Warning: Permanently added '10.128.1.23' (ED25519) to the list of known hosts.
2026/01/13 11:33:29 parsed 1 programs
[   91.821478][ T5773] cgroup: Unknown subsys name 'net'
[   91.962846][ T5773] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   92.403952][    T9] cfg80211: failed to load regulatory.db
[   93.754542][ T5773] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   96.680144][ T5807] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   96.689654][ T5807] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   96.698196][ T5807] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   96.707057][ T5807] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   96.723158][ T5807] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   96.731337][ T5807] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   97.123639][   T66] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.131731][   T66] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.178081][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.188236][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   98.651588][ T5829] chnl_net:caif_netlink_parms(): no params data found
[   98.746238][ T5829] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.754282][ T5829] bridge0: port 1(bridge_slave_0) entered disabled state
[   98.761801][ T5829] bridge_slave_0: entered allmulticast mode
[   98.770415][ T5829] bridge_slave_0: entered promiscuous mode
[   98.780690][ T5829] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.789046][ T5829] bridge0: port 2(bridge_slave_1) entered disabled state
[   98.796496][ T5829] bridge_slave_1: entered allmulticast mode
[   98.806707][ T5829] bridge_slave_1: entered promiscuous mode
[   98.860790][ T5829] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   98.876524][ T5829] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   98.912865][ T5829] team0: Port device team_slave_0 added
[   98.924007][ T5829] team0: Port device team_slave_1 added
[   98.958785][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_0
[   98.965962][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   98.996029][ T5829] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   99.015536][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_1
[   99.022627][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   99.049035][ T5829] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   99.102700][ T5829] hsr_slave_0: entered promiscuous mode
[   99.109277][ T5829] hsr_slave_1: entered promiscuous mode
[   99.284688][ T5829] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   99.304948][ T5829] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   99.316424][ T5829] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   99.327519][ T5829] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   99.371378][ T5829] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.378743][ T5829] bridge0: port 2(bridge_slave_1) entered forwarding state
[   99.387264][ T5829] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.394730][ T5829] bridge0: port 1(bridge_slave_0) entered forwarding state
[   99.427240][ T2964] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.439993][ T2964] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.497068][ T5829] 8021q: adding VLAN 0 to HW filter on device bond0
[   99.531673][ T5829] 8021q: adding VLAN 0 to HW filter on device team0
[   99.545983][ T2964] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.553215][ T2964] bridge0: port 1(bridge_slave_0) entered forwarding state
[   99.569153][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.576394][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[   99.840674][ T5829] 8021q: adding VLAN 0 to HW filter on device batadv0
[   99.887107][ T5829] veth0_vlan: entered promiscuous mode
[   99.901126][ T5829] veth1_vlan: entered promiscuous mode
[   99.934130][ T5829] veth0_macvtap: entered promiscuous mode
[   99.944974][ T5829] veth1_macvtap: entered promiscuous mode
[   99.968202][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_0
[   99.985011][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_1
