Warning: Permanently added '10.128.1.212' (ED25519) to the list of known hosts.
2026/01/13 12:32:32 parsed 1 programs
[   91.430746][ T5776] cgroup: Unknown subsys name 'net'
[   91.548539][ T5776] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   93.424987][ T5776] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   95.500295][ T5791] chnl_net:caif_netlink_parms(): no params data found
[   95.590453][ T5791] bridge0: port 1(bridge_slave_0) entered blocking state
[   95.597729][ T5791] bridge0: port 1(bridge_slave_0) entered disabled state
[   95.607522][ T5791] bridge_slave_0: entered allmulticast mode
[   95.615086][ T5791] bridge_slave_0: entered promiscuous mode
[   95.630472][ T5791] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.637639][ T5791] bridge0: port 2(bridge_slave_1) entered disabled state
[   95.645278][ T5791] bridge_slave_1: entered allmulticast mode
[   95.652530][ T5791] bridge_slave_1: entered promiscuous mode
[   95.686973][ T5791] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   95.703354][ T5791] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   95.740892][ T5791] team0: Port device team_slave_0 added
[   95.750407][ T5791] team0: Port device team_slave_1 added
[   95.780343][ T5791] batman_adv: batadv0: Adding interface: batadv_slave_0
[   95.787493][ T5791] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   95.815600][ T5791] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   95.831916][ T5791] batman_adv: batadv0: Adding interface: batadv_slave_1
[   95.838979][ T5791] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   95.865773][ T5791] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   95.916765][ T5791] hsr_slave_0: entered promiscuous mode
[   95.923693][ T5791] hsr_slave_1: entered promiscuous mode
[   96.096266][ T5791] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   96.109010][ T5791] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   96.119757][ T5791] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   96.131261][ T5791] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   96.166936][ T5791] bridge0: port 2(bridge_slave_1) entered blocking state
[   96.174270][ T5791] bridge0: port 2(bridge_slave_1) entered forwarding state
[   96.182569][ T5791] bridge0: port 1(bridge_slave_0) entered blocking state
[   96.189829][ T5791] bridge0: port 1(bridge_slave_0) entered forwarding state
[   96.255633][ T5791] 8021q: adding VLAN 0 to HW filter on device bond0
[   96.277608][  T144] bridge0: port 1(bridge_slave_0) entered disabled state
[   96.287711][  T144] bridge0: port 2(bridge_slave_1) entered disabled state
[   96.307730][ T5791] 8021q: adding VLAN 0 to HW filter on device team0
[   96.323726][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   96.331314][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   96.346236][  T144] bridge0: port 2(bridge_slave_1) entered blocking state
[   96.353504][  T144] bridge0: port 2(bridge_slave_1) entered forwarding state
[   96.562089][ T5791] 8021q: adding VLAN 0 to HW filter on device batadv0
[   96.611727][ T5791] veth0_vlan: entered promiscuous mode
[   96.625943][ T5791] veth1_vlan: entered promiscuous mode
[   96.657707][ T5791] veth0_macvtap: entered promiscuous mode
[   96.667825][ T5791] veth1_macvtap: entered promiscuous mode
[   96.690095][ T5791] batman_adv: batadv0: Interface activated: batadv_slave_0
[   96.705784][ T5791] batman_adv: batadv0: Interface activated: batadv_slave_1
[   96.719686][ T5791] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   96.729346][ T5791] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   96.738283][ T5791] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   96.747008][ T5791] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   96.942976][  T144] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   96.970368][ T5814] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   96.978877][ T5814] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   96.986952][ T5814] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   96.999671][ T5814] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   97.007611][ T5814] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   97.015762][ T5814] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   97.694360][ T1189] cfg80211: failed to load regulatory.db
