Warning: Permanently added '10.128.10.6' (ED25519) to the list of known hosts.
2026/01/13 11:31:18 parsed 1 programs
[   88.055877][ T5771] cgroup: Unknown subsys name 'net'
[   88.194338][ T5771] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   89.996458][ T5771] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   92.199239][    T8] cfg80211: failed to load regulatory.db
[   92.408629][ T5790] chnl_net:caif_netlink_parms(): no params data found
[   92.499437][ T5790] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.507920][ T5790] bridge0: port 1(bridge_slave_0) entered disabled state
[   92.515525][ T5790] bridge_slave_0: entered allmulticast mode
[   92.522654][ T5790] bridge_slave_0: entered promiscuous mode
[   92.537650][ T5790] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.544805][ T5790] bridge0: port 2(bridge_slave_1) entered disabled state
[   92.552341][ T5790] bridge_slave_1: entered allmulticast mode
[   92.559528][ T5790] bridge_slave_1: entered promiscuous mode
[   92.595797][ T5790] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   92.608147][ T5790] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   92.648107][ T5790] team0: Port device team_slave_0 added
[   92.656439][ T5790] team0: Port device team_slave_1 added
[   92.687347][ T5790] batman_adv: batadv0: Adding interface: batadv_slave_0
[   92.694436][ T5790] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   92.720444][ T5790] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   92.738120][ T5790] batman_adv: batadv0: Adding interface: batadv_slave_1
[   92.745837][ T5790] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   92.771856][ T5790] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   92.821554][ T5790] hsr_slave_0: entered promiscuous mode
[   92.828174][ T5790] hsr_slave_1: entered promiscuous mode
[   92.993399][ T5790] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   93.006531][ T5790] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   93.025432][ T5790] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   93.037687][ T5790] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   93.083091][ T5790] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.090401][ T5790] bridge0: port 2(bridge_slave_1) entered forwarding state
[   93.098698][ T5790] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.105883][ T5790] bridge0: port 1(bridge_slave_0) entered forwarding state
[   93.169401][ T5790] 8021q: adding VLAN 0 to HW filter on device bond0
[   93.190173][ T4487] bridge0: port 1(bridge_slave_0) entered disabled state
[   93.199672][ T4487] bridge0: port 2(bridge_slave_1) entered disabled state
[   93.216924][ T5790] 8021q: adding VLAN 0 to HW filter on device team0
[   93.231687][  T144] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.238969][  T144] bridge0: port 1(bridge_slave_0) entered forwarding state
[   93.253235][ T4487] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.260404][ T4487] bridge0: port 2(bridge_slave_1) entered forwarding state
[   93.463981][ T5790] 8021q: adding VLAN 0 to HW filter on device batadv0
[   93.513987][ T5790] veth0_vlan: entered promiscuous mode
[   93.528481][ T5790] veth1_vlan: entered promiscuous mode
[   93.559002][ T5790] veth0_macvtap: entered promiscuous mode
[   93.570138][ T5790] veth1_macvtap: entered promiscuous mode
[   93.590257][ T5790] batman_adv: batadv0: Interface activated: batadv_slave_0
[   93.606364][ T5790] batman_adv: batadv0: Interface activated: batadv_slave_1
[   93.619378][ T5790] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   93.629093][ T5790] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   93.638216][ T5790] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   93.647014][ T5790] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   93.833679][   T32] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   94.236269][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.244341][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.281775][  T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.291228][  T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.123645][   T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   96.132529][   T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   96.141722][   T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   96.150839][   T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   96.159843][   T51] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   96.167762][   T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   96.645444][   T32] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2026/01/13 11:31:29 executed programs: 0
