Warning: Permanently added '10.128.0.135' (ED25519) to the list of known hosts.
2026/06/14 12:21:55 parsed 1 programs
[ 110.530910][ T5633] cgroup: Unknown subsys name 'net'
[ 110.772972][ T5633] cgroup: Unknown subsys name 'cpuset'
[ 110.828068][ T5633] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 112.534484][ T5633] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 115.510786][ T3998] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 115.510814][ T3998] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 115.576012][ T181] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 115.576032][ T181] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 118.772230][ T60] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 118.774144][ T60] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 118.774916][ T60] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 118.776181][ T60] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 118.776899][ T60] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 120.800829][ T5703] bridge0: port 1(bridge_slave_0) entered blocking state
[ 120.802492][ T5703] bridge0: port 1(bridge_slave_0) entered disabled state
[ 120.802652][ T5703] bridge_slave_0: entered allmulticast mode
[ 120.804502][ T5703] bridge_slave_0: entered promiscuous mode
[ 120.841448][ T5703] bridge0: port 2(bridge_slave_1) entered blocking state
[ 120.841675][ T5703] bridge0: port 2(bridge_slave_1) entered disabled state
[ 120.841920][ T5703] bridge_slave_1: entered allmulticast mode
[ 120.844661][ T5703] bridge_slave_1: entered promiscuous mode
[ 120.890943][ T5703] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 120.895385][ T5703] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 120.935421][ T5703] team0: Port device team_slave_0 added
[ 120.941192][ T5703] team0: Port device team_slave_1 added
[ 120.975076][ T5703] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 120.975087][ T5703] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 120.975099][ T5703] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 120.979409][ T5703] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 120.979422][ T5703] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 120.979443][ T5703] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 121.078531][ T5703] hsr_slave_0: entered promiscuous mode
[ 121.080516][ T5703] hsr_slave_1: entered promiscuous mode
[ 121.850483][ T5703] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 121.903279][ T5703] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[ 121.905263][ T5703] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 121.934553][ T5703] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[ 121.935617][ T5703] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 121.975500][ T5703] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[ 121.976963][ T5703] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 122.011772][ T5703] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[ 122.283324][ T5703] 8021q: adding VLAN 0 to HW filter on device bond0
[ 122.328193][ T5703] 8021q: adding VLAN 0 to HW filter on device team0
[ 122.350537][ T3075] bridge0: port 1(bridge_slave_0) entered blocking state
[ 122.350705][ T3075] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 122.383271][ T3974] bridge0: port 2(bridge_slave_1) entered blocking state
[ 122.383407][ T3974] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 122.879199][ T5703] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 122.966397][ T5703] veth0_vlan: entered promiscuous mode
[ 122.989749][ T5703] veth1_vlan: entered promiscuous mode
[ 123.082594][ T5703] veth0_macvtap: entered promiscuous mode
[ 123.092956][ T5703] veth1_macvtap: entered promiscuous mode
[ 123.135151][ T5703] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 123.161736][ T5703] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 123.194322][ T3075] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 123.198616][ T3075] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 123.198920][ T3075] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 123.198965][ T3075] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 123.923702][ T72] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 124.754511][ T72] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2026/06/14 12:22:12 executed programs: 0
