Warning: Permanently added '10.128.0.184' (ED25519) to the list of known hosts.
1970/01/01 00:01:02 ignoring optional flag "type"="gce"
1970/01/01 00:01:02 parsed 1 programs
[   64.076805][ T4377] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k SSFS
[   66.431186][  T364] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.432481][  T364] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.437068][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   66.440341][  T136] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.441491][  T136] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.443153][  T364] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   66.685959][ T4515] chnl_net:caif_netlink_parms(): no params data found
[   66.704626][ T4515] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.705881][ T4515] bridge0: port 1(bridge_slave_0) entered disabled state
[   66.707342][ T4515] device bridge_slave_0 entered promiscuous mode
[   66.709519][ T4515] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.710590][ T4515] bridge0: port 2(bridge_slave_1) entered disabled state
[   66.712030][ T4515] device bridge_slave_1 entered promiscuous mode
[   66.719394][ T4515] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   66.721844][ T4515] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   66.730118][ T4515] team0: Port device team_slave_0 added
[   66.731883][ T4515] team0: Port device team_slave_1 added
[   66.738436][ T4515] batman_adv: batadv0: Adding interface: batadv_slave_0
[   66.739435][ T4515] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   66.743221][ T4515] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   66.745388][ T4515] batman_adv: batadv0: Adding interface: batadv_slave_1
[   66.746697][ T4515] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   66.750409][ T4515] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   66.826634][ T4515] device hsr_slave_0 entered promiscuous mode
[   66.865694][ T4515] device hsr_slave_1 entered promiscuous mode
[   67.511885][ T4515] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   67.567373][ T4515] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   67.617316][ T4515] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   67.656615][ T4515] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   67.722928][ T4515] 8021q: adding VLAN 0 to HW filter on device bond0
[   67.727514][  T364] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   67.728939][  T364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   67.731424][ T4515] 8021q: adding VLAN 0 to HW filter on device team0
[   67.733803][  T364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   67.736329][  T364] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   67.737913][  T364] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.738975][  T364] bridge0: port 1(bridge_slave_0) entered forwarding state
[   67.740376][  T364] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   67.759006][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   67.760587][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   67.761925][  T136] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.763133][  T136] bridge0: port 2(bridge_slave_1) entered forwarding state
[   67.764512][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   67.767481][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   67.769630][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   67.771721][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   67.773288][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   67.775921][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   67.780053][ T4515] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   67.781474][ T4515] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   67.788389][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   67.790020][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   67.791618][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   67.793120][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   67.794548][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   67.803367][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   67.844578][ T4515] 8021q: adding VLAN 0 to HW filter on device batadv0
[   67.846684][  T364] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   67.847968][  T364] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   67.854266][  T364] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   67.856323][  T364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   67.863364][ T1608] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   67.864817][ T1608] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   67.866955][ T1608] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   67.868372][ T1608] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   67.870919][ T4515] device veth0_vlan entered promiscuous mode
[   67.874278][ T4515] device veth1_vlan entered promiscuous mode
