no interfaces have a carrier
[ 50.198501][ T5260] 8021q: adding VLAN 0 to HW filter on device bond0
[ 50.207919][ T5260] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting crond: OK
Starting sshd: OK
syzkaller
syzkaller login: [ 81.558253][ T9] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.0.195' (ED25519) to the list of known hosts.
2026/05/23 13:35:03 parsed 1 programs
[ 98.216998][ T5622] cgroup: Unknown subsys name 'net'
[ 98.460046][ T5622] cgroup: Unknown subsys name 'cpuset'
[ 98.514502][ T5622] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 100.136977][ T5622] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 105.310815][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 105.310843][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 105.379968][ T149] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 105.379986][ T149] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 106.376336][ T60] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 106.386933][ T60] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 106.394133][ T60] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 106.398608][ T60] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 106.399285][ T60] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 107.517521][ T5688] bridge0: port 1(bridge_slave_0) entered blocking state
[ 107.518735][ T5688] bridge0: port 1(bridge_slave_0) entered disabled state
[ 107.518837][ T5688] bridge_slave_0: entered allmulticast mode
[ 107.520255][ T5688] bridge_slave_0: entered promiscuous mode
[ 107.532553][ T5688] bridge0: port 2(bridge_slave_1) entered blocking state
[ 107.532754][ T5688] bridge0: port 2(bridge_slave_1) entered disabled state
[ 107.532906][ T5688] bridge_slave_1: entered allmulticast mode
[ 107.544827][ T5688] bridge_slave_1: entered promiscuous mode
[ 107.586990][ T5688] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 107.589425][ T5688] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 107.641458][ T5688] team0: Port device team_slave_0 added
[ 107.644158][ T5688] team0: Port device team_slave_1 added
[ 107.681466][ T5688] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 107.681483][ T5688] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 107.681506][ T5688] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 107.685072][ T5688] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 107.685086][ T5688] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 107.685109][ T5688] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 107.778080][ T5688] hsr_slave_0: entered promiscuous mode
[ 107.778924][ T5688] hsr_slave_1: entered promiscuous mode
[ 107.992494][ T5688] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 108.040031][ T5688] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[ 108.053221][ T5688] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 108.078757][ T5688] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[ 108.079474][ T5688] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 108.132105][ T5688] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[ 108.135052][ T5688] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 108.166934][ T5688] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[ 108.216895][ T5688] bridge0: port 2(bridge_slave_1) entered blocking state
[ 108.217096][ T5688] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 108.217732][ T5688] bridge0: port 1(bridge_slave_0) entered blocking state
[ 108.217822][ T5688] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 108.319458][ T5688] 8021q: adding VLAN 0 to HW filter on device bond0
[ 108.339173][ T5688] 8021q: adding VLAN 0 to HW filter on device team0
[ 108.378505][ T149] bridge0: port 1(bridge_slave_0) entered disabled state
[ 108.414130][ T149] bridge0: port 2(bridge_slave_1) entered disabled state
[ 108.812308][ T1529] bridge0: port 1(bridge_slave_0) entered blocking state
[ 108.812411][ T1529] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 108.862771][ T1529] bridge0: port 2(bridge_slave_1) entered blocking state
[ 108.862913][ T1529] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 109.698195][ T5688] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 109.772064][ T5688] veth0_vlan: entered promiscuous mode
[ 109.786056][ T5688] veth1_vlan: entered promiscuous mode
[ 109.827818][ T5688] veth0_macvtap: entered promiscuous mode
[ 109.831164][ T5688] veth1_macvtap: entered promiscuous mode
[ 109.869503][ T5688] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 109.889072][ T5688] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 109.907021][ T149] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 109.910606][ T149] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 109.910646][ T149] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 109.910678][ T149] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 111.411795][ T3856] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2026/05/23 13:35:19 executed programs: 0
[ 111.762855][ T60] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 111.782882][ T60] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 111.787884][ T60] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 111.798165][ T60] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 111.798866][ T60] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 112.066146][ T3856] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 112.435381][ T3856] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 112.694195][ T3856] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 112.899554][ T5739] bridge0: port 1(bridge_slave_0) entered blocking state
