syzkaller login: [   92.030514][ T1007] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.0.246' (ED25519) to the list of known hosts.
2026/05/23 11:18:08 parsed 1 programs
[  102.956401][ T5618] cgroup: Unknown subsys name 'net'
[  103.219116][ T5618] cgroup: Unknown subsys name 'cpuset'
[  103.272474][ T5618] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[  105.275716][ T5618] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  109.505997][ T1183] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.506025][ T1183] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.648878][ T1183] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.648903][ T1183] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  111.319498][ T5654] bridge0: port 1(bridge_slave_0) entered blocking state
[  111.320579][ T5654] bridge0: port 1(bridge_slave_0) entered disabled state
[  111.320711][ T5654] bridge_slave_0: entered allmulticast mode
[  111.326639][ T5654] bridge_slave_0: entered promiscuous mode
[  111.362596][ T5654] bridge0: port 2(bridge_slave_1) entered blocking state
[  111.362697][ T5654] bridge0: port 2(bridge_slave_1) entered disabled state
[  111.362859][ T5654] bridge_slave_1: entered allmulticast mode
[  111.365249][ T5654] bridge_slave_1: entered promiscuous mode
[  111.758382][ T5654] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  111.774112][ T5654] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  111.822247][ T5654] team0: Port device team_slave_0 added
[  111.826566][ T5654] team0: Port device team_slave_1 added
[  111.866094][ T5654] batman_adv: batadv0: Adding interface: batadv_slave_0
[  111.866112][ T5654] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  111.866141][ T5654] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  111.882698][ T5654] batman_adv: batadv0: Adding interface: batadv_slave_1
[  111.882742][ T5654] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  111.882817][ T5654] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  112.427797][ T5654] hsr_slave_0: entered promiscuous mode
[  112.428930][ T5654] hsr_slave_1: entered promiscuous mode
[  113.125267][ T5654] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  113.181218][ T5654] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  113.183684][ T5654] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  113.229154][ T5654] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  113.283847][ T5654] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  113.306438][ T5654] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  113.309212][ T5654] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  113.356115][ T5654] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  113.506534][ T5654] 8021q: adding VLAN 0 to HW filter on device bond0
[  113.540491][ T5654] 8021q: adding VLAN 0 to HW filter on device team0
[  113.566903][   T56] bridge0: port 1(bridge_slave_0) entered blocking state
[  113.567075][   T56] bridge0: port 1(bridge_slave_0) entered forwarding state
[  113.610871][ T1177] bridge0: port 2(bridge_slave_1) entered blocking state
[  113.610999][ T1177] bridge0: port 2(bridge_slave_1) entered forwarding state
[  114.131067][ T5654] 8021q: adding VLAN 0 to HW filter on device batadv0
[  114.203068][ T5654] veth0_vlan: entered promiscuous mode
[  114.224451][ T5654] veth1_vlan: entered promiscuous mode
[  114.297430][ T5654] veth0_macvtap: entered promiscuous mode
[  114.307151][ T5654] veth1_macvtap: entered promiscuous mode
[  114.343424][ T5654] batman_adv: batadv0: Interface activated: batadv_slave_0
[  114.369907][ T5654] batman_adv: batadv0: Interface activated: batadv_slave_1
