Warning: Permanently added '10.128.0.74' (ED25519) to the list of known hosts.
2026/04/25 16:38:45 parsed 1 programs
[ 89.461498][ T4599] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS
[ 91.515286][ T4644] chnl_net:caif_netlink_parms(): no params data found
[ 91.566129][ T4644] bridge0: port 1(bridge_slave_0) entered blocking state
[ 91.573642][ T4644] bridge0: port 1(bridge_slave_0) entered disabled state
[ 91.581615][ T4644] device bridge_slave_0 entered promiscuous mode
[ 91.590263][ T4644] bridge0: port 2(bridge_slave_1) entered blocking state
[ 91.597820][ T4644] bridge0: port 2(bridge_slave_1) entered disabled state
[ 91.606059][ T4644] device bridge_slave_1 entered promiscuous mode
[ 91.629787][ T4644] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 91.641084][ T4644] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 91.668879][ T4644] team0: Port device team_slave_0 added
[ 91.676918][ T4644] team0: Port device team_slave_1 added
[ 91.698395][ T4644] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 91.705767][ T4644] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 91.732559][ T4644] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 91.744894][ T4644] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 91.751858][ T4644] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 91.779134][ T4644] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 91.814092][ T4644] device hsr_slave_0 entered promiscuous mode
[ 91.821064][ T4644] device hsr_slave_1 entered promiscuous mode
[ 92.363090][ T4644] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 92.376381][ T4644] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 92.395471][ T4644] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 92.415285][ T4644] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 92.499093][ T4644] 8021q: adding VLAN 0 to HW filter on device bond0
[ 92.511867][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 92.522088][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 92.547074][ T4644] 8021q: adding VLAN 0 to HW filter on device team0
[ 92.560271][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 92.570810][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 92.580010][ T154] bridge0: port 1(bridge_slave_0) entered blocking state
[ 92.587397][ T154] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 92.604433][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 92.614295][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 92.623518][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 92.632067][ T154] bridge0: port 2(bridge_slave_1) entered blocking state
[ 92.639198][ T154] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 92.650693][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 92.659937][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 92.684954][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 92.727529][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 92.736735][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 92.745960][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 92.754893][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 92.771256][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 92.782315][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 92.811209][ T4644] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 92.823643][ T4644] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 92.831623][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 92.848504][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 93.007973][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 93.015894][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 93.028089][ T4644] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 93.049827][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 93.059629][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 93.078617][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 93.087339][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 93.097209][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 93.105230][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 93.116938][ T4644] device veth0_vlan entered promiscuous mode
[ 93.129400][ T4644] device veth1_vlan entered promiscuous mode
[ 93.152222][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 93.163512][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 93.174028][ T4644] device veth0_macvtap entered promiscuous mode
[ 93.184872][ T4644] device veth1_macvtap entered promiscuous mode
