Warning: Permanently added '10.128.1.7' (ED25519) to the list of known hosts. 1970/01/01 00:01:00 parsed 1 programs Setting up swapspace version 1, size = 127995904 bytes [ 61.675653][ T6868] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS [ 64.488302][ T2453] ieee802154 phy0 wpan0: encryption failed: -22 [ 64.488355][ T2453] ieee802154 phy1 wpan1: encryption failed: -22 [ 64.490871][ T3979] cfg80211: failed to load regulatory.db [ 68.101727][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.101754][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.112996][ T15] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.113022][ T15] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.369829][ T6926] chnl_net:caif_netlink_parms(): no params data found [ 68.388179][ T6926] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.388258][ T6926] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.388316][ T6926] bridge_slave_0: entered allmulticast mode [ 68.388735][ T6926] bridge_slave_0: entered promiscuous mode [ 68.389450][ T6926] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.389492][ T6926] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.389530][ T6926] bridge_slave_1: entered allmulticast mode [ 68.389925][ T6926] bridge_slave_1: entered promiscuous mode [ 68.398847][ T6926] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.399682][ T6926] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 68.406448][ T6926] team0: Port device team_slave_0 added [ 68.407120][ T6926] team0: Port device team_slave_1 added [ 68.418090][ T6926] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 68.418112][ T6926] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 68.418132][ T6926] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 68.418611][ T6926] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 68.418622][ T6926] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 68.418634][ T6926] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 68.435176][ T6926] hsr_slave_0: entered promiscuous mode [ 68.436789][ T6926] hsr_slave_1: entered promiscuous mode [ 68.843213][ T6926] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 68.845505][ T6926] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 68.848604][ T6926] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 68.850209][ T6926] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 68.882588][ T6926] 8021q: adding VLAN 0 to HW filter on device bond0 [ 68.889297][ T6926] 8021q: adding VLAN 0 to HW filter on device team0 [ 68.900471][ T15] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.900515][ T15] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.900982][ T15] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.901012][ T15] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.950432][ T6926] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 68.962863][ T6926] veth0_vlan: entered promiscuous mode [ 68.965368][ T6926] veth1_vlan: entered promiscuous mode [ 68.981128][ T6926] veth0_macvtap: entered promiscuous mode [ 68.983514][ T6926] veth1_macvtap: entered promiscuous mode [ 68.988087][ T6926] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 68.992407][ T6926] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 68.999680][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.999731][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.999759][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.999772][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.192940][ T2188] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 69.270340][ T2188] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 69.301777][ T6145] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 69.303362][ T6145] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 69.304774][ T6145] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 69.307133][ T6145] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 69.310005][ T6145] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 69.332968][ T2188] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 