[ 125.550946][ T5686] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 125.552614][ T5686] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 125.553338][ T5686] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 125.554535][ T5686] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 125.555200][ T5686] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 125.795744][ T72] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 126.276977][ T72] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 126.469078][ T5753] bridge0: port 1(bridge_slave_0) entered blocking state
[ 126.469308][ T5753] bridge0: port 1(bridge_slave_0) entered disabled state
[ 126.469456][ T5753] bridge_slave_0: entered allmulticast mode
[ 126.471342][ T5753] bridge_slave_0: entered promiscuous mode
[ 126.473720][ T5753] bridge0: port 2(bridge_slave_1) entered blocking state
[ 126.473940][ T5753] bridge0: port 2(bridge_slave_1) entered disabled state
[ 126.474090][ T5753] bridge_slave_1: entered allmulticast mode
[ 126.475864][ T5753] bridge_slave_1: entered promiscuous mode
[ 126.539969][ T5753] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 126.545025][ T5753] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 126.621799][ T5753] team0: Port device team_slave_0 added
[ 126.626609][ T5753] team0: Port device team_slave_1 added
[ 126.701689][ T5753] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 126.701703][ T5753] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 126.701720][ T5753] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 126.704419][ T5753] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 126.704440][ T5753] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 126.704462][ T5753] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 126.896108][ T5753] hsr_slave_0: entered promiscuous mode
[ 126.899928][ T5753] hsr_slave_1: entered promiscuous mode
[ 126.911519][ T5753] debugfs: 'hsr0' already exists in 'hsr'
[ 126.911636][ T5753] Cannot create hsr debugfs directory
[ 127.028382][ T72] bridge_slave_1: left allmulticast mode
[ 127.028595][ T72] bridge_slave_1: left promiscuous mode
[ 127.037004][ T72] bridge0: port 2(bridge_slave_1) entered disabled state
[ 127.228398][ T72] bridge_slave_0: left allmulticast mode
[ 127.228421][ T72] bridge_slave_0: left promiscuous mode
[ 127.228583][ T72] bridge0: port 1(bridge_slave_0) entered disabled state
[ 127.701777][ T4924] Bluetooth: hci0: command tx timeout
[ 127.998054][ T72] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 128.058298][ T72] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 128.079208][ T72] bond0 (unregistering): Released all slaves
[ 128.326384][ T5271] 8021q: adding VLAN 0 to HW filter on device eth1
[ 128.687465][ T72] hsr_slave_0: left promiscuous mode
[ 128.727443][ T72] hsr_slave_1: left promiscuous mode
[ 128.728664][ T72] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 128.728761][ T72] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 128.769697][ T72] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 128.769723][ T72] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 128.871671][ T72] veth1_macvtap: left promiscuous mode
[ 128.871875][ T72] veth0_macvtap: left promiscuous mode
[ 128.872060][ T72] veth1_vlan: left promiscuous mode
[ 128.872247][ T72] veth0_vlan: left promiscuous mode
[ 129.547986][ T72] team0 (unregistering): Port device team_slave_1 removed
[ 129.587923][ T72] team0 (unregistering): Port device team_slave_0 removed
[ 129.776328][ T5271] 8021q: adding VLAN 0 to HW filter on device eth2
[ 129.788300][ T4924] Bluetooth: hci0: command tx timeout
[ 131.666594][ T5753] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 131.692020][ T5753] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[ 131.694161][ T5753] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 131.732855][ T5753] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[ 131.733697][ T5753] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 131.772705][ T5753] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[ 131.773725][ T5753] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 131.811046][ T5753] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[ 131.857968][ T4924] Bluetooth: hci0: command tx timeout