[ 112.899670][ T5739] bridge0: port 1(bridge_slave_0) entered disabled state
[ 112.899768][ T5739] bridge_slave_0: entered allmulticast mode
[ 112.901119][ T5739] bridge_slave_0: entered promiscuous mode
[ 112.903966][ T5739] bridge0: port 2(bridge_slave_1) entered blocking state
[ 112.904147][ T5739] bridge0: port 2(bridge_slave_1) entered disabled state
[ 112.904290][ T5739] bridge_slave_1: entered allmulticast mode
[ 112.906715][ T5739] bridge_slave_1: entered promiscuous mode
[ 112.973479][ T5739] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 112.979115][ T5739] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 113.058034][ T5739] team0: Port device team_slave_0 added
[ 113.061430][ T5739] team0: Port device team_slave_1 added
[ 113.114864][ T5739] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 113.114879][ T5739] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 113.114901][ T5739] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 113.130978][ T5739] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 113.130993][ T5739] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 113.131016][ T5739] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 113.493733][ T3856] bridge_slave_1: left allmulticast mode
[ 113.493913][ T3856] bridge_slave_1: left promiscuous mode
[ 113.497856][ T3856] bridge0: port 2(bridge_slave_1) entered disabled state
[ 113.654541][ T3856] bridge_slave_0: left allmulticast mode
[ 113.654564][ T3856] bridge_slave_0: left promiscuous mode
[ 113.654715][ T3856] bridge0: port 1(bridge_slave_0) entered disabled state
[ 113.845432][ T4915] Bluetooth: hci0: command tx timeout
[ 114.604243][ T3856] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 114.684146][ T3856] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 114.709298][ T3856] bond0 (unregistering): Released all slaves
[ 115.023264][ T5739] hsr_slave_0: entered promiscuous mode
[ 115.027863][ T5739] hsr_slave_1: entered promiscuous mode
[ 115.028862][ T5739] debugfs: 'hsr0' already exists in 'hsr'
[ 115.028950][ T5739] Cannot create hsr debugfs directory
[ 115.657809][ T5260] 8021q: adding VLAN 0 to HW filter on device eth1
[ 115.933555][ T4915] Bluetooth: hci0: command tx timeout
[ 116.015166][ T3856] hsr_slave_0: left promiscuous mode
[ 116.053573][ T3856] hsr_slave_1: left promiscuous mode
[ 116.054751][ T3856] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 116.054825][ T3856] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 116.095249][ T3856] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 116.095274][ T3856] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 116.185652][ T3856] veth1_macvtap: left promiscuous mode
[ 116.185809][ T3856] veth0_macvtap: left promiscuous mode
[ 116.185968][ T3856] veth1_vlan: left promiscuous mode
[ 116.186129][ T3856] veth0_vlan: left promiscuous mode
[ 116.887321][ T3856] team0 (unregistering): Port device team_slave_1 removed
[ 116.944242][ T3856] team0 (unregistering): Port device team_slave_0 removed
[ 117.840093][ T5739] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 117.897363][ T5739] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[ 117.899014][ T5739] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 117.961312][ T5739] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[ 117.962517][ T5739] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 118.012992][ T5739] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[ 118.016015][ T4915] Bluetooth: hci0: command tx timeout
[ 118.036753][ T5739] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 118.076114][ T5739] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[ 118.239186][ T5739] 8021q: adding VLAN 0 to HW filter on device bond0
[ 118.259952][ T5739] 8021q: adding VLAN 0 to HW filter on device team0
[ 118.267549][ T142] bridge0: port 1(bridge_slave_0) entered blocking state
[ 118.268350][ T142] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 118.294608][ T149] bridge0: port 2(bridge_slave_1) entered blocking state
[ 118.294811][ T149] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 118.662095][ T5739] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 118.715241][ T5739] veth0_vlan: entered promiscuous mode
[ 118.721540][ T5739] veth1_vlan: entered promiscuous mode
[ 118.761507][ T5739] veth0_macvtap: entered promiscuous mode
[ 118.777716][ T5739] veth1_macvtap: entered promiscuous mode
[ 118.962419][ T5739] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 118.987729][ T5739] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 119.001108][ T1137] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 119.001322][ T1137] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 119.001496][ T1137] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 119.001546][ T1137] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 119.336175][ T1137] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 119.336195][ T1137] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 119.399279][ T142] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 119.399299][ T142] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2026/05/23 13:35:27 executed programs: 2
[ 119.789576][ T5834] loop0: detected capacity change from 0 to 32768
[ 119.791847][ T5834] =======================================================
[ 119.791847][ T5834] WARNING: The mand mount option has been deprecated and
[ 119.791847][ T5834] and is ignored by this kernel. Remove the mand
[ 119.791847][ T5834] option from the mount to silence this warning.
