Warning: Permanently added '10.128.0.174' (ED25519) to the list of known hosts.
2026/05/08 18:29:24 parsed 1 programs
[ 105.786694][ T5619] cgroup: Unknown subsys name 'net'
[ 106.028149][ T5619] cgroup: Unknown subsys name 'cpuset'
[ 106.082243][ T5619] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 108.136392][ T5619] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 114.296712][ T59] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 114.337568][ T59] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 114.338752][ T59] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 114.356075][ T59] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 114.362565][ T59] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 116.585340][ T1023] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 116.585363][ T1023] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 116.712322][ T1545] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 116.712346][ T1545] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 119.314375][ T5695] bridge0: port 1(bridge_slave_0) entered blocking state
[ 119.315776][ T5695] bridge0: port 1(bridge_slave_0) entered disabled state
[ 119.315940][ T5695] bridge_slave_0: entered allmulticast mode
[ 119.318528][ T5695] bridge_slave_0: entered promiscuous mode
[ 119.360816][ T5695] bridge0: port 2(bridge_slave_1) entered blocking state
[ 119.360975][ T5695] bridge0: port 2(bridge_slave_1) entered disabled state
[ 119.362228][ T5695] bridge_slave_1: entered allmulticast mode
[ 119.364657][ T5695] bridge_slave_1: entered promiscuous mode
[ 119.457021][ T5695] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 119.460049][ T5695] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 119.590128][ T5695] team0: Port device team_slave_0 added
[ 119.599161][ T5695] team0: Port device team_slave_1 added
[ 119.643611][ T5695] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 119.643627][ T5695] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 119.643649][ T5695] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 119.648110][ T5695] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 119.648133][ T5695] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 119.648155][ T5695] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 119.785288][ T5695] hsr_slave_0: entered promiscuous mode
[ 119.786553][ T5695] hsr_slave_1: entered promiscuous mode
[ 120.095437][ T5695] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 120.126597][ T5695] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[ 120.144959][ T5695] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 120.198597][ T5695] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[ 120.199935][ T5695] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 120.239213][ T5695] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[ 120.240345][ T5695] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 120.275856][ T5695] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[ 120.432309][ T5695] 8021q: adding VLAN 0 to HW filter on device bond0
[ 120.592705][ T5695] 8021q: adding VLAN 0 to HW filter on device team0
[ 120.619005][ T1545] bridge0: port 1(bridge_slave_0) entered blocking state
[ 120.619190][ T1545] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 120.666492][ T1545] bridge0: port 2(bridge_slave_1) entered blocking state
[ 120.666643][ T1545] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 121.218053][ T5695] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 121.318327][ T5695] veth0_vlan: entered promiscuous mode
[ 121.347546][ T5695] veth1_vlan: entered promiscuous mode
[ 121.443360][ T5695] veth0_macvtap: entered promiscuous mode
[ 121.460300][ T5695] veth1_macvtap: entered promiscuous mode
