Warning: Permanently added '10.128.0.2' (ED25519) to the list of known hosts.
1970/01/01 00:01:06 ignoring optional flag "type"="gce"
1970/01/01 00:01:06 parsed 1 programs
[   67.507155][ T4393] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k SSFS
[   68.927643][  T358] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.928889][  T358] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.931426][  T449] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   68.936889][  T449] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.938115][  T449] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.939331][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   69.139230][ T4539] chnl_net:caif_netlink_parms(): no params data found
[   69.155959][ T4539] bridge0: port 1(bridge_slave_0) entered blocking state
[   69.157306][ T4539] bridge0: port 1(bridge_slave_0) entered disabled state
[   69.158903][ T4539] device bridge_slave_0 entered promiscuous mode
[   69.160896][ T4539] bridge0: port 2(bridge_slave_1) entered blocking state
[   69.162095][ T4539] bridge0: port 2(bridge_slave_1) entered disabled state
[   69.163575][ T4539] device bridge_slave_1 entered promiscuous mode
[   69.172031][ T4539] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   69.174491][ T4539] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   69.183698][ T4539] team0: Port device team_slave_0 added
[   69.186394][ T4539] team0: Port device team_slave_1 added
[   69.192826][ T4539] batman_adv: batadv0: Adding interface: batadv_slave_0
[   69.193884][ T4539] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   69.198025][ T4539] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   69.200302][ T4539] batman_adv: batadv0: Adding interface: batadv_slave_1
[   69.201368][ T4539] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   69.205421][ T4539] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   69.267721][ T4539] device hsr_slave_0 entered promiscuous mode
[   69.316729][ T4539] device hsr_slave_1 entered promiscuous mode
[   69.607639][ T2066] ieee802154 phy0 wpan0: encryption failed: -22
[   69.608208][    T7] cfg80211: failed to load regulatory.db
[   69.608783][ T2066] ieee802154 phy1 wpan1: encryption failed: -22
[   69.934772][ T4539] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   69.997197][ T4539] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   70.027910][ T4539] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   70.058775][ T4539] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   70.121453][ T4539] 8021q: adding VLAN 0 to HW filter on device bond0
[   70.125860][  T449] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   70.127482][  T449] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   70.139122][ T4539] 8021q: adding VLAN 0 to HW filter on device team0
[   70.141776][  T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   70.143301][  T358] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   70.144814][  T358] bridge0: port 1(bridge_slave_0) entered blocking state
[   70.146060][  T358] bridge0: port 1(bridge_slave_0) entered forwarding state
[   70.149046][  T358] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   70.152545][  T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   70.157797][  T358] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   70.159338][  T358] bridge0: port 2(bridge_slave_1) entered blocking state
[   70.160490][  T358] bridge0: port 2(bridge_slave_1) entered forwarding state
[   70.165775][  T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   70.168198][  T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   70.170239][  T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   70.172391][  T358] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   70.179257][ T4539] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   70.180934][ T4539] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   70.183764][  T358] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   70.185231][  T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   70.188490][  T358] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   70.190071][  T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   70.193934][  T358] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   70.195829][  T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   70.198094][  T358] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   70.201125][  T358] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   70.249243][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   70.250662][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   70.253296][ T4539] 8021q: adding VLAN 0 to HW filter on device batadv0
