Warning: Permanently added '10.128.1.251' (ED25519) to the list of known hosts.
2026/01/29 02:40:08 parsed 1 programs
[   91.615362][ T4638] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k FS
[   94.136922][ T4685] chnl_net:caif_netlink_parms(): no params data found
[   94.200839][ T4685] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.208040][ T4685] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.217859][ T4685] device bridge_slave_0 entered promiscuous mode
[   94.227491][ T4685] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.236250][ T4685] bridge0: port 2(bridge_slave_1) entered disabled state
[   94.244834][ T4685] device bridge_slave_1 entered promiscuous mode
[   94.274424][ T4685] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   94.287476][ T4685] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   94.321316][ T4685] team0: Port device team_slave_0 added
[   94.330078][ T4685] team0: Port device team_slave_1 added
[   94.356038][ T4685] batman_adv: batadv0: Adding interface: batadv_slave_0
[   94.363185][ T4685] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   94.389279][ T4685] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   94.403223][ T4685] batman_adv: batadv0: Adding interface: batadv_slave_1
[   94.410260][ T4685] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   94.436570][ T4685] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   94.475418][ T4685] device hsr_slave_0 entered promiscuous mode
[   94.482438][ T4685] device hsr_slave_1 entered promiscuous mode
[   95.076410][ T4685] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   95.086334][ T4685] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   95.111514][ T4685] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   95.121586][ T4685] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   95.297669][ T4685] 8021q: adding VLAN 0 to HW filter on device bond0
[   95.316833][ T4255] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   95.327308][ T4255] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   95.340507][ T4685] 8021q: adding VLAN 0 to HW filter on device team0
[   95.367127][ T4255] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   95.377040][ T4255] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   95.406821][ T4255] bridge0: port 1(bridge_slave_0) entered blocking state
[   95.413984][ T4255] bridge0: port 1(bridge_slave_0) entered forwarding state
[   95.437947][ T4255] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   95.480275][ T4255] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   95.499866][ T4255] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   95.521109][ T4255] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.528277][ T4255] bridge0: port 2(bridge_slave_1) entered forwarding state
[   95.537004][ T4255] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   95.546588][ T4255] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   95.564083][ T4255] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   95.574473][ T4255] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   95.584284][ T4255] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   95.595620][ T4255] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   95.612526][ T4685] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   95.624013][ T4685] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   95.637689][ T4255] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   95.647161][ T4255] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   95.656712][ T4255] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   95.666181][ T4255] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   95.676353][ T4255] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   95.691221][ T4255] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   95.830099][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   95.837873][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   95.852372][ T4685] 8021q: adding VLAN 0 to HW filter on device batadv0