[ 121.500032][ T5695] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 121.530838][ T5695] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 121.557716][ T1533] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 121.570756][ T1533] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 121.570807][ T1533] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 121.570846][ T1533] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 122.550571][ T1545] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2026/05/08 18:29:45 executed programs: 0
[ 122.934178][ T4914] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 122.954126][ T4914] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 122.980821][ T4914] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 122.997916][ T4914] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 122.998685][ T4914] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 123.555122][ T1545] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 123.910420][ T5736] bridge0: port 1(bridge_slave_0) entered blocking state
[ 123.910577][ T5736] bridge0: port 1(bridge_slave_0) entered disabled state
[ 123.910705][ T5736] bridge_slave_0: entered allmulticast mode
[ 123.916326][ T5736] bridge_slave_0: entered promiscuous mode
[ 123.940814][ T5736] bridge0: port 2(bridge_slave_1) entered blocking state
[ 123.940970][ T5736] bridge0: port 2(bridge_slave_1) entered disabled state
[ 123.941103][ T5736] bridge_slave_1: entered allmulticast mode
[ 123.948524][ T5736] bridge_slave_1: entered promiscuous mode
[ 124.006590][ T5736] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 124.013371][ T5736] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 124.056934][ T5736] team0: Port device team_slave_0 added
[ 124.060775][ T5736] team0: Port device team_slave_1 added
[ 124.133843][ T5736] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 124.133857][ T5736] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 124.133877][ T5736] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 124.135585][ T5736] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 124.135602][ T5736] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 124.135623][ T5736] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 124.275907][ T5736] hsr_slave_0: entered promiscuous mode
[ 124.276974][ T5736] hsr_slave_1: entered promiscuous mode
[ 124.277872][ T5736] debugfs: 'hsr0' already exists in 'hsr'
[ 124.278044][ T5736] Cannot create hsr debugfs directory
[ 124.585115][ T1545] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 125.047277][ T1545] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 125.113635][ T4914] Bluetooth: hci0: command tx timeout
[ 125.691778][ T1545] bridge_slave_1: left allmulticast mode
[ 125.692019][ T1545] bridge_slave_1: left promiscuous mode
[ 125.700859][ T1545] bridge0: port 2(bridge_slave_1) entered disabled state
[ 125.823311][ T1545] bridge_slave_0: left allmulticast mode
[ 125.823349][ T1545] bridge_slave_0: left promiscuous mode
[ 125.823616][ T1545] bridge0: port 1(bridge_slave_0) entered disabled state
[ 126.612156][ T1545] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 126.672165][ T1545] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 126.714218][ T1545] bond0 (unregistering): Released all slaves
[ 126.885402][ T5259] 8021q: adding VLAN 0 to HW filter on device eth1
[ 127.191679][ T4914] Bluetooth: hci0: command tx timeout
[ 127.273926][ T1545] hsr_slave_0: left promiscuous mode
[ 127.311504][ T1545] hsr_slave_1: left promiscuous mode
[ 127.314290][ T1545] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 127.314358][ T1545] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 127.375799][ T1545] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 127.375830][ T1545] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 127.484240][ T1545] veth1_macvtap: left promiscuous mode