[   97.268188][ T5082] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   97.276350][ T5082] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   97.283990][ T5082] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   97.293084][ T5082] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   97.302307][ T5082] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   97.310454][ T5082] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   97.477966][ T5880] chnl_net:caif_netlink_parms(): no params data found
[   97.553135][ T5880] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.560397][ T5880] bridge0: port 1(bridge_slave_0) entered disabled state
[   97.567986][ T5880] bridge_slave_0: entered allmulticast mode
[   97.575069][ T5880] bridge_slave_0: entered promiscuous mode
[   97.583937][ T5880] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.591703][ T5880] bridge0: port 2(bridge_slave_1) entered disabled state
[   97.599294][ T5880] bridge_slave_1: entered allmulticast mode
[   97.607255][ T5880] bridge_slave_1: entered promiscuous mode
[   97.643493][ T5880] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   97.656184][ T5880] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   97.690490][ T5880] team0: Port device team_slave_0 added
[   97.700092][ T5880] team0: Port device team_slave_1 added
[   97.730147][ T5880] batman_adv: batadv0: Adding interface: batadv_slave_0
[   97.738097][ T5880] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   97.764175][ T5880] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   97.777794][ T5880] batman_adv: batadv0: Adding interface: batadv_slave_1
[   97.784758][ T5880] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   97.810957][ T5880] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   97.856063][ T5880] hsr_slave_0: entered promiscuous mode
[   97.862555][ T5880] hsr_slave_1: entered promiscuous mode
[   97.869556][ T5880] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   97.877568][ T5880] Cannot create hsr debugfs directory
[   98.856463][   T32] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   98.921091][   T32] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   99.385816][   T51] Bluetooth: hci0: command tx timeout
[   99.859891][ T5880] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   99.875019][ T5880] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   99.898154][   T32] hsr_slave_0: left promiscuous mode
[   99.904658][   T32] hsr_slave_1: left promiscuous mode
[   99.911670][   T32] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   99.919590][   T32] batman_adv: batadv0: Removing interface: batadv_slave_0
[   99.929686][   T32] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   99.937454][   T32] batman_adv: batadv0: Removing interface: batadv_slave_1
[   99.945863][   T32] bridge_slave_1: left allmulticast mode
[   99.951557][   T32] bridge_slave_1: left promiscuous mode
[   99.958877][   T32] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.972588][   T32] bridge_slave_0: left allmulticast mode
[   99.979799][   T32] bridge_slave_0: left promiscuous mode
[   99.988874][   T32] bridge0: port 1(bridge_slave_0) entered disabled state
[  100.020476][   T32] veth1_macvtap: left promiscuous mode
[  100.028388][   T32] veth0_macvtap: left promiscuous mode
[  100.034550][   T32] veth1_vlan: left promiscuous mode
[  100.042829][   T32] veth0_vlan: left promiscuous mode
[  100.482522][   T32] team0 (unregistering): Port device team_slave_1 removed
[  100.512722][   T32] team0 (unregistering): Port device team_slave_0 removed
[  100.544025][   T32] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  100.577462][   T32] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  100.893122][   T32] bond0 (unregistering): Released all slaves
[  100.978269][ T5880] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  100.990354][ T5880] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  101.107355][ T5880] 8021q: adding VLAN 0 to HW filter on device bond0