[ 119.791847][ T5834] =======================================================
[ 120.094636][ T4915] Bluetooth: hci0: command tx timeout
[ 120.666922][ T5835] loop0: detected capacity change from 0 to 32768
[ 121.226822][ T5836] loop0: detected capacity change from 0 to 32768
[ 121.808059][ T5837] loop0: detected capacity change from 0 to 32768
[ 122.816417][ T5839] loop0: detected capacity change from 0 to 32768
[ 123.369403][ T5840] loop0: detected capacity change from 0 to 32768
[ 123.912092][ T5841] loop0: detected capacity change from 0 to 32768
2026/05/23 13:35:32 executed programs: 11
[ 124.484183][ T5842] loop0: detected capacity change from 0 to 32768
[ 124.991838][ T5843] loop0: detected capacity change from 0 to 32768
[ 125.561415][ T5844] loop0: detected capacity change from 0 to 32768
[ 126.111871][ T5845] loop0: detected capacity change from 0 to 32768
[ 126.637096][ T5846] loop0: detected capacity change from 0 to 32768
[ 127.156775][ T5847] loop0: detected capacity change from 0 to 32768
[ 127.709487][ T5848] loop0: detected capacity change from 0 to 32768
[ 128.261642][ T5849] loop0: detected capacity change from 0 to 32768
[ 128.806169][ T5850] loop0: detected capacity change from 0 to 32768
[ 129.366273][ T5851] loop0: detected capacity change from 0 to 32768
[ 129.901495][ T5852] loop0: detected capacity change from 0 to 32768
2026/05/23 13:35:37 executed programs: 21
[ 130.420436][ T5853] loop0: detected capacity change from 0 to 32768
[ 130.988083][ T5854] loop0: detected capacity change from 0 to 32768
[ 131.975431][ T5856] loop0: detected capacity change from 0 to 32768
[ 132.512765][ T5857] loop0: detected capacity change from 0 to 32768
[ 132.737959][ T1334] ieee802154 phy0 wpan0: encryption failed: -22
[ 132.738054][ T1334] ieee802154 phy1 wpan1: encryption failed: -22
[ 133.482419][ T5859] loop0: detected capacity change from 0 to 32768
[ 134.047429][ T5860] loop0: detected capacity change from 0 to 32768
[ 134.547496][ T5861] loop0: detected capacity change from 0 to 32768
[ 135.132365][ T5862] loop0: detected capacity change from 0 to 32768
2026/05/23 13:35:43 executed programs: 31
[ 136.116349][ T5864] loop0: detected capacity change from 0 to 32768
[ 136.626283][ T5865] loop0: detected capacity change from 0 to 32768
[ 137.621270][ T5867] loop0: detected capacity change from 0 to 32768
[ 138.138745][ T5868] loop0: detected capacity change from 0 to 32768
[ 139.176297][ T5870] loop0: detected capacity change from 0 to 32768
[ 139.687025][ T5871] loop0: detected capacity change from 0 to 32768
[ 140.208850][ T5872] loop0: detected capacity change from 0 to 32768
2026/05/23 13:35:48 executed programs: 41
[ 140.731919][ T5873] loop0: detected capacity change from 0 to 32768
[ 141.237080][ T5874] loop0: detected capacity change from 0 to 32768
[ 141.764031][ T5875] loop0: detected capacity change from 0 to 32768
[ 142.264311][ T5876] loop0: detected capacity change from 0 to 32768