[   99.670344][  T144] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   99.912503][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.921138][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   99.962143][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.971748][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2026/01/13 12:32:44 executed programs: 0
[  100.740837][ T5814] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  100.749236][ T5814] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  100.757280][ T5814] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  100.771032][ T5814] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  100.779047][ T5814] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  100.786485][ T5814] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  100.971504][ T5881] chnl_net:caif_netlink_parms(): no params data found
[  101.053370][ T5881] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.061277][ T5881] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.068799][ T5881] bridge_slave_0: entered allmulticast mode
[  101.077772][ T5881] bridge_slave_0: entered promiscuous mode
[  101.087397][ T5881] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.095054][ T5881] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.102452][ T5881] bridge_slave_1: entered allmulticast mode
[  101.110418][ T5881] bridge_slave_1: entered promiscuous mode
[  101.145267][ T5881] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  101.157698][ T5881] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  101.194527][ T5881] team0: Port device team_slave_0 added
[  101.206582][ T5881] team0: Port device team_slave_1 added
[  101.236542][ T5881] batman_adv: batadv0: Adding interface: batadv_slave_0
[  101.243696][ T5881] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  101.270421][ T5881] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  101.283898][ T5881] batman_adv: batadv0: Adding interface: batadv_slave_1
[  101.293158][ T5881] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  101.319384][ T5881] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  101.366929][ T5881] hsr_slave_0: entered promiscuous mode
[  101.374261][ T5881] hsr_slave_1: entered promiscuous mode
[  101.381485][ T5881] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  101.390869][ T5881] Cannot create hsr debugfs directory
[  102.052139][  T144] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  102.107869][  T144] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  102.809325][ T5814] Bluetooth: hci0: command tx timeout
[  102.993142][ T5881] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  103.032849][ T5881] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  103.045010][ T5881] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  103.063162][ T5881] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  103.153886][  T144] hsr_slave_0: left promiscuous mode
[  103.163699][  T144] hsr_slave_1: left promiscuous mode
[  103.173094][  T144] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  103.185366][  T144] batman_adv: batadv0: Removing interface: batadv_slave_0
[  103.196798][  T144] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  103.209368][  T144] batman_adv: batadv0: Removing interface: batadv_slave_1
[  103.217889][  T144] bridge_slave_1: left allmulticast mode
[  103.226975][  T144] bridge_slave_1: left promiscuous mode
[  103.234208][  T144] bridge0: port 2(bridge_slave_1) entered disabled state
[  103.253243][  T144] bridge_slave_0: left allmulticast mode
[  103.260855][  T144] bridge_slave_0: left promiscuous mode
[  103.269614][  T144] bridge0: port 1(bridge_slave_0) entered disabled state