[  114.401547][ T3088] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  114.446120][ T3088] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  114.467146][   T56] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  114.471032][   T56] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  115.237887][ T3088] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  115.959649][ T3088] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  116.595321][   T60] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  116.619505][   T60] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  116.621429][   T60] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  116.640338][   T60] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  116.642502][   T60] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  116.738134][ T3088] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  117.251131][ T3088] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  118.322151][ T3088] bridge_slave_1: left allmulticast mode
[  118.322372][ T3088] bridge_slave_1: left promiscuous mode
[  118.329903][ T3088] bridge0: port 2(bridge_slave_1) entered disabled state
[  118.523958][ T3088] bridge_slave_0: left allmulticast mode
[  118.523995][ T3088] bridge_slave_0: left promiscuous mode
[  118.524247][ T3088] bridge0: port 1(bridge_slave_0) entered disabled state
[  119.562649][ T3088] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  119.622645][ T3088] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  119.664132][ T3088] bond0 (unregistering): Released all slaves
[  119.717657][ T5264] 8021q: adding VLAN 0 to HW filter on device eth1
[  120.141861][ T3088] hsr_slave_0: left promiscuous mode
[  120.187490][ T3088] hsr_slave_1: left promiscuous mode
[  120.188656][ T3088] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  120.188723][ T3088] batman_adv: batadv0: Removing interface: batadv_slave_0
[  120.243881][ T3088] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  120.243911][ T3088] batman_adv: batadv0: Removing interface: batadv_slave_1
[  120.338506][ T3088] veth1_macvtap: left promiscuous mode
[  120.339276][ T3088] veth0_macvtap: left promiscuous mode
[  120.339571][ T3088] veth1_vlan: left promiscuous mode
[  120.339888][ T3088] veth0_vlan: left promiscuous mode
[  121.172813][ T3088] team0 (unregistering): Port device team_slave_1 removed
[  121.232451][ T3088] team0 (unregistering): Port device team_slave_0 removed
[  121.454841][ T5264] 8021q: adding VLAN 0 to HW filter on device eth3
[  122.401086][ T5264] 8021q: adding VLAN 0 to HW filter on device eth2
[  123.398583][ T5264] 8021q: adding VLAN 0 to HW filter on device eth4
2026/05/23 11:18:33 executed programs: 0
[  124.431602][   T60] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  124.452207][   T60] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  124.456047][   T60] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  124.457210][   T60] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  124.459717][   T60] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  125.512554][ T5804] bridge0: port 1(bridge_slave_0) entered blocking state
[  125.512704][ T5804] bridge0: port 1(bridge_slave_0) entered disabled state
[  125.513059][ T5804] bridge_slave_0: entered allmulticast mode
[  125.515052][ T5804] bridge_slave_0: entered promiscuous mode
[  125.519556][ T5804] bridge0: port 2(bridge_slave_1) entered blocking state
[  125.519701][ T5804] bridge0: port 2(bridge_slave_1) entered disabled state
[  125.519820][ T5804] bridge_slave_1: entered allmulticast mode
[  125.548198][ T5804] bridge_slave_1: entered promiscuous mode
[  125.631984][ T5804] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  125.636156][ T5804] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  125.695448][ T5804] team0: Port device team_slave_0 added
[  125.697962][ T5804] team0: Port device team_slave_1 added
[  125.744369][ T5804] batman_adv: batadv0: Adding interface: batadv_slave_0
[  125.744383][ T5804] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  125.744403][ T5804] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  125.746048][ T5804] batman_adv: batadv0: Adding interface: batadv_slave_1
[  125.746059][ T5804] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  125.746079][ T5804] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  125.886817][ T5804] hsr_slave_0: entered promiscuous mode