[   67.883737][ T1608] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   67.885107][ T1608] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   67.888082][ T1608] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   67.889599][ T1608] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   67.892681][ T4515] device veth0_macvtap entered promiscuous mode
[   67.894936][ T4515] device veth1_macvtap entered promiscuous mode
[   67.901947][ T4515] batman_adv: batadv0: Interface activated: batadv_slave_0
[   67.903188][ T1608] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   67.904660][ T1608] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   67.906471][ T1608] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   67.908038][ T1608] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   67.911439][ T4515] batman_adv: batadv0: Interface activated: batadv_slave_1
[   67.913350][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   67.914843][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   67.918983][ T4515] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   67.920305][ T4515] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   67.921612][ T4515] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   67.922908][ T4515] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
1970/01/01 00:01:08 executed programs: 0
[   68.192958][ T4667] chnl_net:caif_netlink_parms(): no params data found
[   68.210521][ T4667] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.212948][ T4667] bridge0: port 1(bridge_slave_0) entered disabled state
[   68.214473][ T4667] device bridge_slave_0 entered promiscuous mode
[   68.217717][ T4667] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.218896][ T4667] bridge0: port 2(bridge_slave_1) entered disabled state
[   68.220411][ T4667] device bridge_slave_1 entered promiscuous mode
[   68.228779][ T4667] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   68.231249][ T4667] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   68.239795][ T4667] team0: Port device team_slave_0 added
[   68.241493][ T4667] team0: Port device team_slave_1 added
[   68.248768][ T4667] batman_adv: batadv0: Adding interface: batadv_slave_0
[   68.249794][ T4667] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   68.253733][ T4667] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   68.256806][ T4667] batman_adv: batadv0: Adding interface: batadv_slave_1
[   68.257846][ T4667] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   68.261739][ T4667] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   68.306785][ T4667] device hsr_slave_0 entered promiscuous mode
[   68.335994][ T4667] device hsr_slave_1 entered promiscuous mode
[   68.395802][ T4667] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   68.397019][ T4667] Cannot create hsr debugfs directory
[   68.441927][ T4667] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   69.626829][ T1969] cfg80211: failed to load regulatory.db
[   69.635794][ T2064] ieee802154 phy0 wpan0: encryption failed: -22
[   69.636837][ T2064] ieee802154 phy1 wpan1: encryption failed: -22
[   70.185853][   T13] Bluetooth: hci0: command 0x0409 tx timeout
[   70.928692][ T4667] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   72.265459][   T13] Bluetooth: hci0: command 0x041b tx timeout
[   73.298390][ T4667] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   73.349292][ T4667] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   73.482361][ T4667] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   73.536917][ T4667] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   73.598227][ T4667] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   73.646631][ T4667] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   73.726699][ T4667] 8021q: adding VLAN 0 to HW filter on device bond0
[   73.730257][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   73.731717][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   73.734133][ T4667] 8021q: adding VLAN 0 to HW filter on device team0
[   73.737499][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   73.739136][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   73.740556][  T136] bridge0: port 1(bridge_slave_0) entered blocking state
[   73.741637][  T136] bridge0: port 1(bridge_slave_0) entered forwarding state
[   73.742929][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   73.745870][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   73.747344][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   73.748789][  T136] bridge0: port 2(bridge_slave_1) entered blocking state
[   73.749902][  T136] bridge0: port 2(bridge_slave_1) entered forwarding state
