no interfaces have a carrier
[ 35.503276][ T3855] 8021q: adding VLAN 0 to HW filter on device bond0
[ 35.513188][ T3855] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting crond: OK
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.1.211' (ED25519) to the list of known hosts.
2025/09/28 18:54:42 parsed 1 programs
syzkaller login: [ 61.474339][ T4190] cgroup: Unknown subsys name 'net'
[ 61.636439][ T4190] cgroup: Unknown subsys name 'rlimit'
[ 63.145071][ T4190] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS
[ 64.693481][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 64.702579][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 64.722663][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 64.735661][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 64.744215][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 64.756422][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 65.939169][ T4228] chnl_net:caif_netlink_parms(): no params data found
[ 66.007635][ T4228] bridge0: port 1(bridge_slave_0) entered blocking state
[ 66.016821][ T4228] bridge0: port 1(bridge_slave_0) entered disabled state
[ 66.025244][ T4228] device bridge_slave_0 entered promiscuous mode
[ 66.037442][ T4228] bridge0: port 2(bridge_slave_1) entered blocking state
[ 66.045092][ T4228] bridge0: port 2(bridge_slave_1) entered disabled state
[ 66.054906][ T4228] device bridge_slave_1 entered promiscuous mode
[ 66.086389][ T4228] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 66.099256][ T4228] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 66.134197][ T4228] team0: Port device team_slave_0 added
[ 66.142921][ T4228] team0: Port device team_slave_1 added
[ 66.168827][ T4228] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 66.178263][ T4228] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 66.205647][ T4228] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 66.219058][ T4228] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 66.226164][ T4228] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 66.252860][ T4228] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 66.295342][ T4228] device hsr_slave_0 entered promiscuous mode
[ 66.303834][ T4228] device hsr_slave_1 entered promiscuous mode
[ 66.437924][ T4228] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 66.459584][ T4228] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 66.472648][ T4228] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 66.483171][ T4228] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 66.508167][ T4228] bridge0: port 2(bridge_slave_1) entered blocking state
[ 66.515429][ T4228] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 66.523787][ T4228] bridge0: port 1(bridge_slave_0) entered blocking state
[ 66.530923][ T4228] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 66.616054][ T4228] 8021q: adding VLAN 0 to HW filter on device bond0
[ 66.642949][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 66.668598][ T9] bridge0: port 1(bridge_slave_0) entered disabled state
[ 66.684500][ T9] bridge0: port 2(bridge_slave_1) entered disabled state
[ 66.703113][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 66.731577][ T4228] 8021q: adding VLAN 0 to HW filter on device team0
[ 66.743624][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 66.753232][ T144] bridge0: port 1(bridge_slave_0) entered blocking state
[ 66.760430][ T144] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 66.773307][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 66.781823][ T144] bridge0: port 2(bridge_slave_1) entered blocking state