[   95.875226][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   95.886228][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   95.911205][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   95.920426][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   95.929600][ T4685] device veth0_vlan entered promiscuous mode
[   95.961481][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   95.970218][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   95.983430][ T4685] device veth1_vlan entered promiscuous mode
[   96.034115][ T4685] device veth0_macvtap entered promiscuous mode
[   96.042059][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   96.051976][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   96.060728][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   96.070357][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   96.082364][ T4685] device veth1_macvtap entered promiscuous mode
[   96.116618][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   96.126793][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   96.147402][ T4685] batman_adv: batadv0: Interface activated: batadv_slave_0
[   96.159557][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   96.169464][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   96.185477][ T4685] batman_adv: batadv0: Interface activated: batadv_slave_1
[   96.197097][ T4685] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   96.208042][ T4685] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   96.218173][ T4685] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   96.227034][ T4685] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   96.256776][ T4255] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   96.266156][ T4255] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   96.879750][    T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.887881][    T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.929383][ T4255] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   96.945892][    T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.963993][    T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.983586][ T4255] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
2026/01/29 02:40:17 executed programs: 0
[   98.782091][ T4856] chnl_net:caif_netlink_parms(): no params data found
[   98.865299][ T4856] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.884293][ T4856] bridge0: port 1(bridge_slave_0) entered disabled state
[   98.894081][ T4856] device bridge_slave_0 entered promiscuous mode
[   98.919314][ T4856] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.926572][ T4856] bridge0: port 2(bridge_slave_1) entered disabled state
[   98.950087][ T4856] device bridge_slave_1 entered promiscuous mode
[   99.002122][ T4856] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   99.031192][ T4856] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   99.091937][ T4856] team0: Port device team_slave_0 added
[   99.111152][ T4856] team0: Port device team_slave_1 added
[   99.135268][ T4856] batman_adv: batadv0: Adding interface: batadv_slave_0
[   99.146203][ T4856] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   99.175005][ T4856] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   99.201668][  T144] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   99.217346][ T4856] batman_adv: batadv0: Adding interface: batadv_slave_1
[   99.226614][ T4856] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   99.253494][ T4856] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   99.293831][ T4856] device hsr_slave_0 entered promiscuous mode
[   99.301963][ T4856] device hsr_slave_1 entered promiscuous mode
[   99.309992][ T4856] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   99.317958][ T4856] Cannot create hsr debugfs directory
[  100.688806][ T4739] Bluetooth: hci0: command 0x0409 tx timeout
[  101.653674][  T144] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  101.702208][  T144] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  101.762737][  T144] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  102.521344][ T4856] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  102.532155][ T4856] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  102.550632][ T4856] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  102.559797][ T4856] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  102.619931][ T4856] 8021q: adding VLAN 0 to HW filter on device bond0