[ 142.827215][ T5877] loop0: detected capacity change from 0 to 32768
[ 143.425352][ T5878] loop0: detected capacity change from 0 to 32768
[ 144.434699][ T5880] loop0: detected capacity change from 0 to 32768
[ 144.943171][ T5881] loop0: detected capacity change from 0 to 32768
[ 145.528696][ T5882] loop0: detected capacity change from 0 to 32768
2026/05/23 13:35:53 executed programs: 51
[ 146.033121][ T5883] loop0: detected capacity change from 0 to 32768
[ 146.610569][ T5884] loop0: detected capacity change from 0 to 32768
[ 147.161886][ T5885] loop0: detected capacity change from 0 to 32768
[ 147.660748][ T5886] loop0: detected capacity change from 0 to 32768
[ 148.214319][ T5887] loop0: detected capacity change from 0 to 32768
[ 148.748685][ T5888] loop0: detected capacity change from 0 to 32768
[ 149.246573][ T5889] loop0: detected capacity change from 0 to 32768
[ 149.770015][ T5890] loop0: detected capacity change from 0 to 32768
[ 150.308421][ T5891] loop0: detected capacity change from 0 to 32768
[ 150.816265][ T5892] loop0: detected capacity change from 0 to 32768
2026/05/23 13:35:58 executed programs: 61
[ 151.372906][ T5893] loop0: detected capacity change from 0 to 32768
[ 151.922159][ T5894] loop0: detected capacity change from 0 to 32768
[ 152.437791][ T5895] loop0: detected capacity change from 0 to 32768
[ 152.970808][ T5896] loop0: detected capacity change from 0 to 32768
[ 153.496086][ T5897] loop0: detected capacity change from 0 to 32768
[ 154.040530][ T5898] loop0: detected capacity change from 0 to 32768
[ 154.582289][ T5899] loop0: detected capacity change from 0 to 32768
[ 155.109083][ T5900] loop0: detected capacity change from 0 to 32768
[ 156.118329][ T5902] loop0: detected capacity change from 0 to 32768
2026/05/23 13:36:04 executed programs: 71
[ 156.631074][ T5903] loop0: detected capacity change from 0 to 32768
[ 157.163271][ T5904] loop0: detected capacity change from 0 to 32768
[ 157.691154][ T5905] loop0: detected capacity change from 0 to 32768
[ 158.696649][ T5907] loop0: detected capacity change from 0 to 32768
[ 159.210173][ T5908] loop0: detected capacity change from 0 to 32768
[ 159.708365][ T5909] loop0: detected capacity change from 0 to 32768
[ 160.240881][ T5910] loop0: detected capacity change from 0 to 32768
[ 160.791773][ T5911] loop0: detected capacity change from 0 to 32768
2026/05/23 13:36:09 executed programs: 81
[ 161.277096][ T5912] loop0: detected capacity change from 0 to 32768
[ 161.822824][ T5913] loop0: detected capacity change from 0 to 32768
[ 162.366277][ T5914] loop0: detected capacity change from 0 to 32768
[ 162.868358][ T5915] loop0: detected capacity change from 0 to 32768
[ 163.409318][ T5916] loop0: detected capacity change from 0 to 32768
[ 163.937686][ T5917] loop0: detected capacity change from 0 to 32768
[ 164.405653][ T5918] loop0: detected capacity change from 0 to 32768
