syzkaller login: [   91.943469][  T821] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.0.223' (ED25519) to the list of known hosts.
2026/06/07 15:56:48 parsed 1 programs
[  101.832866][ T5619] cgroup: Unknown subsys name 'net'
[  102.067090][ T5619] cgroup: Unknown subsys name 'cpuset'
[  102.138938][ T5619] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[  104.177283][ T5619] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  107.602707][ T4918] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  107.623047][ T4918] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  107.624956][ T4918] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  107.626717][ T4918] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  107.627781][ T4918] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  110.080325][   T43] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  110.080344][   T43] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  110.167452][ T3342] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  110.167474][ T3342] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  113.174273][ T5684] bridge0: port 1(bridge_slave_0) entered blocking state
[  113.175930][ T5684] bridge0: port 1(bridge_slave_0) entered disabled state
[  113.176087][ T5684] bridge_slave_0: entered allmulticast mode
[  113.178831][ T5684] bridge_slave_0: entered promiscuous mode
[  113.209121][ T5684] bridge0: port 2(bridge_slave_1) entered blocking state
[  113.209217][ T5684] bridge0: port 2(bridge_slave_1) entered disabled state
[  113.209349][ T5684] bridge_slave_1: entered allmulticast mode
[  113.211242][ T5684] bridge_slave_1: entered promiscuous mode
[  113.294021][ T5684] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  113.297119][ T5684] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  113.347301][ T5684] team0: Port device team_slave_0 added
[  113.366326][ T5684] team0: Port device team_slave_1 added
[  113.405694][ T5684] batman_adv: batadv0: Adding interface: batadv_slave_0
[  113.405708][ T5684] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  113.405728][ T5684] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  113.415989][ T5684] batman_adv: batadv0: Adding interface: batadv_slave_1
[  113.416040][ T5684] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  113.416124][ T5684] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  113.555774][ T5684] hsr_slave_0: entered promiscuous mode
[  113.556846][ T5684] hsr_slave_1: entered promiscuous mode
[  114.639701][ T5684] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  114.694694][ T5684] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  114.706666][ T5684] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  114.723388][ T5684] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  114.737573][ T5684] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  114.784194][ T5684] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  114.868643][ T5684] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  114.894287][ T5684] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  115.036989][ T5684] 8021q: adding VLAN 0 to HW filter on device bond0
[  115.091307][ T5684] 8021q: adding VLAN 0 to HW filter on device team0
[  115.113311][   T43] bridge0: port 1(bridge_slave_0) entered blocking state
[  115.116187][   T43] bridge0: port 1(bridge_slave_0) entered forwarding state
[  115.159137][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  115.159322][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  115.843219][ T5684] 8021q: adding VLAN 0 to HW filter on device batadv0
[  115.931916][ T5684] veth0_vlan: entered promiscuous mode
[  115.954777][ T5684] veth1_vlan: entered promiscuous mode
[  116.011493][ T5684] veth0_macvtap: entered promiscuous mode
[  116.015922][ T5684] veth1_macvtap: entered promiscuous mode
[  116.057305][ T5684] batman_adv: batadv0: Interface activated: batadv_slave_0
[  116.081378][ T5684] batman_adv: batadv0: Interface activated: batadv_slave_1