[ 131.939831][ T5753] 8021q: adding VLAN 0 to HW filter on device bond0
[ 131.968488][ T5753] 8021q: adding VLAN 0 to HW filter on device team0
[ 131.976346][ T3998] bridge0: port 1(bridge_slave_0) entered blocking state
[ 131.976469][ T3998] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 132.015016][ T56] bridge0: port 2(bridge_slave_1) entered blocking state
[ 132.015132][ T56] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 132.483166][ T5753] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 132.552024][ T5753] veth0_vlan: entered promiscuous mode
[ 132.571756][ T5753] veth1_vlan: entered promiscuous mode
[ 132.612187][ T5753] veth0_macvtap: entered promiscuous mode
[ 132.624500][ T5753] veth1_macvtap: entered promiscuous mode
[ 132.654340][ T5753] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 132.677832][ T5753] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 132.696088][ T56] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 132.708947][ T56] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 132.711646][ T56] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 132.711881][ T56] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 132.902088][ T1337] ieee802154 phy0 wpan0: encryption failed: -22
[ 132.902179][ T1337] ieee802154 phy1 wpan1: encryption failed: -22
[ 133.173587][ T72] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 133.173607][ T72] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 133.251504][ T181] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 133.251523][ T181] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2026/06/14 12:22:20 executed programs: 2
[ 133.621131][ T5874] loop0: detected capacity change from 0 to 32768
[ 133.738882][ T5874]
[ 133.738882][ T5874] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 133.738882][ T5874]
[ 133.833869][ T5753]
[ 133.833869][ T5753] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 133.833869][ T5753]
[ 133.836899][ T5753]
[ 133.836899][ T5753] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 133.836899][ T5753]
[ 133.950385][ T4924] Bluetooth: hci0: command tx timeout
[ 134.246335][ T5875] loop0: detected capacity change from 0 to 32768
[ 134.285340][ T5875]
[ 134.285340][ T5875] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 134.285340][ T5875]
[ 134.338030][ T5753]
[ 134.338030][ T5753] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 134.338030][ T5753]
[ 134.341577][ T5753]
[ 134.341577][ T5753] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 134.341577][ T5753]
[ 134.704912][ T5876] loop0: detected capacity change from 0 to 32768
[ 134.719620][ T5876]
[ 134.719620][ T5876] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 134.719620][ T5876]
[ 134.780762][ T5753]
[ 134.780762][ T5753] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 134.780762][ T5753]
[ 134.798363][ T5753]
[ 134.798363][ T5753] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 134.798363][ T5753]
[ 135.116981][ T5877] loop0: detected capacity change from 0 to 32768
[ 135.129991][ T5877]
[ 135.129991][ T5877] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 135.129991][ T5877]
[ 135.181724][ T5753]
[ 135.181724][ T5753] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 135.181724][ T5753]
[ 135.182888][ T5753]
[ 135.182888][ T5753] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 135.182888][ T5753]
[ 135.491077][ T5878] loop0: detected capacity change from 0 to 32768
[ 135.510937][ T5878]
[ 135.510937][ T5878] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 135.510937][ T5878]
[ 135.567817][ T5753]
[ 135.567817][ T5753] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 135.567817][ T5753]
[ 135.568112][ T5753]
[ 135.568112][ T5753] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 135.568112][ T5753]
[ 135.916923][ T5879] loop0: detected capacity change from 0 to 32768
