Warning: Permanently added '10.128.0.72' (ED25519) to the list of known hosts.
2026/05/11 18:17:06 parsed 1 programs
Setting up swapspace version 1, size = 127995904 bytes
[ 98.456513][ T4632] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS
[ 99.912125][ T4645] chnl_net:caif_netlink_parms(): no params data found
[ 99.953855][ T4645] bridge0: port 1(bridge_slave_0) entered blocking state
[ 99.962634][ T4645] bridge0: port 1(bridge_slave_0) entered disabled state
[ 99.971683][ T4645] device bridge_slave_0 entered promiscuous mode
[ 99.982704][ T4645] bridge0: port 2(bridge_slave_1) entered blocking state
[ 99.991131][ T4645] bridge0: port 2(bridge_slave_1) entered disabled state
[ 100.000095][ T4645] device bridge_slave_1 entered promiscuous mode
[ 100.019811][ T4645] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 100.033777][ T4645] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 100.056241][ T4645] team0: Port device team_slave_0 added
[ 100.064014][ T4645] team0: Port device team_slave_1 added
[ 100.086064][ T4645] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 100.094109][ T4645] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 100.124331][ T4645] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 100.138451][ T4645] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 100.148211][ T4645] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 100.180668][ T4645] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 100.213792][ T4645] device hsr_slave_0 entered promiscuous mode
[ 100.223179][ T4645] device hsr_slave_1 entered promiscuous mode
[ 100.815313][ T4645] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 100.829551][ T4645] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 100.858445][ T4645] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 100.888167][ T4645] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 101.022409][ T4645] 8021q: adding VLAN 0 to HW filter on device bond0
[ 101.052098][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 101.065419][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 101.084147][ T4645] 8021q: adding VLAN 0 to HW filter on device team0
[ 101.101789][ T1226] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 101.125475][ T1226] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 101.139218][ T1226] bridge0: port 1(bridge_slave_0) entered blocking state
[ 101.147496][ T1226] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 101.161915][ T1226] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 101.173510][ T1226] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 101.185428][ T1226] bridge0: port 2(bridge_slave_1) entered blocking state
[ 101.193753][ T1226] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 101.204500][ T1226] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 101.216371][ T1215] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 101.246004][ T1215] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 101.265272][ T1215] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 101.286246][ T1215] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 101.306160][ T1215] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 101.325851][ T1215] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 101.355140][ T1215] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 101.381704][ T4645] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 101.404764][ T4645] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 101.437305][ T1215] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 101.447441][ T1215] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 101.465480][ T1215] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 101.486117][ T1215] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 101.505075][ T1215] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 101.753389][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 101.773770][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 101.798868][ T4645] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 101.825359][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 101.845630][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 101.878307][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 101.889538][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 101.908857][ T4645] device veth0_vlan entered promiscuous mode