[  116.104464][   T43] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  116.106436][   T43] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  116.119084][   T43] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  116.157245][   T43] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  116.935839][   T67] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  117.553292][   T67] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  118.083103][   T67] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  118.491146][   T67] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2026/06/07 15:57:09 executed programs: 0
[  119.398444][   T67] bridge_slave_1: left allmulticast mode
[  119.398563][   T67] bridge_slave_1: left promiscuous mode
[  119.425018][ T4918] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  119.443314][   T67] bridge0: port 2(bridge_slave_1) entered disabled state
[  119.460255][ T4918] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  119.461778][ T4918] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  119.464330][ T4918] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  119.499525][ T4918] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  119.701248][   T67] bridge_slave_0: left allmulticast mode
[  119.701285][   T67] bridge_slave_0: left promiscuous mode
[  119.701531][   T67] bridge0: port 1(bridge_slave_0) entered disabled state
[  120.659785][   T67] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  120.739192][   T67] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  120.760340][   T67] bond0 (unregistering): Released all slaves
[  120.830791][ T5264] 8021q: adding VLAN 0 to HW filter on device eth1
[  121.168129][   T67] hsr_slave_0: left promiscuous mode
[  121.208197][   T67] hsr_slave_1: left promiscuous mode
[  121.211360][   T67] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  121.211449][   T67] batman_adv: batadv0: Removing interface: batadv_slave_0
[  121.277121][   T67] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  121.277154][   T67] batman_adv: batadv0: Removing interface: batadv_slave_1
[  121.383030][   T67] veth1_macvtap: left promiscuous mode
[  121.383252][   T67] veth0_macvtap: left promiscuous mode
[  121.384123][   T67] veth1_vlan: left promiscuous mode
[  121.384443][   T67] veth0_vlan: left promiscuous mode
[  121.620691][   T60] Bluetooth: hci0: command tx timeout
[  122.188754][   T67] team0 (unregistering): Port device team_slave_1 removed
[  122.248862][   T67] team0 (unregistering): Port device team_slave_0 removed
[  122.455441][ T5264] 8021q: adding VLAN 0 to HW filter on device eth2
[  123.091601][ T5746] bridge0: port 1(bridge_slave_0) entered blocking state
[  123.091922][ T5746] bridge0: port 1(bridge_slave_0) entered disabled state
[  123.092129][ T5746] bridge_slave_0: entered allmulticast mode
[  123.096693][ T5746] bridge_slave_0: entered promiscuous mode
[  123.131457][ T5746] bridge0: port 2(bridge_slave_1) entered blocking state
[  123.131678][ T5746] bridge0: port 2(bridge_slave_1) entered disabled state
[  123.132506][ T5746] bridge_slave_1: entered allmulticast mode
[  123.136738][ T5746] bridge_slave_1: entered promiscuous mode
[  123.227230][ T5746] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  123.240899][ T5746] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  123.304833][ T5746] team0: Port device team_slave_0 added
[  123.315169][ T5746] team0: Port device team_slave_1 added
[  123.364645][ T5746] batman_adv: batadv0: Adding interface: batadv_slave_0
[  123.364662][ T5746] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  123.364688][ T5746] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  123.366718][ T5746] batman_adv: batadv0: Adding interface: batadv_slave_1
[  123.366732][ T5746] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  123.366755][ T5746] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  123.627558][ T5264] 8021q: adding VLAN 0 to HW filter on device eth3
[  123.674059][ T5746] hsr_slave_0: entered promiscuous mode
[  123.675055][ T5746] hsr_slave_1: entered promiscuous mode