[  103.307510][  T144] veth1_macvtap: left promiscuous mode
[  103.315279][  T144] veth0_macvtap: left promiscuous mode
[  103.324346][  T144] veth1_vlan: left promiscuous mode
[  103.333347][  T144] veth0_vlan: left promiscuous mode
[  103.894642][  T144] team0 (unregistering): Port device team_slave_1 removed
[  103.931467][  T144] team0 (unregistering): Port device team_slave_0 removed
[  103.971661][  T144] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  104.011137][  T144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  104.387507][  T144] bond0 (unregistering): Released all slaves
[  104.533419][ T5881] 8021q: adding VLAN 0 to HW filter on device bond0
[  104.574372][ T5881] 8021q: adding VLAN 0 to HW filter on device team0
[  104.595375][   T66] bridge0: port 1(bridge_slave_0) entered blocking state
[  104.602600][   T66] bridge0: port 1(bridge_slave_0) entered forwarding state
[  104.618662][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[  104.625867][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[  104.888674][ T5814] Bluetooth: hci0: command tx timeout
[  104.930985][ T5881] 8021q: adding VLAN 0 to HW filter on device batadv0
[  104.990538][ T5881] veth0_vlan: entered promiscuous mode
[  105.006896][ T5881] veth1_vlan: entered promiscuous mode
[  105.047005][ T5881] veth0_macvtap: entered promiscuous mode
[  105.087125][ T5881] veth1_macvtap: entered promiscuous mode
[  105.131367][ T5881] batman_adv: batadv0: Interface activated: batadv_slave_0
[  105.152602][ T5881] batman_adv: batadv0: Interface activated: batadv_slave_1
[  105.165020][ T5881] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  105.175398][ T5881] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  105.185540][ T5881] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  105.194489][ T5881] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  105.375090][   T66] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  105.394442][   T66] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  105.456017][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  105.464176][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  105.514101][ T5928] syz.0.17[5928]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[  105.795651][ T5928] loop0: detected capacity change from 0 to 40427
[  105.818285][ T5928] F2FS-fs (loop0): build fault injection attr: rate: 6, type: 0x7ffff
[  105.826945][ T5928] F2FS-fs (loop0): inline encryption not supported
2026/01/13 12:32:49 executed programs: 3
[  105.839003][ T5928] F2FS-fs (loop0): build fault injection attr: rate: 0, type: 0x77fd1
[  105.855851][ T5928] F2FS-fs (loop0): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_submit_page_bio+0x134/0x650
[  105.874948][ T5928] F2FS-fs (loop0): invalid crc value
[  105.881707][ T5928] F2FS-fs (loop0): Failed to get valid F2FS checkpoint
[  106.450426][ T5929] loop0: detected capacity change from 0 to 40427
[  106.475019][ T5929] F2FS-fs (loop0): build fault injection attr: rate: 6, type: 0x7ffff
[  106.487594][ T5929] F2FS-fs (loop0): inline encryption not supported
[  106.496552][ T5929] F2FS-fs (loop0): build fault injection attr: rate: 0, type: 0x77fd1
[  106.509169][ T5929] F2FS-fs (loop0): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_submit_page_bio+0x134/0x650
[  106.523496][ T5929] F2FS-fs (loop0): invalid crc value
[  106.530500][ T5929] F2FS-fs (loop0): Failed to get valid F2FS checkpoint
[  106.982706][ T5814] Bluetooth: hci0: command tx timeout
[  107.133200][ T5930] loop0: detected capacity change from 0 to 40427
[  107.169594][ T5930] F2FS-fs (loop0): build fault injection attr: rate: 6, type: 0x7ffff
[  107.180369][ T5930] F2FS-fs (loop0): inline encryption not supported
[  107.187053][ T5930] F2FS-fs (loop0): build fault injection attr: rate: 0, type: 0x77fd1
[  107.199018][ T5930] F2FS-fs (loop0): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_submit_page_bio+0x134/0x650
[  107.213174][ T5930] F2FS-fs (loop0): invalid crc value