[ 127.484398][ T1545] veth0_macvtap: left promiscuous mode
[ 127.484727][ T1545] veth1_vlan: left promiscuous mode
[ 127.484939][ T1545] veth0_vlan: left promiscuous mode
[ 128.312300][ T1545] team0 (unregistering): Port device team_slave_1 removed
[ 128.362074][ T1545] team0 (unregistering): Port device team_slave_0 removed
[ 128.569098][ T5259] 8021q: adding VLAN 0 to HW filter on device eth2
[ 129.271413][ T4914] Bluetooth: hci0: command tx timeout
[ 129.747068][ T5736] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 129.819481][ T5736] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[ 129.820968][ T5736] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 129.878855][ T5736] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[ 129.880252][ T5736] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 129.948807][ T5736] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[ 129.950328][ T5736] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 129.990210][ T5736] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[ 130.194352][ T5736] 8021q: adding VLAN 0 to HW filter on device bond0
[ 130.237340][ T5736] 8021q: adding VLAN 0 to HW filter on device team0
[ 130.254896][ T1023] bridge0: port 1(bridge_slave_0) entered blocking state
[ 130.255064][ T1023] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 130.427175][ T66] bridge0: port 2(bridge_slave_1) entered blocking state
[ 130.427284][ T66] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 131.038290][ T5736] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 131.108296][ T5736] veth0_vlan: entered promiscuous mode
[ 131.129456][ T5736] veth1_vlan: entered promiscuous mode
[ 131.170483][ T5736] veth0_macvtap: entered promiscuous mode
[ 131.188679][ T5736] veth1_macvtap: entered promiscuous mode
[ 131.219524][ T5736] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 131.240002][ T5736] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 131.268937][ T66] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 131.269228][ T66] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 131.269270][ T66] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 131.269307][ T66] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 131.351484][ T4914] Bluetooth: hci0: command tx timeout
[ 131.828527][ T1533] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 131.828551][ T1533] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 131.909795][ T66] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 131.909819][ T66] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2026/05/08 18:29:54 executed programs: 2
[ 132.345806][ T5831] loop0: detected capacity change from 0 to 32768
[ 133.037226][ T1336] ieee802154 phy0 wpan0: encryption failed: -22
[ 133.037323][ T1336] ieee802154 phy1 wpan1: encryption failed: -22
[ 133.203745][ T5833] loop0: detected capacity change from 0 to 32768
[ 133.736668][ T5835] loop0: detected capacity change from 0 to 32768
[ 134.247376][ T5836] loop0: detected capacity change from 0 to 32768
[ 134.795254][ T5837] loop0: detected capacity change from 0 to 32768
[ 135.218193][ T5838] loop0: detected capacity change from 0 to 32768
[ 135.661780][ T5839] loop0: detected capacity change from 0 to 32768
[ 136.131072][ T5840] loop0: detected capacity change from 0 to 32768
[ 136.565022][ T5841] loop0: detected capacity change from 0 to 32768
[ 137.049360][ T5842] loop0: detected capacity change from 0 to 32768
2026/05/08 18:29:59 executed programs: 12
[ 137.488004][ T5843] loop0: detected capacity change from 0 to 32768
[ 137.907303][ T5844] loop0: detected capacity change from 0 to 32768
[ 138.327425][ T5845] loop0: detected capacity change from 0 to 32768
[ 138.780001][ T5846] loop0: detected capacity change from 0 to 32768
[ 139.213765][ T5847] loop0: detected capacity change from 0 to 32768