[ 135.931616][ T5879]
[ 135.931616][ T5879] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 135.931616][ T5879]
[ 135.978891][ T5753]
[ 135.978891][ T5753] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 135.978891][ T5753]
[ 135.979277][ T5753]
[ 135.979277][ T5753] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 135.979277][ T5753]
[ 136.318250][ T5880] loop0: detected capacity change from 0 to 32768
[ 136.350746][ T5880]
[ 136.350746][ T5880] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 136.350746][ T5880]
[ 136.379728][ T5753]
[ 136.379728][ T5753] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 136.379728][ T5753]
[ 136.391341][ T5753]
[ 136.391341][ T5753] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 136.391341][ T5753]
[ 136.736667][ T5881] loop0: detected capacity change from 0 to 32768
[ 136.795895][ T5881]
[ 136.795895][ T5881] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 136.795895][ T5881]
[ 136.847671][ T5753]
[ 136.847671][ T5753] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 136.847671][ T5753]
[ 136.847851][ T5753]
[ 136.847851][ T5753] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 136.847851][ T5753]
[ 137.160730][ T5882] loop0: detected capacity change from 0 to 32768
[ 137.169143][ T5882]
[ 137.169143][ T5882] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 137.169143][ T5882]
[ 137.198067][ T5753]
[ 137.198067][ T5753] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 137.198067][ T5753]
[ 137.198360][ T5753]
[ 137.198360][ T5753] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 137.198360][ T5753]
[ 137.531481][ T5883] loop0: detected capacity change from 0 to 32768
[ 137.545851][ T5883]
[ 137.545851][ T5883] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 137.545851][ T5883]
[ 137.577688][ T5753]
[ 137.577688][ T5753] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 137.577688][ T5753]
[ 137.577896][ T5753]
[ 137.577896][ T5753] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 137.577896][ T5753]
[ 137.888877][ T5884]
[ 137.888877][ T5884] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 137.888877][ T5884]
[ 137.927926][ T5753]
[ 137.927926][ T5753] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 137.927926][ T5753]
[ 137.928304][ T5753]
[ 137.928304][ T5753] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 137.928304][ T5753]
[ 138.298401][ T5885]
[ 138.298401][ T5885] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 138.298401][ T5885]
[ 138.339377][ T5753]
[ 138.339377][ T5753] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 138.339377][ T5753]
[ 138.340543][ T5753]
[ 138.340543][ T5753] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 138.340543][ T5753]
[ 138.361413][ T3998] ==================================================================
[ 138.361429][ T3998] BUG: KASAN: use-after-free in copy_folio_from_iter_atomic+0xbbf/0x1a30
[ 138.361457][ T3998] Read of size 4096 at addr ffff888035dbe000 by task kworker/u8:13/3998
[ 138.361471][ T3998]
[ 138.361494][ T3998] CPU: 0 UID: 0 PID: 3998 Comm: kworker/u8:13 Not tainted syzkaller #0 PREEMPT_{RT,(full)}
[ 138.361513][ T3998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 138.361522][ T3998] Workqueue: loop0 loop_workfn
[ 138.361558][ T3998] Call Trace:
[ 138.361568][ T3998]
[ 138.361575][ T3998] dump_stack_lvl+0xe8/0x150
[ 138.361599][ T3998] print_address_description+0x55/0x1e0
[ 138.361621][ T3998] ? copy_folio_from_iter_atomic+0xbbf/0x1a30
[ 138.361641][ T3998] print_report+0x58/0x70
[ 138.361659][ T3998] kasan_report+0x117/0x150
[ 138.361678][ T3998] ? copy_folio_from_iter_atomic+0xbbf/0x1a30
[ 138.361702][ T3998] kasan_check_range+0x264/0x2c0
[ 138.361721][ T3998] ? copy_folio_from_iter_atomic+0xbbf/0x1a30
[ 138.361742][ T3998] __asan_memcpy+0x29/0x70
[ 138.361758][ T3998] copy_folio_from_iter_atomic+0xbbf/0x1a30
[ 138.361787][ T3998] ? __pfx_copy_folio_from_iter_atomic+0x10/0x10
[ 138.361809][ T3998] ? rcu_is_watching+0x15/0xb0
[ 138.361827][ T3998] ? shmem_write_begin+0x1ce/0x320
[ 138.361847][ T3998] generic_perform_write+0x5a8/0x8b0
[ 138.361874][ T3998] ? __pfx_generic_perform_write+0x10/0x10