[ 164.951300][ T5919] loop0: detected capacity change from 0 to 32768
[ 165.486865][ T5920] loop0: detected capacity change from 0 to 32768
[ 165.976579][ T5921] loop0: detected capacity change from 0 to 32768
[ 166.499289][ T5922] loop0: detected capacity change from 0 to 32768
2026/05/23 13:36:14 executed programs: 91
[ 167.531273][ T5924] loop0: detected capacity change from 0 to 32768
[ 168.060581][ T5925] loop0: detected capacity change from 0 to 32768
[ 168.594468][ T5926] loop0: detected capacity change from 0 to 32768
[ 169.148657][ T5927] loop0: detected capacity change from 0 to 32768
[ 169.695537][ T5928] loop0: detected capacity change from 0 to 32768
[ 169.742642][ C0] =========================================================[ 169.742642][ C0] ==================================================================
[ 169.742658][ C0] BUG: KASAN: slab-use-after-free in lbmIODone+0x1312/0x16c0
[ 169.742698][ C0] Read of size 4 at addr ffff88802b175408 by task ksoftirqd/0/15
[ 169.742715][ C0]
[ 169.742740][ C0] CPU: 0 UID: 0 PID: 15 Comm: ksoftirqd/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)}
[ 169.742764][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 169.742782][ C0] Call Trace:
[ 169.742790][ C0]
[ 169.742798][ C0] dump_stack_lvl+0xe8/0x150
[ 169.742823][ C0] print_address_description+0x55/0x1e0
[ 169.742846][ C0] ? lbmIODone+0x1312/0x16c0
[ 169.742869][ C0] print_report+0x58/0x70
[ 169.742888][ C0] kasan_report+0x117/0x150
[ 169.742910][ C0] ? lbmIODone+0x1312/0x16c0
[ 169.742936][ C0] lbmIODone+0x1312/0x16c0
[ 169.742961][ C0] ? blkg_put+0x22/0x240
[ 169.742980][ C0] ? blkg_put+0x22/0x240
[ 169.742999][ C0] ? blkg_put+0x18d/0x240
[ 169.743018][ C0] ? bio_endio+0x989/0x9d0
[ 169.743042][ C0] blk_update_request+0x57e/0xe60
[ 169.743071][ C0] blk_mq_end_request+0x3e/0x70
[ 169.743093][ C0] blk_done_softirq+0x10a/0x160
[ 169.743123][ C0] handle_softirqs+0x1de/0x6d0
[ 169.743148][ C0] ? smpboot_thread_fn+0x4d/0xa50
[ 169.743170][ C0] run_ksoftirqd+0x52/0x180
[ 169.743192][ C0] smpboot_thread_fn+0x541/0xa50
[ 169.743214][ C0] ? smpboot_thread_fn+0x4d/0xa50
[ 169.743239][ C0] kthread+0x388/0x470
[ 169.743263][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10
[ 169.743285][ C0] ? __pfx_kthread+0x10/0x10
[ 169.743309][ C0] ret_from_fork+0x514/0xb70
[ 169.743330][ C0] ? __pfx_ret_from_fork+0x10/0x10
[ 169.743349][ C0] ? __switch_to+0xc79/0x1410
[ 169.743376][ C0] ? __pfx_kthread+0x10/0x10
[ 169.743404][ C0] ret_from_fork_asm+0x1a/0x30
[ 169.743431][ C0]
[ 169.743438][ C0]
[ 169.743448][ C0] Allocated by task 5928:
[ 169.743456][ C0] kasan_save_track+0x3e/0x80
[ 169.743473][ C0] __kasan_kmalloc+0x93/0xb0
[ 169.743490][ C0] __kmalloc_cache_noprof+0x3a6/0x690
[ 169.743508][ C0] lmLogInit+0x3e5/0x1a00
[ 169.743529][ C0] lmLogOpen+0x4e1/0xfa0
[ 169.743549][ C0] jfs_mount_rw+0xee/0x670
[ 169.743568][ C0] jfs_fill_super+0x754/0xd80
[ 169.743582][ C0] get_tree_bdev_flags+0x431/0x4f0