[   99.999745][ T5829] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  100.009036][ T5829] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  100.019512][ T5829] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  100.028899][ T5829] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  100.168548][ T5829] syz-executor (5829) used greatest stack depth: 20840 bytes left
[  100.213796][   T66] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2026/01/13 11:33:41 executed programs: 0
[  102.214735][ T5807] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  102.227191][ T5807] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  102.236427][ T5807] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  102.262567][ T5807] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  102.271786][ T5807] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  102.279661][ T5807] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  102.576708][ T5882] chnl_net:caif_netlink_parms(): no params data found
[  102.699369][ T5882] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.707609][ T5882] bridge0: port 1(bridge_slave_0) entered disabled state
[  102.715821][ T5882] bridge_slave_0: entered allmulticast mode
[  102.724433][ T5882] bridge_slave_0: entered promiscuous mode
[  102.733797][ T5882] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.741447][ T5882] bridge0: port 2(bridge_slave_1) entered disabled state
[  102.749435][ T5882] bridge_slave_1: entered allmulticast mode
[  102.757055][ T5882] bridge_slave_1: entered promiscuous mode
[  102.792890][ T5882] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  102.805128][ T5882] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  102.843827][ T5882] team0: Port device team_slave_0 added
[  102.853448][ T5882] team0: Port device team_slave_1 added
[  102.887840][ T5882] batman_adv: batadv0: Adding interface: batadv_slave_0
[  102.896266][ T5882] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  102.922738][ T5882] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  102.935302][ T5882] batman_adv: batadv0: Adding interface: batadv_slave_1
[  102.943765][ T5882] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  102.970269][ T5882] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  103.031567][   T66] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  103.051135][ T5882] hsr_slave_0: entered promiscuous mode
[  103.058848][ T5882] hsr_slave_1: entered promiscuous mode
[  103.066121][ T5882] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  103.074356][ T5882] Cannot create hsr debugfs directory
[  104.303103][ T5083] Bluetooth: hci0: command tx timeout
[  105.108471][   T66] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  105.192245][   T66] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  106.115999][ T5882] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  106.127300][ T5882] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  106.140702][ T5882] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  106.151766][ T5882] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  106.177365][   T66] hsr_slave_0: left promiscuous mode
[  106.188102][   T66] hsr_slave_1: left promiscuous mode
[  106.198415][   T66] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  106.207009][   T66] batman_adv: batadv0: Removing interface: batadv_slave_0
[  106.218622][   T66] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  106.228598][   T66] batman_adv: batadv0: Removing interface: batadv_slave_1
[  106.239209][   T66] bridge_slave_1: left allmulticast mode
[  106.245548][   T66] bridge_slave_1: left promiscuous mode
[  106.252452][   T66] bridge0: port 2(bridge_slave_1) entered disabled state
[  106.270000][   T66] bridge_slave_0: left allmulticast mode
[  106.277048][   T66] bridge_slave_0: left promiscuous mode
[  106.286033][   T66] bridge0: port 1(bridge_slave_0) entered disabled state
[  106.323548][   T66] veth1_macvtap: left promiscuous mode
[  106.329684][   T66] veth0_macvtap: left promiscuous mode
[  106.342461][   T66] veth1_vlan: left promiscuous mode
[  106.348169][   T66] veth0_vlan: left promiscuous mode
[  106.386609][ T5083] Bluetooth: hci0: command tx timeout