[   70.270718][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   70.272370][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   70.279055][  T449] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   70.280518][  T449] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   70.282121][  T449] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   70.283381][  T449] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   70.285815][ T4539] device veth0_vlan entered promiscuous mode
[   70.304792][ T4539] device veth1_vlan entered promiscuous mode
[   70.313299][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   70.314884][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   70.316459][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   70.318396][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   70.321749][ T4539] device veth0_macvtap entered promiscuous mode
[   70.324316][ T4539] device veth1_macvtap entered promiscuous mode
[   70.340113][ T4539] batman_adv: batadv0: Interface activated: batadv_slave_0
[   70.341310][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   70.343032][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   70.344581][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   70.347120][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   70.357058][ T4539] batman_adv: batadv0: Interface activated: batadv_slave_1
[   70.358269][  T449] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   70.359858][  T449] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   70.362314][ T4539] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   70.363688][ T4539] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   70.364954][ T4539] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   70.366303][ T4539] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   70.936332][ T1725] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
1970/01/01 00:01:11 executed programs: 0
[   71.144956][ T4742] chnl_net:caif_netlink_parms(): no params data found
[   71.164383][ T4742] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.165535][ T4742] bridge0: port 1(bridge_slave_0) entered disabled state
[   71.167646][ T4742] device bridge_slave_0 entered promiscuous mode
[   71.169713][ T4742] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.170907][ T4742] bridge0: port 2(bridge_slave_1) entered disabled state
[   71.172494][ T4742] device bridge_slave_1 entered promiscuous mode
[   71.180429][ T4742] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   71.182886][ T4742] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   71.193389][ T4742] team0: Port device team_slave_0 added
[   71.195254][ T4742] team0: Port device team_slave_1 added
[   71.203441][ T4742] batman_adv: batadv0: Adding interface: batadv_slave_0
[   71.204552][ T4742] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   71.209245][ T4742] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   71.211529][ T4742] batman_adv: batadv0: Adding interface: batadv_slave_1
[   71.212695][ T4742] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   71.217160][ T4742] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   71.267973][ T4742] device hsr_slave_0 entered promiscuous mode
[   71.306791][ T4742] device hsr_slave_1 entered promiscuous mode
[   71.326854][ T4742] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   71.328145][ T4742] Cannot create hsr debugfs directory
[   73.126539][ T4181] Bluetooth: hci1: command 0x0409 tx timeout
[   73.280310][ T1725] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   75.196520][ T1991] Bluetooth: hci1: command 0x041b tx timeout
[   75.929307][ T1725] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   75.970187][ T1725] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   76.901545][ T4742] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   76.938193][ T4742] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   76.997948][ T4742] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   77.018364][ T4742] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   77.088303][ T4742] 8021q: adding VLAN 0 to HW filter on device bond0