[ 66.788983][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 66.808091][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 66.818401][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 66.829587][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 66.842500][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 66.854179][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 66.935035][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 66.943015][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 66.956770][ T4228] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 66.985104][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 66.994198][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 67.017702][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 67.027009][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 67.037502][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 67.045910][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 67.056387][ T4228] device veth0_vlan entered promiscuous mode
[ 67.080570][ T4228] device veth1_vlan entered promiscuous mode
[ 67.102836][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 67.112538][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 67.122483][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 67.131810][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 67.143325][ T4228] device veth0_macvtap entered promiscuous mode
[ 67.164431][ T4228] device veth1_macvtap entered promiscuous mode
[ 67.180683][ T4228] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 67.188384][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 67.197358][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 67.206514][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 67.215872][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 67.227873][ T4228] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 67.236892][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 67.245782][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 67.257979][ T4228] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 67.267678][ T4228] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 67.276789][ T4228] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 67.287028][ T4228] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 67.393648][ T4228] syz-executor (4228) used greatest stack depth: 20864 bytes left
2025/09/28 18:54:51 executed programs: 0
[ 68.945351][ T4293] chnl_net:caif_netlink_parms(): no params data found
[ 69.005683][ T4293] bridge0: port 1(bridge_slave_0) entered blocking state
[ 69.013410][ T4293] bridge0: port 1(bridge_slave_0) entered disabled state
[ 69.022155][ T4293] device bridge_slave_0 entered promiscuous mode
[ 69.034018][ T4293] bridge0: port 2(bridge_slave_1) entered blocking state
[ 69.041347][ T4293] bridge0: port 2(bridge_slave_1) entered disabled state
[ 69.049688][ T4293] device bridge_slave_1 entered promiscuous mode
[ 69.095135][ T4293] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 69.107512][ T4293] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 69.137897][ T4293] team0: Port device team_slave_0 added
[ 69.147222][ T4293] team0: Port device team_slave_1 added
[ 69.178794][ T4293] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 69.186620][ T4293] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 69.213026][ T4293] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 69.225950][ T4293] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 69.233093][ T4293] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 69.259900][ T4293] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 69.293592][ T4293] device hsr_slave_0 entered promiscuous mode
[ 69.300498][ T4293] device hsr_slave_1 entered promiscuous mode
[ 69.307164][ T4293] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 69.315367][ T4293] Cannot create hsr debugfs directory
[ 69.403075][ T4293] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 70.841491][ T4221] Bluetooth: hci0: command 0x0409 tx timeout
[ 71.404886][ T1427] ieee802154 phy0 wpan0: encryption failed: -22
[ 71.411515][ T1427] ieee802154 phy1 wpan1: encryption failed: -22
[ 72.397161][ T4293] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 72.434903][ T4293] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 72.502442][ T4293] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 72.626964][ T4293] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 72.636794][ T4293] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 72.659035][ T4293] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 72.668038][ T4293] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 72.750948][ T4293] 8021q: adding VLAN 0 to HW filter on device bond0
