Warning: Permanently added '10.128.1.45' (ED25519) to the list of known hosts. 1970/01/01 00:01:29 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:01:30 parsed 1 programs [ 93.605797][ T4489] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 99.712690][ T4514] chnl_net:caif_netlink_parms(): no params data found [ 99.749978][ T4514] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.751385][ T4514] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.753209][ T4514] device bridge_slave_0 entered promiscuous mode [ 99.756510][ T4514] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.757652][ T4514] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.759728][ T4514] device bridge_slave_1 entered promiscuous mode [ 99.779977][ T4514] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 99.783804][ T4514] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 99.798747][ T4514] team0: Port device team_slave_0 added [ 99.802503][ T4514] team0: Port device team_slave_1 added [ 99.820488][ T4514] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 99.821896][ T4514] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.826028][ T4514] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 99.829147][ T4514] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 99.830225][ T4514] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.834462][ T4514] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 99.893224][ T4514] device hsr_slave_0 entered promiscuous mode [ 99.931612][ T4514] device hsr_slave_1 entered promiscuous mode [ 100.739916][ T4514] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 100.809009][ T4514] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 100.863239][ T4514] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 100.935761][ T4514] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 101.036123][ T4514] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.043745][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 101.045691][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 101.050006][ T4514] 8021q: adding VLAN 0 to HW filter on device team0 [ 101.059974][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 101.062881][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 101.064888][ T148] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.066300][ T148] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.067971][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 101.073654][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 101.075600][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 101.077294][ T292] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.078428][ T292] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.085641][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 101.090893][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 101.098806][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 101.102895][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 101.107191][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 101.113532][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 101.115856][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 101.126555][ T4514] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 101.128177][ T4514] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 101.132037][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 101.133980][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 101.135868][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 101.137779][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 101.141170][ T1629] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 101.280789][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 101.282351][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 101.289048][ T4514] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 101.305610][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 101.307457][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 101.322252][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 101.324172][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 101.326281][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 101.327934][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 101.335589][ T4514] device veth0_vlan entered promiscuous