[   77.092320][  T449] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   77.093886][  T449] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   77.096829][ T4742] 8021q: adding VLAN 0 to HW filter on device team0
[   77.099325][  T449] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   77.100926][  T449] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   77.102493][  T449] bridge0: port 1(bridge_slave_0) entered blocking state
[   77.103612][  T449] bridge0: port 1(bridge_slave_0) entered forwarding state
[   77.105055][  T449] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   77.109137][  T449] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   77.110668][  T449] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   77.112107][  T449] bridge0: port 2(bridge_slave_1) entered blocking state
[   77.113205][  T449] bridge0: port 2(bridge_slave_1) entered forwarding state
[   77.115817][  T449] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   77.119215][  T449] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   77.122009][  T449] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   77.123816][  T449] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   77.125315][  T449] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   77.129214][  T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   77.130860][  T358] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   77.133551][  T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   77.134978][  T358] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   77.137798][  T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   77.139382][  T358] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   77.141673][ T4742] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   77.180703][  T358] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   77.182040][  T358] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   77.185142][ T4742] 8021q: adding VLAN 0 to HW filter on device batadv0
[   77.192169][  T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   77.193857][  T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   77.200238][  T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   77.201746][  T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   77.203201][  T358] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   77.204593][  T358] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   77.207553][ T4742] device veth0_vlan entered promiscuous mode
[   77.210910][ T4742] device veth1_vlan entered promiscuous mode
[   77.218078][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   77.219617][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   77.220961][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   77.222503][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   77.224770][ T4742] device veth0_macvtap entered promiscuous mode
[   77.227585][ T4742] device veth1_macvtap entered promiscuous mode
[   77.232245][ T4742] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   77.233927][ T4742] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   77.235987][ T4742] batman_adv: batadv0: Interface activated: batadv_slave_0
[   77.237750][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   77.239340][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   77.240796][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   77.242306][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   77.244506][ T4742] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   77.246025][ T4742] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   77.248918][ T4742] batman_adv: batadv0: Interface activated: batadv_slave_1
[   77.250061][  T358] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   77.251723][  T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   77.254174][ T4742] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   77.255567][ T4742] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   77.257494][ T4742] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   77.258974][ T4742] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   77.276597][ T4132] Bluetooth: hci1: command 0x040f tx timeout
[   77.279799][  T136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.281845][  T136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.285888][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   77.306358][  T136] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.307838][  T136] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.309352][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