69.401030][ T2188] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 1970/01/01 00:01:09 executed programs: 0 [ 69.707625][ T53] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 69.710110][ T53] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 69.711571][ T53] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 69.713706][ T53] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 69.715468][ T53] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 69.789965][ T7107] chnl_net:caif_netlink_parms(): no params data found [ 69.825067][ T7107] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.825108][ T7107] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.825159][ T7107] bridge_slave_0: entered allmulticast mode [ 69.825579][ T7107] bridge_slave_0: entered promiscuous mode [ 69.826325][ T7107] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.826340][ T7107] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.826385][ T7107] bridge_slave_1: entered allmulticast mode [ 69.826796][ T7107] bridge_slave_1: entered promiscuous mode [ 69.837076][ T7107] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.839343][ T7107] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.860500][ T7107] team0: Port device team_slave_0 added [ 69.861192][ T7107] team0: Port device team_slave_1 added [ 69.878866][ T7107] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.878893][ T7107] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 69.878916][ T7107] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.879420][ T7107] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.879426][ T7107] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 69.879438][ T7107] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.892942][ T7107] hsr_slave_0: entered promiscuous mode [ 69.893230][ T7107] hsr_slave_1: entered promiscuous mode [ 69.893407][ T7107] debugfs: 'hsr0' already exists in 'hsr' [ 69.893416][ T7107] Cannot create hsr debugfs directory [ 71.777255][ T53] Bluetooth: hci0: command tx timeout [ 72.509073][ T2188] bridge_slave_1: left allmulticast mode [ 72.509109][ T2188] bridge_slave_1: left promiscuous mode [ 72.509195][ T2188] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.512637][ T2188] bridge_slave_0: left allmulticast mode [ 72.512670][ T2188] bridge_slave_0: left promiscuous mode [ 72.512738][ T2188] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.631894][ T2188] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 72.678847][ T2188] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 72.728611][ T2188] bond0 (unregistering): Released all slaves [ 72.806317][ T2188] hsr_slave_0: left promiscuous mode [ 72.807402][ T2188] hsr_slave_1: left promiscuous mode [ 72.807661][ T2188] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 72.807672][ T2188] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 72.808552][ T2188] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 72.808561][ T2188] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 72.814179][ T2188] veth1_macvtap: left promiscuous mode [ 72.815157][ T2188] veth0_macvtap: left promiscuous mode [ 72.816021][ T2188] veth1_vlan: left promiscuous mode [ 72.816066][ T2188] veth0_vlan: left promiscuous mode [ 72.935695][ T2188] team0 (unregistering): Port device team_slave_1 removed [ 72.947777][ T2188] team0 (unregistering): Port device team_slave_0 removed [ 73.214174][ T7107] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 73.216642][ T7107] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 73.224202][ T7107] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 73.226505][ T7107] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 73.251019][ T7107] 8021q: adding VLAN 0 to HW filter on device bond0 [ 73.273872][ T7107] 8021q: adding VLAN 0 to HW filter on device team0 [ 73.281900][ T41] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.281939][ T41] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.283322][ T15] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.283338][ T15] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.296266][ T7107] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 73.296307][ T7107] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 73.393600][ T7107] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 73.403928][ T7107] veth0_vlan: entered promiscuous mode [ 73.405461][ T7107] veth1_vlan: entered promiscuous mode [ 73.411491][ T7107] veth0_macvtap: entered promiscuous mode [ 73.412848][ T7107] veth1_macvtap: entered promiscuous mode [ 73.416126][ T7107] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.416997][ T7107] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.419024][ T15] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.420702][ T15] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.422174][ T15] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.424339][ T15] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.452205][ T15] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.452237][ T15] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.462820][ T41] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.462845][ T41] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.566669][ T7203] loop0: detected capacity change from 0 to 32768 [ 73.579034][ T7203] UFO tlock:0x00000000554b764d [ 73.672955][ T7205] loop0: detected capacity change from 0 to 32768 [ 73.681668][ T7205] UFO tlock:0x000000002a59ca2e [ 73.857363][ T53] Bluetooth: hci0: command tx timeout [ 74.054329][ T7207] loop0: detected capacity change from 0 to 32768 [ 74.064395][ T7207] UFO tlock:0x00000000f5768d50 [ 74.168587][ T7209] loop0: detected capacity change from 0 to 32768 [ 74.182478][ T7209] UFO tlock:0x00000000da898e7c [ 74.275406][ T7211] loop0: detected capacity change from 0 to 32768 [ 74.286538][ T7211] UFO tlock:0x00000000e9c43d7a [ 74.374819][ T7213] loop0: detected capacity change from 0 to 32768 [ 74.381558][ T7213] UFO tlock:0x00000000ae8098a5 [ 74.467083][ T7215] loop0: detected capacity change from 0 to 32768 [ 74.478266][ T7215] UFO tlock:0x000000005ef86238 [ 74.565421][ T7217] loop0: detected capacity change from 0 to 32768 [ 74.573419][ T7217] UFO tlock:0x00000000da898e7c [ 74.932957][ T7219] loop0: detected capacity change from 0 to 32768 [ 74.938936][ T7219] UFO tlock:0x00000000464d62c0 1970/01/01 00:01:14 executed programs: 11 [ 75.032666][ T7221] loop0: detected capacity change from 0 to 32768 [ 75.042701][ T7221] UFO tlock:0x00000000a871ed3f [ 75.131639][ T7223] loop0: detected capacity change from 0 to 32768 [ 75.139596][ T7223] UFO tlock:0x00000000d228304f [ 75.233841][ T7225] loop0: detected capacity change from 0 to 32768 [ 75.243274][ T7225] UFO tlock:0x000000009d9d6e37 [ 75.335688][ T7227] loop0: detected capacity change from 0 to 32768 [ 75.343043][ T7227] UFO tlock:0x000000005ef86238 [ 75.428891][ T7229] loop0: detected capacity change from 0 to 32768 [ 75.439224][ T7229] UFO tlock:0x00000000554b764d [ 75.531046][ T7231] loop0: detected capacity change from 0 to 32768 [ 75.548447][ T7231] UFO tlock:0x00000000c5d1a381 [ 75.649165][ T7233] loop0: detected capacity change from 0 to 32768 [ 75.655279][ T7233] UFO tlock:0x000000009d9d6e37 [ 75.740702][ T7235] loop0: detected capacity change from 0 to 32768 [ 75.746510][ T7235] UFO tlock:0x00000000c5d1a381 [ 75.927244][ T53] Bluetooth: hci0: command tx timeout [ 76.364236][ T7237] loop0: detected capacity change from 0 to 32768 [ 76.387008][ T7237] UFO tlock:0x000000009d9d6e37 [ 76.472010][ T7239] loop0: detected capacity change from 0 to 32768 [ 76.477743][ T7239] UFO tlock:0x00000000f465a578 [ 76.559091][ T7241] loop0: detected capacity change from 0 to 32768 [ 76.564195][ T7241] UFO tlock:0x000000009bba834d [ 76.646941][ T7243] loop0: detected capacity change from 0 to 32768 [ 76.658043][ T7243] UFO tlock:0x00000000c5d1a381 [ 76.739275][ T7245] loop0: detected capacity change from 0 to 32768 [ 76.744636][ T7245] UFO tlock:0x000000009bba834d [ 76.828414][ T7247] loop0: detected capacity change from 0 to 32768 [ 76.836477][ T7247] UFO tlock:0x00000000e9c43d7a [ 77.194326][ T7249] loop0: detected capacity change from 0 to 