[ 72.762551][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 72.771923][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 72.782637][ T4293] 8021q: adding VLAN 0 to HW filter on device team0
[ 72.793477][ T3061] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 72.802555][ T3061] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 72.811646][ T3061] bridge0: port 1(bridge_slave_0) entered blocking state
[ 72.818795][ T3061] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 72.827176][ T3061] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 72.851648][ T3061] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 72.862270][ T3061] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 72.871293][ T3061] bridge0: port 2(bridge_slave_1) entered blocking state
[ 72.878427][ T3061] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 72.890750][ T3061] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 72.917621][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 72.925918][ T13] Bluetooth: hci0: command 0x041b tx timeout
[ 72.938437][ T4293] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 72.949094][ T4293] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 72.962516][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 72.971826][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 72.981533][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 72.990601][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 72.999021][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 73.007844][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 73.016398][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 73.024893][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 73.033476][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 73.041764][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 73.062603][ T1182] device hsr_slave_0 left promiscuous mode
[ 73.069337][ T1182] device hsr_slave_1 left promiscuous mode
[ 73.076200][ T1182] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 73.086380][ T1182] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 73.095607][ T1182] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 73.106559][ T1182] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 73.115217][ T1182] device bridge_slave_1 left promiscuous mode
[ 73.123166][ T1182] bridge0: port 2(bridge_slave_1) entered disabled state
[ 73.135507][ T1182] device bridge_slave_0 left promiscuous mode
[ 73.141995][ T1182] bridge0: port 1(bridge_slave_0) entered disabled state
[ 73.158697][ T1182] device veth1_macvtap left promiscuous mode
[ 73.165665][ T1182] device veth0_macvtap left promiscuous mode
[ 73.172505][ T1182] device veth1_vlan left promiscuous mode
[ 73.178409][ T1182] device veth0_vlan left promiscuous mode
[ 73.326385][ T1182] team0 (unregistering): Port device team_slave_1 removed
[ 73.339494][ T1182] team0 (unregistering): Port device team_slave_0 removed
[ 73.354228][ T1182] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 73.367649][ T1182] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 73.425867][ T1182] bond0 (unregistering): Released all slaves
[ 73.539386][ T3061] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 73.547238][ T3061] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 73.558325][ T4293] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 73.581296][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 73.591592][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 73.608947][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 73.617919][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 73.627714][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 73.636095][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 73.647120][ T4293] device veth0_vlan entered promiscuous mode
[ 73.664531][ T4293] device veth1_vlan entered promiscuous mode