[  102.633353][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  102.643274][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  102.653837][ T4856] 8021q: adding VLAN 0 to HW filter on device team0
[  102.676928][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  102.686960][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  102.696729][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.703998][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[  102.714681][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  102.722961][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  102.733653][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  102.742350][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.749700][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[  102.760786][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  102.769274][ T4302] Bluetooth: hci0: command 0x041b tx timeout
[  102.776298][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  102.801132][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  102.810294][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  102.819357][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  102.830747][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  102.839800][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  102.860156][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  102.870715][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  102.881809][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  102.891170][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  102.911626][ T4856] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  102.997584][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  103.005824][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  103.023347][ T4856] 8021q: adding VLAN 0 to HW filter on device batadv0
[  103.037241][  T144] device hsr_slave_0 left promiscuous mode
[  103.045277][  T144] device hsr_slave_1 left promiscuous mode
[  103.052590][  T144] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  103.061586][  T144] batman_adv: batadv0: Removing interface: batadv_slave_0
[  103.069446][  T144] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  103.077504][  T144] batman_adv: batadv0: Removing interface: batadv_slave_1
[  103.085476][  T144] device bridge_slave_1 left promiscuous mode
[  103.091984][  T144] bridge0: port 2(bridge_slave_1) entered disabled state
[  103.101387][  T144] device bridge_slave_0 left promiscuous mode
[  103.107847][  T144] bridge0: port 1(bridge_slave_0) entered disabled state
[  103.120237][  T144] device veth1_macvtap left promiscuous mode
[  103.126453][  T144] device veth0_macvtap left promiscuous mode
[  103.132871][  T144] device veth1_vlan left promiscuous mode
[  103.139004][  T144] device veth0_vlan left promiscuous mode
[  103.255314][  T144] team0 (unregistering): Port device team_slave_1 removed
[  103.268074][  T144] team0 (unregistering): Port device team_slave_0 removed
[  103.283649][  T144] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  103.296519][  T144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  103.343239][  T144] bond0 (unregistering): Released all slaves
[  103.379232][ T4255] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  103.390220][ T4255] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  103.413000][ T4856] device veth0_vlan entered promiscuous mode
[  103.419691][ T4255] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  103.428003][ T4255] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  103.440685][ T4255] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  103.450882][ T4255] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  103.464146][ T4856] device veth1_vlan entered promiscuous mode
