Warning: Permanently added '10.128.0.80' (ED25519) to the list of known hosts.
2026/04/13 02:49:11 parsed 1 programs
[   90.621570][ T5772] cgroup: Unknown subsys name 'net'
[   90.763624][ T5772] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   92.295194][   T23] cfg80211: failed to load regulatory.db
[   92.546833][ T5772] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   94.675514][ T5795] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   94.686177][ T5796] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   94.695074][ T5796] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   94.704624][ T5796] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   94.713285][ T5796] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   94.721471][ T5796] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   96.777883][ T3448] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.802792][ T3448] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.851590][ T3448] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.861307][ T3448] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   98.576508][ T5858] chnl_net:caif_netlink_parms(): no params data found
[   98.667112][ T5858] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.675690][ T5858] bridge0: port 1(bridge_slave_0) entered disabled state
[   98.683108][ T5858] bridge_slave_0: entered allmulticast mode
[   98.690271][ T5858] bridge_slave_0: entered promiscuous mode
[   98.700702][ T5858] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.708950][ T5858] bridge0: port 2(bridge_slave_1) entered disabled state
[   98.716513][ T5858] bridge_slave_1: entered allmulticast mode
[   98.723991][ T5858] bridge_slave_1: entered promiscuous mode
[   98.788324][ T5858] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   98.806360][ T5858] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   98.864675][ T5858] team0: Port device team_slave_0 added
[   98.874825][ T5858] team0: Port device team_slave_1 added
[   98.900666][ T5858] batman_adv: batadv0: Adding interface: batadv_slave_0
[   98.907769][ T5858] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   98.934034][ T5858] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   98.947422][ T5858] batman_adv: batadv0: Adding interface: batadv_slave_1
[   98.954796][ T5858] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   98.981190][ T5858] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   99.039565][ T5858] hsr_slave_0: entered promiscuous mode
[   99.046266][ T5858] hsr_slave_1: entered promiscuous mode
[   99.255065][ T5858] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   99.269509][ T5858] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   99.280774][ T5858] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   99.291680][ T5858] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   99.417685][ T5858] 8021q: adding VLAN 0 to HW filter on device bond0
[   99.458828][ T5858] 8021q: adding VLAN 0 to HW filter on device team0
[   99.472096][   T42] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.479555][   T42] bridge0: port 1(bridge_slave_0) entered forwarding state
[   99.503712][ T3423] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.510865][ T3423] bridge0: port 2(bridge_slave_1) entered forwarding state
[   99.808771][ T5858] 8021q: adding VLAN 0 to HW filter on device batadv0
[   99.861545][ T5858] veth0_vlan: entered promiscuous mode
[   99.875748][ T5858] veth1_vlan: entered promiscuous mode
[   99.908875][ T5858] veth0_macvtap: entered promiscuous mode
[   99.919659][ T5858] veth1_macvtap: entered promiscuous mode
[   99.940168][ T5858] batman_adv: batadv0: Interface activated: batadv_slave_0
[   99.955818][ T5858] batman_adv: batadv0: Interface activated: batadv_slave_1
[   99.969115][ T5858] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   99.979408][ T5858] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   99.988581][ T5858] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   99.998249][ T5858] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  100.151021][ T3423] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2026/04/13 02:49:24 executed programs: 0
[  100.582412][ T5084] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  100.591231][ T5084] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  100.601289][ T5084] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  100.609847][ T5084] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  100.620314][ T5084] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  100.628112][ T5084] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  100.786632][ T5876] chnl_net:caif_netlink_parms(): no params data found