[ 139.618791][ T5848] loop0: detected capacity change from 0 to 32768
[ 140.029059][ T5849] loop0: detected capacity change from 0 to 32768
[ 140.435906][ T5850] loop0: detected capacity change from 0 to 32768
[ 140.903594][ T5851] loop0: detected capacity change from 0 to 32768
[ 141.316131][ T5852] loop0: detected capacity change from 0 to 32768
2026/05/08 18:30:05 executed programs: 24
[ 142.569406][ T5855] set_capacity_and_notify: 2 callbacks suppressed
[ 142.569422][ T5855] loop0: detected capacity change from 0 to 32768
[ 143.007081][ T5856] loop0: detected capacity change from 0 to 32768
[ 143.415361][ T5857] loop0: detected capacity change from 0 to 32768
[ 143.845617][ T5858] loop0: detected capacity change from 0 to 32768
[ 144.283448][ T5859] loop0: detected capacity change from 0 to 32768
[ 144.734639][ T5860] loop0: detected capacity change from 0 to 32768
[ 145.198268][ T5861] loop0: detected capacity change from 0 to 32768
[ 145.624248][ T5862] loop0: detected capacity change from 0 to 32768
[ 146.082486][ T5863] loop0: detected capacity change from 0 to 32768
[ 146.533547][ T5864] loop0: detected capacity change from 0 to 32768
[ 147.048256][ C0] =========================[ 147.048256][ C0] ==================================================================
[ 147.048276][ C0] BUG: KASAN: slab-use-after-free in lbmIODone+0x1312/0x16c0
[ 147.048329][ C0] Read of size 4 at addr ffff88803250c008 by task syz-execprog/5615
[ 147.048352][ C0]
[ 147.048380][ C0] CPU: 0 UID: 0 PID: 5615 Comm: syz-execprog Not tainted syzkaller #0 PREEMPT_{RT,(full)}
[ 147.048408][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 147.048430][ C0] Call Trace:
[ 147.048440][ C0]
[ 147.048450][ C0] dump_stack_lvl+0xe8/0x150
[ 147.048480][ C0] print_address_description+0x55/0x1e0
[ 147.048507][ C0] ? lbmIODone+0x1312/0x16c0
[ 147.048535][ C0] print_report+0x58/0x70
[ 147.048558][ C0] kasan_report+0x117/0x150
[ 147.048585][ C0] ? lbmIODone+0x1312/0x16c0
[ 147.048619][ C0] lbmIODone+0x1312/0x16c0
[ 147.048650][ C0] ? blkg_put+0x22/0x240
[ 147.048671][ C0] ? blkg_put+0x22/0x240
[ 147.048692][ C0] ? blkg_put+0x18d/0x240
[ 147.048714][ C0] ? bio_endio+0x989/0x9d0
[ 147.048742][ C0] blk_update_request+0x57e/0xe60
[ 147.048777][ C0] blk_mq_end_request+0x3e/0x70
[ 147.048804][ C0] blk_done_softirq+0x10a/0x160
[ 147.048830][ C0] handle_softirqs+0x1de/0x6d0
[ 147.048860][ C0] __local_bh_enable_ip+0x170/0x2b0
[ 147.048887][ C0] tcp_recvmsg+0xdb/0x530
[ 147.048934][ C0] ? __pfx_tcp_recvmsg+0x10/0x10
[ 147.048970][ C0] ? inet6_recvmsg+0xb4/0x490
[ 147.048995][ C0] ? bpf_lsm_socket_recvmsg+0x9/0x20
[ 147.049019][ C0] ? security_socket_recvmsg+0x7e/0x2c0
[ 147.049047][ C0] ? __pfx_inet6_recvmsg+0x10/0x10
[ 147.049072][ C0] sock_recvmsg+0xfa/0x1b0
[ 147.049099][ C0] sock_read_iter+0x25a/0x330
[ 147.049133][ C0] ? __pfx_sock_read_iter+0x10/0x10
[ 147.049178][ C0] vfs_read+0x58b/0xa80
[ 147.049208][ C0] ? __pfx_vfs_read+0x10/0x10
[ 147.049237][ C0] ? __fget_files+0x2a/0x420
[ 147.049263][ C0] ksys_read+0x156/0x270
[ 147.049288][ C0] ? __pfx_ksys_read+0x10/0x10
[ 147.049317][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 147.049341][ C0] do_syscall_64+0x15f/0xf80
[ 147.049371][ C0] ? clear_bhb_loop+0x40/0x90
[ 147.049397][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 147.049420][ C0] RIP: 0033:0x40d3ce
[ 147.049456][ C0] Code: ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 49 89 f2 48 89 fa 48 89 ce 48 89 df 0f 05 <48> 3d 01 f0 ff ff 76 15 48 f7 d8 48 89 c1 48 c7 c0 ff ff ff ff 48
[ 147.049476][ C0] RSP: 002b:0000298d99cb93d8 EFLAGS: 00000202 ORIG_RAX: 0000000000000000
[ 147.049505][ C0] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000040d3ce
[ 147.049521][ C0] RDX: 0000000001e4e7fc RSI: 0000298d9a900000 RDI: 0000000000000006