[ 73.685417][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 73.694174][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 73.703582][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 73.712488][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 73.722902][ T4293] device veth0_macvtap entered promiscuous mode
[ 73.742207][ T4293] device veth1_macvtap entered promiscuous mode
[ 73.759695][ T4293] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 73.767893][ T3061] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 73.777436][ T3061] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 73.785885][ T3061] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 73.794698][ T3061] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 73.807247][ T4293] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 73.818260][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 73.827255][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 73.837700][ T4293] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 73.847348][ T4293] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 73.856364][ T4293] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 73.865481][ T4293] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 73.933883][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 73.948415][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 73.973281][ T3061] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 73.982296][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 73.991649][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 74.003004][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 74.332962][ T4321] loop0: detected capacity change from 0 to 32768
[ 74.358873][ T4321]
[ 74.358873][ T4321] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 74.358873][ T4321]
[ 74.401403][ T4321] read_mapping_page failed!
[ 74.406301][ T4321] ERROR: (device loop0): txCommit:
[ 74.406301][ T4321]
[ 74.417571][ T4321] read_mapping_page failed!
[ 74.422622][ T4321] ERROR: (device loop0): txCommit:
[ 74.422622][ T4321]
[ 74.435393][ T4321] ==================================================================
[ 74.443757][ T4321] BUG: KASAN: slab-out-of-bounds in dtInsertEntry+0xd74/0x1270
[ 74.451339][ T4321] Read of size 4 at addr ffff88805de9404c by task syz.0.17/4321
[ 74.458991][ T4321]
[ 74.461342][ T4321] CPU: 1 PID: 4321 Comm: syz.0.17 Not tainted syzkaller #0
[ 74.468562][ T4321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 74.478632][ T4321] Call Trace:
[ 74.481923][ T4321]
[ 74.484869][ T4321] dump_stack_lvl+0x168/0x230
[ 74.489674][ T4321] ? show_regs_print_info+0x20/0x20
[ 74.494996][ T4321] ? _printk+0xcc/0x110
[ 74.499186][ T4321] ? load_image+0x3b0/0x3b0
[ 74.503704][ T4321] ? _raw_spin_lock_irqsave+0xb0/0xf0
[ 74.509116][ T4321] print_address_description+0x60/0x2d0
[ 74.514787][ T4321] ? dtInsertEntry+0xd74/0x1270
[ 74.519743][ T4321] kasan_report+0xdf/0x130
[ 74.524265][ T4321] ? dtInsertEntry+0xd74/0x1270
[ 74.529317][ T4321] dtInsertEntry+0xd74/0x1270
[ 74.534057][ T4321] dtSplitPage+0x24f7/0x31d0
[ 74.538748][ T4321] dtInsert+0xfb2/0x57a0
[ 74.543035][ T4321] ? lockdep_hardirqs_on+0x94/0x140
[ 74.548299][ T4321] ? __lock_acquire+0x7c60/0x7c60
[ 74.553357][ T4321] ? do_raw_spin_lock+0x11d/0x280
[ 74.558509][ T4321] ? UniStrupr+0x2e0/0x2e0
[ 74.563565][ T4321] ? __rwlock_init+0x140/0x140
[ 74.568364][ T4321] ? txLock+0xcb1/0x1b10
[ 74.572732][ T4321] ? dtInitRoot+0x226/0x660
[ 74.577381][ T4321] jfs_mkdir+0x6e5/0xa70
[ 74.581739][ T4321] ? jfs_symlink+0xe60/0xe60
[ 74.586457][ T4321] ? make_kgid+0x640/0x640
[ 74.590987][ T4321] ? apparmor_path_mkdir+0x1a3/0x220
[ 74.596386][ T4321] ? generic_permission+0x230/0x510
[ 74.601621][ T4321] ? inode_permission+0xef/0x480
[ 74.606586][ T4321] ? bpf_lsm_inode_mkdir+0x5/0x10
[ 74.611784][ T4321] ? security_inode_mkdir+0xb3/0x100
[ 74.617213][ T4321] vfs_mkdir+0x387/0x570
[ 74.621698][ T4321] do_mkdirat+0x1d7/0x5a0
[ 74.626054][ T4321] ? vfs_mkdir+0x570/0x570
[ 74.630677][ T4321] ? getname_flags+0x1fe/0x500
[ 74.635462][ T4321] __x64_sys_mkdirat+0x85/0x90
[ 74.640241][ T4321] do_syscall_64+0x4c/0xa0