[  107.221032][ T5930] F2FS-fs (loop0): Failed to get valid F2FS checkpoint
[  107.776809][ T5931] loop0: detected capacity change from 0 to 40427
[  107.791162][ T5931] F2FS-fs (loop0): build fault injection attr: rate: 6, type: 0x7ffff
[  107.805147][ T5931] F2FS-fs (loop0): inline encryption not supported
[  107.817617][ T5931] F2FS-fs (loop0): build fault injection attr: rate: 0, type: 0x77fd1
[  107.847281][ T5931] F2FS-fs (loop0): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_submit_page_bio+0x134/0x650
[  107.869055][ T5931] F2FS-fs (loop0): invalid crc value
[  107.874476][ T5931] F2FS-fs (loop0): Failed to get valid F2FS checkpoint
[  108.319426][ T5932] loop0: detected capacity change from 0 to 40427
[  108.338793][ T5932] F2FS-fs (loop0): build fault injection attr: rate: 6, type: 0x7ffff
[  108.348207][ T5932] F2FS-fs (loop0): inline encryption not supported
[  108.355473][ T5932] F2FS-fs (loop0): build fault injection attr: rate: 0, type: 0x77fd1
[  108.369633][ T5932] F2FS-fs (loop0): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_submit_page_bio+0x134/0x650
[  108.382490][ T5932] F2FS-fs (loop0): invalid crc value
[  108.390022][ T5932] F2FS-fs (loop0): Failed to get valid F2FS checkpoint
[  108.763296][ T5933] loop0: detected capacity change from 0 to 40427
[  108.778315][ T5933] F2FS-fs (loop0): build fault injection attr: rate: 6, type: 0x7ffff
[  108.786605][ T5933] F2FS-fs (loop0): inline encryption not supported
[  108.793795][ T5933] F2FS-fs (loop0): build fault injection attr: rate: 0, type: 0x77fd1
[  108.803167][ T5933] F2FS-fs (loop0): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_submit_page_bio+0x134/0x650
[  108.815971][ T5933] F2FS-fs (loop0): invalid crc value
[  108.821769][ T5933] F2FS-fs (loop0): Failed to get valid F2FS checkpoint
[  108.830378][ T5808] ==================================================================
[  108.838494][ T5808] BUG: KASAN: slab-use-after-free in up_write+0x6b/0x410
[  108.845555][ T5808] Read of size 8 at addr ffff888026050080 by task kworker/1:4/5808
[  108.853472][ T5808] 
[  108.855842][ T5808] CPU: 1 PID: 5808 Comm: kworker/1:4 Not tainted syzkaller #0
[  108.863324][ T5808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  108.873402][ T5808] Workqueue: events f2fs_record_error_work
[  108.879283][ T5808] Call Trace:
[  108.882593][ T5808]  <TASK>
[  108.885556][ T5808]  dump_stack_lvl+0x16c/0x230
[  108.890306][ T5808]  ? read_lock_is_recursive+0x20/0x20
[  108.895736][ T5808]  ? show_regs_print_info+0x20/0x20
[  108.900954][ T5808]  ? load_image+0x3b0/0x3b0
[  108.905591][ T5808]  ? _raw_spin_lock_irqsave+0xb4/0xf0
[  108.911000][ T5808]  ? __virt_addr_valid+0x18c/0x540
[  108.916327][ T5808]  ? __virt_addr_valid+0x469/0x540
[  108.921653][ T5808]  print_report+0xac/0x220
[  108.926631][ T5808]  ? up_write+0x6b/0x410
[  108.930987][ T5808]  kasan_report+0x117/0x150
[  108.935516][ T5808]  ? __lock_acquire+0x7c80/0x7c80
[  108.940594][ T5808]  ? up_write+0x6b/0x410
[  108.945033][ T5808]  up_write+0x6b/0x410
[  108.949126][ T5808]  f2fs_record_error_work+0x144/0x1d0
[  108.954532][ T5808]  ? process_scheduled_works+0x957/0x15b0
[  108.960302][ T5808]  process_scheduled_works+0xa45/0x15b0
[  108.965922][ T5808]  ? assign_work+0x400/0x400
[  108.970566][ T5808]  ? assign_work+0x39e/0x400
[  108.975228][ T5808]  worker_thread+0xa55/0xfc0
[  108.979866][ T5808]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  108.985845][ T5808]  ? _raw_spin_unlock+0x40/0x40
[  108.990752][ T5808]  ? _raw_spin_unlock_irqrestore+0x86/0x110
[  108.996736][ T5808]  kthread+0x2fa/0x390
[  109.000841][ T5808]  ? pr_cont_work+0x560/0x560
[  109.005554][ T5808]  ? kthread_blkcg+0xd0/0xd0
[  109.010165][ T5808]  ret_from_fork+0x48/0x80
[  109.014991][ T5808]  ? kthread_blkcg+0xd0/0xd0
[  109.019621][ T5808]  ret_from_fork_asm+0x11/0x20
[  109.024435][ T5808]  </TASK>
[  109.027478][ T5808] 
[  109.029834][ T5808] Allocated by task 5933:
[  109.034188][ T5808]  kasan_set_track+0x4e/0x70
[  109.038861][ T5808]  __kasan_kmalloc+0x8f/0xa0