1970/01/01 00:01:17 executed programs: 2
[   77.423058][ T4982] loop0: detected capacity change from 0 to 32768
[   77.478763][ T4982] ERROR: (device loop0): dbAlloc: the hint is outside the map
[   77.478763][ T4982] 
[   77.480960][ T4982] ERROR: (device loop0): remounting filesystem as read-only
[   77.482471][ T4982] BUG: Bad page state in process syz.0.15  pfn:109969
[   77.483739][ T4982] page:000000007a9ddcff refcount:0 mapcount:0 mapping:0000000000000000 index:0x2f pfn:0x109969
[   77.485492][ T4982] flags: 0x5ffc00000002006(referenced|uptodate|private|node=0|zone=2|lastcpupid=0x7ff)
[   77.487627][ T4982] raw: 05ffc00000002006 fffffc00032f71c8 ffff80001f227720 0000000000000000
[   77.489012][ T4982] raw: 000000000000002f ffff0000e66cbe88 00000000ffffffff 0000000000000000
[   77.490474][ T4982] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[   77.491718][ T4982] Modules linked in:
[   77.492388][ T4982] CPU: 1 PID: 4982 Comm: syz.0.15 Not tainted syzkaller #0
[   77.493486][ T4982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/26/2026
[   77.494997][ T4982] Call trace:
[   77.495474][ T4982]  dump_backtrace+0x0/0x458
[   77.496136][ T4982]  show_stack+0x2c/0x3c
[   77.496746][ T4982]  __dump_stack+0x30/0x40
[   77.497387][ T4982]  dump_stack_lvl+0xf4/0x15c
[   77.498096][ T4982]  dump_stack+0x1c/0x5c
[   77.498699][ T4982]  bad_page+0x188/0x1a8
[   77.499289][ T4982]  check_free_page_bad+0xf4/0x16c
[   77.500074][ T4982]  free_unref_page_prepare+0x738/0xa84
[   77.500990][ T4982]  free_unref_page_list+0xdc/0x730
[   77.501830][ T4982]  release_pages+0x13bc/0x16dc
[   77.502678][ T4982]  __pagevec_release+0x84/0xf8
[   77.503489][ T4982]  truncate_inode_pages_range+0x2c8/0xa04
[   77.504460][ T4982]  truncate_inode_pages+0x2c/0x3c
[   77.505329][ T4982]  jfs_remount+0x284/0x490
[   77.506038][ T4982]  legacy_reconfigure+0xf8/0x110
[   77.506878][ T4982]  reconfigure_super+0x1d4/0x6f4
[   77.507710][ T4982]  vfs_fsconfig_locked+0x164/0x374
[   77.508523][ T4982]  __arm64_sys_fsconfig+0x634/0x784
[   77.509349][ T4982]  invoke_syscall+0x98/0x2b0
[   77.510092][ T4982]  el0_svc_common+0x138/0x258
[   77.510842][ T4982]  do_el0_svc+0x58/0x13c
[   77.511485][ T4982]  el0_svc+0x78/0x1d0
[   77.512218][ T4982]  el0t_64_sync_handler+0xcc/0xe4
[   77.513131][ T4982]  el0t_64_sync+0x1a0/0x1a4
[   77.514263][ T4982] Disabling lock debugging due to kernel taint
[   77.515246][ T4982] BUG: Bad page state in process syz.0.15  pfn:10bdc7
[   77.516296][ T4982] page:0000000063c7aac0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x2e pfn:0x10bdc7
[   77.518248][ T4982] flags: 0x5ffc00000002006(referenced|uptodate|private|node=0|zone=2|lastcpupid=0x7ff)
[   77.519642][ T4982] raw: 05ffc00000002006 fffffc00032f7f08 ffff80001f227720 0000000000000000
[   77.521026][ T4982] raw: 000000000000002e ffff0000e66cbd90 00000000ffffffff 0000000000000000
[   77.522416][ T4982] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[   77.523656][ T4982] Modules linked in:
[   77.524237][ T4982] CPU: 1 PID: 4982 Comm: syz.0.15 Tainted: G    B             syzkaller #0
[   77.525722][ T4982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/26/2026
[   77.527371][ T4982] Call trace:
[   77.527914][ T4982]  dump_backtrace+0x0/0x458
[   77.528616][ T4982]  show_stack+0x2c/0x3c
[   77.529272][ T4982]  __dump_stack+0x30/0x40
[   77.529900][ T4982]  dump_stack_lvl+0xf4/0x15c
[   77.530590][ T4982]  dump_stack+0x1c/0x5c
[   77.531205][ T4982]  bad_page+0x188/0x1a8
[   77.531844][ T4982]  check_free_page_bad+0xf4/0x16c
[   77.532626][ T4982]  free_unref_page_prepare+0x738/0xa84
[   77.533603][ T4982]  free_unref_page_list+0xdc/0x730
[   77.534456][ T4982]  release_pages+0x13bc/0x16dc
[   77.535224][ T4982]  __pagevec_release+0x84/0xf8
[   77.536071][ T4982]  truncate_inode_pages_range+0x2c8/0xa04
[   77.537048][ T4982]  truncate_inode_pages+0x2c/0x3c
[   77.537880][ T4982]  jfs_remount+0x284/0x490
[   77.538552][ T4982]  legacy_reconfigure+0xf8/0x110
[   77.539326][ T4982]  reconfigure_super+0x1d4/0x6f4
[   77.540097][ T4982]  vfs_fsconfig_locked+0x164/0x374
[   77.540866][ T4982]  __arm64_sys_fsconfig+0x634/0x784
[   77.541691][ T4982]  invoke_syscall+0x98/0x2b0
[   77.542400][ T4982]  el0_svc_common+0x138/0x258
[   77.543135][ T4982]  do_el0_svc+0x58/0x13c
[   77.543863][ T4982]  el0_svc+0x78/0x1d0
[   77.544529][ T4982]  el0t_64_sync_handler+0xcc/0xe4
[   77.545285][ T4982]  el0t_64_sync+0x1a0/0x1a4