mode [ 101.346290][ T4514] device veth1_vlan entered promiscuous mode [ 101.366924][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 101.368714][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 101.370647][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 101.373709][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 101.378965][ T4514] device veth0_macvtap entered promiscuous mode [ 101.385143][ T4514] device veth1_macvtap entered promiscuous mode [ 101.398998][ T4514] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 101.400221][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 101.402155][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 101.403955][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 101.405806][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 101.415028][ T4514] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 101.416396][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 101.418224][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 101.424687][ T4514] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.426103][ T4514] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.427343][ T4514] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.428642][ T4514] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.642790][ T148] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.644028][ T148] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.647761][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 102.662881][ T148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.664302][ T148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.666950][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 1970/01/01 00:01:43 executed programs: 0 [ 103.332163][ T4703] chnl_net:caif_netlink_parms(): no params data found [ 103.441040][ T4703] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.442294][ T4703] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.444135][ T4703] device bridge_slave_0 entered promiscuous mode [ 103.447594][ T4703] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.448930][ T4703] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.452439][ T4703] device bridge_slave_1 entered promiscuous mode [ 103.492904][ T4703] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 103.502623][ T4703] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 103.530712][ T4703] team0: Port device team_slave_0 added [ 103.538595][ T4703] team0: Port device team_slave_1 added [ 103.568971][ T4703] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 103.569975][ T4703] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 103.584770][ T4703] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 103.589211][ T4703] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 103.590311][ T4703] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 103.601117][ T4703] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 103.683099][ T4703] device hsr_slave_0 entered promiscuous mode [ 103.721401][ T4703] device hsr_slave_1 entered promiscuous mode [ 103.751102][ T4703] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 103.752240][ T4703] Cannot create hsr debugfs directory [ 103.882779][ T4703] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 105.151907][ T4199] Bluetooth: hci0: command 0x0409 tx timeout [ 106.380827][ T4703] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.502773][ T4703] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.592059][ T4703] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.836079][ T4703] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 106.885051][ T4703] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 106.914750][ T4703] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 106.953280][ T4703] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 107.045993][ T4703] 8021q: adding VLAN 0 to HW filter on device bond0 [ 107.055582][ T1629] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 107.057437][ T1629] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 107.064038][ T4703] 8021q: adding VLAN 0 to HW filter on device team0 [ 107.068407][ T1629] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 107.070488][ T1629] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 107.075062][ T1629] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.076196][ T1629] bridge0: port 1(bridge_slave_0) entered forwarding state [ 107.077681][ T1629] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 107.083002][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 107.085264][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 107.087050][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.088198][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 107.096523][ T1629] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 107.100575][ T1629] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 107.111818][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 107.114480][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 107.116480][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 107.118555][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 107.120780][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 107.126664][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 107.128648][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 107.133442][ T1629] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 107.135478][ T1629] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 107.139934][ T4703] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 107.231447][ T4154] Bluetooth: hci0: command 0x041b tx timeout [ 107.255702][ T1629] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 107.257065][ T1629] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 107.264062][ T4703] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 107.277536][ T1629] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 107.279561][ T1629] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 107.295044][ T1629] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 107.297050][ T1629] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 107.299845][ T1629] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 107.302912][ T1629] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 107.307020][ T4703] device veth0_vlan entered promiscuous mode [ 107.315923][ T4703] device veth1_vlan entered promiscuous mode [ 107.330632][ T1629] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 107.333580][ T1629] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 107.335390][ T1629] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 107.337341][ T1629] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 107.341293][ T4703] device veth0_macvtap entered promiscuous mode [ 107.346697][ T4703] device veth1_macvtap entered promiscuous mode [ 107.357560][ T4703] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 107.359354][ T4703] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 107.362894][ T4703] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 107.364146][ T1629] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 107.366329][ T1629] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 107.368261][ T1629] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 107.370390][ T1629] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 107.378687][ T4703] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 107.380323][ T4703] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 107.383411][ T4703] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 107.384809][ T1629] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 107.386768][ T1629] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 107.392643][ T4703] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.394320][ T4703] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.395625][ T4703] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.397058][ T4703] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.438685][ T1629] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.445781][ T1629] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.448767][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 107.456362][ T1629] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.458377][ T1629] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.460754][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 107.721634][ T4925] loop0: detected capacity change from 0 to 32768 [ 107.773420][ T4925] ======================================================= [ 107.773420][ T4925] WARNING: The mand mount option has been deprecated and [ 107.773420][ T4925] and