[  100.860179][ T5876] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.867800][ T5876] bridge0: port 1(bridge_slave_0) entered disabled state
[  100.875347][ T5876] bridge_slave_0: entered allmulticast mode
[  100.882616][ T5876] bridge_slave_0: entered promiscuous mode
[  100.894276][ T5876] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.901725][ T5876] bridge0: port 2(bridge_slave_1) entered disabled state
[  100.909678][ T5876] bridge_slave_1: entered allmulticast mode
[  100.917022][ T5876] bridge_slave_1: entered promiscuous mode
[  100.950298][ T5876] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  100.962925][ T5876] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  100.998815][ T5876] team0: Port device team_slave_0 added
[  101.008176][ T5876] team0: Port device team_slave_1 added
[  101.039371][ T5876] batman_adv: batadv0: Adding interface: batadv_slave_0
[  101.046972][ T5876] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  101.073803][ T5876] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  101.087921][ T5876] batman_adv: batadv0: Adding interface: batadv_slave_1
[  101.095068][ T5876] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  101.122177][ T5876] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  101.174840][ T5876] hsr_slave_0: entered promiscuous mode
[  101.181526][ T5876] hsr_slave_1: entered promiscuous mode
[  101.189079][ T5876] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  101.197244][ T5876] Cannot create hsr debugfs directory
[  102.693759][ T5084] Bluetooth: hci0: command tx timeout
[  102.930594][ T3423] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  104.774691][ T5084] Bluetooth: hci0: command tx timeout
[  105.127155][ T3423] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  105.195408][ T3423] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  106.131029][ T5876] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  106.145932][ T5876] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  106.166208][ T3423] hsr_slave_0: left promiscuous mode
[  106.173310][ T3423] hsr_slave_1: left promiscuous mode
[  106.180072][ T3423] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  106.188595][ T3423] batman_adv: batadv0: Removing interface: batadv_slave_0
[  106.201932][ T3423] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  106.210255][ T3423] batman_adv: batadv0: Removing interface: batadv_slave_1
[  106.218838][ T3423] bridge_slave_1: left allmulticast mode
[  106.225024][ T3423] bridge_slave_1: left promiscuous mode
[  106.232085][ T3423] bridge0: port 2(bridge_slave_1) entered disabled state
[  106.246662][ T3423] bridge_slave_0: left allmulticast mode
[  106.252932][ T3423] bridge_slave_0: left promiscuous mode
[  106.258806][ T3423] bridge0: port 1(bridge_slave_0) entered disabled state
[  106.292614][ T3423] veth1_macvtap: left promiscuous mode
[  106.299402][ T3423] veth0_macvtap: left promiscuous mode
[  106.306996][ T3423] veth1_vlan: left promiscuous mode
[  106.313257][ T3423] veth0_vlan: left promiscuous mode
[  106.857046][ T5084] Bluetooth: hci0: command tx timeout
[  106.870998][ T3423] team0 (unregistering): Port device team_slave_1 removed
[  106.906064][ T3423] team0 (unregistering): Port device team_slave_0 removed
[  106.945540][ T3423] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  106.989815][ T3423] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  107.252215][ T3423] bond0 (unregistering): Released all slaves
[  107.357871][ T5876] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  107.369199][ T5876] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  107.467359][ T5876] 8021q: adding VLAN 0 to HW filter on device bond0
[  107.489498][ T5876] 8021q: adding VLAN 0 to HW filter on device team0
[  107.507022][   T42] bridge0: port 1(bridge_slave_0) entered blocking state
[  107.514237][   T42] bridge0: port 1(bridge_slave_0) entered forwarding state
[  107.541448][ T3448] bridge0: port 2(bridge_slave_1) entered blocking state
[  107.548670][ T3448] bridge0: port 2(bridge_slave_1) entered forwarding state
[  107.806246][ T5876] 8021q: adding VLAN 0 to HW filter on device batadv0
[  107.852105][ T5876] veth0_vlan: entered promiscuous mode
[  107.864161][ T5876] veth1_vlan: entered promiscuous mode
[  107.907644][ T5876] veth0_macvtap: entered promiscuous mode
[  107.924006][ T5876] veth1_macvtap: entered promiscuous mode
[  107.945042][ T5876] batman_adv: batadv0: Interface activated: batadv_slave_0
[  107.960606][ T5876] batman_adv: batadv0: Interface activated: batadv_slave_1