[  125.887870][ T5804] hsr_slave_1: entered promiscuous mode
[  126.574038][   T60] Bluetooth: hci0: command tx timeout
[  128.226276][ T5804] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  128.291316][ T5804] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  128.297023][ T5804] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  128.349789][ T5804] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  128.651824][   T60] Bluetooth: hci0: command tx timeout
[  128.742410][ T5804] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  128.791682][ T5804] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  128.795894][ T5804] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  128.861082][ T5804] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  129.029633][ T5804] 8021q: adding VLAN 0 to HW filter on device bond0
[  129.097322][ T5804] 8021q: adding VLAN 0 to HW filter on device team0
[  129.137261][ T3415] bridge0: port 1(bridge_slave_0) entered blocking state
[  129.137486][ T3415] bridge0: port 1(bridge_slave_0) entered forwarding state
[  129.175874][ T3415] bridge0: port 2(bridge_slave_1) entered blocking state
[  129.176014][ T3415] bridge0: port 2(bridge_slave_1) entered forwarding state
[  130.189308][ T5804] 8021q: adding VLAN 0 to HW filter on device batadv0
[  130.321506][ T5804] veth0_vlan: entered promiscuous mode
[  130.369008][ T5804] veth1_vlan: entered promiscuous mode
[  130.469813][ T5804] veth0_macvtap: entered promiscuous mode
[  130.483815][ T5804] veth1_macvtap: entered promiscuous mode
[  130.583100][ T5804] batman_adv: batadv0: Interface activated: batadv_slave_0
[  130.607385][ T5804] batman_adv: batadv0: Interface activated: batadv_slave_1
[  130.648557][ T3089] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  130.648657][ T3089] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  130.648698][ T3089] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  130.649547][ T3089] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  130.733298][   T60] Bluetooth: hci0: command tx timeout
[  131.303376][ T3088] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  131.303410][ T3088] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  131.402876][ T3415] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  131.402898][ T3415] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2026/05/23 11:18:40 executed programs: 2
[  132.033351][ T5957] loop0: detected capacity change from 0 to 32768
[  132.811773][   T60] Bluetooth: hci0: command tx timeout
[  132.879906][ T5967] loop0: detected capacity change from 0 to 32768
[  132.980658][ T1333] ieee802154 phy0 wpan0: encryption failed: -22
[  132.980753][ T1333] ieee802154 phy1 wpan1: encryption failed: -22
[  133.515765][ T5968] loop0: detected capacity change from 0 to 32768
[  134.215314][ T5971] loop0: detected capacity change from 0 to 32768
[  134.819875][ T5973] loop0: detected capacity change from 0 to 32768
[  135.455615][ T5974] loop0: detected capacity change from 0 to 32768
[  136.121458][ T5975] loop0: detected capacity change from 0 to 32768
[  136.731112][ T5976] loop0: detected capacity change from 0 to 32768
2026/05/23 11:18:45 executed programs: 10
[  137.347997][ T5977] loop0: detected capacity change from 0 to 32768
[  137.954002][ T5978] loop0: detected capacity change from 0 to 32768
[  138.568356][ T5979] loop0: detected capacity change from 0 to 32768
[  139.167814][ T5980] loop0: detected capacity change from 0 to 32768
[  139.813018][ T5981] loop0: detected capacity change from 0 to 32768
[  140.417160][ T5982] loop0: detected capacity change from 0 to 32768
[  141.000899][ T5983] loop0: detected capacity change from 0 to 32768
[  141.635085][ T5984] loop0: detected capacity change from 0 to 32768
[  142.218828][ T5985] loop0: detected capacity change from 0 to 32768
2026/05/23 11:18:51 executed programs: 19
[  142.840538][ T5986] loop0: detected capacity change from 0 to 32768
[  143.413683][ T5987] loop0: detected capacity change from 0 to 32768