[   73.753442][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   73.757224][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   73.759867][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   73.761674][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   73.763247][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   73.765838][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   73.767478][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   73.770411][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   73.771898][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   73.774323][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   73.777084][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   73.779509][ T4667] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   73.817063][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   73.818328][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   73.820956][ T4667] 8021q: adding VLAN 0 to HW filter on device batadv0
[   73.831738][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   73.833254][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   73.838873][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   73.840347][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   73.841863][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   73.843127][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   73.846269][ T4667] device veth0_vlan entered promiscuous mode
[   73.849533][ T4667] device veth1_vlan entered promiscuous mode
[   73.856609][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   73.858042][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   73.860051][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   73.861535][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   73.863755][ T4667] device veth0_macvtap entered promiscuous mode
[   73.866417][ T4667] device veth1_macvtap entered promiscuous mode
[   73.870865][ T4667] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   73.872497][ T4667] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   73.874840][ T4667] batman_adv: batadv0: Interface activated: batadv_slave_0
[   73.876675][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   73.878236][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   73.879639][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   73.881155][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   73.883424][ T4667] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   73.884992][ T4667] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   73.887384][ T4667] batman_adv: batadv0: Interface activated: batadv_slave_1
[   73.888522][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   73.890066][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   73.892402][ T4667] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   73.893673][ T4667] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   73.894942][ T4667] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   73.896359][ T4667] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   73.915480][  T136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.916676][  T136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.918152][ T1608] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   73.927055][  T136] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.928255][  T136] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.929871][ T1608] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
1970/01/01 00:01:13 executed programs: 2
[   74.044665][ T4906] loop0: detected capacity change from 0 to 32768
[   74.067127][ T4906] ERROR: (device loop0): dbAlloc: the hint is outside the map
[   74.067127][ T4906] 
[   74.069149][ T4906] ERROR: (device loop0): remounting filesystem as read-only
[   74.070669][ T4906] BUG: Bad page state in process syz.0.15  pfn:117bfb
[   74.071681][ T4906] page:0000000071771ab1 refcount:0 mapcount:0 mapping:0000000000000000 index:0x2f pfn:0x117bfb
[   74.073129][ T4906] flags: 0x5ffc00000002006(referenced|uptodate|private|node=0|zone=2|lastcpupid=0x7ff)
[   74.074435][ T4906] raw: 05ffc00000002006 fffffc0003a87108 ffff80001fa27720 0000000000000000
[   74.076528][ T4906] raw: 000000000000002f ffff0000d7e684d8 00000000ffffffff 0000000000000000
[   74.077720][ T4906] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[   74.078779][ T4906] Modules linked in:
[   74.079452][ T4906] CPU: 0 PID: 4906 Comm: syz.0.15 Not tainted syzkaller #0
[   74.080593][ T4906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
[   74.082226][ T4906] Call trace:
[   74.082735][ T4906]  dump_backtrace+0x0/0x43c
[   74.083444][ T4906]  show_stack+0x2c/0x3c
[   74.084021][ T4906]  __dump_stack+0x30/0x40
[   74.084637][ T4906]  dump_stack_lvl+0xf8/0x160
[   74.085360][ T4906]  dump_stack+0x1c/0x5c
[   74.085957][ T4906]  bad_page+0x188/0x1a8
[   74.086580][ T4906]  check_free_page_bad+0xf4/0x16c
[   74.087326][ T4906]  free_unref_page_prepare+0x744/0xaa0
[   74.088204][ T4906]  free_unref_page_list+0xdc/0x754
[   74.088994][ T4906]  release_pages+0x13c8/0x16e0
[   74.089680][ T4906]  __pagevec_release+0x84/0xf8
[   74.090396][ T4906]  truncate_inode_pages_range+0x29c/0x9b8
[   74.091287][ T4906]  truncate_inode_pages+0x2c/0x3c