[  101.130545][ T5880] 8021q: adding VLAN 0 to HW filter on device team0
[  101.143470][  T144] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.150646][  T144] bridge0: port 1(bridge_slave_0) entered forwarding state
[  101.178935][ T4487] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.186145][ T4487] bridge0: port 2(bridge_slave_1) entered forwarding state
[  101.417169][ T5880] 8021q: adding VLAN 0 to HW filter on device batadv0
[  101.466468][   T51] Bluetooth: hci0: command tx timeout
[  101.482238][ T5880] veth0_vlan: entered promiscuous mode
[  101.531119][ T5880] veth1_vlan: entered promiscuous mode
[  101.597703][ T5880] veth0_macvtap: entered promiscuous mode
[  101.614094][ T5880] veth1_macvtap: entered promiscuous mode
[  101.649961][ T5880] batman_adv: batadv0: Interface activated: batadv_slave_0
[  101.671244][ T5880] batman_adv: batadv0: Interface activated: batadv_slave_1
[  101.684416][ T5880] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  101.695840][ T5880] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  101.704578][ T5880] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  101.714604][ T5880] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  101.851287][ T4950] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.865636][ T4950] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.891609][  T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.900160][  T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.961365][ T5927] syz.0.17[5927]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[  102.285397][ T5927] loop0: detected capacity change from 0 to 40427
[  102.301227][ T5927] F2FS-fs (loop0): build fault injection attr: rate: 6, type: 0x7ffff
[  102.309902][ T5927] F2FS-fs (loop0): inline encryption not supported
[  102.318274][ T5927] F2FS-fs (loop0): build fault injection attr: rate: 0, type: 0x77fd1
[  102.329064][ T5927] F2FS-fs (loop0): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_submit_page_bio+0x134/0x650
[  102.350095][ T5927] F2FS-fs (loop0): invalid crc value
[  102.356752][ T5927] F2FS-fs (loop0): Failed to get valid F2FS checkpoint
2026/01/13 11:31:35 executed programs: 3
[  102.900898][ T5928] loop0: detected capacity change from 0 to 40427
[  102.917973][ T5928] F2FS-fs (loop0): build fault injection attr: rate: 6, type: 0x7ffff
[  102.936363][ T5928] F2FS-fs (loop0): inline encryption not supported
[  102.953384][ T5928] F2FS-fs (loop0): build fault injection attr: rate: 0, type: 0x77fd1
[  102.971988][ T5928] F2FS-fs (loop0): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_submit_page_bio+0x134/0x650
[  102.988802][ T5928] F2FS-fs (loop0): invalid crc value
[  102.994183][ T5928] F2FS-fs (loop0): Failed to get valid F2FS checkpoint
[  103.005032][  T788] ==================================================================
[  103.013163][  T788] BUG: KASAN: slab-use-after-free in up_write+0x6b/0x410
[  103.020226][  T788] Read of size 8 at addr ffff88802ced0080 by task kworker/0:2/788
[  103.028070][  T788] 
[  103.030448][  T788] CPU: 0 PID: 788 Comm: kworker/0:2 Not tainted syzkaller #0
[  103.037851][  T788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  103.047946][  T788] Workqueue: events f2fs_record_error_work
[  103.053804][  T788] Call Trace:
[  103.057107][  T788]  <TASK>
[  103.060083][  T788]  dump_stack_lvl+0x16c/0x230
[  103.064797][  T788]  ? read_lock_is_recursive+0x20/0x20
[  103.070216][  T788]  ? show_regs_print_info+0x20/0x20
[  103.075453][  T788]  ? load_image+0x3b0/0x3b0
[  103.080003][  T788]  ? _raw_spin_lock_irqsave+0xb4/0xf0
[  103.085424][  T788]  ? __virt_addr_valid+0x18c/0x540
[  103.090581][  T788]  ? __virt_addr_valid+0x469/0x540
[  103.095750][  T788]  print_report+0xac/0x220
[  103.100225][  T788]  ? up_write+0x6b/0x410
[  103.104499][  T788]  kasan_report+0x117/0x150
[  103.109052][  T788]  ? __lock_acquire+0x7c80/0x7c80
[  103.114138][  T788]  ? up_write+0x6b/0x410
[  103.118424][  T788]  up_write+0x6b/0x410
[  103.122533][  T788]  f2fs_record_error_work+0x144/0x1d0
[  103.127969][  T788]  ? process_scheduled_works+0x957/0x15b0
[  103.133747][  T788]  process_scheduled_works+0xa45/0x15b0
[  103.139362][  T788]  ? assign_work+0x400/0x400
[  103.144000][  T788]  ? assign_work+0x39e/0x400
[  103.148642][  T788]  worker_thread+0xa55/0xfc0