[  107.980491][ T5876] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  107.989979][ T5876] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  107.998816][ T5876] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  108.007636][ T5876] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  108.079019][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.092637][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
2026/04/13 02:49:31 executed programs: 2
[  108.125048][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.133149][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  108.187313][ T5919] syz.0.17[5919]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[  108.425783][ T5919] loop0: detected capacity change from 0 to 32768
[  108.474624][ T5919] 
[  108.474624][ T5919]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  108.474624][ T5919] 
[  108.499471][ T5919] 
[  108.499471][ T5919]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  108.499471][ T5919] 
[  108.511321][ T5919] 
[  108.511321][ T5919]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  108.511321][ T5919] 
[  108.522393][ T5919] 
[  108.522393][ T5919]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  108.522393][ T5919] 
[  108.536039][ T5919] 
[  108.536039][ T5919]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  108.536039][ T5919] 
[  108.547395][ T5919] 
[  108.547395][ T5919]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  108.547395][ T5919] 
[  108.565839][  T113] 
[  108.565839][  T113]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  108.565839][  T113] 
[  108.587172][   T78] 
[  108.587172][   T78]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  108.587172][   T78] 
[  108.599292][   T78] 
[  108.599292][   T78]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  108.599292][   T78] 
[  108.618734][ T5876] 
[  108.618734][ T5876]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  108.618734][ T5876] 
[  108.637697][  T112] 
[  108.637697][  T112]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  108.637697][  T112] 
[  108.654234][ T5876] 
[  108.654234][ T5876]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  108.654234][ T5876] 
[  108.934623][ T5084] Bluetooth: hci0: command tx timeout
[  108.988973][ T5920] loop0: detected capacity change from 0 to 32768
[  109.002072][ T5920] 
[  109.002072][ T5920]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  109.002072][ T5920] 
[  109.025427][ T5920] 
[  109.025427][ T5920]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  109.025427][ T5920] 
[  109.036743][ T5920] 
[  109.036743][ T5920]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  109.036743][ T5920] 
[  109.048244][ T5920] 
[  109.048244][ T5920]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  109.048244][ T5920] 
[  109.059907][ T5920] 
[  109.059907][ T5920]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  109.059907][ T5920] 
[  109.071102][ T5920] 
[  109.071102][ T5920]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  109.071102][ T5920] 
[  109.087803][  T112] 
[  109.087803][  T112]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  109.087803][  T112] 
[  109.103476][   T78] 
[  109.103476][   T78]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  109.103476][   T78] 
[  109.118655][   T78] 
[  109.118655][   T78]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  109.118655][   T78] 
[  109.130782][ T5876] 
[  109.130782][ T5876]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  109.130782][ T5876] 
[  109.149196][  T113] 
[  109.149196][  T113]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  109.149196][  T113] 
[  109.173931][ T5876] 
[  109.173931][ T5876]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  109.173931][ T5876] 
[  109.542359][ T5921] loop0: detected capacity change from 0 to 32768
[  109.561378][ T5921] 
[  109.561378][ T5921]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  109.561378][ T5921] 
[  109.576738][ T5921] 
[  109.576738][ T5921]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  109.576738][ T5921] 
[  109.589781][ T5921] 
[  109.589781][ T5921]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  109.589781][ T5921] 
[  109.601571][ T5921] 
[  109.601571][ T5921]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  109.601571][ T5921] 
[  109.614188][ T5921] 
[  109.614188][ T5921]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  109.614188][ T5921] 
[  109.626009][ T5921] 
[  109.626009][ T5921]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  109.626009][ T5921] 
[  109.642377][  T112] 