[ 101.918697][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 101.929638][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 101.947927][ T4645] device veth1_vlan entered promiscuous mode
[ 101.956634][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 101.987879][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 102.001247][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 102.013511][ T4645] device veth0_macvtap entered promiscuous mode
[ 102.025618][ T4645] device veth1_macvtap entered promiscuous mode
[ 102.046351][ T4645] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 102.065140][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 102.076126][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 102.085245][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 102.094444][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 102.109011][ T4645] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 102.121187][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 102.131312][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 102.146166][ T4645] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 102.157797][ T4645] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 102.168775][ T4645] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 102.180429][ T4645] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 102.443257][ T9] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 104.662108][ T3069] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 104.682741][ T3069] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 104.703620][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 104.720183][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 104.733025][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 104.743840][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 104.950000][ T9] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2026/05/11 18:17:16 executed programs: 0
[ 105.686255][ T4916] chnl_net:caif_netlink_parms(): no params data found
[ 105.749166][ T4916] bridge0: port 1(bridge_slave_0) entered blocking state
[ 105.757672][ T4916] bridge0: port 1(bridge_slave_0) entered disabled state
[ 105.769393][ T4916] device bridge_slave_0 entered promiscuous mode
[ 105.780068][ T4916] bridge0: port 2(bridge_slave_1) entered blocking state
[ 105.788748][ T4916] bridge0: port 2(bridge_slave_1) entered disabled state
[ 105.798970][ T4916] device bridge_slave_1 entered promiscuous mode
[ 105.825392][ T4916] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 105.837482][ T4916] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 105.867722][ T4916] team0: Port device team_slave_0 added
[ 105.877349][ T4916] team0: Port device team_slave_1 added
[ 105.903473][ T4916] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 105.912252][ T4916] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 105.944183][ T4916] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 105.958650][ T4916] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 105.966925][ T4916] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 105.995735][ T4916] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 106.031904][ T4916] device hsr_slave_0 entered promiscuous mode
[ 106.040047][ T4916] device hsr_slave_1 entered promiscuous mode
[ 106.047857][ T4916] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 106.057011][ T4916] Cannot create hsr debugfs directory
[ 107.435169][ T9] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 107.482806][ T9] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 107.575020][ T4248] Bluetooth: hci0: command 0x0409 tx timeout
[ 108.238027][ T9] device hsr_slave_0 left promiscuous mode
[ 108.245486][ T9] device hsr_slave_1 left promiscuous mode
[ 108.252666][ T9] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 108.261242][ T9] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 108.271022][ T9] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 108.279717][ T9] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 108.288942][ T9] device bridge_slave_1 left promiscuous mode