[ 138.361894][ T3998] ? __mark_inode_dirty+0x4e7/0x13b0
[ 138.361917][ T3998] ? preempt_count_add+0x91/0x190
[ 138.361933][ T3998] ? mnt_put_write_access_file+0xbf/0x100
[ 138.361955][ T3998] ? file_update_time_flags+0x406/0x4b0
[ 138.361977][ T3998] shmem_file_write_iter+0xfb/0x120
[ 138.361998][ T3998] lo_rw_aio+0xc78/0xf30
[ 138.362022][ T3998] ? __pfx_lo_rw_aio+0x10/0x10
[ 138.362043][ T3998] ? kthread_associate_blkcg+0x490/0x600
[ 138.362062][ T3998] ? rt_spin_unlock+0x160/0x200
[ 138.362079][ T3998] loop_process_work+0x638/0x11d0
[ 138.362105][ T3998] ? __pfx_loop_process_work+0x10/0x10
[ 138.362123][ T3998] ? look_up_lock_class+0x57/0x110
[ 138.362144][ T3998] ? register_lock_class+0x31/0x2e0
[ 138.362217][ T3998] ? __lock_acquire+0x683/0x2ce0
[ 138.362243][ T3998] ? do_raw_spin_lock+0x12b/0x2f0
[ 138.362262][ T3998] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 138.362282][ T3998] ? process_one_work+0x8cd/0x12b0
[ 138.362306][ T3998] ? process_one_work+0x8cd/0x12b0
[ 138.362329][ T3998] ? process_one_work+0x8cd/0x12b0
[ 138.362351][ T3998] ? rcu_is_watching+0x15/0xb0
[ 138.362366][ T3998] ? process_one_work+0x8cd/0x12b0
[ 138.362388][ T3998] ? process_one_work+0x8cd/0x12b0
[ 138.362409][ T3998] process_one_work+0x93a/0x12b0
[ 138.362438][ T3998] ? __pfx_process_one_work+0x10/0x10
[ 138.362460][ T3998] ? do_raw_spin_lock+0x12b/0x2f0
[ 138.362480][ T3998] ? assign_work+0x3cf/0x5d0
[ 138.362504][ T3998] worker_thread+0xb05/0x10d0
[ 138.362529][ T3998] kthread+0x388/0x470
[ 138.362548][ T3998] ? __pfx_worker_thread+0x10/0x10
[ 138.362562][ T3998] ? __pfx_kthread+0x10/0x10
[ 138.362580][ T3998] ret_from_fork+0x514/0xb70
[ 138.362601][ T3998] ? __pfx_ret_from_fork+0x10/0x10
[ 138.362620][ T3998] ? __switch_to+0xc89/0x1420
[ 138.362642][ T3998] ? __pfx_kthread+0x10/0x10
[ 138.362660][ T3998] ret_from_fork_asm+0x1a/0x30
[ 138.362687][ T3998]
[ 138.362693][ T3998]
[ 138.362703][ T3998] The buggy address belongs to the physical page:
[ 138.362716][ T3998] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x35dbe
[ 138.362736][ T3998] flags: 0x80000000000000(node=0|zone=1)
[ 138.362755][ T3998] raw: 0080000000000000 ffffea0000d5a0c8 ffffea000093f088 0000000000000000
[ 138.362767][ T3998] raw: ffff888000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 138.362775][ T3998] page dumped because: kasan: bad access detected
[ 138.362786][ T3998] page_owner tracks the page as freed
[ 138.362792][ T3998] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xdc0(GFP_KERNEL|__GFP_ZERO), pid 5885, tgid 5885 (syz.0.28), ts 138294793894, free_ts 138359751283
[ 138.362820][ T3998] post_alloc_hook+0x1f9/0x250
[ 138.362836][ T3998] get_page_from_freelist+0x2639/0x26b0
[ 138.362854][ T3998] __alloc_frozen_pages_noprof+0x18d/0x380
[ 138.362872][ T3998] alloc_pages_mpol+0xce/0x280
[ 138.362891][ T3998] alloc_pages_noprof+0xd2/0x2f0
[ 138.362908][ T3998] lmLogInit+0x357/0x1a20
[ 138.362927][ T3998] lmLogOpen+0x4e3/0xf90
[ 138.362944][ T3998] jfs_mount_rw+0xf3/0x670
[ 138.362966][ T3998] jfs_fill_super+0x769/0xda0
[ 138.362981][ T3998] get_tree_bdev_flags+0x430/0x4f0
[ 138.363000][ T3998] vfs_get_tree+0x92/0x2a0
[ 138.363017][ T3998] do_new_mount+0x319/0xdc0
[ 138.363031][ T3998] __se_sys_mount+0x31d/0x420
[ 138.363046][ T3998] do_syscall_64+0x174/0x580
[ 138.363065][ T3998] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 138.363080][ T3998] page last free pid 5753 tgid 5753 stack trace:
[ 138.363088][ T3998] __free_frozen_pages+0x10de/0x11c0
[ 138.363104][ T3998] lmLogShutdown+0x44e/0x850
[ 138.363122][ T3998] lmLogClose+0x28c/0x530
[ 138.363141][ T3998] jfs_umount+0x2da/0x3b0
[ 138.363158][ T3998] jfs_put_super+0x8c/0x190
[ 138.363179][ T3998] generic_shutdown_super+0x13d/0x2d0
[ 138.363196][ T3998] kill_block_super+0x44/0x90
[ 138.363213][ T3998] deactivate_locked_super+0xbc/0x130
[ 138.363229][ T3998] cleanup_mnt+0x3d3/0x460
[ 138.363247][ T3998] task_work_run+0x1d9/0x270
[ 138.363264][ T3998] exit_to_user_mode_loop+0x1fa/0x730
[ 138.363284][ T3998] do_syscall_64+0x353/0x580
[ 138.363302][ T3998] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 138.363316][ T3998]