[  106.884412][   T66] team0 (unregistering): Port device team_slave_1 removed
[  106.923354][   T66] team0 (unregistering): Port device team_slave_0 removed
[  106.958446][   T66] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  106.998745][   T66] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  107.383751][   T66] bond0 (unregistering): Released all slaves
[  107.540084][ T5882] 8021q: adding VLAN 0 to HW filter on device bond0
[  107.568246][ T5882] 8021q: adding VLAN 0 to HW filter on device team0
[  107.587704][ T2964] bridge0: port 1(bridge_slave_0) entered blocking state
[  107.595117][ T2964] bridge0: port 1(bridge_slave_0) entered forwarding state
[  107.626750][ T2964] bridge0: port 2(bridge_slave_1) entered blocking state
[  107.634286][ T2964] bridge0: port 2(bridge_slave_1) entered forwarding state
[  107.911158][ T5882] 8021q: adding VLAN 0 to HW filter on device batadv0
[  108.024031][ T5882] veth0_vlan: entered promiscuous mode
[  108.043705][ T5882] veth1_vlan: entered promiscuous mode
[  108.098427][ T5882] veth0_macvtap: entered promiscuous mode
[  108.109290][ T5882] veth1_macvtap: entered promiscuous mode
[  108.131083][ T5882] batman_adv: batadv0: Interface activated: batadv_slave_0
[  108.149877][ T5882] batman_adv: batadv0: Interface activated: batadv_slave_1
[  108.165586][ T5882] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  108.175197][ T5882] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  108.184520][ T5882] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  108.193703][ T5882] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  108.289767][ T1318] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.305478][ T1318] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  108.356261][ T2955] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.364274][ T2955] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2026/01/13 11:33:48 executed programs: 2
[  108.462348][ T5083] Bluetooth: hci0: command tx timeout
[  108.477721][ T5928] syz.0.17[5928]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[  108.833888][ T5928] loop0: detected capacity change from 0 to 40427
[  108.859690][ T5928] F2FS-fs (loop0): build fault injection attr: rate: 6, type: 0x7ffff
[  108.871260][ T5928] F2FS-fs (loop0): inline encryption not supported
[  108.879551][ T5928] F2FS-fs (loop0): build fault injection attr: rate: 0, type: 0x77fd1
[  108.903853][ T5928] F2FS-fs (loop0): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_submit_page_bio+0x134/0x650
[  108.936745][ T5928] F2FS-fs (loop0): invalid crc value
[  108.946583][ T5928] F2FS-fs (loop0): Failed to get valid F2FS checkpoint
[  109.487041][ T5929] loop0: detected capacity change from 0 to 40427
[  109.497991][ T5929] F2FS-fs (loop0): build fault injection attr: rate: 6, type: 0x7ffff
[  109.507075][ T5929] F2FS-fs (loop0): inline encryption not supported
[  109.515502][ T5929] F2FS-fs (loop0): build fault injection attr: rate: 0, type: 0x77fd1
[  109.526002][ T5929] F2FS-fs (loop0): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_submit_page_bio+0x134/0x650
[  109.538957][ T5929] F2FS-fs (loop0): invalid crc value
[  109.546314][ T5929] F2FS-fs (loop0): Failed to get valid F2FS checkpoint
[  109.943225][ T5930] loop0: detected capacity change from 0 to 40427
[  109.958058][ T5930] F2FS-fs (loop0): build fault injection attr: rate: 6, type: 0x7ffff
[  109.966456][ T5930] F2FS-fs (loop0): inline encryption not supported
[  109.974698][ T5930] F2FS-fs (loop0): build fault injection attr: rate: 0, type: 0x77fd1
[  109.988110][ T5930] F2FS-fs (loop0): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_submit_page_bio+0x134/0x650
[  110.002347][ T5930] F2FS-fs (loop0): invalid crc value
[  110.007768][ T5930] F2FS-fs (loop0): Failed to get valid F2FS checkpoint
[  110.409261][ T5931] loop0: detected capacity change from 0 to 40427
[  110.425955][ T5931] F2FS-fs (loop0): build fault injection attr: rate: 6, type: 0x7ffff
[  110.435932][ T5931] F2FS-fs (loop0): inline encryption not supported
[  110.442835][ T5931] F2FS-fs (loop0): build fault injection attr: rate: 0, type: 0x77fd1
[  110.452533][ T5931] F2FS-fs (loop0): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_submit_page_bio+0x134/0x650