[ 147.049537][ C0] RBP: 0000298d99cb9418 R08: 0000000000000000 R09: 0000000000000000
[ 147.049552][ C0] R10: 0000000000000000 R11: 0000000000000202 R12: 0000298d99d15d30
[ 147.049567][ C0] R13: 0000000000000001 R14: 0000298d99c72f00 R15: 0000000000000001
[ 147.049592][ C0]
[ 147.049600][ C0]
[ 147.049610][ C0] Allocated by task 5865:
[ 147.049621][ C0] kasan_save_track+0x3e/0x80
[ 147.049642][ C0] __kasan_kmalloc+0x93/0xb0
[ 147.049663][ C0] __kmalloc_cache_noprof+0x3a6/0x690
[ 147.049687][ C0] lmLogInit+0x3e5/0x1a00
[ 147.049712][ C0] lmLogOpen+0x4e1/0xfa0
[ 147.049737][ C0] jfs_mount_rw+0xee/0x670
[ 147.049762][ C0] jfs_fill_super+0x754/0xd80
[ 147.049780][ C0] get_tree_bdev_flags+0x431/0x4f0
[ 147.049804][ C0] vfs_get_tree+0x92/0x2a0
[ 147.049827][ C0] do_new_mount+0x341/0xd30
[ 147.049857][ C0] __se_sys_mount+0x31d/0x420
[ 147.049888][ C0] do_syscall_64+0x15f/0xf80
[ 147.049911][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 147.049939][ C0]
[ 147.049944][ C0] Freed by task 5736:
[ 147.049954][ C0] kasan_save_track+0x3e/0x80
[ 147.049973][ C0] kasan_save_free_info+0x46/0x50
[ 147.050002][ C0] __kasan_slab_free+0x5c/0x80
[ 147.050022][ C0] kfree+0x1c5/0x6c0
[ 147.050040][ C0] lmLogShutdown+0x456/0x850
[ 147.050067][ C0] lmLogClose+0x28a/0x520
[ 147.050094][ C0] jfs_umount+0x2fb/0x3d0
[ 147.050117][ C0] jfs_put_super+0x8c/0x190
[ 147.050135][ C0] generic_shutdown_super+0x13d/0x2d0
[ 147.050156][ C0] kill_block_super+0x44/0x90
[ 147.050178][ C0] deactivate_locked_super+0xbc/0x130
[ 147.050197][ C0] cleanup_mnt+0x437/0x4d0
[ 147.050218][ C0] task_work_run+0x1d9/0x270
[ 147.050248][ C0] exit_to_user_mode_loop+0xed/0x480
[ 147.050274][ C0] do_syscall_64+0x33e/0xf80
[ 147.050299][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 147.050320][ C0]
[ 147.050326][ C0] The buggy address belongs to the object at ffff88803250c000
[ 147.050326][ C0] which belongs to the cache kmalloc-256 of size 256
[ 147.050346][ C0] The buggy address is located 8 bytes inside of
[ 147.050346][ C0] freed 256-byte region [ffff88803250c000, ffff88803250c100)
[ 147.050370][ C0]
[ 147.050375][ C0] The buggy address belongs to the physical page:
[ 147.050398][ C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3250c
[ 147.050420][ C0] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 147.050439][ C0] flags: 0x80000000000040(head|node=0|zone=1)
[ 147.050461][ C0] page_type: f5(slab)
[ 147.050483][ C0] raw: 0080000000000040 ffff88801a010b40 dead000000000100 dead000000000122
[ 147.050502][ C0] raw: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000
[ 147.050524][ C0] head: 0080000000000040 ffff88801a010b40 dead000000000100 dead000000000122
[ 147.050543][ C0] head: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000
[ 147.050563][ C0] head: 0080000000000001 ffffffffffffff81 00000000ffffffff 00000000ffffffff
[ 147.050581][ C0] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000002
[ 147.050593][ C0] page dumped because: kasan: bad access detected
[ 147.050612][ C0] page_owner tracks the page as allocated
[ 147.050620][ C0] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 27369852648, free_ts 0
[ 147.050658][ C0] post_alloc_hook+0x231/0x280
[ 147.050682][ C0] get_page_from_freelist+0x27c8/0x2840
[ 147.050708][ C0] __alloc_frozen_pages_noprof+0x18d/0x380
[ 147.050735][ C0] allocate_slab+0x77/0x660
[ 147.050763][ C0] refill_objects+0x33c/0x3d0
[ 147.050791][ C0] __pcs_replace_empty_main+0x373/0x720
[ 147.050822][ C0] __kmalloc_node_track_caller_noprof+0x60b/0x7e0
[ 147.050847][ C0] krealloc_node_align_noprof+0x19a/0x390
[ 147.050873][ C0] add_sysfs_param+0xd4/0xb80
[ 147.050894][ C0] kernel_add_sysfs_param+0x7f/0xe0
[ 147.050928][ C0] param_sysfs_builtin+0x199/0x250
[ 147.050953][ C0] param_sysfs_builtin_init+0x23/0x30
[ 147.050980][ C0] do_one_initcall+0x250/0x870