[ 93.215052][ T4644] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 93.223733][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 93.232045][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 93.240464][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 93.249363][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 93.262233][ T4644] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 93.271279][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 93.280145][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 93.292981][ T4644] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 93.302347][ T4644] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 93.313839][ T4644] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 93.322581][ T4644] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 93.693813][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 93.701837][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 93.731534][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 93.763809][ T3091] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 93.772000][ T3091] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 93.782422][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
2026/04/25 16:38:54 executed programs: 0
[ 95.317111][ T4810] chnl_net:caif_netlink_parms(): no params data found
[ 95.436047][ T4810] bridge0: port 1(bridge_slave_0) entered blocking state
[ 95.455045][ T4810] bridge0: port 1(bridge_slave_0) entered disabled state
[ 95.466761][ T4810] device bridge_slave_0 entered promiscuous mode
[ 95.494336][ T4810] bridge0: port 2(bridge_slave_1) entered blocking state
[ 95.505184][ T4810] bridge0: port 2(bridge_slave_1) entered disabled state
[ 95.517913][ T4810] device bridge_slave_1 entered promiscuous mode
[ 95.579612][ T4810] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 95.605995][ T4810] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 95.657990][ T4810] team0: Port device team_slave_0 added
[ 95.677791][ T4810] team0: Port device team_slave_1 added
[ 95.724872][ T4810] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 95.732025][ T4810] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 95.772207][ T4810] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 95.785834][ T4810] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 95.793251][ T4810] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 95.820190][ T4810] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 95.867763][ T4810] device hsr_slave_0 entered promiscuous mode
[ 95.875654][ T4810] device hsr_slave_1 entered promiscuous mode
[ 95.882238][ T4810] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 95.890320][ T4810] Cannot create hsr debugfs directory
[ 95.910784][ T144] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 97.173116][ T4702] Bluetooth: hci0: command 0x0409 tx timeout
[ 97.790390][ T144] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 97.837882][ T144] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 97.901719][ T144] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 98.727108][ T4810] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 98.736878][ T4810] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 98.749240][ T4810] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 98.757828][ T4810] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 98.806527][ T4810] 8021q: adding VLAN 0 to HW filter on device bond0
[ 98.831104][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 98.839064][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 98.849595][ T4810] 8021q: adding VLAN 0 to HW filter on device team0
[ 98.865530][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 98.874390][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 98.883102][ T9] bridge0: port 1(bridge_slave_0) entered blocking state
[ 98.890194][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 98.911788][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 98.920295][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 98.930158][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 98.939082][ T9] bridge0: port 2(bridge_slave_1) entered blocking state