[  109.043500][ T5808]  f2fs_fill_super+0xc9/0x6cc0
[  109.048293][ T5808]  mount_bdev+0x22b/0x2d0
[  109.052643][ T5808]  legacy_get_tree+0xea/0x180
[  109.057354][ T5808]  vfs_get_tree+0x8c/0x280
[  109.061883][ T5808]  do_new_mount+0x24b/0xa40
[  109.066544][ T5808]  __se_sys_mount+0x2da/0x3c0
[  109.071253][ T5808]  do_syscall_64+0x55/0xb0
[  109.075754][ T5808]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  109.081768][ T5808] 
[  109.084205][ T5808] Freed by task 5933:
[  109.088639][ T5808]  kasan_set_track+0x4e/0x70
[  109.093250][ T5808]  kasan_save_free_info+0x2e/0x50
[  109.098385][ T5808]  ____kasan_slab_free+0x126/0x1e0
[  109.103522][ T5808]  slab_free_freelist_hook+0x130/0x1b0
[  109.108999][ T5808]  __kmem_cache_free+0xba/0x1f0
[  109.113875][ T5808]  f2fs_fill_super+0x3dad/0x6cc0
[  109.118844][ T5808]  mount_bdev+0x22b/0x2d0
[  109.123200][ T5808]  legacy_get_tree+0xea/0x180
[  109.128075][ T5808]  vfs_get_tree+0x8c/0x280
[  109.132520][ T5808]  do_new_mount+0x24b/0xa40
[  109.137047][ T5808]  __se_sys_mount+0x2da/0x3c0
[  109.141751][ T5808]  do_syscall_64+0x55/0xb0
[  109.146194][ T5808]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  109.152204][ T5808] 
[  109.154546][ T5808] Last potentially related work creation:
[  109.160277][ T5808]  kasan_save_stack+0x3e/0x60
[  109.164976][ T5808]  __kasan_record_aux_stack+0xaf/0xc0
[  109.170373][ T5808]  insert_work+0x3d/0x310
[  109.174727][ T5808]  __queue_work+0xc39/0x1020
[  109.179334][ T5808]  queue_work_on+0x121/0x1e0
[  109.184030][ T5808]  f2fs_submit_page_bio+0x1c3/0x650
[  109.189276][ T5808]  __get_meta_page+0x18f/0x580
[  109.194155][ T5808]  get_checkpoint_version+0x3c/0x330
[  109.199465][ T5808]  validate_checkpoint+0x153/0x250
[  109.204609][ T5808]  f2fs_get_valid_checkpoint+0x25e/0x940
[  109.210302][ T5808]  f2fs_fill_super+0x3f3d/0x6cc0
[  109.215821][ T5808]  mount_bdev+0x22b/0x2d0
[  109.220274][ T5808]  legacy_get_tree+0xea/0x180
[  109.225413][ T5808]  vfs_get_tree+0x8c/0x280
[  109.230292][ T5808]  do_new_mount+0x24b/0xa40
[  109.234831][ T5808]  __se_sys_mount+0x2da/0x3c0
[  109.239547][ T5808]  do_syscall_64+0x55/0xb0
[  109.244009][ T5808]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  109.250034][ T5808] 
[  109.252385][ T5808] The buggy address belongs to the object at ffff888026050000
[  109.252385][ T5808]  which belongs to the cache kmalloc-8k of size 8192
[  109.266475][ T5808] The buggy address is located 128 bytes inside of
[  109.266475][ T5808]  freed 8192-byte region [ffff888026050000, ffff888026052000)
[  109.280565][ T5808] 
[  109.282924][ T5808] The buggy address belongs to the physical page:
[  109.289391][ T5808] page:ffffea0000981400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x26050
[  109.299771][ T5808] head:ffffea0000981400 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  109.308726][ T5808] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  109.316733][ T5808] page_type: 0xffffffff()
[  109.321081][ T5808] raw: 00fff00000000840 ffff888017842280 ffffea0001e1a800 0000000000000002
[  109.329789][ T5808] raw: 0000000000000000 0000000080020002 00000001ffffffff 0000000000000000
[  109.338412][ T5808] page dumped because: kasan: bad access detected
[  109.344951][ T5808] page_owner tracks the page as allocated
[  109.350768][ T5808] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5617, tgid 5617 (sshd), ts 70038243575, free_ts 69508508583
[  109.370686][ T5808]  post_alloc_hook+0x1cd/0x210
[  109.375492][ T5808]  get_page_from_freelist+0x195c/0x19f0
[  109.381072][ T5808]  __alloc_pages+0x1e3/0x460
[  109.385775][ T5808]  alloc_slab_page+0x5d/0x170
[  109.390490][ T5808]  new_slab+0x87/0x2e0
[  109.394585][ T5808]  ___slab_alloc+0xc6d/0x1300
[  109.399307][ T5808]  __kmem_cache_alloc_node+0x1a2/0x260
[  109.404798][ T5808]  kmalloc_trace+0x2a/0xe0
[  109.409261][ T5808]  tomoyo_init_log+0x1104/0x1f10
[  109.414510][ T5808]  tomoyo_supervisor+0x32d/0x1080
[  109.419677][ T5808]  tomoyo_env_perm+0x14a/0x1e0