[  103.489140][ T4255] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  103.497283][ T4255] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  103.505828][ T4255] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  103.515202][ T4255] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  103.527910][ T4856] device veth0_macvtap entered promiscuous mode
[  103.541077][ T4856] device veth1_macvtap entered promiscuous mode
[  103.558880][ T4856] batman_adv: batadv0: Interface activated: batadv_slave_0
[  103.567715][ T4255] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  103.576893][ T4255] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  103.585523][ T4255] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  103.594215][ T4255] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  103.606391][ T4856] batman_adv: batadv0: Interface activated: batadv_slave_1
[  103.613946][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  103.625872][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  103.641398][ T4856] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  103.650778][ T4856] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  103.659921][ T4856] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  103.669193][ T4856] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  103.721481][    T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  103.731013][    T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  103.741435][ T4255] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  103.757046][ T4255] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
2026/01/29 02:40:22 executed programs: 2
[  103.765903][ T4255] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  103.776657][ T4255] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  103.921119][ T5126] loop0: detected capacity change from 0 to 8192
[  103.974118][ T5126] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[  103.985592][ T5126] REISERFS (device loop0): using ordered data mode
[  103.992535][ T5126] reiserfs: using flush barriers
[  103.999863][ T5126] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  104.016699][ T5126] REISERFS (device loop0): checking transaction log (loop0)
[  104.028936][ T5126] REISERFS (device loop0): Using tea hash to sort names
[  104.051327][ T5126] ==================================================================
[  104.059749][ T5126] BUG: KASAN: out-of-bounds in leaf_paste_entries+0x794/0x1130
[  104.067601][ T5126] Read of size 18446744073709551584 at addr ffff88805f9b7fa4 by task syz.0.16/5126
[  104.077172][ T5126] 
[  104.079520][ T5126] CPU: 1 PID: 5126 Comm: syz.0.16 Not tainted syzkaller #0
[  104.087044][ T5126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  104.097399][ T5126] Call Trace:
[  104.100790][ T5126]  <TASK>
[  104.103743][ T5126]  dump_stack_lvl+0x188/0x250
[  104.109005][ T5126]  ? show_regs_print_info+0x20/0x20
[  104.114423][ T5126]  ? load_image+0x400/0x400
[  104.118957][ T5126]  ? _raw_spin_lock_irqsave+0xbc/0x100
[  104.124524][ T5126]  ? __lock_acquire+0x13bc/0x7d10
[  104.129571][ T5126]  print_address_description+0x60/0x2d0
[  104.135220][ T5126]  ? leaf_paste_entries+0x794/0x1130
[  104.140702][ T5126]  kasan_report+0xdf/0x130
[  104.145237][ T5126]  ? leaf_paste_entries+0x794/0x1130
[  104.150544][ T5126]  ? journal_mark_dirty+0x21d/0xdf0
[  104.156072][ T5126]  ? leaf_paste_entries+0x794/0x1130
[  104.162214][ T5126]  kasan_check_range+0x235/0x290
[  104.167496][ T5126]  ? leaf_paste_entries+0x794/0x1130
[  104.173013][ T5126]  memmove+0x25/0x60
[  104.177145][ T5126]  leaf_paste_entries+0x794/0x1130
[  104.182703][ T5126]  balance_leaf+0xb2e5/0x10ec0
[  104.187613][ T5126]  ? mark_lock+0x94/0x320
[  104.192086][ T5126]  ? lock_chain_count+0x20/0x20
[  104.196972][ T5126]  ? _raw_spin_unlock_irqrestore+0x82/0x120
[  104.202984][ T5126]  ? do_balance+0x930/0x930
[  104.207971][ T5126]  ? _raw_spin_unlock+0x40/0x40
[  104.213131][ T5126]  ? stack_trace_snprint+0xf0/0xf0
[  104.218390][ T5126]  ? stack_depot_save+0x404/0x440
[  104.223451][ T5126]  ? __kasan_kmalloc+0xcc/0xf0
[  104.228225][ T5126]  ? __kasan_kmalloc+0xb5/0xf0
[  104.233194][ T5126]  ? fix_nodes+0x60a2/0x8340
[  104.237805][ T5126]  ? reiserfs_paste_into_item+0x60b/0x810