[ 74.644677][ T4321] ? clear_bhb_loop+0x30/0x80
[ 74.649383][ T4321] ? clear_bhb_loop+0x30/0x80
[ 74.654074][ T4321] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 74.659983][ T4321] RIP: 0033:0x7fdd3cd49617
[ 74.664413][ T4321] Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 02 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 74.684046][ T4321] RSP: 002b:00007ffd813db458 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[ 74.692745][ T4321] RAX: ffffffffffffffda RBX: 00007ffd813db4e0 RCX: 00007fdd3cd49617
[ 74.700737][ T4321] RDX: 00000000000001ff RSI: 0000200000000040 RDI: 00000000ffffff9c
[ 74.708729][ T4321] RBP: 00002000000002c0 R08: 00002000000000c0 R09: 0000000000000000
[ 74.716717][ T4321] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000200000000040
[ 74.724698][ T4321] R13: 00007ffd813db4a0 R14: 0000000000000000 R15: 0000000000000000
[ 74.732697][ T4321]
[ 74.735728][ T4321]
[ 74.738061][ T4321] Allocated by task 4321:
[ 74.742394][ T4321] __kasan_slab_alloc+0x9c/0xd0
[ 74.747264][ T4321] slab_post_alloc_hook+0x4c/0x380
[ 74.752394][ T4321] kmem_cache_alloc+0x100/0x290
[ 74.757254][ T4321] jfs_alloc_inode+0x17/0x50
[ 74.761961][ T4321] iget_locked+0x191/0x820
[ 74.766536][ T4321] jfs_iget+0x20/0x3c0
[ 74.770620][ T4321] jfs_lookup+0x1c2/0x380
[ 74.774967][ T4321] __lookup_slow+0x27d/0x3d0
[ 74.779655][ T4321] lookup_slow+0x53/0x70
[ 74.783914][ T4321] walk_component+0x319/0x460
[ 74.788606][ T4321] path_lookupat+0x169/0x440
[ 74.793211][ T4321] filename_lookup+0x1e2/0x4f0
[ 74.798438][ T4321] user_path_at_empty+0x40/0x190
[ 74.803484][ T4321] __se_sys_chdir+0x91/0x280
[ 74.808177][ T4321] do_syscall_64+0x4c/0xa0
[ 74.812611][ T4321] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 74.818518][ T4321]
[ 74.820846][ T4321] The buggy address belongs to the object at ffff88805de93780
[ 74.820846][ T4321] which belongs to the cache jfs_ip of size 2240
[ 74.834563][ T4321] The buggy address is located 12 bytes to the right of
[ 74.834563][ T4321] 2240-byte region [ffff88805de93780, ffff88805de94040)
[ 74.848380][ T4321] The buggy address belongs to the page:
[ 74.854024][ T4321] page:ffffea000177a400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5de90
[ 74.864288][ T4321] head:ffffea000177a400 order:3 compound_mapcount:0 compound_pincount:0
[ 74.872640][ T4321] memcg:ffff88802b09f501
[ 74.876901][ T4321] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 74.884909][ T4321] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff88801cf4db40
[ 74.893513][ T4321] raw: 0000000000000000 00000000800d000d 00000001ffffffff ffff88802b09f501
[ 74.902103][ T4321] page dumped because: kasan: bad access detected
[ 74.908539][ T4321] page_owner tracks the page as allocated
[ 74.914362][ T4321] page last allocated via order 3, migratetype Reclaimable, gfp_mask 0x1d2050(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 4321, ts 74344959233, free_ts 17437079409
[ 74.936486][ T4321] get_page_from_freelist+0x1b77/0x1c60
[ 74.942073][ T4321] __alloc_pages+0x1e1/0x470
[ 74.946786][ T4321] new_slab+0xc0/0x4b0
[ 74.950960][ T4321] ___slab_alloc+0x81e/0xdf0
[ 74.955721][ T4321] kmem_cache_alloc+0x195/0x290
[ 74.960655][ T4321] jfs_alloc_inode+0x17/0x50
[ 74.965244][ T4321] new_inode_pseudo+0x5f/0x210
[ 74.970006][ T4321] new_inode+0x25/0x1c0
[ 74.974162][ T4321] jfs_fill_super+0x392/0xaf0
[ 74.978834][ T4321] mount_bdev+0x287/0x3c0
[ 74.983160][ T4321] legacy_get_tree+0xe6/0x180
[ 74.987841][ T4321] vfs_get_tree+0x88/0x270
[ 74.992258][ T4321] do_new_mount+0x24a/0xa40
[ 74.996759][ T4321] __se_sys_mount+0x2d6/0x3c0
[ 75.001435][ T4321] do_syscall_64+0x4c/0xa0
[ 75.005849][ T4321] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 75.011743][ T4321] page last free stack trace:
[ 75.016939][ T4321] free_unref_page_prepare+0x637/0x6c0
[ 75.022396][ T4321] free_unref_page+0x94/0x280
[ 75.027091][ T4321] free_contig_range+0x96/0xf0
[ 75.031879][ T4321] destroy_args+0x100/0xa20
[ 75.036390][ T4321] debug_vm_pgtable+0x318/0x370
[ 75.041260][ T4321] do_one_initcall+0x1ee/0x680
[ 75.046025][ T4321] do_initcall_level+0x137/0x1f0