[  144.000720][ T5988] loop0: detected capacity change from 0 to 32768
[  144.610015][ T5989] loop0: detected capacity change from 0 to 32768
[  145.195622][ T5990] loop0: detected capacity change from 0 to 32768
[  145.825766][ T5991] loop0: detected capacity change from 0 to 32768
[  146.385381][ T5992] loop0: detected capacity change from 0 to 32768
[  146.985745][ T5993] loop0: detected capacity change from 0 to 32768
[  147.607430][ T5994] loop0: detected capacity change from 0 to 32768
2026/05/23 11:18:56 executed programs: 28
[  148.183966][ T5995] loop0: detected capacity change from 0 to 32768
[  148.800740][ T5996] loop0: detected capacity change from 0 to 32768
[  149.382812][ T5997] loop0: detected capacity change from 0 to 32768
[  149.985203][ T5998] loop0: detected capacity change from 0 to 32768
[  150.568776][ T5999] loop0: detected capacity change from 0 to 32768
[  151.204483][ T6000] loop0: detected capacity change from 0 to 32768
[  151.803826][ T6001] loop0: detected capacity change from 0 to 32768
[  152.395465][ T6002] loop0: detected capacity change from 0 to 32768
[  153.011444][ T6003] loop0: detected capacity change from 0 to 32768
2026/05/23 11:19:02 executed programs: 37
[  153.685916][ T6004] loop0: detected capacity change from 0 to 32768
[  154.322243][ T6005] loop0: detected capacity change from 0 to 32768
[  154.934172][ T6006] loop0: detected capacity change from 0 to 32768
[  155.543767][ T6007] loop0: detected capacity change from 0 to 32768
[  156.142410][ T6008] loop0: detected capacity change from 0 to 32768
[  156.733698][ T6009] loop0: detected capacity change from 0 to 32768
[  157.353158][ T6010] loop0: detected capacity change from 0 to 32768
[  157.945140][ T6011] loop0: detected capacity change from 0 to 32768
[  158.565339][ T6012] loop0: detected capacity change from 0 to 32768
2026/05/23 11:19:07 executed programs: 46
[  159.164471][ T6013] loop0: detected capacity change from 0 to 32768
[  159.760103][ T6014] loop0: detected capacity change from 0 to 32768
[  160.347801][ T6015] loop0: detected capacity change from 0 to 32768
[  160.949199][ T6016] loop0: detected capacity change from 0 to 32768
[  161.539271][ T6017] loop0: detected capacity change from 0 to 32768
[  162.116584][ T6018] loop0: detected capacity change from 0 to 32768
[  162.681299][ T6019] loop0: detected capacity change from 0 to 32768
[  162.748836][    C1] =========================================================[  162.748836][    C1] ==================================================================
[  162.748854][    C1] BUG: KASAN: slab-use-after-free in lbmIODone+0x1312/0x16c0
[  162.748902][    C1] Read of size 4 at addr ffff88803d768808 by task ksoftirqd/1/30
[  162.748922][    C1] 
[  162.748951][    C1] CPU: 1 UID: 0 PID: 30 Comm: ksoftirqd/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  162.748977][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  162.748999][    C1] Call Trace:
[  162.749008][    C1]  <TASK>
[  162.749017][    C1]  dump_stack_lvl+0xe8/0x150
[  162.749046][    C1]  print_address_description+0x55/0x1e0
[  162.749074][    C1]  ? lbmIODone+0x1312/0x16c0
[  162.749103][    C1]  print_report+0x58/0x70
[  162.749127][    C1]  kasan_report+0x117/0x150
[  162.749155][    C1]  ? lbmIODone+0x1312/0x16c0
[  162.749198][    C1]  lbmIODone+0x1312/0x16c0
[  162.749230][    C1]  ? blkg_put+0x22/0x240
[  162.749252][    C1]  ? blkg_put+0x22/0x240
[  162.749274][    C1]  ? blkg_put+0x18d/0x240
[  162.749297][    C1]  ? bio_endio+0x989/0x9d0
[  162.749326][    C1]  blk_update_request+0x57e/0xe60
[  162.749361][    C1]  blk_mq_end_request+0x3e/0x70
[  162.749388][    C1]  blk_done_softirq+0x10a/0x160
[  162.749415][    C1]  handle_softirqs+0x1de/0x6d0
[  162.749446][    C1]  ? smpboot_thread_fn+0x4d/0xa50
[  162.749472][    C1]  run_ksoftirqd+0x52/0x180
[  162.749499][    C1]  smpboot_thread_fn+0x541/0xa50
[  162.749527][    C1]  ? smpboot_thread_fn+0x4d/0xa50
[  162.749558][    C1]  kthread+0x388/0x470