[  123.698086][   T60] Bluetooth: hci0: command tx timeout
[  125.778141][   T60] Bluetooth: hci0: command tx timeout
[  126.121453][ T5746] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  126.164785][ T5746] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  126.166408][ T5746] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  126.202592][ T5746] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  126.203912][ T5746] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  126.244178][ T5746] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  126.245797][ T5746] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  126.306952][ T5746] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  126.530934][ T5746] 8021q: adding VLAN 0 to HW filter on device bond0
[  126.587038][ T5746] 8021q: adding VLAN 0 to HW filter on device team0
[  126.612830][  T150] bridge0: port 1(bridge_slave_0) entered blocking state
[  126.613042][  T150] bridge0: port 1(bridge_slave_0) entered forwarding state
[  126.645100][   T67] bridge0: port 2(bridge_slave_1) entered blocking state
[  126.656872][   T67] bridge0: port 2(bridge_slave_1) entered forwarding state
[  127.387241][ T5746] 8021q: adding VLAN 0 to HW filter on device batadv0
[  127.512304][ T5746] veth0_vlan: entered promiscuous mode
[  127.540313][ T5746] veth1_vlan: entered promiscuous mode
[  127.601671][ T5746] veth0_macvtap: entered promiscuous mode
[  127.607676][ T5746] veth1_macvtap: entered promiscuous mode
[  127.683632][ T5746] batman_adv: batadv0: Interface activated: batadv_slave_0
[  127.703182][ T5746] batman_adv: batadv0: Interface activated: batadv_slave_1
[  127.728753][   T43] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  127.730281][   T43] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  127.730947][   T43] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  127.731170][   T43] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  127.858218][   T60] Bluetooth: hci0: command tx timeout
[  128.136664][   T67] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  128.136688][   T67] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  128.205290][  T150] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  128.205315][  T150] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2026/06/07 15:57:18 executed programs: 2
[  128.621943][ T5898] loop0: detected capacity change from 0 to 32768
[  129.564461][ T5899] loop0: detected capacity change from 0 to 32768
[  130.173575][ T5903] loop0: detected capacity change from 0 to 32768
[  130.800902][ T5904] loop0: detected capacity change from 0 to 32768
[  131.430074][ T5906] loop0: detected capacity change from 0 to 32768
[  132.091032][ T5907] loop0: detected capacity change from 0 to 32768
[  132.647209][ T5909] loop0: detected capacity change from 0 to 32768
[  132.905111][ T1338] ieee802154 phy0 wpan0: encryption failed: -22
[  132.905178][ T1338] ieee802154 phy1 wpan1: encryption failed: -22
[  133.244862][ T5910] loop0: detected capacity change from 0 to 32768
[  133.893818][ T5911] loop0: detected capacity change from 0 to 32768
2026/06/07 15:57:24 executed programs: 11
[  134.499867][ T5912] loop0: detected capacity change from 0 to 32768
[  135.081921][ T5913] loop0: detected capacity change from 0 to 32768
[  135.644612][ T5914] loop0: detected capacity change from 0 to 32768
[  136.273967][ T5915] loop0: detected capacity change from 0 to 32768
[  136.838763][ T5916] loop0: detected capacity change from 0 to 32768
[  137.470068][ T5917] loop0: detected capacity change from 0 to 32768
[  138.116552][ T5918] loop0: detected capacity change from 0 to 32768
[  138.725860][ T5919] loop0: detected capacity change from 0 to 32768
[  139.301826][ T5920] loop0: detected capacity change from 0 to 32768
2026/06/07 15:57:29 executed programs: 20
[  139.909129][ T5921] loop0: detected capacity change from 0 to 32768
[  140.466254][ T5922] loop0: detected capacity change from 0 to 32768
[  141.066058][ T5923] loop0: detected capacity change from 0 to 32768