is ignored by this kernel. Remove the mand [ 107.773420][ T4925] option from the mount to silence this warning. [ 107.773420][ T4925] ======================================================= [ 107.815552][ T368] ================================================================================ [ 107.817451][ T368] UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:2317:2 [ 107.818506][ T368] index 2621480 is out of range for type 's64[128]' (aka 'long long[128]') [ 107.819841][ T368] CPU: 0 PID: 368 Comm: kworker/u4:4 Not tainted 5.15.189-syzkaller #0 [ 107.821338][ T368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 107.822772][ T368] Workqueue: writeback wb_workfn (flush-7:0) [ 107.823845][ T368] Call trace: [ 107.824305][ T368] dump_backtrace+0x0/0x43c [ 107.825050][ T368] show_stack+0x2c/0x3c [ 107.825667][ T368] __dump_stack+0x30/0x40 [ 107.826333][ T368] dump_stack_lvl+0xf8/0x160 [ 107.827078][ T368] dump_stack+0x1c/0x5c [ 107.827872][ T368] ubsan_epilogue+0x14/0x48 [ 107.828851][ T368] __ubsan_handle_out_of_bounds+0xd4/0x108 [ 107.829970][ T368] dbAllocBits+0x874/0x8bc [ 107.830811][ T368] dbAllocNear+0x25c/0x350 [ 107.831449][ T368] dbAlloc+0x760/0x978 [ 107.832119][ T368] extAlloc+0x3f4/0xdc4 [ 107.832838][ T368] jfs_get_block+0x2bc/0x8ec [ 107.833785][ T368] __mpage_writepage+0x390/0x154c [ 107.834796][ T368] write_cache_pages+0x7c8/0xde4 [ 107.835624][ T368] mpage_writepages+0xe4/0x218 [ 107.836517][ T368] jfs_writepages+0x30/0x40 [ 107.837422][ T368] do_writepages+0x36c/0x578 [ 107.838164][ T368] __writeback_single_inode+0x148/0x11f0 [ 107.839078][ T368] writeback_sb_inodes+0x7fc/0x1378 [ 107.840112][ T368] wb_writeback+0x3d8/0xe44 [ 107.840885][ T368] wb_workfn+0x350/0xdd8 [ 107.841733][ T368] process_one_work+0x79c/0x1140 [ 107.842713][ T368] worker_thread+0x8f4/0x101c [ 107.843627][ T368] kthread+0x374/0x454 [ 107.844441][ T368] ret_from_fork+0x10/0x20 [ 107.851930][ T368] ================================================================================ [ 107.855097][ T368] ================================================================================ [ 107.856736][ T368] UBSAN: array-index-out-of-bounds in fs/jfs/jfs_extent.c:545:16 [ 107.857736][ T368] index 2621480 is out of range for type 'atomic_t[128]' [ 107.858963][ T368] CPU: 0 PID: 368 Comm: kworker/u4:4 Not tainted 5.15.189-syzkaller #0 [ 107.860454][ T368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 107.862251][ T368] Workqueue: writeback wb_workfn (flush-7:0) [ 107.863354][ T368] Call trace: [ 107.863936][ T368] dump_backtrace+0x0/0x43c [ 107.864799][ T368] show_stack+0x2c/0x3c [ 107.865591][ T368] __dump_stack+0x30/0x40 [ 107.866360][ T368] dump_stack_lvl+0xf8/0x160 [ 107.867189][ T368] dump_stack+0x1c/0x5c [ 107.867908][ T368] ubsan_epilogue+0x14/0x48 [ 107.868823][ T368] __ubsan_handle_out_of_bounds+0xd4/0x108 [ 107.869789][ T368] extAlloc+0xc90/0xdc4 [ 107.870425][ T368] jfs_get_block+0x2bc/0x8ec [ 107.871159][ T368] __mpage_writepage+0x390/0x154c [ 107.871928][ T368] write_cache_pages+0x7c8/0xde4 [ 107.872804][ T368] mpage_writepages+0xe4/0x218 [ 107.873496][ T368] jfs_writepages+0x30/0x40 [ 107.874346][ T368] do_writepages+0x36c/0x578 [ 107.875210][ T368] __writeback_single_inode+0x148/0x11f0 [ 107.876191][ T368] writeback_sb_inodes+0x7fc/0x1378 [ 107.876981][ T368] wb_writeback+0x3d8/0xe44 [ 107.877753][ T368] wb_workfn+0x350/0xdd8 [ 107.878414][ T368] process_one_work+0x79c/0x1140 [ 107.879222][ T368] worker_thread+0x8f4/0x101c [ 107.880031][ T368] kthread+0x374/0x454 [ 107.880659][ T368] ret_from_fork+0x10/0x20 [ 107.881397][ T368] ================================================================================ [ 107.886130][ T368] attempt to access beyond end of device [ 107.886130][ T368] loop0: rw=1, want=171801313640, limit=32768 [ 107.889946][ T239] blkno = 50005002c, nblocks = 1 [ 107.890760][ T239] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 107.890760][ T239] [ 107.894719][ T239] ERROR: (device loop0): remounting filesystem as read-only [ 108.794748][ T4927] loop0: detected capacity change from 0 to 32768 [ 108.868676][ T9] ================================================================== [ 108.870013][ T9] BUG: KASAN: use-after-free in dbAllocBits+0x794/0x8bc [ 108.871226][ T9] Read of size 8 at addr ffff0000cf6cd178 by