[   74.091993][ T4906]  jfs_remount+0x280/0x484
[   74.092605][ T4906]  legacy_reconfigure+0xf8/0x110
[   74.093316][ T4906]  reconfigure_super+0x1d4/0x6f4
[   74.093947][ T4906]  vfs_fsconfig_locked+0x164/0x374
[   74.094735][ T4906]  __arm64_sys_fsconfig+0x634/0x77c
[   74.095457][ T4906]  invoke_syscall+0x98/0x2b8
[   74.096140][ T4906]  el0_svc_common+0x138/0x258
[   74.096799][ T4906]  do_el0_svc+0x58/0x14c
[   74.097400][ T4906]  el0_svc+0x78/0x1e0
[   74.097961][ T4906]  el0t_64_sync_handler+0xcc/0xe4
[   74.098644][ T4906]  el0t_64_sync+0x1a0/0x1a4
[   74.100630][ T4906] Disabling lock debugging due to kernel taint
[   74.101609][ T4906] BUG: Bad page state in process syz.0.15  pfn:12a1c4
[   74.102560][ T4906] page:000000006c2500b2 refcount:0 mapcount:0 mapping:0000000000000000 index:0x2e pfn:0x12a1c4
[   74.104020][ T4906] flags: 0x5ffc00000002006(referenced|uptodate|private|node=0|zone=2|lastcpupid=0x7ff)
[   74.105988][ T4906] raw: 05ffc00000002006 fffffc0003255388 ffff80001fa27720 0000000000000000
[   74.107385][ T4906] raw: 000000000000002e ffff0000d7e683e0 00000000ffffffff 0000000000000000
[   74.108799][ T4906] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[   74.109913][ T4906] Modules linked in:
[   74.110554][ T4906] CPU: 0 PID: 4906 Comm: syz.0.15 Tainted: G    B             syzkaller #0
[   74.111899][ T4906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
[   74.113462][ T4906] Call trace:
[   74.113958][ T4906]  dump_backtrace+0x0/0x43c
[   74.114618][ T4906]  show_stack+0x2c/0x3c
[   74.115201][ T4906]  __dump_stack+0x30/0x40
[   74.115867][ T4906]  dump_stack_lvl+0xf8/0x160
[   74.116536][ T4906]  dump_stack+0x1c/0x5c
[   74.117181][ T4906]  bad_page+0x188/0x1a8
[   74.117808][ T4906]  check_free_page_bad+0xf4/0x16c
[   74.118561][ T4906]  free_unref_page_prepare+0x744/0xaa0
[   74.119362][ T4906]  free_unref_page_list+0xdc/0x754
[   74.120168][ T4906]  release_pages+0x13c8/0x16e0
[   74.120869][ T4906]  __pagevec_release+0x84/0xf8
[   74.121584][ T4906]  truncate_inode_pages_range+0x29c/0x9b8
[   74.122415][ T4906]  truncate_inode_pages+0x2c/0x3c
[   74.123134][ T4906]  jfs_remount+0x280/0x484
[   74.123785][ T4906]  legacy_reconfigure+0xf8/0x110
[   74.124488][ T4906]  reconfigure_super+0x1d4/0x6f4
[   74.125201][ T4906]  vfs_fsconfig_locked+0x164/0x374
[   74.125951][ T4906]  __arm64_sys_fsconfig+0x634/0x77c
[   74.126692][ T4906]  invoke_syscall+0x98/0x2b8
[   74.127373][ T4906]  el0_svc_common+0x138/0x258
[   74.128000][ T4906]  do_el0_svc+0x58/0x14c
[   74.128666][ T4906]  el0_svc+0x78/0x1e0
[   74.129255][ T4906]  el0t_64_sync_handler+0xcc/0xe4
[   74.130003][ T4906]  el0t_64_sync+0x1a0/0x1a4
[   74.130842][ T4906] BUG: Bad page state in process syz.0.15  pfn:10954e
[   74.131896][ T4906] page:000000007cb8afe8 refcount:0 mapcount:0 mapping:0000000000000000 index:0x2d pfn:0x10954e
[   74.133447][ T4906] flags: 0x5ffc00000002006(referenced|uptodate|private|node=0|zone=2|lastcpupid=0x7ff)
[   74.134838][ T4906] raw: 05ffc00000002006 fffffc0003323508 ffff80001fa27720 0000000000000000
[   74.136441][ T4906] raw: 000000000000002d ffff0000d7e682e8 00000000ffffffff 0000000000000000
[   74.137712][ T4906] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[   74.138912][ T4906] Modules linked in:
[   74.139566][ T4906] CPU: 0 PID: 4906 Comm: syz.0.15 Tainted: G    B             syzkaller #0
[   74.140761][ T4906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
[   74.142331][ T4906] Call trace:
[   74.142828][ T4906]  dump_backtrace+0x0/0x43c
[   74.143492][ T4906]  show_stack+0x2c/0x3c
[   74.144115][ T4906]  __dump_stack+0x30/0x40
[   74.144698][ T4906]  dump_stack_lvl+0xf8/0x160
[   74.145367][ T4906]  dump_stack+0x1c/0x5c
[   74.146001][ T4906]  bad_page+0x188/0x1a8
[   74.146645][ T4906]  check_free_page_bad+0xf4/0x16c
[   74.147378][ T4906]  free_unref_page_prepare+0x744/0xaa0
[   74.148205][ T4906]  free_unref_page_list+0xdc/0x754
[   74.148967][ T4906]  release_pages+0x13c8/0x16e0
[   74.149658][ T4906]  __pagevec_release+0x84/0xf8
[   74.150357][ T4906]  truncate_inode_pages_range+0x29c/0x9b8
[   74.151160][ T4906]  truncate_inode_pages+0x2c/0x3c
[   74.151871][ T4906]  jfs_remount+0x280/0x484
[   74.152568][ T4906]  legacy_reconfigure+0xf8/0x110
[   74.153227][ T4906]  reconfigure_super+0x1d4/0x6f4
[   74.153960][ T4906]  vfs_fsconfig_locked+0x164/0x374
[   74.154697][ T4906]  __arm64_sys_fsconfig+0x634/0x77c
[   74.155476][ T4906]  invoke_syscall+0x98/0x2b8
[   74.156163][ T4906]  el0_svc_common+0x138/0x258
[   74.156858][ T4906]  do_el0_svc+0x58/0x14c
[   74.157520][ T4906]  el0_svc+0x78/0x1e0
[   74.158121][ T4906]  el0t_64_sync_handler+0xcc/0xe4
[   74.158846][ T4906]  el0t_64_sync+0x1a0/0x1a4
[   74.162385][  T136] read_mapping_page failed!
[   74.163040][  T136] ERROR: (device loop0): txAbort: 
[   74.163040][  T136] 
[   74.164336][  T136] ERROR: (device loop0): remounting filesystem as read-only
[   74.165397][  T136] jfs_write_inode: jfs_commit_inode failed!