[  109.424594][ T5808]  tomoyo_find_next_domain+0x1594/0x1a60
[  109.430348][ T5808]  tomoyo_bprm_check_security+0x116/0x170
[  109.436280][ T5808]  security_bprm_check+0x62/0xa0
[  109.441335][ T5808]  bprm_execve+0xa51/0x16f0
[  109.445960][ T5808]  do_execveat_common+0x51b/0x6c0
[  109.451010][ T5808] page last free stack trace:
[  109.455785][ T5808]  free_unref_page_prepare+0x7ce/0x8e0
[  109.461372][ T5808]  free_unref_page+0x32/0x2e0
[  109.466082][ T5808]  __unfreeze_partials+0x1cf/0x210
[  109.471271][ T5808]  put_cpu_partial+0x17c/0x250
[  109.476356][ T5808]  __slab_free+0x31d/0x410
[  109.480802][ T5808]  qlist_free_all+0x75/0xe0
[  109.485767][ T5808]  kasan_quarantine_reduce+0x143/0x160
[  109.491254][ T5808]  __kasan_slab_alloc+0x22/0x80
[  109.496136][ T5808]  slab_post_alloc_hook+0x6e/0x4d0
[  109.501290][ T5808]  kmem_cache_alloc_node+0x150/0x330
[  109.507417][ T5808]  __alloc_skb+0x108/0x2c0
[  109.512590][ T5808]  alloc_skb_with_frags+0xca/0x7c0
[  109.517765][ T5808]  sock_alloc_send_pskb+0x857/0x990
[  109.523173][ T5808]  unix_dgram_sendmsg+0x5a1/0x1720
[  109.528455][ T5808]  __sys_sendto+0x46a/0x620
[  109.533102][ T5808]  __x64_sys_sendto+0xde/0xf0
[  109.539091][ T5808] 
[  109.542151][ T5808] Memory state around the buggy address:
[  109.548248][ T5808]  ffff88802604ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  109.556545][ T5808]  ffff888026050000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  109.565719][ T5808] >ffff888026050080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  109.574134][ T5808]                    ^
[  109.578287][ T5808]  ffff888026050100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  109.586488][ T5808]  ffff888026050180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  109.594681][ T5808] ==================================================================
[  109.622674][ T5814] Bluetooth: hci0: command tx timeout
[  109.632536][ T5808] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  109.639896][ T5808] CPU: 1 PID: 5808 Comm: kworker/1:4 Not tainted syzkaller #0
[  109.648112][ T5808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  109.658473][ T5808] Workqueue: events f2fs_record_error_work
[  109.664582][ T5808] Call Trace:
[  109.667909][ T5808]  <TASK>
[  109.670978][ T5808]  dump_stack_lvl+0x16c/0x230
[  109.676402][ T5808]  ? show_regs_print_info+0x20/0x20
[  109.681743][ T5808]  ? load_image+0x3b0/0x3b0
[  109.686327][ T5808]  panic+0x2c0/0x710
[  109.690324][ T5808]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  109.697411][ T5808]  ? bpf_jit_dump+0xd0/0xd0
[  109.702326][ T5808]  ? _raw_spin_unlock_irqrestore+0xfa/0x110
[  109.708759][ T5808]  ? _raw_spin_unlock+0x40/0x40
[  109.714139][ T5808]  ? up_write+0x6b/0x410
[  109.718608][ T5808]  check_panic_on_warn+0x84/0xa0
[  109.723626][ T5808]  ? up_write+0x6b/0x410
[  109.728042][ T5808]  end_report+0x6f/0x140
[  109.732352][ T5808]  kasan_report+0x128/0x150
[  109.737105][ T5808]  ? __lock_acquire+0x7c80/0x7c80
[  109.742188][ T5808]  ? up_write+0x6b/0x410
[  109.746553][ T5808]  up_write+0x6b/0x410
[  109.751378][ T5808]  f2fs_record_error_work+0x144/0x1d0
[  109.756913][ T5808]  ? process_scheduled_works+0x957/0x15b0
[  109.762674][ T5808]  process_scheduled_works+0xa45/0x15b0
[  109.768308][ T5808]  ? assign_work+0x400/0x400
[  109.772937][ T5808]  ? assign_work+0x39e/0x400
[  109.777560][ T5808]  worker_thread+0xa55/0xfc0
[  109.782308][ T5808]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  109.788461][ T5808]  ? _raw_spin_unlock+0x40/0x40
[  109.793418][ T5808]  ? _raw_spin_unlock_irqrestore+0x86/0x110
[  109.799380][ T5808]  kthread+0x2fa/0x390
[  109.803515][ T5808]  ? pr_cont_work+0x560/0x560
[  109.808704][ T5808]  ? kthread_blkcg+0xd0/0xd0
[  109.813419][ T5808]  ret_from_fork+0x48/0x80
[  109.817991][ T5808]  ? kthread_blkcg+0xd0/0xd0
[  109.823092][ T5808]  ret_from_fork_asm+0x11/0x20
[  109.827911][ T5808]  </TASK>
[  109.831623][ T5808] Kernel Offset: disabled
[  109.835974][ T5808] Rebooting in 86400 seconds..