[ 169.743601][ C0] vfs_get_tree+0x92/0x2a0
[ 169.743619][ C0] do_new_mount+0x341/0xd30
[ 169.743643][ C0] __se_sys_mount+0x31d/0x420
[ 169.743667][ C0] do_syscall_64+0x15f/0xf80
[ 169.743690][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 169.743708][ C0]
[ 169.743712][ C0] Freed by task 5739:
[ 169.743720][ C0] kasan_save_track+0x3e/0x80
[ 169.743736][ C0] kasan_save_free_info+0x46/0x50
[ 169.743759][ C0] __kasan_slab_free+0x5c/0x80
[ 169.743776][ C0] kfree+0x1c5/0x6c0
[ 169.743791][ C0] lmLogShutdown+0x456/0x850
[ 169.743812][ C0] lmLogClose+0x28a/0x520
[ 169.743833][ C0] jfs_umount+0x2fb/0x3d0
[ 169.743852][ C0] jfs_put_super+0x8c/0x190
[ 169.743867][ C0] generic_shutdown_super+0x13d/0x2d0
[ 169.743884][ C0] kill_block_super+0x44/0x90
[ 169.743902][ C0] deactivate_locked_super+0xbc/0x130
[ 169.743918][ C0] cleanup_mnt+0x437/0x4d0
[ 169.743935][ C0] task_work_run+0x1d9/0x270
[ 169.743957][ C0] exit_to_user_mode_loop+0xf3/0x4d0
[ 169.743978][ C0] do_syscall_64+0x33e/0xf80
[ 169.744000][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 169.744017][ C0]
[ 169.744021][ C0] The buggy address belongs to the object at ffff88802b175400
[ 169.744021][ C0] which belongs to the cache kmalloc-256 of size 256
[ 169.744036][ C0] The buggy address is located 8 bytes inside of
[ 169.744036][ C0] freed 256-byte region [ffff88802b175400, ffff88802b175500)
[ 169.744055][ C0]
[ 169.744059][ C0] The buggy address belongs to the physical page:
[ 169.744073][ C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802b174a00 pfn:0x2b174
[ 169.744091][ C0] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 169.744106][ C0] flags: 0x80000000000240(workingset|head|node=0|zone=1)
[ 169.744131][ C0] page_type: f5(slab)
[ 169.744149][ C0] raw: 0080000000000240 ffff88801a010b40 ffffea0000a83710 ffff88801a00b988
[ 169.744165][ C0] raw: ffff88802b174a00 000000080010000d 00000000f5000000 0000000000000000
[ 169.744182][ C0] head: 0080000000000240 ffff88801a010b40 ffffea0000a83710 ffff88801a00b988
[ 169.744198][ C0] head: ffff88802b174a00 000000080010000d 00000000f5000000 0000000000000000
[ 169.744215][ C0] head: 0080000000000001 ffffffffffffff81 00000000ffffffff 00000000ffffffff
[ 169.744229][ C0] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000002
[ 169.744238][ C0] page dumped because: kasan: bad access detected
[ 169.744251][ C0] page_owner tracks the page as allocated
[ 169.744261][ C0] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 33, tgid 33 (kdevtmpfs), ts 10735557678, free_ts 0
[ 169.744292][ C0] post_alloc_hook+0x22d/0x280
[ 169.744311][ C0] get_page_from_freelist+0x27c8/0x2840
[ 169.744334][ C0] __alloc_frozen_pages_noprof+0x18d/0x380
[ 169.744355][ C0] allocate_slab+0x77/0x660
[ 169.744377][ C0] refill_objects+0x33c/0x3d0
[ 169.744399][ C0] __pcs_replace_empty_main+0x373/0x720
[ 169.744424][ C0] __kmalloc_noprof+0x530/0x7b0