[   74.166562][  T248] BUG: Bad page state in process jfsCommit  pfn:118464
[   74.167560][  T248] page:00000000e88d2b2d refcount:0 mapcount:0 mapping:0000000000000000 index:0x2c pfn:0x118464
[   74.169112][  T248] flags: 0x5ffc00000002005(locked|uptodate|private|node=0|zone=2|lastcpupid=0x7ff)
[   74.170477][  T248] raw: 05ffc00000002005 dead000000000100 dead000000000122 0000000000000000
[   74.171782][  T248] raw: 000000000000002c ffff0000d7e681f0 00000000ffffffff 0000000000000000
[   74.173056][  T248] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[   74.174085][  T248] Modules linked in:
[   74.174646][  T248] CPU: 1 PID: 248 Comm: jfsCommit Tainted: G    B             syzkaller #0
[   74.175811][  T248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
[   74.177185][  T248] Call trace:
[   74.177593][  T248]  dump_backtrace+0x0/0x43c
[   74.178222][  T248]  show_stack+0x2c/0x3c
[   74.178789][  T248]  __dump_stack+0x30/0x40
[   74.179397][  T248]  dump_stack_lvl+0xf8/0x160
[   74.180048][  T248]  dump_stack+0x1c/0x5c
[   74.180620][  T248]  bad_page+0x188/0x1a8
[   74.181216][  T248]  check_free_page_bad+0xf4/0x16c
[   74.181942][  T248]  free_unref_page_prepare+0x744/0xaa0
[   74.182739][  T248]  free_unref_page+0x78/0x1fc
[   74.183405][  T248]  __put_page+0xf8/0x134
[   74.184050][  T248]  _metapage_homeok+0x138/0x288
[   74.184758][  T248]  txUnlock+0x220/0xb78
[   74.185379][  T248]  jfs_lazycommit+0x470/0x9bc
[   74.186058][  T248]  kthread+0x374/0x454
[   74.186639][  T248]  ret_from_fork+0x10/0x20
[   74.187655][  T248] page:00000000e88d2b2d refcount:0 mapcount:0 mapping:0000000000000000 index:0x2c pfn:0x118464
[   74.189200][  T248] flags: 0x5ffc00000002005(locked|uptodate|private|node=0|zone=2|lastcpupid=0x7ff)
[   74.190563][  T248] raw: 05ffc00000002005 dead000000000100 dead000000000122 0000000000000000
[   74.191733][  T248] raw: 000000000000002c ffff0000d7e681f0 00000000ffffffff 0000000000000000
[   74.192869][  T248] page dumped because: VM_BUG_ON_PAGE(((unsigned int) page_ref_count(page) + 127u <= 127u))
[   74.194388][  T248] ------------[ cut here ]------------
[   74.195138][  T248] kernel BUG at include/linux/mm.h:1224!
[   74.195935][  T248] Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
[   74.196981][  T248] Modules linked in:
[   74.197533][  T248] CPU: 1 PID: 248 Comm: jfsCommit Tainted: G    B             syzkaller #0
[   74.198770][  T248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
[   74.200258][  T248] pstate: 62400005 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
[   74.201383][  T248] pc : put_metapage+0x280/0x2e4
[   74.202058][  T248] lr : put_metapage+0x280/0x2e4
[   74.202792][  T248] sp : ffff80001ef97bc0
[   74.203427][  T248] x29: ffff80001ef97bc0 x28: ffff80001af2ec98 x27: 1fffe0001afcd043
[   74.204822][  T248] x26: 1fffe0001afcd050 x25: dfff800000000000 x24: 000000000000007f
[   74.206022][  T248] x23: fffffc0003611934 x22: fffffc0003611900 x21: ffff0000d7e68218
[   74.207265][  T248] x20: ffff0000d7e68280 x19: ffff0000d7e681f0 x18: 0000000000000001
[   74.208419][  T248] x17: 0000000000000000 x16: ffff8000111cd488 x15: 00000000ffffffff
[   74.209676][  T248] x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100
[   74.210845][  T248] x11: 0000000000000000 x10: 0000000000000000 x9 : c47d1ee06f4c0400
[   74.212021][  T248] x8 : c47d1ee06f4c0400 x7 : 0000000000000001 x6 : 0000000000000001
[   74.213280][  T248] x5 : ffff80001ef971d8 x4 : ffff80001426f520 x3 : ffff800008504400
[   74.214419][  T248] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000059
[   74.215584][  T248] Call trace:
[   74.216104][  T248]  put_metapage+0x280/0x2e4
[   74.216744][  T248]  txUnlock+0x398/0xb78
[   74.217310][  T248]  jfs_lazycommit+0x470/0x9bc
[   74.217985][  T248]  kthread+0x374/0x454
[   74.218567][  T248]  ret_from_fork+0x10/0x20
[   74.219280][  T248] Code: 9003f5c1 911c8021 aa1603e0 97bdbf0b (d4210000) 
[   74.220358][  T248] ---[ end trace 5a17295f9d902a84 ]---
[   74.345717][ T4893] Bluetooth: hci0: command 0x040f tx timeout
[   74.420613][  T248] Kernel panic - not syncing: Oops - BUG: Fatal exception
[   74.421614][  T248] SMP: stopping secondary CPUs
[   74.422355][  T248] Kernel Offset: disabled
[   74.422995][  T248] CPU features: 0x8,000003c1,7d33ffd9
[   74.423786][  T248] Memory Limit: none
[   74.620381][  T248] Rebooting in 86400 seconds..