[  110.466108][ T5931] F2FS-fs (loop0): invalid crc value
[  110.471465][ T5931] F2FS-fs (loop0): Failed to get valid F2FS checkpoint
[  110.545078][ T5083] Bluetooth: hci0: command tx timeout
[  110.864394][ T5932] loop0: detected capacity change from 0 to 40427
[  110.873340][ T5932] F2FS-fs (loop0): build fault injection attr: rate: 6, type: 0x7ffff
[  110.881696][ T5932] F2FS-fs (loop0): inline encryption not supported
[  110.892935][ T5932] F2FS-fs (loop0): build fault injection attr: rate: 0, type: 0x77fd1
[  110.902668][ T5932] F2FS-fs (loop0): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_submit_page_bio+0x134/0x650
[  110.921722][ T5932] F2FS-fs (loop0): invalid crc value
[  110.927802][ T5932] F2FS-fs (loop0): Failed to get valid F2FS checkpoint
[  111.324892][ T5933] loop0: detected capacity change from 0 to 40427
[  111.342659][ T5933] F2FS-fs (loop0): build fault injection attr: rate: 6, type: 0x7ffff
[  111.351071][ T5933] F2FS-fs (loop0): inline encryption not supported
[  111.363608][ T5933] F2FS-fs (loop0): build fault injection attr: rate: 0, type: 0x77fd1
[  111.372885][ T5933] F2FS-fs (loop0): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_submit_page_bio+0x134/0x650
[  111.385675][ T5933] F2FS-fs (loop0): invalid crc value
[  111.391295][ T5933] F2FS-fs (loop0): Failed to get valid F2FS checkpoint
[  111.774666][ T5934] loop0: detected capacity change from 0 to 40427
[  111.792205][ T5934] F2FS-fs (loop0): build fault injection attr: rate: 6, type: 0x7ffff
[  111.800684][ T5934] F2FS-fs (loop0): inline encryption not supported
[  111.808791][ T5934] F2FS-fs (loop0): build fault injection attr: rate: 0, type: 0x77fd1
[  111.818279][ T5934] F2FS-fs (loop0): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_submit_page_bio+0x134/0x650
[  111.831162][ T5934] F2FS-fs (loop0): invalid crc value
[  111.837639][ T5934] F2FS-fs (loop0): Failed to get valid F2FS checkpoint
[  111.846249][ T5847] ==================================================================
[  111.854377][ T5847] BUG: KASAN: slab-use-after-free in f2fs_commit_super+0x761/0x990
[  111.862409][ T5847] Read of size 8 at addr ffff888079628000 by task kworker/1:3/5847
[  111.870311][ T5847] 
[  111.872923][ T5847] CPU: 1 PID: 5847 Comm: kworker/1:3 Not tainted syzkaller #0
[  111.880486][ T5847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  111.890751][ T5847] Workqueue: events f2fs_record_error_work
[  111.896787][ T5847] Call Trace:
[  111.900600][ T5847]  <TASK>
[  111.903560][ T5847]  dump_stack_lvl+0x16c/0x230
[  111.908463][ T5847]  ? __lock_acquire+0x7c80/0x7c80
[  111.913893][ T5847]  ? show_regs_print_info+0x20/0x20
[  111.919153][ T5847]  ? load_image+0x3b0/0x3b0
[  111.923719][ T5847]  ? __virt_addr_valid+0x469/0x540
[  111.928890][ T5847]  print_report+0xac/0x220
[  111.933382][ T5847]  ? f2fs_commit_super+0x761/0x990
[  111.938554][ T5847]  kasan_report+0x117/0x150
[  111.943126][ T5847]  ? f2fs_commit_super+0x761/0x990
[  111.948482][ T5847]  f2fs_commit_super+0x761/0x990
[  111.953515][ T5847]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  111.959624][ T5847]  ? f2fs_sanity_check_ckpt+0x2a50/0x2a50
[  111.965424][ T5847]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  111.971469][ T5847]  ? f2fs_record_error_work+0x11f/0x1d0
[  111.977095][ T5847]  f2fs_record_error_work+0x138/0x1d0
[  111.982526][ T5847]  ? process_scheduled_works+0x957/0x15b0
[  111.988285][ T5847]  process_scheduled_works+0xa45/0x15b0
[  111.993910][ T5847]  ? assign_work+0x400/0x400
[  111.998804][ T5847]  ? assign_work+0x39e/0x400
[  112.003806][ T5847]  worker_thread+0xa55/0xfc0
[  112.008472][ T5847]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  112.014417][ T5847]  ? _raw_spin_unlock+0x40/0x40
[  112.019453][ T5847]  ? _raw_spin_unlock_irqrestore+0x86/0x110
[  112.025407][ T5847]  kthread+0x2fa/0x390
[  112.029698][ T5847]  ? pr_cont_work+0x560/0x560
[  112.034515][ T5847]  ? kthread_blkcg+0xd0/0xd0
[  112.039171][ T5847]  ret_from_fork+0x48/0x80
[  112.043640][ T5847]  ? kthread_blkcg+0xd0/0xd0
[  112.048287][ T5847]  ret_from_fork_asm+0x11/0x20
[  112.053226][ T5847]  </TASK>
[  112.056280][ T5847] 