[  103.153273][  T788]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  103.159211][  T788]  ? _raw_spin_unlock+0x40/0x40
[  103.164124][  T788]  ? _raw_spin_unlock_irqrestore+0x86/0x110
[  103.170073][  T788]  kthread+0x2fa/0x390
[  103.174182][  T788]  ? pr_cont_work+0x560/0x560
[  103.178906][  T788]  ? kthread_blkcg+0xd0/0xd0
[  103.183534][  T788]  ret_from_fork+0x48/0x80
[  103.187988][  T788]  ? kthread_blkcg+0xd0/0xd0
[  103.192614][  T788]  ret_from_fork_asm+0x11/0x20
[  103.197439][  T788]  </TASK>
[  103.200575][  T788] 
[  103.202933][  T788] Allocated by task 5928:
[  103.207288][  T788]  kasan_set_track+0x4e/0x70
[  103.211916][  T788]  __kasan_kmalloc+0x8f/0xa0
[  103.216544][  T788]  f2fs_fill_super+0xc9/0x6cc0
[  103.221355][  T788]  mount_bdev+0x22b/0x2d0
[  103.225721][  T788]  legacy_get_tree+0xea/0x180
[  103.230522][  T788]  vfs_get_tree+0x8c/0x280
[  103.234972][  T788]  do_new_mount+0x24b/0xa40
[  103.239508][  T788]  __se_sys_mount+0x2da/0x3c0
[  103.244225][  T788]  do_syscall_64+0x55/0xb0
[  103.248673][  T788]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  103.254613][  T788] 
[  103.256973][  T788] Freed by task 5928:
[  103.260984][  T788]  kasan_set_track+0x4e/0x70
[  103.265615][  T788]  kasan_save_free_info+0x2e/0x50
[  103.270735][  T788]  ____kasan_slab_free+0x126/0x1e0
[  103.275887][  T788]  slab_free_freelist_hook+0x130/0x1b0
[  103.281382][  T788]  __kmem_cache_free+0xba/0x1f0
[  103.286271][  T788]  f2fs_fill_super+0x3dad/0x6cc0
[  103.291257][  T788]  mount_bdev+0x22b/0x2d0
[  103.295616][  T788]  legacy_get_tree+0xea/0x180
[  103.300345][  T788]  vfs_get_tree+0x8c/0x280
[  103.304800][  T788]  do_new_mount+0x24b/0xa40
[  103.309341][  T788]  __se_sys_mount+0x2da/0x3c0
[  103.314058][  T788]  do_syscall_64+0x55/0xb0
[  103.318546][  T788]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  103.324478][  T788] 
[  103.326915][  T788] Last potentially related work creation:
[  103.332652][  T788]  kasan_save_stack+0x3e/0x60
[  103.337378][  T788]  __kasan_record_aux_stack+0xaf/0xc0
[  103.342799][  T788]  insert_work+0x3d/0x310
[  103.347168][  T788]  __queue_work+0xc39/0x1020
[  103.351791][  T788]  queue_work_on+0x121/0x1e0
[  103.356410][  T788]  f2fs_submit_page_bio+0x1c3/0x650
[  103.361648][  T788]  __get_meta_page+0x18f/0x580
[  103.366459][  T788]  get_checkpoint_version+0x3c/0x330
[  103.371780][  T788]  validate_checkpoint+0x153/0x250
[  103.376932][  T788]  f2fs_get_valid_checkpoint+0x25e/0x940
[  103.382641][  T788]  f2fs_fill_super+0x3f3d/0x6cc0
[  103.387648][  T788]  mount_bdev+0x22b/0x2d0
[  103.392015][  T788]  legacy_get_tree+0xea/0x180
[  103.396730][  T788]  vfs_get_tree+0x8c/0x280
[  103.401190][  T788]  do_new_mount+0x24b/0xa40
[  103.405729][  T788]  __se_sys_mount+0x2da/0x3c0
[  103.410442][  T788]  do_syscall_64+0x55/0xb0
[  103.414894][  T788]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  103.420827][  T788] 
[  103.423180][  T788] The buggy address belongs to the object at ffff88802ced0000
[  103.423180][  T788]  which belongs to the cache kmalloc-8k of size 8192
[  103.437269][  T788] The buggy address is located 128 bytes inside of
[  103.437269][  T788]  freed 8192-byte region [ffff88802ced0000, ffff88802ced2000)
[  103.451176][  T788] 
[  103.453514][  T788] The buggy address belongs to the physical page:
[  103.459946][  T788] page:ffffea0000b3b400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2ced0
[  103.470112][  T788] head:ffffea0000b3b400 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  103.479064][  T788] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  103.487062][  T788] page_type: 0xffffffff()
[  103.491411][  T788] raw: 00fff00000000840 ffff888017842280 ffffea0000abbe00 0000000000000002
[  103.500008][  T788] raw: 0000000000000000 0000000080020002 00000001ffffffff 0000000000000000
[  103.508613][  T788] page dumped because: kasan: bad access detected
[  103.515046][  T788] page_owner tracks the page as allocated
[  103.520770][  T788] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5666, tgid 5666 (sshd-session), ts 68601777267, free_ts 68520694004
[  103.541362][  T788]  post_alloc_hook+0x1cd/0x210
[  103.546155][  T788]  get_page_from_freelist+0x195c/0x19f0
[  103.551733][  T788]  __alloc_pages+0x1e3/0x460
[  103.556352][  T788]  alloc_slab_page+0x5d/0x170
[  103.561057][  T788]  new_slab+0x87/0x2e0