[  109.642377][  T112]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  109.642377][  T112] 
[  109.656592][   T42] 
[  109.656592][   T42]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  109.656592][   T42] 
[  109.668814][   T42] 
[  109.668814][   T42]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  109.668814][   T42] 
[  109.679800][ T5876] 
[  109.679800][ T5876]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  109.679800][ T5876] 
[  109.707755][ T5876] 
[  109.707755][ T5876]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  109.707755][ T5876] 
[  109.719934][  T113] 
[  109.719934][  T113]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  109.719934][  T113] 
[  109.742748][  T113] ==================================================================
[  109.750888][  T113] BUG: KASAN: slab-use-after-free in txEnd+0x32d/0x520
[  109.758964][  T113] Write of size 8 at addr ffff88802b4e5840 by task jfsCommit/113
[  109.766722][  T113] 
[  109.769183][  T113] CPU: 0 PID: 113 Comm: jfsCommit Not tainted syzkaller #0
[  109.776408][  T113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  109.786763][  T113] Call Trace:
[  109.790172][  T113]  <TASK>
[  109.793130][  T113]  dump_stack_lvl+0x18c/0x250
[  109.797865][  T113]  ? __lock_acquire+0x7d40/0x7d40
[  109.802931][  T113]  ? show_regs_print_info+0x20/0x20
[  109.808178][  T113]  ? load_image+0x420/0x420
[  109.812720][  T113]  ? _raw_spin_lock_irqsave+0xc0/0x100
[  109.818217][  T113]  ? __virt_addr_valid+0x18c/0x540
[  109.823382][  T113]  ? __virt_addr_valid+0x469/0x540
[  109.828626][  T113]  print_report+0xa8/0x210
[  109.833088][  T113]  ? txEnd+0x32d/0x520
[  109.837202][  T113]  kasan_report+0x117/0x150
[  109.841749][  T113]  ? txEnd+0x32d/0x520
[  109.845981][  T113]  kasan_check_range+0x241/0x290
[  109.850979][  T113]  txEnd+0x32d/0x520
[  109.854913][  T113]  jfs_lazycommit+0x5a4/0xa70
[  109.859723][  T113]  ? txFreelock+0x5a0/0x5a0
[  109.864255][  T113]  ? do_task_dead+0xd0/0xd0
[  109.868869][  T113]  ? __kthread_parkme+0x7a/0x1c0
[  109.873833][  T113]  kthread+0x2fa/0x390
[  109.877924][  T113]  ? txFreelock+0x5a0/0x5a0
[  109.882469][  T113]  ? kthread_blkcg+0xd0/0xd0
[  109.887111][  T113]  ret_from_fork+0x48/0x80
[  109.891673][  T113]  ? kthread_blkcg+0xd0/0xd0
[  109.896299][  T113]  ret_from_fork_asm+0x11/0x20
[  109.901108][  T113]  </TASK>
[  109.904151][  T113] 
[  109.906497][  T113] Allocated by task 5921:
[  109.910856][  T113]  kasan_set_track+0x4e/0x70
[  109.915472][  T113]  __kasan_kmalloc+0x8f/0xa0
[  109.920087][  T113]  lmLogOpen+0x2df/0xfb0
[  109.924359][  T113]  jfs_mount_rw+0xef/0x670
[  109.928805][  T113]  jfs_fill_super+0x598/0xad0
[  109.933512][  T113]  mount_bdev+0x221/0x2d0
[  109.937875][  T113]  legacy_get_tree+0xea/0x180
[  109.942673][  T113]  vfs_get_tree+0x8c/0x280
[  109.947291][  T113]  do_new_mount+0x24b/0xa40
[  109.951819][  T113]  __se_sys_mount+0x2e7/0x3d0
[  109.956534][  T113]  do_syscall_64+0x55/0xa0
[  109.960977][  T113]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  109.966897][  T113] 
[  109.969246][  T113] Freed by task 5876:
[  109.973260][  T113]  kasan_set_track+0x4e/0x70
[  109.977874][  T113]  kasan_save_free_info+0x2e/0x50
[  109.982926][  T113]  ____kasan_slab_free+0x126/0x1e0
[  109.988088][  T113]  slab_free_freelist_hook+0x130/0x1a0
[  109.993577][  T113]  __kmem_cache_free+0xba/0x1e0
[  109.998464][  T113]  lmLogClose+0x297/0x520
[  110.002821][  T113]  jfs_umount+0x2ef/0x3c0
[  110.007186][  T113]  jfs_put_super+0x8c/0x190
[  110.011725][  T113]  generic_shutdown_super+0x134/0x2b0
[  110.017144][  T113]  kill_block_super+0x44/0x90
[  110.021896][  T113]  deactivate_locked_super+0x97/0x100
[  110.027320][  T113]  cleanup_mnt+0x43b/0x4d0
[  110.031793][  T113]  task_work_run+0x1d4/0x260
[  110.036443][  T113]  exit_to_user_mode_loop+0xe6/0x110
[  110.041808][  T113]  exit_to_user_mode_prepare+0xee/0x180
[  110.047392][  T113]  syscall_exit_to_user_mode+0x1a/0x50
[  110.052915][  T113]  do_syscall_64+0x61/0xa0
[  110.057381][  T113]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  110.063386][  T113] 
[  110.065728][  T113] The buggy address belongs to the object at ffff88802b4e5800
[  110.065728][  T113]  which belongs to the cache kmalloc-1k of size 1024
[  110.079801][  T113] The buggy address is located 64 bytes inside of
[  110.079801][  T113]  freed 1024-byte region [ffff88802b4e5800, ffff88802b4e5c00)
[  110.093747][  T113] 
[  110.096205][  T113] The buggy address belongs to the physical page:
[  110.102702][  T113] page:ffffea0000ad3800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2b4e0