32768 [ 77.207638][ T7249] UFO tlock:0x0000000073291f38 [ 77.297086][ T7251] loop0: detected capacity change from 0 to 32768 [ 77.306700][ T7251] UFO tlock:0x000000002a59ca2e [ 77.392689][ T7253] loop0: detected capacity change from 0 to 32768 [ 77.396267][ T7253] UFO tlock:0x00000000464d62c0 [ 77.487700][ T7255] loop0: detected capacity change from 0 to 32768 [ 77.499674][ T7255] UFO tlock:0x00000000f5768d50 [ 77.585371][ T7257] loop0: detected capacity change from 0 to 32768 [ 77.591656][ T7257] UFO tlock:0x00000000da898e7c [ 77.673764][ T7259] loop0: detected capacity change from 0 to 32768 [ 77.683406][ T7259] UFO tlock:0x00000000a871ed3f [ 78.007535][ T53] Bluetooth: hci0: command tx timeout [ 78.045194][ T7261] loop0: detected capacity change from 0 to 32768 [ 78.054556][ T7261] UFO tlock:0x00000000554b764d [ 78.138276][ T7263] loop0: detected capacity change from 0 to 32768 [ 78.141827][ T7263] UFO tlock:0x000000005ef86238 [ 78.235324][ T7265] loop0: detected capacity change from 0 to 32768 [ 78.241698][ T7265] UFO tlock:0x000000009d9d6e37 [ 78.592353][ T7267] loop0: detected capacity change from 0 to 32768 [ 78.605016][ T7267] UFO tlock:0x00000000f465a578 [ 78.698305][ T7269] loop0: detected capacity change from 0 to 32768 [ 78.711718][ T7269] UFO tlock:0x000000009bba834d [ 78.800050][ T7271] loop0: detected capacity change from 0 to 32768 [ 78.815728][ T7271] UFO tlock:0x00000000e9c43d7a [ 79.172179][ T7273] loop0: detected capacity change from 0 to 32768 [ 79.181805][ T7273] UFO tlock:0x0000000073291f38 [ 79.275700][ T7275] loop0: detected capacity change from 0 to 32768 [ 79.285152][ T7275] UFO tlock:0x000000002a59ca2e [ 79.370371][ T7277] loop0: detected capacity change from 0 to 32768 [ 79.377385][ T7277] UFO tlock:0x00000000464d62c0 [ 79.458936][ T7279] loop0: detected capacity change from 0 to 32768 [ 79.467614][ T7279] UFO tlock:0x00000000c5d1a381 [ 79.554073][ T7281] loop0: detected capacity change from 0 to 32768 [ 79.563114][ T7281] UFO tlock:0x00000000da898e7c [ 79.574580][ T99] ================================================================== [ 79.574593][ T99] BUG: KASAN: slab-use-after-free in release_metapage+0x678/0xa34 [ 79.574615][ T99] Read of size 8 at addr ffff0000cf7dddb8 by task jfsCommit/99 [ 79.574624][ T99] [ 79.574629][ T99] CPU: 0 UID: 0 PID: 99 Comm: jfsCommit Not tainted syzkaller #0 PREEMPT [ 79.574636][ T99] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 79.574640][ T99] Call trace: [ 79.574642][ T99] show_stack+0x2c/0x3c (C) [ 79.574652][ T99] __dump_stack+0x30/0x40 [ 79.574658][ T99] dump_stack_lvl+0xd8/0x12c [ 79.574662][ T99] print_address_description+0xa8/0x238 [ 79.574670][ T99] print_report+0x68/0x84 [ 79.574676][ T99] kasan_report+0xb0/0x110 [ 79.574681][ T99] __asan_report_load8_noabort+0x20/0x2c [ 79.574687][ T99] release_metapage+0x678/0xa34 [ 79.574693][ T99] put_metapage+0x1ec/0x288 [ 79.574698][ T99] txUnlock+0x464/0xc98 [ 79.574704][ T99] jfs_lazycommit+0x480/0x94c [ 79.574710][ T99] kthread+0x5fc/0x75c [ 79.574717][ T99] ret_from_fork+0x10/0x20 [ 79.574722][ T99] [ 79.574724][ T99] Allocated by task 7281: [ 79.574727][ T99] kasan_save_track+0x40/0x78 [ 79.574731][ T99] kasan_save_alloc_info+0x44/0x54 [ 79.574736][ T99] __kasan_slab_alloc+0x70/0x88 [ 79.574740][ T99] kmem_cache_alloc_noprof+0x338/0x648 [ 79.574744][ T99] mempool_alloc_slab+0x58/0x74 [ 79.574749][ T99] mempool_alloc_noprof+0x150/0x3f4 [ 79.574754][ T99] __get_metapage+0x530/0xec8 [ 79.574758][ T99] diNewExt+0x800/0x253c [ 79.574762][ T99] diAllocAG+0x9bc/0x1a84 [ 79.574766][ T99] diAlloc+0x17c/0x1630 [ 79.574770][ T99] ialloc+0x80/0x78c [ 79.574774][ T99] jfs_mkdir+0x170/0x8b4 [ 79.574778][ T99] vfs_mkdir+0x284/0x424 [ 79.574783][ T99] do_mkdirat+0x1f8/0x4c8 [ 79.574787][ T99] __arm64_sys_mkdirat+0x8c/0xa4 [ 79.574792][ T99] invoke_syscall+0x98/0x254 [ 79.574797][ T99] el0_svc_common+0x130/0x23c [ 79.574800][ T99] do_el0_svc+0x48/0x58 [ 79.574804][ T99] el0_svc+0x5c/0x254 [ 79.574809][ T99] el0t_64_sync_handler+0x84/0x12c [ 79.574814][ T99] el0t_64_sync+0x198/0x19c [ 79.574819][ T99] [ 