[  104.243537][ T5126]  ? reiserfs_add_entry+0xa42/0xe10
[  104.248922][ T5126]  ? reiserfs_mkdir+0x6bc/0x920
[  104.253811][ T5126]  ? reiserfs_xattr_init+0x331/0x720
[  104.259109][ T5126]  ? reiserfs_fill_super+0x1fe6/0x2440
[  104.264691][ T5126]  ? mount_bdev+0x287/0x3c0
[  104.269310][ T5126]  ? legacy_get_tree+0xe6/0x180
[  104.274279][ T5126]  ? vfs_get_tree+0x88/0x270
[  104.279087][ T5126]  ? do_new_mount+0x24a/0xa40
[  104.284303][ T5126]  ? __se_sys_mount+0x2e3/0x3d0
[  104.289504][ T5126]  ? do_syscall_64+0x4c/0xa0
[  104.294302][ T5126]  ? entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  104.300523][ T5126]  ? __wake_up_bit+0x120/0x120
[  104.307131][ T5126]  ? get_parents+0x400/0xd20
[  104.311952][ T5126]  ? get_neighbors+0x9ba/0x1030
[  104.316940][ T5126]  ? reiserfs_prepare_for_journal+0x269/0x280
[  104.323353][ T5126]  ? fix_nodes+0x7bc3/0x8340
[  104.328302][ T5126]  do_balance+0x318/0x930
[  104.332919][ T5126]  ? get_right_neighbor_position+0x210/0x210
[  104.339137][ T5126]  ? reiserfs_paste_into_item+0x3b0/0x810
[  104.345066][ T5126]  reiserfs_paste_into_item+0x6dd/0x810
[  104.350909][ T5126]  ? reiserfs_cut_from_item+0x1fa0/0x1fa0
[  104.357454][ T5126]  ? reiserfs_get_parent+0x2f0/0x2f0
[  104.363207][ T5126]  ? inode_get_bytes+0x73/0xa0
[  104.368274][ T5126]  ? _find_first_zero_bit+0x60/0xf0
[  104.374226][ T5126]  reiserfs_add_entry+0xa42/0xe10
[  104.379558][ T5126]  ? drop_new_inode+0x60/0x60
[  104.385182][ T5126]  ? journal_begin+0x1f1/0x350
[  104.390430][ T5126]  ? reiserfs_update_inode_transaction+0x1c/0x120
[  104.397162][ T5126]  reiserfs_mkdir+0x6bc/0x920
[  104.403117][ T5126]  ? reiserfs_symlink+0x790/0x790
[  104.408258][ T5126]  ? rwsem_write_trylock+0x135/0x1c0
[  104.413747][ T5126]  ? lookup_one_len+0x19d/0x2d0
[  104.418819][ T5126]  ? lookup_one_common+0x460/0x460
[  104.424314][ T5126]  reiserfs_xattr_init+0x331/0x720
[  104.429688][ T5126]  reiserfs_fill_super+0x1fe6/0x2440
[  104.435531][ T5126]  ? reiserfs_kill_sb+0x140/0x140
[  104.440668][ T5126]  ? snprintf+0xe5/0x140
[  104.445032][ T5126]  ? vscnprintf+0x80/0x80
[  104.449647][ T5126]  ? set_blocksize+0x1f3/0x370
[  104.454612][ T5126]  ? sb_set_blocksize+0xa5/0xe0
[  104.460028][ T5126]  mount_bdev+0x287/0x3c0
[  104.464977][ T5126]  ? reiserfs_kill_sb+0x140/0x140
[  104.470400][ T5126]  legacy_get_tree+0xe6/0x180
[  104.475307][ T5126]  ? remove_save_link+0x3e0/0x3e0
[  104.480642][ T5126]  vfs_get_tree+0x88/0x270
[  104.485272][ T5126]  do_new_mount+0x24a/0xa40
[  104.490332][ T5126]  __se_sys_mount+0x2e3/0x3d0
[  104.495385][ T5126]  ? __x64_sys_mount+0xc0/0xc0
[  104.500449][ T5126]  ? lockdep_hardirqs_on+0x94/0x140
[  104.505668][ T5126]  ? __x64_sys_mount+0x1c/0xc0
[  104.510461][ T5126]  do_syscall_64+0x4c/0xa0
[  104.514997][ T5126]  ? clear_bhb_loop+0x30/0x80
[  104.519726][ T5126]  ? clear_bhb_loop+0x30/0x80
[  104.525250][ T5126]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  104.531565][ T5126] RIP: 0033:0x7fc5442fd30a
[  104.536203][ T5126] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  104.556354][ T5126] RSP: 002b:00007fc54355fe58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  104.564963][ T5126] RAX: ffffffffffffffda RBX: 00007fc54355fee0 RCX: 00007fc5442fd30a
[  104.573235][ T5126] RDX: 0000200000000080 RSI: 0000200000000040 RDI: 00007fc54355fea0
[  104.581568][ T5126] RBP: 0000200000000080 R08: 00007fc54355fee0 R09: 000000000000800c
[  104.589646][ T5126] R10: 000000000000800c R11: 0000000000000246 R12: 0000200000000040
[  104.597995][ T5126] R13: 00007fc54355fea0 R14: 0000000000001118 R15: 0000200000001380
[  104.606351][ T5126]  </TASK>
[  104.609393][ T5126] 
[  104.611740][ T5126] The buggy address belongs to the page:
[  104.617486][ T5126] page:ffffea00017e6dc0 refcount:3 mapcount:0 mapping:ffff88814081daf0 index:0x213 pfn:0x5f9b7
[  104.628180][ T5126] memcg:ffff8880763a4000
[  104.632607][ T5126] aops:def_blk_aops ino:700000
[  104.637481][ T5126] flags: 0xfff00000002022(referenced|active|private|node=0|zone=1|lastcpupid=0x7ff)
[  104.647069][ T5126] raw: 00fff00000002022 0000000000000000 dead000000000122 ffff88814081daf0