[  112.058644][ T5847] Allocated by task 5934:
[  112.063007][ T5847]  kasan_set_track+0x4e/0x70
[  112.067669][ T5847]  __kasan_kmalloc+0x8f/0xa0
[  112.072396][ T5847]  f2fs_fill_super+0xc9/0x6cc0
[  112.077224][ T5847]  mount_bdev+0x22b/0x2d0
[  112.081641][ T5847]  legacy_get_tree+0xea/0x180
[  112.086369][ T5847]  vfs_get_tree+0x8c/0x280
[  112.090857][ T5847]  do_new_mount+0x24b/0xa40
[  112.095399][ T5847]  __se_sys_mount+0x2da/0x3c0
[  112.100225][ T5847]  do_syscall_64+0x55/0xb0
[  112.104679][ T5847]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  112.110623][ T5847] 
[  112.112984][ T5847] Freed by task 5934:
[  112.116985][ T5847]  kasan_set_track+0x4e/0x70
[  112.121703][ T5847]  kasan_save_free_info+0x2e/0x50
[  112.126947][ T5847]  ____kasan_slab_free+0x126/0x1e0
[  112.132089][ T5847]  slab_free_freelist_hook+0x130/0x1b0
[  112.137568][ T5847]  __kmem_cache_free+0xba/0x1f0
[  112.142490][ T5847]  f2fs_fill_super+0x3dad/0x6cc0
[  112.147463][ T5847]  mount_bdev+0x22b/0x2d0
[  112.151843][ T5847]  legacy_get_tree+0xea/0x180
[  112.156548][ T5847]  vfs_get_tree+0x8c/0x280
[  112.160989][ T5847]  do_new_mount+0x24b/0xa40
[  112.165773][ T5847]  __se_sys_mount+0x2da/0x3c0
[  112.170472][ T5847]  do_syscall_64+0x55/0xb0
[  112.174921][ T5847]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  112.180846][ T5847] 
[  112.183195][ T5847] Last potentially related work creation:
[  112.188937][ T5847]  kasan_save_stack+0x3e/0x60
[  112.193661][ T5847]  __kasan_record_aux_stack+0xaf/0xc0
[  112.199081][ T5847]  insert_work+0x3d/0x310
[  112.203609][ T5847]  __queue_work+0xc39/0x1020
[  112.208405][ T5847]  queue_work_on+0x121/0x1e0
[  112.213019][ T5847]  f2fs_submit_page_bio+0x1c3/0x650
[  112.218253][ T5847]  __get_meta_page+0x18f/0x580
[  112.223052][ T5847]  get_checkpoint_version+0x3c/0x330
[  112.228469][ T5847]  validate_checkpoint+0x153/0x250
[  112.233719][ T5847]  f2fs_get_valid_checkpoint+0x25e/0x940
[  112.239929][ T5847]  f2fs_fill_super+0x3f3d/0x6cc0
[  112.245016][ T5847]  mount_bdev+0x22b/0x2d0
[  112.249379][ T5847]  legacy_get_tree+0xea/0x180
[  112.254111][ T5847]  vfs_get_tree+0x8c/0x280
[  112.258587][ T5847]  do_new_mount+0x24b/0xa40
[  112.263124][ T5847]  __se_sys_mount+0x2da/0x3c0
[  112.267828][ T5847]  do_syscall_64+0x55/0xb0
[  112.272378][ T5847]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  112.278313][ T5847] 
[  112.280672][ T5847] The buggy address belongs to the object at ffff888079628000
[  112.280672][ T5847]  which belongs to the cache kmalloc-8k of size 8192
[  112.294760][ T5847] The buggy address is located 0 bytes inside of
[  112.294760][ T5847]  freed 8192-byte region [ffff888079628000, ffff88807962a000)
[  112.308609][ T5847] 
[  112.310958][ T5847] The buggy address belongs to the physical page:
[  112.317402][ T5847] page:ffffea0001e58a00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x79628
[  112.327580][ T5847] head:ffffea0001e58a00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  112.336650][ T5847] anon flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  112.345093][ T5847] page_type: 0xffffffff()
[  112.349449][ T5847] raw: 00fff00000000840 ffff888017842280 0000000000000000 dead000000000001
[  112.358060][ T5847] raw: 0000000000000000 0000000080020002 00000001ffffffff 0000000000000000
[  112.366757][ T5847] page dumped because: kasan: bad access detected
[  112.373238][ T5847] page_owner tracks the page as allocated
[  112.379145][ T5847] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5422, tgid 5422 (rcS), ts 57006534569, free_ts 57006162108
[  112.399231][ T5847]  post_alloc_hook+0x1cd/0x210
[  112.404109][ T5847]  get_page_from_freelist+0x195c/0x19f0
[  112.409842][ T5847]  __alloc_pages+0x1e3/0x460
[  112.414559][ T5847]  alloc_slab_page+0x5d/0x170
[  112.419319][ T5847]  new_slab+0x87/0x2e0
[  112.423451][ T5847]  ___slab_alloc+0xc6d/0x1300
[  112.428174][ T5847]  __kmem_cache_alloc_node+0x1a2/0x260
[  112.433752][ T5847]  kmalloc_trace+0x2a/0xe0
[  112.438235][ T5847]  tomoyo_init_log+0x1104/0x1f10
[  112.443391][ T5847]  tomoyo_supervisor+0x32d/0x1080
[  112.448473][ T5847]  tomoyo_env_perm+0x14a/0x1e0
[  112.453275][ T5847]  tomoyo_find_next_domain+0x1594/0x1a60