task kworker/u4:0/9 [ 108.872411][ T9] [ 108.872690][ T9] CPU: 0 PID: 9 Comm: kworker/u4:0 Not tainted 5.15.189-syzkaller #0 [ 108.873975][ T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 108.875535][ T9] Workqueue: writeback wb_workfn (flush-7:0) [ 108.876490][ T9] Call trace: [ 108.876989][ T9] dump_backtrace+0x0/0x43c [ 108.877689][ T9] show_stack+0x2c/0x3c [ 108.878300][ T9] __dump_stack+0x30/0x40 [ 108.879051][ T9] dump_stack_lvl+0xf8/0x160 [ 108.879819][ T9] print_address_description+0x78/0x30c [ 108.880537][ T9] kasan_report+0xec/0x15c [ 108.881053][ T9] __asan_report_load8_noabort+0x44/0x50 [ 108.882104][ T9] dbAllocBits+0x794/0x8bc [ 108.882814][ T9] dbAllocNear+0x25c/0x350 [ 108.883495][ T9] dbAlloc+0x760/0x978 [ 108.883970][ T9] extAlloc+0x3f4/0xdc4 [ 108.884554][ T9] jfs_get_block+0x2bc/0x8ec [ 108.885354][ T9] __mpage_writepage+0x390/0x154c [ 108.886094][ T9] write_cache_pages+0x7c8/0xde4 [ 108.886866][ T9] mpage_writepages+0xe4/0x218 [ 108.887672][ T9] jfs_writepages+0x30/0x40 [ 108.888423][ T9] do_writepages+0x36c/0x578 [ 108.889216][ T9] __writeback_single_inode+0x148/0x11f0 [ 108.890160][ T9] writeback_sb_inodes+0x7fc/0x1378 [ 108.891021][ T9] wb_writeback+0x3d8/0xe44 [ 108.891706][ T9] wb_workfn+0x350/0xdd8 [ 108.892282][ T9] process_one_work+0x79c/0x1140 [ 108.893232][ T9] worker_thread+0x8f4/0x101c [ 108.893930][ T9] kthread+0x374/0x454 [ 108.894660][ T9] ret_from_fork+0x10/0x20 [ 108.895489][ T9] [ 108.895922][ T9] Allocated by task 4781: [ 108.896693][ T9] __kasan_kmalloc+0xb0/0xf0 [ 108.897396][ T9] __kmalloc+0x298/0x44c [ 108.898157][ T9] tomoyo_encode+0x274/0x4a4 [ 108.898881][ T9] tomoyo_realpath_from_path+0x4bc/0x510 [ 108.899863][ T9] tomoyo_condition+0x161c/0x2674 [ 108.900731][ T9] tomoyo_check_acl+0x14c/0x378 [ 108.901554][ T9] tomoyo_execute_permission+0x110/0x390 [ 108.902510][ T9] tomoyo_find_next_domain+0x348/0x1628 [ 108.903509][ T9] tomoyo_bprm_check_security+0xdc/0x130 [ 108.904569][ T9] security_bprm_check+0x6c/0xa8 [ 108.905452][ T9] bprm_execve+0x764/0x1508 [ 108.906188][ T9] do_execveat_common+0x648/0x7dc [ 108.907034][ T9] __arm64_sys_execve+0x98/0xb0 [ 108.907800][ T9] invoke_syscall+0x98/0x2b8 [ 108.908544][ T9] el0_svc_common+0x138/0x258 [ 108.909258][ T9] do_el0_svc+0x58/0x14c [ 108.909911][ T9] el0_svc+0x78/0x1e0 [ 108.910642][ T9] el0t_64_sync_handler+0xcc/0xe4 [ 108.911496][ T9] el0t_64_sync+0x1a0/0x1a4 [ 108.912227][ T9] [ 108.912658][ T9] Freed by task 4781: [ 108.913328][ T9] kasan_set_track+0x4c/0x84 1970/01/01 00:01:48 executed programs: 4 [ 108.914061][ T9] kasan_set_free_info+0x28/0x4c [ 108.914921][ T9] ____kasan_slab_free+0x118/0x164 [ 108.915772][ T9] __kasan_slab_free+0x18/0x28 [ 108.916649][ T9] slab_free_freelist_hook+0x128/0x1e8 [ 108.917702][ T9] kfree+0x170/0x40c [ 108.918350][ T9] tomoyo_condition+0x164c/0x2674 [ 108.919190][ T9] tomoyo_check_acl+0x14c/0x378 [ 108.920089][ T9] tomoyo_execute_permission+0x110/0x390 [ 108.921052][ T9] tomoyo_find_next_domain+0x348/0x1628 [ 108.922074][ T9] tomoyo_bprm_check_security+0xdc/0x130 [ 108.923081][ T9] security_bprm_check+0x6c/0xa8 [ 108.923973][ T9] bprm_execve+0x764/0x1508 [ 108.924685][ T9] do_execveat_common+0x648/0x7dc [ 108.925516][ T9] __arm64_sys_execve+0x98/0xb0 [ 108.926328][ T9] invoke_syscall+0x98/0x2b8 [ 108.927139][ T9] el0_svc_common+0x138/0x258 [ 108.928022][ T9] do_el0_svc+0x58/0x14c [ 108.928792][ T9] el0_svc+0x78/0x1e0 [ 108.929472][ T9] el0t_64_sync_handler+0xcc/0xe4 [ 108.930314][ T9] el0t_64_sync+0x1a0/0x1a4 [ 108.931044][ T9] [ 108.931445][ T9] The buggy address belongs to the object at ffff0000cf6cd100 [ 108.931445][ T9] which belongs to the cache kmalloc-128 of size 128 [ 108.933776][ T9] The buggy address is located 120 bytes inside of [ 108.933776][ T9] 128-byte region [ffff0000cf6cd100, ffff0000cf6cd180) [ 108.936097][ T9] The buggy address belongs to the page: [ 108.937070][ T9] page:000000008e08018e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10f6cd [ 108.938661][ T9] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff) [ 108.940047][ T9] raw: 05ffc00000000200 dead000000000100 dead000000000122 ffff0000c0002300 [ 108.941389][ T9] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 108.942845][ T9] page dumped because: kasan: bad access detected [ 108.943916][ T9] [ 108.944296][ T9] Memory state