[  104.655867][ T5126] raw: 0000000000000213 ffff888024973ae0 00000003ffffffff ffff8880763a4000
[  104.664842][ T5126] page dumped because: kasan: bad access detected
[  104.671276][ T5126] page_owner tracks the page as allocated
[  104.677107][ T5126] page last allocated via order 0, migratetype Movable, gfp_mask 0x108c48(GFP_NOFS|__GFP_NOFAIL|__GFP_HARDWALL|__GFP_MOVABLE), pid 5126, ts 104028396626, free_ts 92706799644
[  104.694793][ T5126]  get_page_from_freelist+0x1bbd/0x1ca0
[  104.700560][ T5126]  __alloc_pages+0x1ee/0x480
[  104.705616][ T5126]  __page_cache_alloc+0xce/0x440
[  104.710574][ T5126]  pagecache_get_page+0x9b6/0xf10
[  104.715709][ T5126]  __getblk_gfp+0x247/0xb60
[  104.720235][ T5126]  search_by_key+0x46c/0x4470
[  104.725030][ T5126]  reiserfs_read_locked_inode+0x195/0x26b0
[  104.731012][ T5126]  reiserfs_fill_super+0x12af/0x2440
[  104.736450][ T5126]  mount_bdev+0x287/0x3c0
[  104.741222][ T5126]  legacy_get_tree+0xe6/0x180
[  104.746092][ T5126]  vfs_get_tree+0x88/0x270
[  104.750549][ T5126]  do_new_mount+0x24a/0xa40
[  104.755153][ T5126]  __se_sys_mount+0x2e3/0x3d0
[  104.759974][ T5126]  do_syscall_64+0x4c/0xa0
[  104.764589][ T5126]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  104.770599][ T5126] page last free stack trace:
[  104.775276][ T5126]  free_unref_page_prepare+0x637/0x6c0
[  104.780963][ T5126]  free_unref_page_list+0x119/0x820
[  104.786257][ T5126]  release_pages+0x186c/0x1be0
[  104.791204][ T5126]  tlb_finish_mmu+0x176/0x300
[  104.795986][ T5126]  unmap_region+0x344/0x3b0
[  104.800501][ T5126]  __do_munmap+0x9f8/0xdf0
[  104.805115][ T5126]  __vm_munmap+0x140/0x240
[  104.809557][ T5126]  __x64_sys_munmap+0x67/0x70
[  104.814350][ T5126]  do_syscall_64+0x4c/0xa0
[  104.818954][ T5126]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  104.825043][ T5126] 
[  104.827375][ T5126] Memory state around the buggy address:
[  104.833273][ T5126]  ffff88805f9b7e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  104.841452][ T5126]  ffff88805f9b7f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  104.849542][ T5126] >ffff88805f9b7f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  104.857694][ T5126]                                ^
[  104.862900][ T5126]  ffff88805f9b8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  104.871225][ T5126]  ffff88805f9b8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  104.879462][ T5126] ==================================================================
[  104.887778][ T5126] Disabling lock debugging due to kernel taint
[  104.909920][ T5126] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  104.917264][ T5126] CPU: 1 PID: 5126 Comm: syz.0.16 Tainted: G    B             syzkaller #0
[  104.925954][ T5126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  104.928836][ T4302] Bluetooth: hci0: command 0x040f tx timeout
[  104.936112][ T5126] Call Trace:
[  104.936123][ T5126]  <TASK>
[  104.948454][ T5126]  dump_stack_lvl+0x188/0x250
[  104.953139][ T5126]  ? show_regs_print_info+0x20/0x20
[  104.958322][ T5126]  ? load_image+0x400/0x400
[  104.962970][ T5126]  panic+0x2e5/0x810
[  104.966839][ T5126]  ? bpf_jit_dump+0xd0/0xd0
[  104.971327][ T5126]  ? _raw_spin_unlock_irqrestore+0x10d/0x120
[  104.977496][ T5126]  ? _raw_spin_unlock+0x40/0x40
[  104.982423][ T5126]  ? leaf_paste_entries+0x794/0x1130
[  104.987848][ T5126]  check_panic_on_warn+0x80/0xa0
[  104.992968][ T5126]  ? leaf_paste_entries+0x794/0x1130
[  104.998517][ T5126]  end_report+0x6d/0xf0
[  105.002789][ T5126]  kasan_report+0x102/0x130
[  105.007649][ T5126]  ? leaf_paste_entries+0x794/0x1130
[  105.013081][ T5126]  ? journal_mark_dirty+0x21d/0xdf0
[  105.018354][ T5126]  ? leaf_paste_entries+0x794/0x1130
[  105.023636][ T5126]  kasan_check_range+0x235/0x290
[  105.028730][ T5126]  ? leaf_paste_entries+0x794/0x1130
[  105.033995][ T5126]  memmove+0x25/0x60
[  105.037949][ T5126]  leaf_paste_entries+0x794/0x1130
[  105.043187][ T5126]  balance_leaf+0xb2e5/0x10ec0
[  105.047955][ T5126]  ? mark_lock+0x94/0x320
[  105.052356][ T5126]  ? lock_chain_count+0x20/0x20
[  105.057202][ T5126]  ? _raw_spin_unlock_irqrestore+0x82/0x120