[ 75.050969][ T4321] do_initcalls+0x4b/0x90
[ 75.055572][ T4321] kernel_init_freeable+0x3ce/0x560
[ 75.060764][ T4321] kernel_init+0x19/0x1b0
[ 75.065195][ T4321] ret_from_fork+0x1f/0x30
[ 75.069697][ T4321]
[ 75.072039][ T4321] Memory state around the buggy address:
[ 75.077672][ T4321] ffff88805de93f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 75.085835][ T4321] ffff88805de93f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 75.093987][ T4321] >ffff88805de94000: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[ 75.102137][ T4321] ^
[ 75.108632][ T4321] ffff88805de94080: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[ 75.116688][ T4321] ffff88805de94100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 75.124742][ T4321] ==================================================================
[ 75.137914][ T4321] Disabling lock debugging due to kernel taint
[ 75.147016][ T4221] Bluetooth: hci0: command 0x040f tx timeout
[ 75.155717][ T4321] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 75.162942][ T4321] CPU: 0 PID: 4321 Comm: syz.0.17 Tainted: G B syzkaller #0
[ 75.171809][ T4321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 75.182524][ T4321] Call Trace:
[ 75.185910][ T4321]
[ 75.188948][ T4321] dump_stack_lvl+0x168/0x230
[ 75.193845][ T4321] ? show_regs_print_info+0x20/0x20
[ 75.199035][ T4321] ? load_image+0x3b0/0x3b0
[ 75.203617][ T4321] panic+0x2c9/0x7f0
[ 75.207590][ T4321] ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 75.213740][ T4321] ? bpf_jit_dump+0xd0/0xd0
[ 75.218231][ T4321] ? _raw_spin_unlock_irqrestore+0xf6/0x100
[ 75.224213][ T4321] ? _raw_spin_unlock+0x40/0x40
[ 75.229053][ T4321] ? dtInsertEntry+0xd74/0x1270
[ 75.233899][ T4321] check_panic_on_warn+0x80/0xa0
[ 75.238825][ T4321] ? dtInsertEntry+0xd74/0x1270
[ 75.243753][ T4321] end_report+0x6d/0xf0
[ 75.248011][ T4321] kasan_report+0x102/0x130
[ 75.252597][ T4321] ? dtInsertEntry+0xd74/0x1270
[ 75.257436][ T4321] dtInsertEntry+0xd74/0x1270
[ 75.262111][ T4321] dtSplitPage+0x24f7/0x31d0
[ 75.266787][ T4321] dtInsert+0xfb2/0x57a0
[ 75.271277][ T4321] ? lockdep_hardirqs_on+0x94/0x140
[ 75.276464][ T4321] ? __lock_acquire+0x7c60/0x7c60
[ 75.281477][ T4321] ? do_raw_spin_lock+0x11d/0x280
[ 75.286578][ T4321] ? UniStrupr+0x2e0/0x2e0
[ 75.291067][ T4321] ? __rwlock_init+0x140/0x140
[ 75.295823][ T4321] ? txLock+0xcb1/0x1b10
[ 75.300053][ T4321] ? dtInitRoot+0x226/0x660
[ 75.304716][ T4321] jfs_mkdir+0x6e5/0xa70
[ 75.308951][ T4321] ? jfs_symlink+0xe60/0xe60
[ 75.313550][ T4321] ? make_kgid+0x640/0x640
[ 75.317979][ T4321] ? apparmor_path_mkdir+0x1a3/0x220
[ 75.323345][ T4321] ? generic_permission+0x230/0x510
[ 75.328559][ T4321] ? inode_permission+0xef/0x480
[ 75.333607][ T4321] ? bpf_lsm_inode_mkdir+0x5/0x10
[ 75.338641][ T4321] ? security_inode_mkdir+0xb3/0x100
[ 75.344097][ T4321] vfs_mkdir+0x387/0x570
[ 75.348344][ T4321] do_mkdirat+0x1d7/0x5a0
[ 75.352771][ T4321] ? vfs_mkdir+0x570/0x570
[ 75.357180][ T4321] ? getname_flags+0x1fe/0x500
[ 75.362046][ T4321] __x64_sys_mkdirat+0x85/0x90
[ 75.366828][ T4321] do_syscall_64+0x4c/0xa0
[ 75.371253][ T4321] ? clear_bhb_loop+0x30/0x80
[ 75.376017][ T4321] ? clear_bhb_loop+0x30/0x80
[ 75.380689][ T4321] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 75.386767][ T4321] RIP: 0033:0x7fdd3cd49617
[ 75.391279][ T4321] Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 02 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 75.410991][ T4321] RSP: 002b:00007ffd813db458 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[ 75.419402][ T4321] RAX: ffffffffffffffda RBX: 00007ffd813db4e0 RCX: 00007fdd3cd49617
[ 75.427380][ T4321] RDX: 00000000000001ff RSI: 0000200000000040 RDI: 00000000ffffff9c
[ 75.435348][ T4321] RBP: 00002000000002c0 R08: 00002000000000c0 R09: 0000000000000000
[ 75.443311][ T4321] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000200000000040
[ 75.451338][ T4321] R13: 00007ffd813db4a0 R14: 0000000000000000 R15: 0000000000000000
[ 75.459302][ T4321]
[ 75.462589][ T4321] Kernel Offset: disabled
[ 75.466906][ T4321] Rebooting in 86400 seconds..