[  141.623740][ T5924] loop0: detected capacity change from 0 to 32768
[  142.204322][ T5925] loop0: detected capacity change from 0 to 32768
[  142.805051][ T5926] loop0: detected capacity change from 0 to 32768
[  143.346509][ T5927] loop0: detected capacity change from 0 to 32768
[  143.995045][ T5928] loop0: detected capacity change from 0 to 32768
2026/06/07 15:57:35 executed programs: 29
[  144.584426][ T5929] loop0: detected capacity change from 0 to 32768
[  145.155883][ T5930] loop0: detected capacity change from 0 to 32768
[  145.721719][ T5931] loop0: detected capacity change from 0 to 32768
[  146.349116][ T5932] loop0: detected capacity change from 0 to 32768
[  146.944960][ T5933] loop0: detected capacity change from 0 to 32768
[  147.523473][ T5934] loop0: detected capacity change from 0 to 32768
[  148.148576][ T5935] loop0: detected capacity change from 0 to 32768
[  148.775763][ T5936] loop0: detected capacity change from 0 to 32768
[  149.407109][ T5937] loop0: detected capacity change from 0 to 32768
2026/06/07 15:57:40 executed programs: 38
[  150.019890][ T5938] loop0: detected capacity change from 0 to 32768
[  150.596080][ T5939] loop0: detected capacity change from 0 to 32768
[  151.176580][ T5940] loop0: detected capacity change from 0 to 32768
[  151.749100][ T5941] loop0: detected capacity change from 0 to 32768
[  152.344829][ T5942] loop0: detected capacity change from 0 to 32768
[  152.937500][ T5943] loop0: detected capacity change from 0 to 32768
[  153.535838][ T5944] loop0: detected capacity change from 0 to 32768
[  154.142692][ T5945] loop0: detected capacity change from 0 to 32768
[  154.747068][ T5946] loop0: detected capacity change from 0 to 32768
2026/06/07 15:57:45 executed programs: 47
[  155.351386][ T5947] loop0: detected capacity change from 0 to 32768
[  155.954053][ T5948] loop0: detected capacity change from 0 to 32768
[  156.532501][ T5949] loop0: detected capacity change from 0 to 32768
[  157.131299][ T5950] loop0: detected capacity change from 0 to 32768
[  157.716248][ T5951] loop0: detected capacity change from 0 to 32768
[  158.278478][ T5952] loop0: detected capacity change from 0 to 32768
[  158.926430][ T5953] loop0: detected capacity change from 0 to 32768
[  158.987820][   T12] ==================================================================
[  158.987820][   T12] ==================================================================
[  158.987838][   T12] BUG: KASAN: use-after-free in copy_folio_from_iter_atomic+0xbb5/0x1ad0
[  158.987892][   T12] Read of size 4096 at addr ffff88803eb16000 by task kworker/u8:0/12
[  158.987911][   T12] 
[  158.987935][   T12] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  158.987960][   T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  158.987974][   T12] Workqueue: loop0 loop_workfn
[  158.988020][   T12] Call Trace:
[  158.988029][   T12]  <TASK>
[  158.988038][   T12]  dump_stack_lvl+0xe8/0x150
[  158.988065][   T12]  print_address_description+0x55/0x1e0
[  158.988089][   T12]  ? copy_folio_from_iter_atomic+0xbb5/0x1ad0
[  158.988119][   T12]  print_report+0x58/0x70
[  158.988141][   T12]  kasan_report+0x117/0x150
[  158.988169][   T12]  ? copy_folio_from_iter_atomic+0xbb5/0x1ad0
[  158.988205][   T12]  kasan_check_range+0x264/0x2c0
[  158.988231][   T12]  ? copy_folio_from_iter_atomic+0xbb5/0x1ad0
[  158.988264][   T12]  __asan_memcpy+0x29/0x70
[  158.988284][   T12]  copy_folio_from_iter_atomic+0xbb5/0x1ad0
[  158.988327][   T12]  ? __pfx_copy_folio_from_iter_atomic+0x10/0x10
[  158.988362][   T12]  ? ktime_get_coarse_real_ts64_mg+0x59/0x1e0
[  158.988395][   T12]  ? shmem_write_begin+0x1ce/0x320
[  158.988424][   T12]  generic_perform_write+0x5b1/0x8b0
[  158.988456][   T12]  ? __pfx_generic_perform_write+0x10/0x10
[  158.988488][   T12]  ? file_update_time_flags+0x3b9/0x4b0
[  158.988517][   T12]  shmem_file_write_iter+0xfb/0x120
[  158.988557][   T12]  lo_rw_aio+0xc80/0xf00
[  158.988590][   T12]  ? __pfx_lo_rw_aio+0x10/0x10
[  158.988621][   T12]  ? kthread_associate_blkcg+0x490/0x600