[ 108.296461][ T9] bridge0: port 2(bridge_slave_1) entered disabled state
[ 108.305996][ T9] device bridge_slave_0 left promiscuous mode
[ 108.314042][ T9] bridge0: port 1(bridge_slave_0) entered disabled state
[ 108.327230][ T9] device veth1_macvtap left promiscuous mode
[ 108.333983][ T9] device veth0_macvtap left promiscuous mode
[ 108.341781][ T9] device veth1_vlan left promiscuous mode
[ 108.349854][ T9] device veth0_vlan left promiscuous mode
[ 108.478264][ T9] team0 (unregistering): Port device team_slave_1 removed
[ 108.491123][ T9] team0 (unregistering): Port device team_slave_0 removed
[ 108.511419][ T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 108.528760][ T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 108.586929][ T9] bond0 (unregistering): Released all slaves
[ 108.654157][ T4916] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 108.666979][ T4916] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 108.678484][ T4916] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 108.688611][ T4916] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 108.748298][ T4916] 8021q: adding VLAN 0 to HW filter on device bond0
[ 108.766246][ T1215] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 108.777484][ T1215] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 108.801520][ T4916] 8021q: adding VLAN 0 to HW filter on device team0
[ 108.812552][ T1215] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 108.821528][ T1215] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 108.831833][ T1215] bridge0: port 1(bridge_slave_0) entered blocking state
[ 108.839669][ T1215] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 108.848954][ T1215] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 108.860677][ T1215] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 108.871347][ T1215] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 108.881919][ T1215] bridge0: port 2(bridge_slave_1) entered blocking state
[ 108.890635][ T1215] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 108.902925][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 108.938166][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 108.948184][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 108.958788][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 108.968013][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 108.978681][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 108.988912][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 109.004350][ T1215] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 109.013363][ T1215] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 109.022724][ T1215] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 109.032692][ T1215] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 109.042754][ T4916] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 109.168163][ T4916] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 109.176924][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 109.185819][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 109.206753][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 109.218209][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 109.239564][ T4916] device veth0_vlan entered promiscuous mode
[ 109.247831][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 109.256904][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 109.267431][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 109.278100][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 109.293735][ T4916] device veth1_vlan entered promiscuous mode
[ 109.316184][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 109.333476][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 109.343106][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 109.355096][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 109.366608][ T4916] device veth0_macvtap entered promiscuous mode
[ 109.379049][ T4916] device veth1_macvtap entered promiscuous mode