[  162.749588][    C1]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  162.749614][    C1]  ? __pfx_kthread+0x10/0x10
[  162.749644][    C1]  ret_from_fork+0x514/0xb70
[  162.749671][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  162.749696][    C1]  ? __switch_to+0xc79/0x1410
[  162.749730][    C1]  ? __pfx_kthread+0x10/0x10
[  162.749760][    C1]  ret_from_fork_asm+0x1a/0x30
[  162.749797][    C1]  </TASK>
[  162.749805][    C1] 
[  162.749817][    C1] Allocated by task 6019:
[  162.749828][    C1]  kasan_save_track+0x3e/0x80
[  162.749849][    C1]  __kasan_kmalloc+0x93/0xb0
[  162.749869][    C1]  __kmalloc_cache_noprof+0x3a6/0x690
[  162.749891][    C1]  lmLogInit+0x3e5/0x1a00
[  162.749916][    C1]  lmLogOpen+0x4e1/0xfa0
[  162.749941][    C1]  jfs_mount_rw+0xee/0x670
[  162.749966][    C1]  jfs_fill_super+0x754/0xd80
[  162.749984][    C1]  get_tree_bdev_flags+0x431/0x4f0
[  162.750007][    C1]  vfs_get_tree+0x92/0x2a0
[  162.750054][    C1]  do_new_mount+0x341/0xd30
[  162.750083][    C1]  __se_sys_mount+0x31d/0x420
[  162.750113][    C1]  do_syscall_64+0x15f/0xf80
[  162.750142][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  162.750162][    C1] 
[  162.750168][    C1] Freed by task 5804:
[  162.750181][    C1]  kasan_save_track+0x3e/0x80
[  162.750206][    C1]  kasan_save_free_info+0x46/0x50
[  162.750234][    C1]  __kasan_slab_free+0x5c/0x80
[  162.750254][    C1]  kfree+0x1c5/0x6c0
[  162.750272][    C1]  lmLogShutdown+0x456/0x850
[  162.750299][    C1]  lmLogClose+0x28a/0x520
[  162.750325][    C1]  jfs_umount+0x2fb/0x3d0
[  162.750349][    C1]  jfs_put_super+0x8c/0x190
[  162.750367][    C1]  generic_shutdown_super+0x13d/0x2d0
[  162.750386][    C1]  kill_block_super+0x44/0x90
[  162.750409][    C1]  deactivate_locked_super+0xbc/0x130
[  162.750427][    C1]  cleanup_mnt+0x437/0x4d0
[  162.750449][    C1]  task_work_run+0x1d9/0x270
[  162.750479][    C1]  exit_to_user_mode_loop+0xf3/0x4d0
[  162.750505][    C1]  do_syscall_64+0x33e/0xf80
[  162.750532][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  162.750552][    C1] 
[  162.750557][    C1] The buggy address belongs to the object at ffff88803d768800
[  162.750557][    C1]  which belongs to the cache kmalloc-256 of size 256
[  162.750575][    C1] The buggy address is located 8 bytes inside of
[  162.750575][    C1]  freed 256-byte region [ffff88803d768800, ffff88803d768900)
[  162.750597][    C1] 
[  162.750602][    C1] The buggy address belongs to the physical page:
[  162.750619][    C1] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3d768
[  162.750640][    C1] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  162.750658][    C1] flags: 0x80000000000040(head|node=0|zone=1)
[  162.750680][    C1] page_type: f5(slab)
[  162.750701][    C1] raw: 0080000000000040 ffff88801a010b40 dead000000000100 dead000000000122
[  162.750720][    C1] raw: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000
[  162.750742][    C1] head: 0080000000000040 ffff88801a010b40 dead000000000100 dead000000000122
[  162.750761][    C1] head: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000
[  162.750781][    C1] head: 0080000000000001 ffffffffffffff81 00000000ffffffff 00000000ffffffff
[  162.750800][    C1] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000002
[  162.750811][    C1] page dumped because: kasan: bad access detected
[  162.750826][    C1] page_owner tracks the page as allocated
[  162.750838][    C1] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5755, tgid 5755 (udevd), ts 161811570679, free_ts 160835934677
[  162.750876][    C1]  post_alloc_hook+0x22d/0x280
[  162.750899][    C1]  get_page_from_freelist+0x27c8/0x2840
[  162.750926][    C1]  __alloc_frozen_pages_noprof+0x18d/0x380
[  162.750952][    C1]  allocate_slab+0x77/0x660
[  162.750981][    C1]  refill_objects+0x33c/0x3d0
[  162.751008][    C1]  __pcs_replace_empty_main+0x373/0x720
[  162.751038][    C1]  __kmalloc_noprof+0x530/0x7b0
[  162.751060][    C1]  security_inode_init_security+0x102/0x3d0
[  162.751083][    C1]  shmem_mknod+0x1fe/0x360