[  158.988650][   T12]  ? rt_spin_unlock+0x160/0x200
[  158.988678][   T12]  loop_process_work+0x637/0x11b0
[  158.988715][   T12]  ? __pfx_loop_process_work+0x10/0x10
[  158.988741][   T12]  ? __lock_acquire+0x6b5/0x2cf0
[  158.988770][   T12]  ? look_up_lock_class+0x57/0x110
[  158.988802][   T12]  ? register_lock_class+0x31/0x2e0
[  158.988832][   T12]  ? __lock_acquire+0x6b5/0x2cf0
[  158.988874][   T12]  ? finish_task_switch+0x15f/0xbe0
[  158.988909][   T12]  ? lock_acquire+0x106/0x350
[  158.988937][   T12]  ? do_raw_spin_lock+0x12b/0x2f0
[  158.988960][   T12]  ? lock_acquire+0x106/0x350
[  158.989002][   T12]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  158.989027][   T12]  ? process_scheduled_works+0xa70/0x1860
[  158.989049][   T12]  ? process_scheduled_works+0xa70/0x1860
[  158.989076][   T12]  ? process_scheduled_works+0xa70/0x1860
[  158.989097][   T12]  ? process_scheduled_works+0xa70/0x1860
[  158.989119][   T12]  process_scheduled_works+0xb5d/0x1860
[  158.989157][   T12]  ? __pfx_process_scheduled_works+0x10/0x10
[  158.989182][   T12]  ? assign_work+0x3d5/0x5e0
[  158.989205][   T12]  worker_thread+0xa53/0xfc0
[  158.989242][   T12]  kthread+0x388/0x470
[  158.989268][   T12]  ? __pfx_worker_thread+0x10/0x10
[  158.989289][   T12]  ? __pfx_kthread+0x10/0x10
[  158.989319][   T12]  ret_from_fork+0x514/0xb70
[  158.989344][   T12]  ? __pfx_ret_from_fork+0x10/0x10
[  158.989364][   T12]  ? __switch_to+0xc79/0x1410
[  158.989396][   T12]  ? __pfx_kthread+0x10/0x10
[  158.989425][   T12]  ret_from_fork_asm+0x1a/0x30
[  158.989459][   T12]  </TASK>
[  158.989467][   T12] 
[  158.989472][   T12] The buggy address belongs to the physical page:
[  158.989494][   T12] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x1d pfn:0x3eb16
[  158.989515][   T12] flags: 0x80000000000000(node=0|zone=1)
[  158.989553][   T12] raw: 0080000000000000 ffffea0000e8f188 ffffea0000c835c8 0000000000000000
[  158.989571][   T12] raw: 000000000000001d 0000000000000000 00000000ffffffff 0000000000000000
[  158.989580][   T12] page dumped because: kasan: bad access detected
[  158.989594][   T12] page_owner tracks the page as freed
[  158.989601][   T12] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xdc0(GFP_KERNEL|__GFP_ZERO), pid 5953, tgid 5953 (syz.0.67), ts 158937835040, free_ts 158987781887
[  158.989633][   T12]  post_alloc_hook+0x22d/0x280
[  158.989655][   T12]  get_page_from_freelist+0x28b2/0x2930
[  158.989682][   T12]  __alloc_frozen_pages_noprof+0x18d/0x380
[  158.989710][   T12]  alloc_pages_mpol+0xd1/0x380
[  158.989734][   T12]  alloc_pages_noprof+0xd2/0x2f0
[  158.989758][   T12]  lmLogInit+0x357/0x1a00
[  158.989788][   T12]  lmLogOpen+0x4e1/0xfa0
[  158.989814][   T12]  jfs_mount_rw+0xee/0x670
[  158.989842][   T12]  jfs_fill_super+0x754/0xd80
[  158.989863][   T12]  get_tree_bdev_flags+0x431/0x4f0
[  158.989887][   T12]  vfs_get_tree+0x92/0x2a0
[  158.989909][   T12]  do_new_mount+0x341/0xd30
[  158.989940][   T12]  __se_sys_mount+0x31d/0x420
[  158.989969][   T12]  do_syscall_64+0x174/0x580
[  158.989999][   T12]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  158.990024][   T12] page last free pid 5746 tgid 5746 stack trace:
[  158.990036][   T12]  __free_frozen_pages+0xfe5/0x10d0
[  158.990059][   T12]  lmLogShutdown+0x44e/0x850
[  158.990087][   T12]  lmLogClose+0x28a/0x520
[  158.990117][   T12]  jfs_umount+0x2fb/0x3d0
[  158.990143][   T12]  jfs_put_super+0x8c/0x190
[  158.990162][   T12]  generic_shutdown_super+0x13d/0x2d0
[  158.990182][   T12]  kill_block_super+0x44/0x90
[  158.990205][   T12]  deactivate_locked_super+0xbc/0x130
[  158.990225][   T12]  cleanup_mnt+0x437/0x4d0
[  158.990246][   T12]  task_work_run+0x1d9/0x270
[  158.990273][   T12]  exit_to_user_mode_loop+0x193/0x680
[  158.990298][   T12]  do_syscall_64+0x353/0x580
[  158.990327][   T12]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  158.990345][   T12] 
[  158.990350][   T12] Memory state around the buggy address:
[  158.990362][   T12]  ffff88803eb15f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  158.990376][   T12]  ffff88803eb15f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  158.990388][   T12] >ffff88803eb16000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  158.990398][   T12]                    ^
[  158.990409][   T12]  ffff88803eb16080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  158.990426][   T12]  ffff88803eb16100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  158.990434][   T12] ==================================================================
[  158.993774][   T12] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  158.993837][   T12] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  158.993908][   T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  158.993949][   T12] Workqueue: loop0 loop_workfn
[  158.994034][   T12] Call Trace:
[  158.994049][   T12]  <TASK>
[  158.994071][   T12]  vpanic+0x56c/0xa60
[  158.994153][   T12]  ? __pfx_vpanic+0x10/0x10
[  158.994236][   T12]  panic+0xc5/0xd0
[  158.994301][   T12]  ? __pfx_panic+0x10/0x10
[  158.994366][   T12]  ? preempt_schedule_thunk+0x16/0x30
[  158.994459][   T12]  ? copy_folio_from_iter_atomic+0xbb5/0x1ad0
[  158.994544][   T12]  ? preempt_schedule_thunk+0x16/0x30
[  158.994631][   T12]  ? copy_folio_from_iter_atomic+0xbb5/0x1ad0
[  158.994707][   T12]  check_panic_on_warn+0x89/0xb0
[  158.994783][   T12]  ? copy_folio_from_iter_atomic+0xbb5/0x1ad0
[  158.994879][   T12]  end_report+0x73/0x170
[  158.994964][   T12]  ? copy_folio_from_iter_atomic+0xbb5/0x1ad0
[  158.995046][   T12]  kasan_report+0x128/0x150
[  158.995118][   T12]  ? copy_folio_from_iter_atomic+0xbb5/0x1ad0
[  158.995218][   T12]  kasan_check_range+0x264/0x2c0
[  158.995285][   T12]  ? copy_folio_from_iter_atomic+0xbb5/0x1ad0
[  158.995378][   T12]  __asan_memcpy+0x29/0x70
[  158.995425][   T12]  copy_folio_from_iter_atomic+0xbb5/0x1ad0
[  158.995541][   T12]  ? __pfx_copy_folio_from_iter_atomic+0x10/0x10
[  158.995637][   T12]  ? ktime_get_coarse_real_ts64_mg+0x59/0x1e0
[  158.995723][   T12]  ? shmem_write_begin+0x1ce/0x320
[  158.995799][   T12]  generic_perform_write+0x5b1/0x8b0
[  158.995895][   T12]  ? __pfx_generic_perform_write+0x10/0x10
[  158.995974][   T12]  ? file_update_time_flags+0x3b9/0x4b0
[  158.996042][   T12]  shmem_file_write_iter+0xfb/0x120
[  158.996129][   T12]  lo_rw_aio+0xc80/0xf00
[  158.996220][   T12]  ? __pfx_lo_rw_aio+0x10/0x10
[  158.996313][   T12]  ? kthread_associate_blkcg+0x490/0x600
[  158.996404][   T12]  ? rt_spin_unlock+0x160/0x200
[  158.996480][   T12]  loop_process_work+0x637/0x11b0
[  158.996583][   T12]  ? __pfx_loop_process_work+0x10/0x10
[  158.996649][   T12]  ? __lock_acquire+0x6b5/0x2cf0
[  158.996706][   T12]  ? look_up_lock_class+0x57/0x110
[  158.996790][   T12]  ? register_lock_class+0x31/0x2e0
[  158.996866][   T12]  ? __lock_acquire+0x6b5/0x2cf0
[  158.996950][   T12]  ? finish_task_switch+0x15f/0xbe0
[  158.997026][   T12]  ? lock_acquire+0x106/0x350
[  158.997094][   T12]  ? do_raw_spin_lock+0x12b/0x2f0
[  158.997150][   T12]  ? lock_acquire+0x106/0x350
[  158.997223][   T12]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  158.997286][   T12]  ? process_scheduled_works+0xa70/0x1860
[  158.997352][   T12]  ? process_scheduled_works+0xa70/0x1860
[  158.997418][   T12]  ? process_scheduled_works+0xa70/0x1860
[  158.997472][   T12]  ? process_scheduled_works+0xa70/0x1860
[  158.997534][   T12]  process_scheduled_works+0xb5d/0x1860
[  158.997652][   T12]  ? __pfx_process_scheduled_works+0x10/0x10
[  158.997732][   T12]  ? assign_work+0x3d5/0x5e0
[  158.997789][   T12]  worker_thread+0xa53/0xfc0
[  158.997879][   T12]  kthread+0x388/0x470
[  158.997904][   T12]  ? __pfx_worker_thread+0x10/0x10
[  158.997925][   T12]  ? __pfx_kthread+0x10/0x10
[  158.997952][   T12]  ret_from_fork+0x514/0xb70
[  158.997976][   T12]  ? __pfx_ret_from_fork+0x10/0x10
[  158.997997][   T12]  ? __switch_to+0xc79/0x1410
[  158.998031][   T12]  ? __pfx_kthread+0x10/0x10
[  158.998058][   T12]  ret_from_fork_asm+0x1a/0x30
[  158.998092][   T12]  </TASK>
[  158.998707][   T12] Kernel Offset: disabled