[ 169.744442][ C0] security_inode_init_security+0x102/0x3d0
[ 169.744462][ C0] shmem_mknod+0x1fe/0x360
[ 169.744484][ C0] vfs_mknod+0x44e/0x620
[ 169.744502][ C0] devtmpfs_work_loop+0x861/0xdf0
[ 169.744524][ C0] devtmpfsd+0x4d/0x50
[ 169.744544][ C0] kthread+0x388/0x470
[ 169.744565][ C0] ret_from_fork+0x514/0xb70
[ 169.744584][ C0] ret_from_fork_asm+0x1a/0x30
[ 169.744605][ C0] page_owner free stack trace missing
[ 169.744611][ C0]
[ 169.744615][ C0] Memory state around the buggy address:
[ 169.744625][ C0] ffff88802b175300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 169.744638][ C0] ffff88802b175380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 169.744650][ C0] >ffff88802b175400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 169.744659][ C0] ^
[ 169.744668][ C0] ffff88802b175480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 169.744680][ C0] ffff88802b175500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 169.744689][ C0] ==================================================================
[ 169.750682][ C0] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 169.750700][ C0] CPU: 0 UID: 0 PID: 15 Comm: ksoftirqd/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)}
[ 169.750722][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 169.750733][ C0] Call Trace:
[ 169.750740][ C0]
[ 169.750747][ C0] vpanic+0x56c/0xa60
[ 169.750774][ C0] ? __pfx_vpanic+0x10/0x10
[ 169.750796][ C0] ? __pfx___schedule+0x10/0x10
[ 169.750822][ C0] panic+0xc5/0xd0
[ 169.750842][ C0] ? __pfx_panic+0x10/0x10
[ 169.750864][ C0] ? preempt_schedule_thunk+0x16/0x30
[ 169.750894][ C0] ? lbmIODone+0x1312/0x16c0
[ 169.750917][ C0] check_panic_on_warn+0x89/0xb0
[ 169.750942][ C0] ? lbmIODone+0x1312/0x16c0
[ 169.750965][ C0] end_report+0x73/0x170
[ 169.750984][ C0] ? lbmIODone+0x1312/0x16c0
[ 169.751006][ C0] kasan_report+0x128/0x150
[ 169.751028][ C0] ? lbmIODone+0x1312/0x16c0
[ 169.751054][ C0] lbmIODone+0x1312/0x16c0
[ 169.751077][ C0] ? blkg_put+0x22/0x240
[ 169.751096][ C0] ? blkg_put+0x22/0x240
[ 169.751121][ C0] ? blkg_put+0x18d/0x240
[ 169.751140][ C0] ? bio_endio+0x989/0x9d0
[ 169.751163][ C0] blk_update_request+0x57e/0xe60
[ 169.751194][ C0] blk_mq_end_request+0x3e/0x70
[ 169.751215][ C0] blk_done_softirq+0x10a/0x160
[ 169.751236][ C0] handle_softirqs+0x1de/0x6d0
[ 169.751260][ C0] ? smpboot_thread_fn+0x4d/0xa50
[ 169.751280][ C0] run_ksoftirqd+0x52/0x180
[ 169.751301][ C0] smpboot_thread_fn+0x541/0xa50
[ 169.751322][ C0] ? smpboot_thread_fn+0x4d/0xa50
[ 169.751347][ C0] kthread+0x388/0x470
[ 169.751369][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10
[ 169.751390][ C0] ? __pfx_kthread+0x10/0x10
[ 169.751413][ C0] ret_from_fork+0x514/0xb70
[ 169.751434][ C0] ? __pfx_ret_from_fork+0x10/0x10
[ 169.751453][ C0] ? __switch_to+0xc79/0x1410
[ 169.751480][ C0] ? __pfx_kthread+0x10/0x10
[ 169.751503][ C0] ret_from_fork_asm+0x1a/0x30
[ 169.751531][ C0]
[ 169.751869][ C0] Kernel Offset: disabled