[ 109.396769][ T4916] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 109.409402][ T4916] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 109.418919][ T1215] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 109.429979][ T1215] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 109.440494][ T1215] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 109.451765][ T1215] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 109.462108][ T1215] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 109.473224][ T1215] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 109.485331][ T4916] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 109.495126][ T4916] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 109.504619][ T4916] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 109.513844][ T4916] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 109.579466][ T1215] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 109.592666][ T1215] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 109.602058][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 109.623790][ T1215] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 109.633999][ T1215] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 109.647190][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 109.658112][ T4251] Bluetooth: hci0: command 0x041b tx timeout
[ 109.996738][ T5089] loop0: detected capacity change from 0 to 40427
[ 110.012392][ T5089] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[ 110.021769][ T5089] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[ 110.036934][ T5089] F2FS-fs (loop0): invalid crc value
[ 110.081029][ T5089] F2FS-fs (loop0): Found nat_bits in checkpoint
[ 110.134610][ T5089] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[ 110.146372][ T5089] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[ 110.178258][ T5089] F2FS-fs (loop0): access invalid blkaddr:0
[ 110.185251][ T5089] CPU: 1 PID: 5089 Comm: syz.0.17 Not tainted syzkaller #0
[ 110.193929][ T5089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 110.204884][ T5089] Call Trace:
[ 110.208632][ T5089]
[ 110.212022][ T5089] dump_stack_lvl+0x188/0x250
[ 110.217085][ T5089] ? show_regs_print_info+0x20/0x20
[ 110.222916][ T5089] ? __rwlock_init+0x140/0x140
[ 110.228048][ T5089] f2fs_is_valid_blkaddr+0xc7e/0x1250
[ 110.234205][ T5089] f2fs_iget+0x1cae/0x4a50
[ 110.239214][ T5089] f2fs_nfs_get_inode+0x72/0x100
[ 110.244337][ T5089] ? f2fs_fh_to_parent+0x40/0x40
[ 110.249805][ T5089] generic_fh_to_dentry+0x8f/0xe0
[ 110.255418][ T5089] exportfs_decode_fh_raw+0x173/0x630
[ 110.261962][ T5089] ? do_handle_open+0x840/0x840
[ 110.267519][ T5089] ? exportfs_encode_fh+0x480/0x480
[ 110.273102][ T5089] ? __lock_acquire+0x7d10/0x7d10
[ 110.278758][ T5089] ? do_raw_spin_lock+0x128/0x2f0
[ 110.285042][ T5089] ? __rwlock_init+0x140/0x140
[ 110.290871][ T5089] ? do_handle_open+0x840/0x840
[ 110.296407][ T5089] exportfs_decode_fh+0x36/0x70
[ 110.302937][ T5089] do_handle_open+0x401/0x840
[ 110.309925][ T5089] ? __ia32_compat_sys_open_by_handle_at+0x80/0x80
[ 110.318286][ T5089] ? vtime_user_exit+0x2c8/0x3e0
[ 110.323774][ T5089] ? lockdep_hardirqs_on+0x94/0x140
[ 110.330751][ T5089] do_syscall_64+0x4c/0xa0
[ 110.336292][ T5089] ? clear_bhb_loop+0x30/0x80
[ 110.341326][ T5089] ? clear_bhb_loop+0x30/0x80
[ 110.346908][ T5089] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 110.353704][ T5089] RIP: 0033:0x7f990dcdaef9
[ 110.358827][ T5089] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 110.382694][ T5089] RSP: 002b:00007f990d33e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000130
[ 110.392636][ T5089] RAX: ffffffffffffffda RBX: 00007f990df45fa0 RCX: 00007f990dcdaef9
[ 110.403103][ T5089] RDX: 0000000002000000 RSI: 00002000000000c0 RDI: ffffffffffffff9c
[ 110.413252][ T5089] RBP: 00007f990dd6fee0 R08: 0000000000000000 R09: 0000000000000000
[ 110.422489][ T5089] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 110.431071][ T5089] R13: 00007f990df46038 R14: 00007f990df45fa0 R15: 00007ffc399e3a68
[ 110.441843][ T5089]
[ 110.450971][ T5089] F2FS-fs (loop0): sanity_check_inode: inode (ino=5) extent info [0, 0, 65536] is incorrect, run fsck to fix
[ 110.466429][ T5094] F2FS-fs (loop0): access invalid blkaddr:0
[ 110.472808][ T5094] CPU: 0 PID: 5094 Comm: syz.0.17 Not tainted syzkaller #0