[ 147.051004][ C0] do_initcall_level+0x104/0x190
[ 147.051033][ C0] do_initcalls+0x59/0xa0
[ 147.051061][ C0] kernel_init_freeable+0x2a6/0x3e0
[ 147.051089][ C0] page_owner free stack trace missing
[ 147.051098][ C0]
[ 147.051103][ C0] Memory state around the buggy address:
[ 147.051115][ C0] ffff88803250bf00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 147.051130][ C0] ffff88803250bf80: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 147.051145][ C0] >ffff88803250c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 147.051157][ C0] ^
[ 147.051168][ C0] ffff88803250c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 147.051183][ C0] ffff88803250c100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 147.051193][ C0] ==================================================================
[ 147.051634][ C0] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 147.051695][ C0] CPU: 0 UID: 0 PID: 5615 Comm: syz-execprog Not tainted syzkaller #0 PREEMPT_{RT,(full)}
[ 147.051771][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 147.051812][ C0] Call Trace:
[ 147.051835][ C0]
[ 147.051858][ C0] vpanic+0x56c/0xa60
[ 147.051956][ C0] ? __pfx_vpanic+0x10/0x10
[ 147.052029][ C0] ? __pfx___schedule+0x10/0x10
[ 147.052108][ C0] panic+0xc5/0xd0
[ 147.052181][ C0] ? __pfx_panic+0x10/0x10
[ 147.052239][ C0] ? preempt_schedule_thunk+0x16/0x30
[ 147.052344][ C0] ? lbmIODone+0x1312/0x16c0
[ 147.052421][ C0] check_panic_on_warn+0x89/0xb0
[ 147.052507][ C0] ? lbmIODone+0x1312/0x16c0
[ 147.052582][ C0] end_report+0x73/0x170
[ 147.052648][ C0] ? lbmIODone+0x1312/0x16c0
[ 147.052695][ C0] kasan_report+0x128/0x150
[ 147.052748][ C0] ? lbmIODone+0x1312/0x16c0
[ 147.052809][ C0] lbmIODone+0x1312/0x16c0
[ 147.052847][ C0] ? blkg_put+0x22/0x240
[ 147.052932][ C0] ? blkg_put+0x22/0x240
[ 147.053013][ C0] ? blkg_put+0x18d/0x240
[ 147.053069][ C0] ? bio_endio+0x989/0x9d0
[ 147.053144][ C0] blk_update_request+0x57e/0xe60
[ 147.053232][ C0] blk_mq_end_request+0x3e/0x70
[ 147.053316][ C0] blk_done_softirq+0x10a/0x160
[ 147.053382][ C0] handle_softirqs+0x1de/0x6d0
[ 147.053459][ C0] __local_bh_enable_ip+0x170/0x2b0
[ 147.053525][ C0] tcp_recvmsg+0xdb/0x530
[ 147.053621][ C0] ? __pfx_tcp_recvmsg+0x10/0x10
[ 147.053722][ C0] ? inet6_recvmsg+0xb4/0x490
[ 147.053786][ C0] ? bpf_lsm_socket_recvmsg+0x9/0x20
[ 147.053849][ C0] ? security_socket_recvmsg+0x7e/0x2c0
[ 147.053917][ C0] ? __pfx_inet6_recvmsg+0x10/0x10
[ 147.053980][ C0] sock_recvmsg+0xfa/0x1b0
[ 147.054044][ C0] sock_read_iter+0x25a/0x330
[ 147.054126][ C0] ? __pfx_sock_read_iter+0x10/0x10
[ 147.054230][ C0] vfs_read+0x58b/0xa80
[ 147.054287][ C0] ? __pfx_vfs_read+0x10/0x10
[ 147.054352][ C0] ? __fget_files+0x2a/0x420
[ 147.054438][ C0] ksys_read+0x156/0x270
[ 147.054503][ C0] ? __pfx_ksys_read+0x10/0x10
[ 147.054585][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 147.054650][ C0] do_syscall_64+0x15f/0xf80
[ 147.054718][ C0] ? clear_bhb_loop+0x40/0x90
[ 147.054786][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 147.054850][ C0] RIP: 0033:0x40d3ce
[ 147.054897][ C0] Code: ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 49 89 f2 48 89 fa 48 89 ce 48 89 df 0f 05 <48> 3d 01 f0 ff ff 76 15 48 f7 d8 48 89 c1 48 c7 c0 ff ff ff ff 48
[ 147.054951][ C0] RSP: 002b:0000298d99cb93d8 EFLAGS: 00000202 ORIG_RAX: 0000000000000000
[ 147.055036][ C0] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000040d3ce
[ 147.055079][ C0] RDX: 0000000001e4e7fc RSI: 0000298d9a900000 RDI: 0000000000000006
[ 147.055123][ C0] RBP: 0000298d99cb9418 R08: 0000000000000000 R09: 0000000000000000
[ 147.055158][ C0] R10: 0000000000000000 R11: 0000000000000202 R12: 0000298d99d15d30
[ 147.055199][ C0] R13: 0000000000000001 R14: 0000298d99c72f00 R15: 0000000000000001
[ 147.055264][ C0]
[ 147.055886][ C0] Kernel Offset: disabled