[  112.458963][ T5847]  tomoyo_bprm_check_security+0x116/0x170
[  112.464723][ T5847]  security_bprm_check+0x62/0xa0
[  112.469889][ T5847]  bprm_execve+0xa51/0x16f0
[  112.474453][ T5847]  do_execveat_common+0x51b/0x6c0
[  112.479594][ T5847] page last free stack trace:
[  112.484289][ T5847]  free_unref_page_prepare+0x7ce/0x8e0
[  112.489811][ T5847]  free_unref_page+0x32/0x2e0
[  112.494802][ T5847]  __unfreeze_partials+0x1cf/0x210
[  112.499950][ T5847]  put_cpu_partial+0x17c/0x250
[  112.504752][ T5847]  __slab_free+0x31d/0x410
[  112.509233][ T5847]  qlist_free_all+0x75/0xe0
[  112.513767][ T5847]  kasan_quarantine_reduce+0x143/0x160
[  112.519251][ T5847]  __kasan_slab_alloc+0x22/0x80
[  112.524121][ T5847]  slab_post_alloc_hook+0x6e/0x4d0
[  112.529264][ T5847]  __kmem_cache_alloc_node+0x13e/0x260
[  112.534765][ T5847]  __kmalloc+0xa4/0x240
[  112.538962][ T5847]  tomoyo_supervisor+0xb70/0x1080
[  112.544031][ T5847]  tomoyo_env_perm+0x14a/0x1e0
[  112.548834][ T5847]  tomoyo_find_next_domain+0x1594/0x1a60
[  112.554613][ T5847]  tomoyo_bprm_check_security+0x116/0x170
[  112.560457][ T5847]  security_bprm_check+0x62/0xa0
[  112.565427][ T5847] 
[  112.567774][ T5847] Memory state around the buggy address:
[  112.573428][ T5847]  ffff888079627f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  112.581693][ T5847]  ffff888079627f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  112.589776][ T5847] >ffff888079628000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  112.597964][ T5847]                    ^
[  112.602061][ T5847]  ffff888079628080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  112.610242][ T5847]  ffff888079628100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  112.618420][ T5847] ==================================================================
[  112.666074][ T5847] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  112.673441][ T5847] CPU: 1 PID: 5847 Comm: kworker/1:3 Not tainted syzkaller #0
[  112.681103][ T5847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  112.691828][ T5847] Workqueue: events f2fs_record_error_work
[  112.697803][ T5847] Call Trace:
[  112.701115][ T5847]  <TASK>
[  112.704075][ T5847]  dump_stack_lvl+0x16c/0x230
[  112.708884][ T5847]  ? show_regs_print_info+0x20/0x20
[  112.714110][ T5847]  ? load_image+0x3b0/0x3b0
[  112.718650][ T5847]  panic+0x2c0/0x710
[  112.722679][ T5847]  ? bpf_jit_dump+0xd0/0xd0
[  112.727228][ T5847]  ? _raw_spin_unlock_irqrestore+0xfa/0x110
[  112.733365][ T5847]  ? _raw_spin_unlock+0x40/0x40
[  112.738338][ T5847]  ? print_memory_metadata+0x314/0x400
[  112.743845][ T5847]  ? f2fs_commit_super+0x761/0x990
[  112.748997][ T5847]  check_panic_on_warn+0x84/0xa0
[  112.753975][ T5847]  ? f2fs_commit_super+0x761/0x990
[  112.759116][ T5847]  end_report+0x6f/0x140
[  112.763386][ T5847]  kasan_report+0x128/0x150
[  112.767915][ T5847]  ? f2fs_commit_super+0x761/0x990
[  112.773355][ T5847]  f2fs_commit_super+0x761/0x990
[  112.778511][ T5847]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  112.784633][ T5847]  ? f2fs_sanity_check_ckpt+0x2a50/0x2a50
[  112.790876][ T5847]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  112.797066][ T5847]  ? f2fs_record_error_work+0x11f/0x1d0
[  112.802823][ T5847]  f2fs_record_error_work+0x138/0x1d0
[  112.808448][ T5847]  ? process_scheduled_works+0x957/0x15b0
[  112.814311][ T5847]  process_scheduled_works+0xa45/0x15b0
[  112.820000][ T5847]  ? assign_work+0x400/0x400
[  112.824841][ T5847]  ? assign_work+0x39e/0x400
[  112.829457][ T5847]  worker_thread+0xa55/0xfc0
[  112.834081][ T5847]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  112.840433][ T5847]  ? _raw_spin_unlock+0x40/0x40
[  112.845415][ T5847]  ? _raw_spin_unlock_irqrestore+0x86/0x110
[  112.851436][ T5847]  kthread+0x2fa/0x390
[  112.855761][ T5847]  ? pr_cont_work+0x560/0x560
[  112.860481][ T5847]  ? kthread_blkcg+0xd0/0xd0
[  112.865128][ T5847]  ret_from_fork+0x48/0x80
[  112.869636][ T5847]  ? kthread_blkcg+0xd0/0xd0
[  112.874272][ T5847]  ret_from_fork_asm+0x11/0x20
[  112.879081][ T5847]  </TASK>
[  112.882694][ T5847] Kernel Offset: disabled
[  112.887031][ T5847] Rebooting in 86400 seconds..