around the buggy address: [ 108.945253][ T9] ffff0000cf6cd000: 06 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 108.946604][ T9] ffff0000cf6cd080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 108.948065][ T9] >ffff0000cf6cd100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 108.949484][ T9] ^ [ 108.950707][ T9] ffff0000cf6cd180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 108.951928][ T9] ffff0000cf6cd200: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 108.953391][ T9] ================================================================== [ 108.954829][ T9] Disabling lock debugging due to kernel taint [ 108.958521][ T9] attempt to access beyond end of device [ 108.958521][ T9] loop0: rw=1, want=171801313640, limit=32768 [ 108.963206][ T239] blkno = 50005002c, nblocks = 1 [ 108.963940][ T239] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 108.963940][ T239] [ 108.965450][ T239] ERROR: (device loop0): remounting filesystem as read-only [ 109.316890][ T4154] Bluetooth: hci0: command 0x040f tx timeout [ 109.490196][ T4929] loop0: detected capacity change from 0 to 32768 [ 109.546819][ T368] attempt to access beyond end of device [ 109.546819][ T368] loop0: rw=1, want=171801313640, limit=32768 [ 109.549833][ T239] blkno = 50005002c, nblocks = 1 [ 109.550819][ T239] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 109.550819][ T239] [ 109.553025][ T239] ERROR: (device loop0): remounting filesystem as read-only [ 109.708047][ T4931] loop0: detected capacity change from 0 to 32768 [ 109.765893][ T1629] attempt to access beyond end of device [ 109.765893][ T1629] loop0: rw=1, want=171801313640, limit=32768 [ 109.768800][ T240] blkno = 50005002c, nblocks = 1 [ 109.769653][ T240] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 109.769653][ T240] [ 109.773933][ T240] ERROR: (device loop0): remounting filesystem as read-only [ 110.567875][ T4933] loop0: detected capacity change from 0 to 32768 [ 110.586865][ T9] attempt to access beyond end of device [ 110.586865][ T9] loop0: rw=1, want=171801313640, limit=32768 [ 110.589435][ T240] blkno = 50005002c, nblocks = 1 [ 110.590130][ T240] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 110.590130][ T240] [ 110.596467][ T240] ERROR: (device loop0): remounting filesystem as read-only [ 110.734831][ T292] device hsr_slave_0 left promiscuous mode [ 110.761336][ T292] device hsr_slave_1 left promiscuous mode [ 110.768740][ T4935] loop0: detected capacity change from 0 to 32768 [ 110.789094][ T9] attempt to access beyond end of device [ 110.789094][ T9] loop0: rw=1, want=171801313640, limit=32768 [ 110.792634][ T240] blkno = 50005002c, nblocks = 1 [ 110.793593][ T240] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 110.793593][ T240] [ 110.795308][ T240] ERROR: (device loop0): remounting filesystem as read-only [ 110.842074][ T292] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 110.843217][ T292] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 110.845074][ T292] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 110.846544][ T292] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 110.848086][ T292] device bridge_slave_1 left promiscuous mode [ 110.849107][ T292] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.892225][ T292] device bridge_slave_0 left promiscuous mode [ 110.893373][ T292] bridge0: port 1(bridge_slave_0) entered disabled state [ 110.964520][ T4938] loop0: detected capacity change from 0 to 32768 [ 110.976989][ T9] attempt to access beyond end of device [ 110.976989][ T9] loop0: rw=1, want=171801313640, limit=32768 [ 110.979484][ T239] blkno = 50005002c, nblocks = 1 [ 110.980287][ T239] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 110.980287][ T239] [ 110.982579][ T239] ERROR: (device loop0): remounting filesystem as read-only [ 111.031575][ T292] device veth1_macvtap left promiscuous mode [ 111.032746][ T292] device veth0_macvtap left promiscuous mode [ 111.033781][ T292] device veth1_vlan left promiscuous mode [ 111.034752][ T292] device veth0_vlan left promiscuous mode [ 111.274496][ T292] team0 (unregistering): Port device team_slave_1 removed [ 111.282658][ T292] team0 (unregistering): Port device team_slave_0 removed [ 111.288529][ T292] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 111.318655][ T292] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 111.391195][ T13] Bluetooth: hci0: command 0x0419 tx timeout [ 111.436042][ T292] bond0 (unregistering): Released all slaves [ 111.748047][ T4940] loop0: detected capacity change from 0 to 32768 [ 111.810825][ T9] attempt to access beyond end of device [ 111.810825][ T9] loop0: rw=1, want=171801313640, limit=32768 [ 111.822891][ T240] blkno = 50005002c, nblocks = 1 [ 111.823791][ T240] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 111.823791][ T240] [ 111.825822][ T240] ERROR: (device loop0): remounting filesystem as read-only [ 111.982530][ T4942] loop0: detected capacity change from 0 to 32768 [ 112.048445][ T1629] attempt to access beyond end of device [ 112.048445][ T1629] loop0: rw=1, want=171801313640, limit=32768 [ 112.051008][ T239] blkno = 50005002c, nblocks = 1 [ 112.051837][ T239] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 112.051837][ T239] [ 112.053804][ T239] ERROR: (device loop0): remounting filesystem as read-only [ 112.825000][ T4944] loop0: detected capacity change from 0 to 32768 [ 112.881699][ T9] attempt to access beyond end of device [ 112.881699][ T9] loop0: rw=1, want=171801313640, limit=32768 [ 112.883735][ T240] blkno = 50005002c, nblocks = 1 [ 112.884601][ T240] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 112.884601][ T240] [ 112.886242][ T240] ERROR: (device loop0): remounting filesystem as read-only [ 113.044666][ T292] Unable to handle kernel paging request at virtual address 00000000000c5008 [ 113.046217][ T292] Mem abort info: [ 113.046762][ T292] ESR = 0x0000000096000004 [ 113.047574][ T292] EC = 0x25: DABT (current EL), IL = 32 bits [ 113.048550][ T292] SET = 0, FnV = 0 [ 113.049081][ T292] EA = 0, S1PTW = 0 [ 113.049614][ T292] FSC = 0x04: level 0 translation fault [ 113.050544][ T292] Data abort info: [ 113.051213][ T292] ISV = 0, ISS = 0x00000004 [ 113.051995][ T292] CM = 0, WnR = 0 [ 113.052580][ T292] user pgtable: 4k pages, 48-bit VAs, pgdp=00000001095eb000 [ 113.053755][ T292] [00000000000c5008] pgd=0000000000000000, p4d=0000000000000000 [ 113.055072][ T292] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 113.056401][ T292] Modules linked in: [ 113.057021][ T292] CPU: 0 PID: 292 Comm: kworker/u4:3 Tainted: G B 5.15.189-syzkaller #0 [ 113.058559][ T292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 113.060251][ T292] Workqueue: netns cleanup_net [ 113.061000][ T292] pstate: a0400005 (NzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 113.062515][ T292] pc : inet_twsk_purge+0x1c8/0x7ac [ 113.063489][ T292] lr : inet_twsk_purge+0x1c8/0x7ac [ 113.064214][ T292] sp : ffff80001f1c7920 [ 113.064896][ T292] x29: ffff80001f1c79d0 x28: dfff800000000000 x27: ffff0000d30dd020 [ 113.066123][ T292] x26: ffff80001f1c7aa0 x25: 00000000000c505e x24: ffff0000d4714178 [ 113.067440][ T292] x23: 0000000000000001 x22: 000000000000000a x21: ffff8000165b2000 [ 113.068826][ T292] x20: 00000000000c5008 x19: 00000000ffffefbf x18: 1fffe00034218b96 [ 113.070328][ T292] x17: 1fffe00034218b96 x16: ffff8000111bc798 x15: ffff80001420eda0 [ 113.071592][ T292] x14: ffff0001a10c5cc0 x13: ffff0001a10c5cbc x12: 0000000000ff0100 [ 113.073105][ T292] x11: 0000000000000000 x10: 0000000000000000 x9 : ffff80001ae291d0 [ 113.074403][ T292] x8 : 0000000000000001 x7 : 0000000000000000 x6 : ffff80000fe13454 [ 113.075503][ T292] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff80000fe12df8 [ 113.076998][ T292] x2 : 0000000000000000 x1 : 0000000000000001 x0 : 0000000000000001 [ 113.078540][ T292] Call trace: [ 113.079133][ T292] inet_twsk_purge+0x1c8/0x7ac [ 113.079992][ T292] dccp_v6_exit_batch+0x20/0x2c [ 113.080827][ T292] cleanup_net+0x644/0xa98 [ 113.081562][ T292] process_one_work+0x79c/0x1140 [ 113.082340][ T292] worker_thread+0x8f4/0x101c [ 113.083341][ T292] kthread+0x374/0x454 [ 113.083997][ T292] ret_from_fork+0x10/0x20 [ 113.084731][ T292] Code: d1015b34 52800021 aa1403e0 9628a862 (08dffe88) [ 113.085940][ T292] ---[ end trace 86875eee4e991da3 ]--- [ 113.537578][ T292] Kernel panic - not syncing: Oops: Fatal exception [ 113.538908][ T292] SMP: stopping secondary CPUs [ 113.539814][ T292] Kernel Offset: disabled [ 113.540673][ T292] CPU features: 0x8,000081c1,21302e40 [ 113.541649][ T292] Memory Limit: none [ 113.955109][ T292] Rebooting in 86400 seconds..