[  162.751112][    C1]  path_openat+0x13b4/0x38a0
[  162.751134][    C1]  do_file_open+0x23e/0x4a0
[  162.751155][    C1]  do_sys_openat2+0x113/0x200
[  162.751194][    C1]  __x64_sys_openat+0x138/0x170
[  162.751225][    C1]  do_syscall_64+0x15f/0xf80
[  162.751254][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  162.751274][    C1] page last free pid 5755 tgid 5755 stack trace:
[  162.751287][    C1]  __free_frozen_pages+0xfa6/0x10f0
[  162.751310][    C1]  __slab_free+0x252/0x2a0
[  162.751332][    C1]  qlist_free_all+0x99/0x100
[  162.751350][    C1]  kasan_quarantine_reduce+0x148/0x160
[  162.751369][    C1]  __kasan_slab_alloc+0x22/0x80
[  162.751390][    C1]  __kmalloc_noprof+0x399/0x7b0
[  162.751417][    C1]  tomoyo_realpath_from_path+0xe3/0x5d0
[  162.751438][    C1]  tomoyo_check_open_permission+0x229/0x470
[  162.751467][    C1]  security_file_open+0xa9/0x240
[  162.751497][    C1]  do_dentry_open+0x4c0/0x13e0
[  162.751526][    C1]  vfs_open+0x3b/0x350
[  162.751554][    C1]  path_openat+0x2e43/0x38a0
[  162.751576][    C1]  do_file_open+0x23e/0x4a0
[  162.751598][    C1]  do_sys_openat2+0x113/0x200
[  162.751626][    C1]  __x64_sys_openat+0x138/0x170
[  162.751656][    C1]  do_syscall_64+0x15f/0xf80
[  162.751684][    C1] 
[  162.751689][    C1] Memory state around the buggy address:
[  162.751699][    C1]  ffff88803d768700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  162.751714][    C1]  ffff88803d768780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  162.751729][    C1] >ffff88803d768800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  162.751740][    C1]                       ^
[  162.751751][    C1]  ffff88803d768880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  162.751765][    C1]  ffff88803d768900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  162.751777][    C1] ==================================================================
[  162.756811][    C1] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  162.756874][    C1] CPU: 1 UID: 0 PID: 30 Comm: ksoftirqd/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  162.756947][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  162.756981][    C1] Call Trace:
[  162.757003][    C1]  <TASK>
[  162.757025][    C1]  vpanic+0x56c/0xa60
[  162.757120][    C1]  ? __pfx_vpanic+0x10/0x10
[  162.757197][    C1]  ? __pfx___schedule+0x10/0x10
[  162.757285][    C1]  panic+0xc5/0xd0
[  162.757351][    C1]  ? __pfx_panic+0x10/0x10
[  162.757424][    C1]  ? preempt_schedule_thunk+0x16/0x30
[  162.757539][    C1]  ? lbmIODone+0x1312/0x16c0
[  162.757635][    C1]  check_panic_on_warn+0x89/0xb0
[  162.757713][    C1]  ? lbmIODone+0x1312/0x16c0
[  162.757797][    C1]  end_report+0x73/0x170
[  162.757856][    C1]  ? lbmIODone+0x1312/0x16c0
[  162.757932][    C1]  kasan_report+0x128/0x150
[  162.758004][    C1]  ? lbmIODone+0x1312/0x16c0
[  162.758091][    C1]  lbmIODone+0x1312/0x16c0
[  162.758168][    C1]  ? blkg_put+0x22/0x240
[  162.758238][    C1]  ? blkg_put+0x22/0x240
[  162.758293][    C1]  ? blkg_put+0x18d/0x240
[  162.758357][    C1]  ? bio_endio+0x989/0x9d0
[  162.758432][    C1]  blk_update_request+0x57e/0xe60
[  162.758515][    C1]  blk_mq_end_request+0x3e/0x70
[  162.758590][    C1]  blk_done_softirq+0x10a/0x160
[  162.758656][    C1]  handle_softirqs+0x1de/0x6d0
[  162.758731][    C1]  ? smpboot_thread_fn+0x4d/0xa50
[  162.758802][    C1]  run_ksoftirqd+0x52/0x180
[  162.758891][    C1]  smpboot_thread_fn+0x541/0xa50
[  162.758979][    C1]  ? smpboot_thread_fn+0x4d/0xa50
[  162.759064][    C1]  kthread+0x388/0x470
[  162.759139][    C1]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  162.759214][    C1]  ? __pfx_kthread+0x10/0x10
[  162.759290][    C1]  ret_from_fork+0x514/0xb70
[  162.759356][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  162.759420][    C1]  ? __switch_to+0xc79/0x1410
[  162.759519][    C1]  ? __pfx_kthread+0x10/0x10
[  162.759594][    C1]  ret_from_fork_asm+0x1a/0x30
[  162.759690][    C1]  </TASK>
[  162.760302][    C1] Kernel Offset: disabled