[ 110.480782][ T5094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 110.491692][ T5094] Call Trace:
[ 110.495804][ T5094]
[ 110.499194][ T5094] dump_stack_lvl+0x188/0x250
[ 110.504447][ T5094] ? show_regs_print_info+0x20/0x20
[ 110.511826][ T5094] ? do_raw_read_unlock+0x70/0x70
[ 110.518183][ T5094] ? bpf_lsm_inode_alloc_security+0x5/0x10
[ 110.523988][ T5094] ? make_kgid+0x1c4/0x660
[ 110.529603][ T5094] f2fs_is_valid_blkaddr+0xc7e/0x1250
[ 110.536017][ T5094] f2fs_iget+0x1cae/0x4a50
[ 110.541081][ T5094] f2fs_nfs_get_inode+0x72/0x100
[ 110.546331][ T5094] ? f2fs_fh_to_parent+0x40/0x40
[ 110.552576][ T5094] generic_fh_to_dentry+0x8f/0xe0
[ 110.558720][ T5094] exportfs_decode_fh_raw+0x173/0x630
[ 110.564490][ T5094] ? do_handle_open+0x840/0x840
[ 110.570047][ T5094] ? exportfs_encode_fh+0x480/0x480
[ 110.575979][ T5094] ? __lock_acquire+0x7d10/0x7d10
[ 110.581376][ T5094] ? do_raw_spin_lock+0x128/0x2f0
[ 110.587634][ T5094] ? __rwlock_init+0x140/0x140
[ 110.592970][ T5094] ? do_handle_open+0x840/0x840
[ 110.598473][ T5094] exportfs_decode_fh+0x36/0x70
[ 110.603981][ T5094] do_handle_open+0x401/0x840
[ 110.609011][ T5094] ? __ia32_compat_sys_open_by_handle_at+0x80/0x80
[ 110.616358][ T5094] ? vtime_user_exit+0x2c8/0x3e0
[ 110.621666][ T5094] ? lockdep_hardirqs_on+0x94/0x140
[ 110.627989][ T5094] do_syscall_64+0x4c/0xa0
[ 110.632906][ T5094] ? clear_bhb_loop+0x30/0x80
[ 110.638144][ T5094] ? clear_bhb_loop+0x30/0x80
[ 110.644569][ T5094] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 110.651200][ T5094] RIP: 0033:0x7f990dcdaef9
[ 110.657260][ T5094] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 110.681504][ T5094] RSP: 002b:00007f990d31d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000130
[ 110.691877][ T5094] RAX: ffffffffffffffda RBX: 00007f990df46090 RCX: 00007f990dcdaef9
[ 110.701638][ T5094] RDX: 0000000002000000 RSI: 00002000000000c0 RDI: ffffffffffffff9c
[ 110.712083][ T5094] RBP: 00007f990dd6fee0 R08: 0000000000000000 R09: 0000000000000000
[ 110.721564][ T5094] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 110.731264][ T5094] R13: 00007f990df46128 R14: 00007f990df46090 R15: 00007ffc399e3a68
[ 110.743203][ T5094]
[ 110.753360][ T5094] ==================================================================
[ 110.765326][ T5094] BUG: KASAN: use-after-free in f2fs_iget+0x4240/0x4a50
[ 110.773135][ T5094] Read of size 4 at addr ffff888073239028 by task syz.0.17/5094
[ 110.781968][ T5094]
[ 110.784446][ T5094] CPU: 1 PID: 5094 Comm: syz.0.17 Not tainted syzkaller #0
[ 110.792397][ T5094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 110.803254][ T5094] Call Trace:
[ 110.807211][ T5094]
[ 110.810771][ T5094] dump_stack_lvl+0x188/0x250
[ 110.816022][ T5094] ? show_regs_print_info+0x20/0x20
[ 110.821790][ T5094] ? load_image+0x400/0x400
[ 110.826766][ T5094] ? _raw_spin_lock_irqsave+0xbc/0x100
[ 110.832567][ T5094] ? bpf_lsm_inode_alloc_security+0x5/0x10
[ 110.838974][ T5094] print_address_description+0x60/0x2d0
[ 110.844772][ T5094] ? f2fs_iget+0x4240/0x4a50
[ 110.849700][ T5094] kasan_report+0xdf/0x130
[ 110.855154][ T5094] ? f2fs_iget+0x4240/0x4a50
[ 110.860085][ T5094] f2fs_iget+0x4240/0x4a50
[ 110.864876][ T5094] f2fs_nfs_get_inode+0x72/0x100
[ 110.870900][ T5094] ? f2fs_fh_to_parent+0x40/0x40
[ 110.876708][ T5094] generic_fh_to_dentry+0x8f/0xe0
[ 110.883590][ T5094] exportfs_decode_fh_raw+0x173/0x630
[ 110.890303][ T5094] ? do_handle_open+0x840/0x840
[ 110.896389][ T5094] ? exportfs_encode_fh+0x480/0x480
[ 110.903810][ T5094] ? __lock_acquire+0x7d10/0x7d10
[ 110.910273][ T5094] ? do_raw_spin_lock+0x128/0x2f0
[ 110.915585][ T5094] ? __rwlock_init+0x140/0x140
[ 110.921888][ T5094] ? do_handle_open+0x840/0x840
[ 110.927788][ T5094] exportfs_decode_fh+0x36/0x70
[ 110.934157][ T5094] do_handle_open+0x401/0x840
[ 110.938939][ T5094] ? __ia32_compat_sys_open_by_handle_at+0x80/0x80
[ 110.946052][ T5094] ? vtime_user_exit+0x2c8/0x3e0
[ 110.952311][ T5094] ? lockdep_hardirqs_on+0x94/0x140
[ 110.958295][ T5094] do_syscall_64+0x4c/0xa0
[ 110.963939][ T5094] ? clear_bhb_loop+0x30/0x80
[ 110.969981][ T5094] ? clear_bhb_loop+0x30/0x80