[ 138.363320][ T3998] Memory state around the buggy address:
[ 138.363328][ T3998] ffff888035dbdf00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 138.363339][ T3998] ffff888035dbdf80: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[ 138.363349][ T3998] >ffff888035dbe000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 138.363356][ T3998] ^
[ 138.363363][ T3998] ffff888035dbe080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 138.363373][ T3998] ffff888035dbe100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 138.363380][ T3998] ==================================================================
[ 138.365008][ T3998] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 138.365067][ T3998] CPU: 0 UID: 0 PID: 3998 Comm: kworker/u8:13 Not tainted syzkaller #0 PREEMPT_{RT,(full)}
[ 138.365088][ T3998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 138.365099][ T3998] Workqueue: loop0 loop_workfn
[ 138.365124][ T3998] Call Trace:
[ 138.365137][ T3998]
[ 138.365143][ T3998] vpanic+0x56c/0xa60
[ 138.365168][ T3998] ? __pfx_vpanic+0x10/0x10
[ 138.365193][ T3998] panic+0xc5/0xd0
[ 138.365213][ T3998] ? __pfx_panic+0x10/0x10
[ 138.365234][ T3998] ? preempt_schedule_thunk+0x16/0x40
[ 138.365253][ T3998] ? copy_folio_from_iter_atomic+0xbbf/0x1a30
[ 138.365274][ T3998] ? preempt_schedule_thunk+0x16/0x40
[ 138.365291][ T3998] ? copy_folio_from_iter_atomic+0xbbf/0x1a30
[ 138.365312][ T3998] check_panic_on_warn+0x89/0xb0
[ 138.365332][ T3998] ? copy_folio_from_iter_atomic+0xbbf/0x1a30
[ 138.365352][ T3998] end_report+0x73/0x170
[ 138.365385][ T3998] ? copy_folio_from_iter_atomic+0xbbf/0x1a30
[ 138.365407][ T3998] kasan_report+0x128/0x150
[ 138.365427][ T3998] ? copy_folio_from_iter_atomic+0xbbf/0x1a30
[ 138.365451][ T3998] kasan_check_range+0x264/0x2c0
[ 138.365470][ T3998] ? copy_folio_from_iter_atomic+0xbbf/0x1a30
[ 138.365488][ T3998] __asan_memcpy+0x29/0x70
[ 138.365501][ T3998] copy_folio_from_iter_atomic+0xbbf/0x1a30
[ 138.365527][ T3998] ? __pfx_copy_folio_from_iter_atomic+0x10/0x10
[ 138.365547][ T3998] ? rcu_is_watching+0x15/0xb0
[ 138.365567][ T3998] ? shmem_write_begin+0x1ce/0x320
[ 138.365585][ T3998] generic_perform_write+0x5a8/0x8b0
[ 138.365608][ T3998] ? __pfx_generic_perform_write+0x10/0x10
[ 138.365626][ T3998] ? __mark_inode_dirty+0x4e7/0x13b0
[ 138.365646][ T3998] ? preempt_count_add+0x91/0x190
[ 138.365661][ T3998] ? mnt_put_write_access_file+0xbf/0x100
[ 138.365691][ T3998] ? file_update_time_flags+0x406/0x4b0
[ 138.365718][ T3998] shmem_file_write_iter+0xfb/0x120
[ 138.365740][ T3998] lo_rw_aio+0xc78/0xf30
[ 138.365764][ T3998] ? __pfx_lo_rw_aio+0x10/0x10
[ 138.365786][ T3998] ? kthread_associate_blkcg+0x490/0x600
[ 138.365807][ T3998] ? rt_spin_unlock+0x160/0x200
[ 138.365826][ T3998] loop_process_work+0x638/0x11d0
[ 138.365853][ T3998] ? __pfx_loop_process_work+0x10/0x10
[ 138.365872][ T3998] ? look_up_lock_class+0x57/0x110
[ 138.365893][ T3998] ? register_lock_class+0x31/0x2e0
[ 138.365917][ T3998] ? __lock_acquire+0x683/0x2ce0
[ 138.365943][ T3998] ? do_raw_spin_lock+0x12b/0x2f0
[ 138.365963][ T3998] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 138.365984][ T3998] ? process_one_work+0x8cd/0x12b0
[ 138.366007][ T3998] ? process_one_work+0x8cd/0x12b0
[ 138.366030][ T3998] ? process_one_work+0x8cd/0x12b0
[ 138.366051][ T3998] ? rcu_is_watching+0x15/0xb0
[ 138.366067][ T3998] ? process_one_work+0x8cd/0x12b0
[ 138.366090][ T3998] ? process_one_work+0x8cd/0x12b0
[ 138.366117][ T3998] process_one_work+0x93a/0x12b0
[ 138.366148][ T3998] ? __pfx_process_one_work+0x10/0x10
[ 138.366169][ T3998] ? do_raw_spin_lock+0x12b/0x2f0
[ 138.366190][ T3998] ? assign_work+0x3cf/0x5d0
[ 138.366214][ T3998] worker_thread+0xb05/0x10d0
[ 138.366240][ T3998] kthread+0x388/0x470
[ 138.366260][ T3998] ? __pfx_worker_thread+0x10/0x10
[ 138.366275][ T3998] ? __pfx_kthread+0x10/0x10
[ 138.366294][ T3998] ret_from_fork+0x514/0xb70
[ 138.366316][ T3998] ? __pfx_ret_from_fork+0x10/0x10
[ 138.366335][ T3998] ? __switch_to+0xc89/0x1420
[ 138.366354][ T3998] ? __pfx_kthread+0x10/0x10
[ 138.366378][ T3998] ret_from_fork_asm+0x1a/0x30
[ 138.366411][ T3998]
[ 138.366700][ T3998] Kernel Offset: disabled