[ 98.946229][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 98.963643][ T567] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 98.972531][ T567] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 98.981538][ T567] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 98.991660][ T567] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 99.000438][ T567] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 99.009684][ T567] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 99.018575][ T567] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 99.027162][ T567] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 99.036215][ T567] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 99.057138][ T567] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 99.065828][ T567] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 99.075955][ T4810] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 99.158138][ T567] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 99.166018][ T567] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 99.178091][ T4810] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 99.193783][ T567] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 99.202412][ T567] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 99.225807][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 99.234341][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 99.244460][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 99.252167][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 99.252997][ T4691] Bluetooth: hci0: command 0x041b tx timeout
[ 99.272347][ T4810] device veth0_vlan entered promiscuous mode
[ 99.283896][ T4810] device veth1_vlan entered promiscuous mode
[ 99.299580][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 99.308117][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 99.316607][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 99.325861][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 99.340387][ T4810] device veth0_macvtap entered promiscuous mode
[ 99.350754][ T4810] device veth1_macvtap entered promiscuous mode
[ 99.359787][ T144] device hsr_slave_0 left promiscuous mode
[ 99.366522][ T144] device hsr_slave_1 left promiscuous mode
[ 99.373130][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 99.380544][ T144] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 99.388636][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 99.396851][ T144] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 99.405064][ T144] device bridge_slave_1 left promiscuous mode
[ 99.411942][ T144] bridge0: port 2(bridge_slave_1) entered disabled state
[ 99.421028][ T144] device bridge_slave_0 left promiscuous mode
[ 99.428006][ T144] bridge0: port 1(bridge_slave_0) entered disabled state
[ 99.438807][ T144] device veth1_macvtap left promiscuous mode
[ 99.445170][ T144] device veth0_macvtap left promiscuous mode
[ 99.451200][ T144] device veth1_vlan left promiscuous mode
[ 99.457149][ T144] device veth0_vlan left promiscuous mode
[ 99.559132][ T144] team0 (unregistering): Port device team_slave_1 removed
[ 99.570540][ T144] team0 (unregistering): Port device team_slave_0 removed
[ 99.581384][ T144] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 99.595094][ T144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 99.635706][ T144] bond0 (unregistering): Released all slaves
[ 99.680595][ T4810] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 99.690601][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 99.698751][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 99.706699][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 99.715470][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 99.726962][ T4810] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 99.736253][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 99.744960][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 99.756283][ T4810] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 99.765761][ T4810] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 99.775372][ T4810] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 99.784664][ T4810] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 99.840899][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 99.857059][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 99.875957][ T567] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 99.892111][ T3091] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 99.900906][ T3091] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 99.910861][ T3091] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 100.108783][ T5067] loop0: detected capacity change from 0 to 32768
[ 100.167123][ T5067] ==================================================================
[ 100.175569][ T5067] BUG: KASAN: use-after-free in jfs_readdir+0x129f/0x3cf0
[ 100.182821][ T5067] Read of size 8 at addr ffff8880734cd410 by task syz.0.17/5067
[ 100.190449][ T5067]