[ 110.975095][ T5094] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 110.981492][ T5094] RIP: 0033:0x7f990dcdaef9
[ 110.986072][ T5094] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 111.008721][ T5094] RSP: 002b:00007f990d31d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000130
[ 111.018440][ T5094] RAX: ffffffffffffffda RBX: 00007f990df46090 RCX: 00007f990dcdaef9
[ 111.026839][ T5094] RDX: 0000000002000000 RSI: 00002000000000c0 RDI: ffffffffffffff9c
[ 111.035656][ T5094] RBP: 00007f990dd6fee0 R08: 0000000000000000 R09: 0000000000000000
[ 111.044474][ T5094] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 111.053073][ T5094] R13: 00007f990df46128 R14: 00007f990df46090 R15: 00007ffc399e3a68
[ 111.061957][ T5094]
[ 111.064975][ T5094]
[ 111.067796][ T5094] Allocated by task 5089:
[ 111.072999][ T5094] __kasan_slab_alloc+0x9c/0xd0
[ 111.078659][ T5094] slab_post_alloc_hook+0x4c/0x380
[ 111.084656][ T5094] kmem_cache_alloc+0x100/0x290
[ 111.090089][ T5094] f2fs_init_extent_tree+0x542/0xb50
[ 111.096699][ T5094] f2fs_iget+0xfe4/0x4a50
[ 111.101366][ T5094] f2fs_nfs_get_inode+0x72/0x100
[ 111.106722][ T5094] generic_fh_to_dentry+0x8f/0xe0
[ 111.113389][ T5094] exportfs_decode_fh_raw+0x173/0x630
[ 111.119034][ T5094] exportfs_decode_fh+0x36/0x70
[ 111.124093][ T5094] do_handle_open+0x401/0x840
[ 111.129825][ T5094] do_syscall_64+0x4c/0xa0
[ 111.134687][ T5094] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 111.140935][ T5094]
[ 111.144229][ T5094] Freed by task 5089:
[ 111.148993][ T5094] kasan_set_track+0x4b/0x70
[ 111.155555][ T5094] kasan_set_free_info+0x1f/0x40
[ 111.162314][ T5094] ____kasan_slab_free+0xd5/0x110
[ 111.168219][ T5094] slab_free_freelist_hook+0xea/0x170
[ 111.174702][ T5094] kmem_cache_free+0x8f/0x210
[ 111.180171][ T5094] f2fs_destroy_extent_tree+0x3b3/0x670
[ 111.187670][ T5094] f2fs_evict_inode+0x3c4/0x15b0
[ 111.193486][ T5094] evict+0x4c9/0x8d0
[ 111.197481][ T5094] f2fs_iget+0x16ad/0x4a50
[ 111.202508][ T5094] f2fs_nfs_get_inode+0x72/0x100
[ 111.208175][ T5094] generic_fh_to_dentry+0x8f/0xe0
[ 111.213847][ T5094] exportfs_decode_fh_raw+0x173/0x630
[ 111.219752][ T5094] exportfs_decode_fh+0x36/0x70
[ 111.225130][ T5094] do_handle_open+0x401/0x840
[ 111.230514][ T5094] do_syscall_64+0x4c/0xa0
[ 111.236661][ T5094] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 111.243332][ T5094]
[ 111.246119][ T5094] The buggy address belongs to the object at ffff888073239000
[ 111.246119][ T5094] which belongs to the cache f2fs_extent_tree of size 136
[ 111.262892][ T5094] The buggy address is located 40 bytes inside of
[ 111.262892][ T5094] 136-byte region [ffff888073239000, ffff888073239088)
[ 111.284943][ T5094] The buggy address belongs to the page:
[ 111.292877][ T5094] page:ffffea0001cc8e40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x73239
[ 111.305652][ T5094] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 111.315080][ T5094] raw: 00fff00000000200 0000000000000000 dead000000000122 ffff8881468f8140
[ 111.326174][ T5094] raw: 0000000000000000 0000000080140014 00000001ffffffff 0000000000000000
[ 111.335895][ T5094] page dumped because: kasan: bad access detected
[ 111.343900][ T5094] page_owner tracks the page as allocated
[ 111.350747][ T5094] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x112c50(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 5089, ts 110177881529, free_ts 77983659692
[ 111.372013][ T5094] get_page_from_freelist+0x1bbd/0x1ca0
[ 111.378607][ T5094] __alloc_pages+0x1ee/0x480
[ 111.384762][ T5094] new_slab+0xc0/0x4b0
[ 111.389378][ T5094] ___slab_alloc+0x80a/0xdd0
[ 111.395790][ T5094] kmem_cache_alloc+0x195/0x290
[ 111.401494][ T5094] f2fs_init_extent_tree+0x542/0xb50
[ 111.408349][ T5094] f2fs_iget+0xfe4/0x4a50
[ 111.413970][ T5094] f2fs_nfs_get_inode+0x72/0x100
[ 111.419769][ T5094] generic_fh_to_dentry+0x8f/0xe0
[ 111.426104][ T5094] exportfs_decode_fh_raw+0x173/0x630
[ 111.431824][ T5094] exportfs_decode_fh+0x36/0x70
[ 111.438202][ T5094] do_handle_open+0x401/0x840
[ 111.445942][ T5094] do_syscall_64+0x4c/0xa0
[ 111.451355][ T5094] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 111.457969][ T5094] page last free stack trace:
[ 111.463322][ T5094] free_unref_page_prepare+0x637/0x6c0