[  110.112972][  T113] head:ffffea0000ad3800 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  110.122193][  T113] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  110.130209][  T113] page_type: 0xffffffff()
[  110.134572][  T113] raw: 00fff00000000840 ffff888017c41dc0 dead000000000122 0000000000000000
[  110.143196][  T113] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[  110.151802][  T113] page dumped because: kasan: bad access detected
[  110.158344][  T113] page_owner tracks the page as allocated
[  110.164080][  T113] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 3423, tgid 3423 (kworker/u4:8), ts 108804139973, free_ts 108499508372
[  110.184966][  T113]  post_alloc_hook+0x1c1/0x200
[  110.189770][  T113]  get_page_from_freelist+0x1951/0x19e0
[  110.195359][  T113]  __alloc_pages+0x1f0/0x460
[  110.199968][  T113]  alloc_slab_page+0x5d/0x160
[  110.204692][  T113]  new_slab+0x87/0x2d0
[  110.208782][  T113]  ___slab_alloc+0xc5d/0x12f0
[  110.213505][  T113]  __kmem_cache_alloc_node+0x19e/0x250
[  110.218999][  T113]  __kmalloc+0xa4/0x230
[  110.223190][  T113]  ieee802_11_parse_elems_full+0xb9/0x20c0
[  110.229057][  T113]  ieee80211_ibss_rx_queued_mgmt+0x4b5/0x2c80
[  110.235164][  T113]  ieee80211_iface_work+0x717/0xc70
[  110.240401][  T113]  cfg80211_wiphy_work+0x225/0x260
[  110.245586][  T113]  process_scheduled_works+0xa5d/0x15d0
[  110.251243][  T113]  worker_thread+0xa55/0xfc0
[  110.255902][  T113]  kthread+0x2fa/0x390
[  110.260036][  T113]  ret_from_fork+0x48/0x80
[  110.264481][  T113] page last free stack trace:
[  110.269184][  T113]  free_unref_page_prepare+0x7b2/0x8c0
[  110.274792][  T113]  free_unref_page+0x32/0x2e0
[  110.279503][  T113]  __slab_free+0x35a/0x400
[  110.283948][  T113]  qlist_free_all+0x75/0xd0
[  110.288482][  T113]  kasan_quarantine_reduce+0x143/0x160
[  110.293978][  T113]  __kasan_slab_alloc+0x22/0x80
[  110.298854][  T113]  slab_post_alloc_hook+0x6e/0x4b0
[  110.304027][  T113]  kmem_cache_alloc+0x11a/0x2d0
[  110.308912][  T113]  __anon_vma_prepare+0x68/0x430
[  110.313994][  T113]  handle_mm_fault+0x401d/0x4c00
[  110.318949][  T113]  do_user_addr_fault+0x730/0x12c0
[  110.324172][  T113]  exc_page_fault+0x64/0x100
[  110.328796][  T113]  asm_exc_page_fault+0x26/0x30
[  110.333672][  T113] 
[  110.336039][  T113] Memory state around the buggy address:
[  110.341691][  T113]  ffff88802b4e5700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  110.349776][  T113]  ffff88802b4e5780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  110.357858][  T113] >ffff88802b4e5800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  110.365930][  T113]                                            ^
[  110.372138][  T113]  ffff88802b4e5880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  110.380306][  T113]  ffff88802b4e5900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  110.388384][  T113] ==================================================================
[  110.407765][  T113] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  110.415195][  T113] CPU: 1 PID: 113 Comm: jfsCommit Not tainted syzkaller #0
[  110.422424][  T113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  110.432534][  T113] Call Trace:
[  110.435861][  T113]  <TASK>
[  110.438843][  T113]  dump_stack_lvl+0x18c/0x250
[  110.443583][  T113]  ? show_regs_print_info+0x20/0x20
[  110.448842][  T113]  ? load_image+0x420/0x420
[  110.453405][  T113]  panic+0x2dc/0x730
[  110.457353][  T113]  ? bpf_jit_dump+0xd0/0xd0
[  110.461917][  T113]  ? _raw_spin_unlock_irqrestore+0x111/0x120
[  110.467953][  T113]  ? _raw_spin_unlock+0x40/0x40
[  110.472849][  T113]  ? print_memory_metadata+0x314/0x400
[  110.478420][  T113]  ? txEnd+0x32d/0x520
[  110.482559][  T113]  check_panic_on_warn+0x84/0xa0
[  110.487556][  T113]  ? txEnd+0x32d/0x520
[  110.491678][  T113]  end_report+0x6f/0x130
[  110.495984][  T113]  kasan_report+0x128/0x150
[  110.500543][  T113]  ? txEnd+0x32d/0x520
[  110.504760][  T113]  kasan_check_range+0x241/0x290
[  110.509747][  T113]  txEnd+0x32d/0x520
[  110.513709][  T113]  jfs_lazycommit+0x5a4/0xa70
[  110.518437][  T113]  ? txFreelock+0x5a0/0x5a0
[  110.522981][  T113]  ? do_task_dead+0xd0/0xd0
[  110.527532][  T113]  ? __kthread_parkme+0x7a/0x1c0
[  110.532511][  T113]  kthread+0x2fa/0x390
[  110.536674][  T113]  ? txFreelock+0x5a0/0x5a0
[  110.541326][  T113]  ? kthread_blkcg+0xd0/0xd0
[  110.545944][  T113]  ret_from_fork+0x48/0x80
[  110.550474][  T113]  ? kthread_blkcg+0xd0/0xd0
[  110.555087][  T113]  ret_from_fork_asm+0x11/0x20
[  110.559892][  T113]  </TASK>
[  110.563510][  T113] Kernel Offset: disabled
[  110.567842][  T113] Rebooting in 86400 seconds..