[  105.063217][ T5126]  ? do_balance+0x930/0x930
[  105.067738][ T5126]  ? _raw_spin_unlock+0x40/0x40
[  105.072669][ T5126]  ? stack_trace_snprint+0xf0/0xf0
[  105.078173][ T5126]  ? stack_depot_save+0x404/0x440
[  105.083234][ T5126]  ? __kasan_kmalloc+0xcc/0xf0
[  105.088079][ T5126]  ? __kasan_kmalloc+0xb5/0xf0
[  105.092825][ T5126]  ? fix_nodes+0x60a2/0x8340
[  105.097584][ T5126]  ? reiserfs_paste_into_item+0x60b/0x810
[  105.103369][ T5126]  ? reiserfs_add_entry+0xa42/0xe10
[  105.108544][ T5126]  ? reiserfs_mkdir+0x6bc/0x920
[  105.113464][ T5126]  ? reiserfs_xattr_init+0x331/0x720
[  105.118822][ T5126]  ? reiserfs_fill_super+0x1fe6/0x2440
[  105.124353][ T5126]  ? mount_bdev+0x287/0x3c0
[  105.129197][ T5126]  ? legacy_get_tree+0xe6/0x180
[  105.134295][ T5126]  ? vfs_get_tree+0x88/0x270
[  105.139057][ T5126]  ? do_new_mount+0x24a/0xa40
[  105.143716][ T5126]  ? __se_sys_mount+0x2e3/0x3d0
[  105.148891][ T5126]  ? do_syscall_64+0x4c/0xa0
[  105.153789][ T5126]  ? entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  105.159896][ T5126]  ? __wake_up_bit+0x120/0x120
[  105.164947][ T5126]  ? get_parents+0x400/0xd20
[  105.169609][ T5126]  ? get_neighbors+0x9ba/0x1030
[  105.174570][ T5126]  ? reiserfs_prepare_for_journal+0x269/0x280
[  105.180617][ T5126]  ? fix_nodes+0x7bc3/0x8340
[  105.185280][ T5126]  do_balance+0x318/0x930
[  105.189591][ T5126]  ? get_right_neighbor_position+0x210/0x210
[  105.195667][ T5126]  ? reiserfs_paste_into_item+0x3b0/0x810
[  105.201376][ T5126]  reiserfs_paste_into_item+0x6dd/0x810
[  105.207173][ T5126]  ? reiserfs_cut_from_item+0x1fa0/0x1fa0
[  105.212989][ T5126]  ? reiserfs_get_parent+0x2f0/0x2f0
[  105.218518][ T5126]  ? inode_get_bytes+0x73/0xa0
[  105.223299][ T5126]  ? _find_first_zero_bit+0x60/0xf0
[  105.228570][ T5126]  reiserfs_add_entry+0xa42/0xe10
[  105.233675][ T5126]  ? drop_new_inode+0x60/0x60
[  105.238609][ T5126]  ? journal_begin+0x1f1/0x350
[  105.243526][ T5126]  ? reiserfs_update_inode_transaction+0x1c/0x120
[  105.250507][ T5126]  reiserfs_mkdir+0x6bc/0x920
[  105.255525][ T5126]  ? reiserfs_symlink+0x790/0x790
[  105.260630][ T5126]  ? rwsem_write_trylock+0x135/0x1c0
[  105.265951][ T5126]  ? lookup_one_len+0x19d/0x2d0
[  105.270972][ T5126]  ? lookup_one_common+0x460/0x460
[  105.276246][ T5126]  reiserfs_xattr_init+0x331/0x720
[  105.281434][ T5126]  reiserfs_fill_super+0x1fe6/0x2440
[  105.286925][ T5126]  ? reiserfs_kill_sb+0x140/0x140
[  105.291953][ T5126]  ? snprintf+0xe5/0x140
[  105.296195][ T5126]  ? vscnprintf+0x80/0x80
[  105.300733][ T5126]  ? set_blocksize+0x1f3/0x370
[  105.305692][ T5126]  ? sb_set_blocksize+0xa5/0xe0
[  105.310536][ T5126]  mount_bdev+0x287/0x3c0
[  105.314848][ T5126]  ? reiserfs_kill_sb+0x140/0x140
[  105.319848][ T5126]  legacy_get_tree+0xe6/0x180
[  105.324606][ T5126]  ? remove_save_link+0x3e0/0x3e0
[  105.329800][ T5126]  vfs_get_tree+0x88/0x270
[  105.334226][ T5126]  do_new_mount+0x24a/0xa40
[  105.338804][ T5126]  __se_sys_mount+0x2e3/0x3d0
[  105.343461][ T5126]  ? __x64_sys_mount+0xc0/0xc0
[  105.348306][ T5126]  ? lockdep_hardirqs_on+0x94/0x140
[  105.353741][ T5126]  ? __x64_sys_mount+0x1c/0xc0
[  105.358577][ T5126]  do_syscall_64+0x4c/0xa0
[  105.363280][ T5126]  ? clear_bhb_loop+0x30/0x80
[  105.368030][ T5126]  ? clear_bhb_loop+0x30/0x80
[  105.372689][ T5126]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  105.378662][ T5126] RIP: 0033:0x7fc5442fd30a
[  105.383324][ T5126] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  105.403143][ T5126] RSP: 002b:00007fc54355fe58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  105.411629][ T5126] RAX: ffffffffffffffda RBX: 00007fc54355fee0 RCX: 00007fc5442fd30a
[  105.419706][ T5126] RDX: 0000200000000080 RSI: 0000200000000040 RDI: 00007fc54355fea0
[  105.427998][ T5126] RBP: 0000200000000080 R08: 00007fc54355fee0 R09: 000000000000800c
[  105.436152][ T5126] R10: 000000000000800c R11: 0000000000000246 R12: 0000200000000040
[  105.444204][ T5126] R13: 00007fc54355fea0 R14: 0000000000001118 R15: 0000200000001380
[  105.452329][ T5126]  </TASK>
[  105.455749][ T5126] Kernel Offset: disabled
[  105.460076][ T5126] Rebooting in 86400 seconds..