[ 100.192780][ T5067] CPU: 0 PID: 5067 Comm: syz.0.17 Not tainted syzkaller #0
[ 100.199978][ T5067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 100.210260][ T5067] Call Trace:
[ 100.213547][ T5067]
[ 100.216482][ T5067] dump_stack_lvl+0x188/0x250
[ 100.221272][ T5067] ? show_regs_print_info+0x20/0x20
[ 100.227047][ T5067] ? load_image+0x400/0x400
[ 100.231560][ T5067] ? _raw_spin_lock_irqsave+0xbc/0x100
[ 100.237203][ T5067] ? unlock_page+0x17c/0x1f0
[ 100.241816][ T5067] print_address_description+0x60/0x2d0
[ 100.247366][ T5067] ? jfs_readdir+0x129f/0x3cf0
[ 100.252131][ T5067] kasan_report+0xdf/0x130
[ 100.256547][ T5067] ? jfs_readdir+0x129f/0x3cf0
[ 100.261315][ T5067] jfs_readdir+0x129f/0x3cf0
[ 100.265933][ T5067] ? dtInitRoot+0x660/0x660
[ 100.270549][ T5067] ? end_current_label_crit_section+0x14b/0x170
[ 100.276790][ T5067] ? common_file_perm+0x171/0x1c0
[ 100.281835][ T5067] iterate_dir+0x218/0x560
[ 100.286251][ T5067] __se_sys_getdents+0xf2/0x260
[ 100.291145][ T5067] ? __x64_sys_getdents+0x80/0x80
[ 100.296168][ T5067] ? fillonedir+0x4e0/0x4e0
[ 100.300678][ T5067] ? vtime_user_exit+0x2c8/0x3e0
[ 100.305718][ T5067] ? lockdep_hardirqs_on+0x94/0x140
[ 100.310930][ T5067] do_syscall_64+0x4c/0xa0
[ 100.315439][ T5067] ? clear_bhb_loop+0x30/0x80
[ 100.320151][ T5067] ? clear_bhb_loop+0x30/0x80
[ 100.324832][ T5067] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 100.330737][ T5067] RIP: 0033:0x7f2e91820379
[ 100.335160][ T5067] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 100.354783][ T5067] RSP: 002b:00007f2e90e84028 EFLAGS: 00000246 ORIG_RAX: 000000000000004e
[ 100.363235][ T5067] RAX: ffffffffffffffda RBX: 00007f2e91a7bfa0 RCX: 00007f2e91820379
[ 100.371473][ T5067] RDX: fffffffffffffd90 RSI: 0000000000000000 RDI: 0000000000000004
[ 100.379538][ T5067] RBP: 00007f2e918b3d68 R08: 0000000000000000 R09: 0000000000000000
[ 100.387523][ T5067] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 100.395631][ T5067] R13: 00007f2e91a7c038 R14: 00007f2e91a7bfa0 R15: 00007ffdb45ac248
[ 100.403794][ T5067]
[ 100.406819][ T5067]
[ 100.409139][ T5067] Allocated by task 5067:
[ 100.413543][ T5067] __kasan_slab_alloc+0x9c/0xd0
[ 100.418392][ T5067] slab_post_alloc_hook+0x4c/0x380
[ 100.423497][ T5067] kmem_cache_alloc+0x100/0x290
[ 100.428432][ T5067] mempool_alloc+0x18d/0x4e0
[ 100.433022][ T5067] __get_metapage+0x5e8/0x1060
[ 100.437884][ T5067] dtSplitRoot+0x1e5/0x1510
[ 100.442381][ T5067] dtInsert+0xe67/0x5830
[ 100.446616][ T5067] jfs_symlink+0x8b2/0xfb0
[ 100.451039][ T5067] vfs_symlink+0x247/0x3d0
[ 100.455982][ T5067] do_symlinkat+0x1ab/0x6b0
[ 100.460600][ T5067] __x64_sys_symlink+0x7a/0x90
[ 100.465381][ T5067] do_syscall_64+0x4c/0xa0
[ 100.469856][ T5067] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 100.475755][ T5067]
[ 100.478082][ T5067] Freed by task 5067:
[ 100.482224][ T5067] kasan_set_track+0x4b/0x70
[ 100.486897][ T5067] kasan_set_free_info+0x1f/0x40
[ 100.491920][ T5067] ____kasan_slab_free+0xd5/0x110
[ 100.496942][ T5067] slab_free_freelist_hook+0xea/0x170
[ 100.502318][ T5067] kmem_cache_free+0x8f/0x210
[ 100.507175][ T5067] release_metapage+0x97b/0xe10
[ 100.512041][ T5067] jfs_readdir+0x103b/0x3cf0
[ 100.516626][ T5067] iterate_dir+0x218/0x560
[ 100.521037][ T5067] __se_sys_getdents+0xf2/0x260
[ 100.525879][ T5067] do_syscall_64+0x4c/0xa0
[ 100.530465][ T5067] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 100.536400][ T5067]
[ 100.538728][ T5067] The buggy address belongs to the object at ffff8880734cd3e0
[ 100.538728][ T5067] which belongs to the cache jfs_mp of size 184
[ 100.552346][ T5067] The buggy address is located 48 bytes inside of
[ 100.552346][ T5067] 184-byte region [ffff8880734cd3e0, ffff8880734cd498)
[ 100.565758][ T5067] The buggy address belongs to the page:
[ 100.571603][ T5067] page:ffffea0001cd3340 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x734cd
[ 100.581755][ T5067] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 100.589323][ T5067] raw: 00fff00000000200 0000000000000000 dead000000000122 ffff88801e1d0000
[ 100.597906][ T5067] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 100.606497][ T5067] page dumped because: kasan: bad access detected
[ 100.613014][ T5067] page_owner tracks the page as allocated
[ 100.618729][ T5067] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192800(GFP_NOWAIT|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5067, ts 100146266445, free_ts 99957337118
[ 100.637934][ T5067] get_page_from_freelist+0x1bbd/0x1ca0
[ 100.643494][ T5067] __alloc_pages+0x1ee/0x480
