop+0x30/0x80
[  104.570583][ T5084]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  104.576450][ T5084] RIP: 0033:0x7f42ef9d9ef9
[  104.580845][ T5084] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  104.600433][ T5084] RSP: 002b:00007f42ef03d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  104.608823][ T5084] RAX: ffffffffffffffda RBX: 00007f42efc44fa0 RCX: 00007f42ef9d9ef9
[  104.616958][ T5084] RDX: 0000000000000002 RSI: 0000000000b36000 RDI: 0000200000000000
[  104.625079][ T5084] RBP: 00007f42efa6eee0 R08: 0000000000000004 R09: 0000000000000000
[  104.633040][ T5084] R10: 0000000000028011 R11: 0000000000000246 R12: 0000000000000000
[  104.641161][ T5084] R13: 00007f42efc45038 R14: 00007f42efc44fa0 R15: 00007ffd43df4c48
[  104.649111][ T5084]  </TASK>
[  104.652419][ T5084] Kernel Offset: disabled
[  104.656728][ T5084] Rebooting in 86400 seconds..