[   77.546156][ T4982] BUG: Bad page state in process syz.0.15  pfn:10bdfc
[   77.547233][ T4982] page:000000006f45f5f3 refcount:0 mapcount:0 mapping:0000000000000000 index:0x2d pfn:0x10bdfc
[   77.548833][ T4982] flags: 0x5ffc00000002006(referenced|uptodate|private|node=0|zone=2|lastcpupid=0x7ff)
[   77.550384][ T4982] raw: 05ffc00000002006 fffffc0003498648 ffff80001f227720 0000000000000000
[   77.551768][ T4982] raw: 000000000000002d ffff0000e66cbc98 00000000ffffffff 0000000000000000
[   77.553111][ T4982] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[   77.554266][ T4982] Modules linked in:
[   77.554898][ T4982] CPU: 1 PID: 4982 Comm: syz.0.15 Tainted: G    B             syzkaller #0
[   77.556294][ T4982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/26/2026
[   77.557885][ T4982] Call trace:
[   77.558375][ T4982]  dump_backtrace+0x0/0x458
[   77.559072][ T4982]  show_stack+0x2c/0x3c
[   77.559733][ T4982]  __dump_stack+0x30/0x40
[   77.560409][ T4982]  dump_stack_lvl+0xf4/0x15c
[   77.561098][ T4982]  dump_stack+0x1c/0x5c
[   77.561758][ T4982]  bad_page+0x188/0x1a8
[   77.562401][ T4982]  check_free_page_bad+0xf4/0x16c
[   77.563187][ T4982]  free_unref_page_prepare+0x738/0xa84
[   77.564087][ T4982]  free_unref_page_list+0xdc/0x730
[   77.564861][ T4982]  release_pages+0x13bc/0x16dc
[   77.565605][ T4982]  __pagevec_release+0x84/0xf8
[   77.566345][ T4982]  truncate_inode_pages_range+0x2c8/0xa04
[   77.567185][ T4982]  truncate_inode_pages+0x2c/0x3c
[   77.567966][ T4982]  jfs_remount+0x284/0x490
[   77.568661][ T4982]  legacy_reconfigure+0xf8/0x110
[   77.569413][ T4982]  reconfigure_super+0x1d4/0x6f4
[   77.570115][ T4982]  vfs_fsconfig_locked+0x164/0x374
[   77.570910][ T4982]  __arm64_sys_fsconfig+0x634/0x784
[   77.571726][ T4982]  invoke_syscall+0x98/0x2b0
[   77.572401][ T4982]  el0_svc_common+0x138/0x258
[   77.573087][ T4982]  do_el0_svc+0x58/0x13c
[   77.573729][ T4982]  el0_svc+0x78/0x1d0
[   77.574370][ T4982]  el0t_64_sync_handler+0xcc/0xe4
[   77.575120][ T4982]  el0t_64_sync+0x1a0/0x1a4
[   77.578576][  T136] read_mapping_page failed!
[   77.579287][  T136] ERROR: (device loop0): txAbort: 
[   77.579287][  T136] 
[   77.580421][  T136] ERROR: (device loop0): remounting filesystem as read-only
[   77.581529][  T136] jfs_write_inode: jfs_commit_inode failed!
[   77.582631][  T248] BUG: Bad page state in process jfsCommit  pfn:11269a
[   77.583737][  T248] page:000000003266eb01 refcount:0 mapcount:0 mapping:0000000000000000 index:0x2c pfn:0x11269a
[   77.585517][  T248] flags: 0x5ffc00000002005(locked|uptodate|private|node=0|zone=2|lastcpupid=0x7ff)
[   77.587209][  T248] raw: 05ffc00000002005 dead000000000100 dead000000000122 0000000000000000
[   77.588490][  T248] raw: 000000000000002c ffff0000e66cbba0 00000000ffffffff 0000000000000000
[   77.589935][  T248] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[   77.591125][  T248] Modules linked in:
[   77.591744][  T248] CPU: 0 PID: 248 Comm: jfsCommit Tainted: G    B             syzkaller #0
[   77.593113][  T248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/26/2026
[   77.594705][  T248] Call trace:
[   77.595161][  T248]  dump_backtrace+0x0/0x458
[   77.595825][  T248]  show_stack+0x2c/0x3c
[   77.596502][  T248]  __dump_stack+0x30/0x40
[   77.597243][  T248]  dump_stack_lvl+0xf4/0x15c
[   77.598010][  T248]  dump_stack+0x1c/0x5c
[   77.598732][  T248]  bad_page+0x188/0x1a8
[   77.599463][  T248]  check_free_page_bad+0xf4/0x16c
[   77.600234][  T248]  free_unref_page_prepare+0x738/0xa84
[   77.601113][  T248]  free_unref_page+0x78/0x1f8
[   77.601932][  T248]  __put_page+0xf8/0x130
[   77.602690][  T248]  _metapage_homeok+0x138/0x27c
[   77.603446][  T248]  txUnlock+0x220/0xb78
[   77.604192][  T248]  jfs_lazycommit+0x44c/0x9b0
[   77.604980][  T248]  kthread+0x374/0x454
[   77.605722][  T248]  ret_from_fork+0x10/0x20
[   77.606798][  T248] page:000000003266eb01 refcount:0 mapcount:0 mapping:0000000000000000 index:0x2c pfn:0x11269a
[   77.608474][  T248] flags: 0x5ffc00000002005(locked|uptodate|private|node=0|zone=2|lastcpupid=0x7ff)
[   77.609873][  T248] raw: 05ffc00000002005 dead000000000100 dead000000000122 0000000000000000
[   77.611099][  T248] raw: 000000000000002c ffff0000e66cbba0 00000000ffffffff 0000000000000000
[   77.612466][  T248] page dumped because: VM_BUG_ON_PAGE(((unsigned int) page_ref_count(page) + 127u <= 127u))
[   77.614023][  T248] ------------[ cut here ]------------
[   77.614876][  T248] kernel BUG at include/linux/mm.h:1224!