[ 100.648170][ T5067] new_slab+0xc0/0x4b0
[ 100.652417][ T5067] ___slab_alloc+0x80a/0xdd0
[ 100.657002][ T5067] kmem_cache_alloc+0x195/0x290
[ 100.662030][ T5067] mempool_alloc+0x18d/0x4e0
[ 100.666616][ T5067] __get_metapage+0x5e8/0x1060
[ 100.671463][ T5067] diRead+0x1fb/0xbb0
[ 100.675440][ T5067] jfs_iget+0x89/0x3f0
[ 100.679587][ T5067] jfs_fill_super+0x73b/0xb00
[ 100.684257][ T5067] mount_bdev+0x287/0x3c0
[ 100.688605][ T5067] legacy_get_tree+0xe6/0x180
[ 100.693519][ T5067] vfs_get_tree+0x88/0x270
[ 100.698042][ T5067] do_new_mount+0x24a/0xa40
[ 100.702553][ T5067] __se_sys_mount+0x2e3/0x3d0
[ 100.707405][ T5067] do_syscall_64+0x4c/0xa0
[ 100.711913][ T5067] page last free stack trace:
[ 100.716664][ T5067] free_unref_page_prepare+0x637/0x6c0
[ 100.722123][ T5067] free_unref_page+0x8f/0x2a0
[ 100.726802][ T5067] __unfreeze_partials+0x1a5/0x200
[ 100.731916][ T5067] put_cpu_partial+0x12d/0x190
[ 100.736679][ T5067] qlist_free_all+0x35/0x90
[ 100.741358][ T5067] kasan_quarantine_reduce+0x150/0x160
[ 100.746895][ T5067] __kasan_slab_alloc+0x2f/0xd0
[ 100.751762][ T5067] slab_post_alloc_hook+0x4c/0x380
[ 100.756877][ T5067] kmem_cache_alloc+0x100/0x290
[ 100.761737][ T5067] getname_flags+0xb5/0x500
[ 100.766337][ T5067] user_path_at_empty+0x2a/0x190
[ 100.771347][ T5067] __se_sys_chdir+0x98/0x280
[ 100.776106][ T5067] do_syscall_64+0x4c/0xa0
[ 100.780635][ T5067] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 100.786533][ T5067]
[ 100.788853][ T5067] Memory state around the buggy address:
[ 100.794748][ T5067] ffff8880734cd300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 100.802913][ T5067] ffff8880734cd380: 00 00 00 00 fc fc fc fc fc fc fc fc fa fb fb fb
[ 100.811177][ T5067] >ffff8880734cd400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 100.819422][ T5067] ^
[ 100.824025][ T5067] ffff8880734cd480: fb fb fb fc fc fc fc fc fc fc fc 00 00 00 00 00
[ 100.832084][ T5067] ffff8880734cd500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 100.840146][ T5067] ==================================================================
[ 100.848209][ T5067] Disabling lock debugging due to kernel taint
[ 100.865164][ T5067] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 100.872548][ T5067] CPU: 0 PID: 5067 Comm: syz.0.17 Tainted: G B syzkaller #0
[ 100.881121][ T5067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 100.891336][ T5067] Call Trace:
[ 100.894613][ T5067]
[ 100.897704][ T5067] dump_stack_lvl+0x188/0x250
[ 100.902380][ T5067] ? show_regs_print_info+0x20/0x20
[ 100.907647][ T5067] ? load_image+0x400/0x400
[ 100.912222][ T5067] panic+0x2e5/0x810
[ 100.916194][ T5067] ? bpf_jit_dump+0xd0/0xd0
[ 100.920764][ T5067] ? _raw_spin_unlock_irqrestore+0x10d/0x120
[ 100.926785][ T5067] ? _raw_spin_unlock+0x40/0x40
[ 100.931714][ T5067] ? jfs_readdir+0x129f/0x3cf0
[ 100.936565][ T5067] check_panic_on_warn+0x80/0xa0
[ 100.941750][ T5067] ? jfs_readdir+0x129f/0x3cf0
[ 100.946619][ T5067] end_report+0x6d/0xf0
[ 100.950765][ T5067] kasan_report+0x102/0x130
[ 100.955277][ T5067] ? jfs_readdir+0x129f/0x3cf0
[ 100.960051][ T5067] jfs_readdir+0x129f/0x3cf0
[ 100.964634][ T5067] ? dtInitRoot+0x660/0x660
[ 100.969124][ T5067] ? end_current_label_crit_section+0x14b/0x170
[ 100.975620][ T5067] ? common_file_perm+0x171/0x1c0
[ 100.980818][ T5067] iterate_dir+0x218/0x560
[ 100.985237][ T5067] __se_sys_getdents+0xf2/0x260
[ 100.990087][ T5067] ? __x64_sys_getdents+0x80/0x80
[ 100.995120][ T5067] ? fillonedir+0x4e0/0x4e0
[ 100.999689][ T5067] ? vtime_user_exit+0x2c8/0x3e0
[ 101.004616][ T5067] ? lockdep_hardirqs_on+0x94/0x140
[ 101.009801][ T5067] do_syscall_64+0x4c/0xa0
[ 101.014548][ T5067] ? clear_bhb_loop+0x30/0x80
[ 101.019322][ T5067] ? clear_bhb_loop+0x30/0x80
[ 101.024042][ T5067] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 101.030235][ T5067] RIP: 0033:0x7f2e91820379
[ 101.034754][ T5067] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 101.054949][ T5067] RSP: 002b:00007f2e90e84028 EFLAGS: 00000246 ORIG_RAX: 000000000000004e
[ 101.063556][ T5067] RAX: ffffffffffffffda RBX: 00007f2e91a7bfa0 RCX: 00007f2e91820379
[ 101.071710][ T5067] RDX: fffffffffffffd90 RSI: 0000000000000000 RDI: 0000000000000004
[ 101.079887][ T5067] RBP: 00007f2e918b3d68 R08: 0000000000000000 R09: 0000000000000000
[ 101.088107][ T5067] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 101.096194][ T5067] R13: 00007f2e91a7c038 R14: 00007f2e91a7bfa0 R15: 00007ffdb45ac248
[ 101.104364][ T5067]
[ 101.107750][ T5067] Kernel Offset: disabled
[ 101.112517][ T5067] Rebooting in 86400 seconds..