[ 111.470145][ T5094] free_unref_page+0x8f/0x2a0
[ 111.476812][ T5094] __unfreeze_partials+0x1a5/0x200
[ 111.482756][ T5094] put_cpu_partial+0x12d/0x190
[ 111.488761][ T5094] qlist_free_all+0x35/0x90
[ 111.494219][ T5094] kasan_quarantine_reduce+0x150/0x160
[ 111.500464][ T5094] __kasan_slab_alloc+0x2f/0xd0
[ 111.506581][ T5094] slab_post_alloc_hook+0x4c/0x380
[ 111.512713][ T5094] kmem_cache_alloc+0x100/0x290
[ 111.518515][ T5094] getname_flags+0xb5/0x500
[ 111.523887][ T5094] user_path_at_empty+0x2a/0x190
[ 111.529879][ T5094] vfs_statx+0x107/0x500
[ 111.535524][ T5094] __x64_sys_newfstatat+0x15f/0x200
[ 111.541074][ T5094] do_syscall_64+0x4c/0xa0
[ 111.545917][ T5094] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 111.552237][ T5094]
[ 111.554545][ T5094] Memory state around the buggy address:
[ 111.560853][ T5094] ffff888073238f00: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[ 111.569701][ T5094] ffff888073238f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 111.578536][ T5094] >ffff888073239000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 111.588026][ T5094] ^
[ 111.593964][ T5094] ffff888073239080: fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 111.603080][ T5094] ffff888073239100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 111.612005][ T5094] ==================================================================
[ 111.621108][ T5094] Disabling lock debugging due to kernel taint
[ 111.640671][ T5094] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 111.648836][ T5094] CPU: 1 PID: 5094 Comm: syz.0.17 Tainted: G B syzkaller #0
[ 111.658663][ T5094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 111.669323][ T5094] Call Trace:
[ 111.673078][ T5094]
[ 111.676312][ T5094] dump_stack_lvl+0x188/0x250
[ 111.681963][ T5094] ? show_regs_print_info+0x20/0x20
[ 111.687863][ T5094] ? load_image+0x400/0x400
[ 111.692751][ T5094] panic+0x2e5/0x810
[ 111.697327][ T5094] ? bpf_jit_dump+0xd0/0xd0
[ 111.702636][ T5094] ? _raw_spin_unlock_irqrestore+0x10d/0x120
[ 111.710359][ T5094] ? _raw_spin_unlock+0x40/0x40
[ 111.720858][ T5094] ? f2fs_iget+0x4240/0x4a50
[ 111.727403][ T5094] check_panic_on_warn+0x80/0xa0
[ 111.735220][ T5094] ? f2fs_iget+0x4240/0x4a50
[ 111.741281][ T5094] end_report+0x6d/0xf0
[ 111.747543][ T5094] kasan_report+0x102/0x130
[ 111.753153][ T5094] ? f2fs_iget+0x4240/0x4a50
[ 111.758927][ T5094] f2fs_iget+0x4240/0x4a50
[ 111.763994][ T5094] f2fs_nfs_get_inode+0x72/0x100
[ 111.770747][ T5094] ? f2fs_fh_to_parent+0x40/0x40
[ 111.776160][ T5094] generic_fh_to_dentry+0x8f/0xe0
[ 111.781730][ T5094] exportfs_decode_fh_raw+0x173/0x630
[ 111.787924][ T5094] ? do_handle_open+0x840/0x840
[ 111.793426][ T5094] ? exportfs_encode_fh+0x480/0x480
[ 111.799691][ T5094] ? __lock_acquire+0x7d10/0x7d10
[ 111.805619][ T5094] ? do_raw_spin_lock+0x128/0x2f0
[ 111.811407][ T5094] ? __rwlock_init+0x140/0x140
[ 111.816534][ T5094] ? do_handle_open+0x840/0x840
[ 111.822502][ T5094] exportfs_decode_fh+0x36/0x70
[ 111.828420][ T5094] do_handle_open+0x401/0x840
[ 111.835001][ T5094] ? __ia32_compat_sys_open_by_handle_at+0x80/0x80
[ 111.844652][ T5094] ? vtime_user_exit+0x2c8/0x3e0
[ 111.851017][ T5094] ? lockdep_hardirqs_on+0x94/0x140
[ 111.858043][ T5094] do_syscall_64+0x4c/0xa0
[ 111.862950][ T5094] ? clear_bhb_loop+0x30/0x80
[ 111.868802][ T5094] ? clear_bhb_loop+0x30/0x80
[ 111.873492][ T5094] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 111.879724][ T5094] RIP: 0033:0x7f990dcdaef9
[ 111.884656][ T5094] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 111.908240][ T5094] RSP: 002b:00007f990d31d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000130
[ 111.918472][ T5094] RAX: ffffffffffffffda RBX: 00007f990df46090 RCX: 00007f990dcdaef9
[ 111.927975][ T5094] RDX: 0000000002000000 RSI: 00002000000000c0 RDI: ffffffffffffff9c
[ 111.938636][ T5094] RBP: 00007f990dd6fee0 R08: 0000000000000000 R09: 0000000000000000
[ 111.948982][ T5094] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 111.958763][ T5094] R13: 00007f990df46128 R14: 00007f990df46090 R15: 00007ffc399e3a68
[ 111.970752][ T5094]
[ 111.976780][ T5094] Kernel Offset: disabled
[ 111.983063][ T5094] Rebooting in 86400 seconds..