[   77.615736][  T248] Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
[   77.616918][  T248] Modules linked in:
[   77.617506][  T248] CPU: 0 PID: 248 Comm: jfsCommit Tainted: G    B             syzkaller #0
[   77.618834][  T248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/26/2026
[   77.620469][  T248] pstate: 62400005 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
[   77.621676][  T248] pc : put_metapage+0x280/0x2d4
[   77.622487][  T248] lr : put_metapage+0x280/0x2d4
[   77.623290][  T248] sp : ffff80001f067bc0
[   77.623898][  T248] x29: ffff80001f067bc0 x28: ffff80001b03ac78 x27: 1fffe0001ccd9779
[   77.625168][  T248] x26: 1fffe0001ccd9786 x25: dfff800000000000 x24: 000000000000007f
[   77.626488][  T248] x23: fffffc000349a6b4 x22: fffffc000349a680 x21: ffff0000e66cbbc8
[   77.627724][  T248] x20: ffff0000e66cbc30 x19: ffff0000e66cbba0 x18: 0000000000000001
[   77.629110][  T248] x17: 0000000000000000 x16: ffff80001125a830 x15: 00000000ffffffff
[   77.630479][  T248] x14: 0000000000000001 x13: 1fffe000341f05ab x12: 0000000000ff0100
[   77.631847][  T248] x11: 0000000000000000 x10: 0000000000000000 x9 : 84590fbe28dd2800
[   77.633169][  T248] x8 : 84590fbe28dd2800 x7 : 0000000000000000 x6 : 0000000000000001
[   77.634505][  T248] x5 : ffff80001f0671f8 x4 : 000000000000000c x3 : 0000000000000030
[   77.635806][  T248] x2 : 0000000000000008 x1 : 0000000000000000 x0 : ffff700003e0cf24
[   77.637054][  T248] Call trace:
[   77.637586][  T248]  put_metapage+0x280/0x2d4
[   77.638348][  T248]  txUnlock+0x398/0xb78
[   77.638967][  T248]  jfs_lazycommit+0x44c/0x9b0
[   77.639694][  T248]  kthread+0x374/0x454
[   77.640370][  T248]  ret_from_fork+0x10/0x20
[   77.641093][  T248] Code: 9003f981 912f8021 aa1603e0 97bd6f47 (d4210000) 
[   77.642171][  T248] ---[ end trace 7391fc3e464bd6a6 ]---
[   77.857186][  T248] Kernel panic - not syncing: Oops - BUG: Fatal exception
[   77.858237][  T248] SMP: stopping secondary CPUs
[   77.858952][  T248] Kernel Offset: disabled
[   77.859596][  T248] CPU features: 0x8,000003c1,7d33ffd9
[   77.860357][  T248] Memory Limit: none
[   78.073899][  T248] Rebooting in 86400 seconds..