[  103.565152][  T788]  ___slab_alloc+0xc6d/0x1300
[  103.569852][  T788]  __kmem_cache_alloc_node+0x1a2/0x260
[  103.575344][  T788]  kmalloc_trace+0x2a/0xe0
[  103.579780][  T788]  tomoyo_init_log+0x1104/0x1f10
[  103.584743][  T788]  tomoyo_supervisor+0x32d/0x1080
[  103.589786][  T788]  tomoyo_env_perm+0x14a/0x1e0
[  103.594570][  T788]  tomoyo_find_next_domain+0x1594/0x1a60
[  103.600225][  T788]  tomoyo_bprm_check_security+0x116/0x170
[  103.605968][  T788]  security_bprm_check+0x62/0xa0
[  103.610929][  T788]  bprm_execve+0xa51/0x16f0
[  103.615458][  T788]  do_execveat_common+0x51b/0x6c0
[  103.620502][  T788] page last free stack trace:
[  103.625185][  T788]  free_unref_page_prepare+0x7ce/0x8e0
[  103.630685][  T788]  free_unref_page+0x32/0x2e0
[  103.635387][  T788]  __unfreeze_partials+0x1cf/0x210
[  103.640529][  T788]  put_cpu_partial+0x17c/0x250
[  103.645315][  T788]  __slab_free+0x31d/0x410
[  103.649759][  T788]  qlist_free_all+0x75/0xe0
[  103.654283][  T788]  kasan_quarantine_reduce+0x143/0x160
[  103.659775][  T788]  __kasan_slab_alloc+0x22/0x80
[  103.664654][  T788]  slab_post_alloc_hook+0x6e/0x4d0
[  103.669796][  T788]  kmem_cache_alloc+0x11e/0x2e0
[  103.674673][  T788]  __pmd_alloc+0x116/0x880
[  103.679137][  T788]  move_page_tables+0x1758/0x1910
[  103.684183][  T788]  setup_arg_pages+0xb38/0xed0
[  103.688972][  T788]  load_elf_binary+0xb98/0x2700
[  103.693857][  T788]  bprm_execve+0xaeb/0x16f0
[  103.698388][  T788]  do_execveat_common+0x51b/0x6c0
[  103.703438][  T788] 
[  103.705786][  T788] Memory state around the buggy address:
[  103.711439][  T788]  ffff88802cecff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  103.719518][  T788]  ffff88802ced0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  103.727597][  T788] >ffff88802ced0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  103.735676][  T788]                    ^
[  103.739754][  T788]  ffff88802ced0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  103.747829][  T788]  ffff88802ced0180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  103.755943][  T788] ==================================================================
[  103.775297][   T51] Bluetooth: hci0: command tx timeout
[  103.937600][  T788] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  103.944870][  T788] CPU: 0 PID: 788 Comm: kworker/0:2 Not tainted syzkaller #0
[  103.952280][  T788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  103.962382][  T788] Workqueue: events f2fs_record_error_work
[  103.968246][  T788] Call Trace:
[  103.971550][  T788]  <TASK>
[  103.974512][  T788]  dump_stack_lvl+0x16c/0x230
[  103.979229][  T788]  ? show_regs_print_info+0x20/0x20
[  103.984467][  T788]  ? load_image+0x3b0/0x3b0
[  103.989023][  T788]  panic+0x2c0/0x710
[  103.992956][  T788]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  103.999158][  T788]  ? bpf_jit_dump+0xd0/0xd0
[  104.003697][  T788]  ? _raw_spin_unlock_irqrestore+0xfa/0x110
[  104.009623][  T788]  ? _raw_spin_unlock+0x40/0x40
[  104.014495][  T788]  ? up_write+0x6b/0x410
[  104.018754][  T788]  check_panic_on_warn+0x84/0xa0
[  104.023716][  T788]  ? up_write+0x6b/0x410
[  104.027982][  T788]  end_report+0x6f/0x140
[  104.032252][  T788]  kasan_report+0x128/0x150
[  104.036773][  T788]  ? __lock_acquire+0x7c80/0x7c80
[  104.041815][  T788]  ? up_write+0x6b/0x410
[  104.046076][  T788]  up_write+0x6b/0x410
[  104.050165][  T788]  f2fs_record_error_work+0x144/0x1d0
[  104.055568][  T788]  ? process_scheduled_works+0x957/0x15b0
[  104.062098][  T788]  process_scheduled_works+0xa45/0x15b0
[  104.067694][  T788]  ? assign_work+0x400/0x400
[  104.072313][  T788]  ? assign_work+0x39e/0x400
[  104.076928][  T788]  worker_thread+0xa55/0xfc0
[  104.081541][  T788]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  104.087459][  T788]  ? _raw_spin_unlock+0x40/0x40
[  104.092354][  T788]  ? _raw_spin_unlock_irqrestore+0x86/0x110
[  104.098277][  T788]  kthread+0x2fa/0x390
[  104.102369][  T788]  ? pr_cont_work+0x560/0x560
[  104.107073][  T788]  ? kthread_blkcg+0xd0/0xd0
[  104.111678][  T788]  ret_from_fork+0x48/0x80
[  104.116115][  T788]  ? kthread_blkcg+0xd0/0xd0
[  104.120724][  T788]  ret_from_fork_asm+0x11/0x20
[  104.125516][  T788]  </TASK>
[  104.129115][  T788] Kernel Offset: disabled
[  104.133458][  T788] Rebooting in 86400 seconds..