79.574820][ T99] Freed by task 7107: [ 79.574823][ T99] kasan_save_track+0x40/0x78 [ 79.574826][ T99] __kasan_save_free_info+0x58/0x70 [ 79.574831][ T99] __kasan_slab_free+0x74/0xa4 [ 79.574835][ T99] kmem_cache_free+0x18c/0x6dc [ 79.574838][ T99] mempool_free_slab+0x28/0x38 [ 79.574843][ T99] mempool_free+0xf8/0x5a0 [ 79.574847][ T99] metapage_release_folio+0x36c/0x484 [ 79.574852][ T99] metapage_invalidate_folio+0x14c/0x1cc [ 79.574857][ T99] truncate_cleanup_folio+0x264/0x3a0 [ 79.574861][ T99] truncate_inode_pages_range+0x1f4/0xe18 [ 79.574866][ T99] truncate_inode_pages+0x2c/0x3c [ 79.574870][ T99] jfs_put_super+0x124/0x188 [ 79.574876][ T99] generic_shutdown_super+0x12c/0x2b8 [ 79.574881][ T99] kill_block_super+0x44/0x90 [ 79.574886][ T99] deactivate_locked_super+0xc4/0x12c [ 79.574891][ T99] deactivate_super+0xe0/0x100 [ 79.574895][ T99] cleanup_mnt+0x31c/0x3ac [ 79.574901][ T99] __cleanup_mnt+0x20/0x30 [ 79.574906][ T99] task_work_run+0x1dc/0x260 [ 79.574910][ T99] exit_to_user_mode_loop+0xfc/0x178 [ 79.574916][ T99] el0_svc+0x170/0x254 [ 79.574920][ T99] el0t_64_sync_handler+0x84/0x12c [ 79.574925][ T99] el0t_64_sync+0x198/0x19c [ 79.574928][ T99] [ 79.574929][ T99] The buggy address belongs to the object at ffff0000cf7ddd90 [ 79.574929][ T99] which belongs to the cache jfs_mp of size 184 [ 79.574934][ T99] The buggy address is located 40 bytes inside of [ 79.574934][ T99] freed 184-byte region [ffff0000cf7ddd90, ffff0000cf7dde48) [ 79.574939][ T99] [ 79.574940][ T99] The buggy address belongs to the physical page: [ 79.574943][ T99] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10f7dd [ 79.574949][ T99] flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff) [ 79.574954][ T99] page_type: f5(slab) [ 79.574959][ T99] raw: 05ffc00000000000 ffff0000c4c31000 dead000000000122 0000000000000000 [ 79.574963][ T99] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 79.574966][ T99] page dumped because: kasan: bad access detected [ 79.574968][ T99] [ 79.574969][ T99] Memory state around the buggy address: [ 79.574972][ T99] ffff0000cf7ddc80: fc fc fc fa fb fb fb fb fb fb fb fb fb fb fb fb [ 79.574975][ T99] ffff0000cf7ddd00: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 79.574978][ T99] >ffff0000cf7ddd80: fc fc fa fb fb fb fb fb fb fb fb fb fb fb fb fb [ 79.574980][ T99] ^ [ 79.574983][ T99] ffff0000cf7dde00: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 79.574986][ T99] ffff0000cf7dde80: fc fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 79.574988][ T99] ================================================================== [ 79.574999][ T99] Disabling lock debugging due to kernel taint [ 79.575021][ T99] Unable to handle kernel paging request at virtual address dfff800000000029 [ 79.575029][ T99] KASAN: null-ptr-deref in range [0x0000000000000148-0x000000000000014f] [ 79.575035][ T99] Mem abort info: [ 79.575040][ T99] ESR = 0x0000000096000005 [ 79.575045][ T99] EC = 0x25: DABT (current EL), IL = 32 bits [ 79.575051][ T99] SET = 0, FnV = 0 [ 79.575056][ T99] EA = 0, S1PTW = 0 [ 79.575062][ T99] FSC = 0x05: level 1 translation fault [ 79.575067][ T99] Data abort info: [ 79.575071][ T99] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000 [ 79.575077][ T99] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 79.575083][ T99] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 79.575089][ T99] [dfff800000000029] address between user and kernel address ranges [ 79.575096][ T99] Internal error: Oops: 0000000096000005 [#1] SMP [ 79.658249][ T99] Modules linked in: [ 79.658812][ T99] CPU: 0 UID: 0 PID: 99 Comm: jfsCommit Tainted: G B syzkaller #0 PREEMPT [ 79.660387][ T99] Tainted: [B]=BAD_PAGE [ 79.661054][ T99] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 79.662604][ T99] pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) [ 79.663714][ T99] pc : txEnd+0x180/0x4f0 [ 79.664367][ T99] lr : txEnd+0x158/0x4f0 [ 79.664950][ T99] sp : ffff8000993c7c60 [ 79.665531][ T99] x29: ffff8000993c7c60 x28: 1ffff00013680666 x27: ffff80008fb96000 [ 79.666661][ T99] x26: 1ffff00011f72cc4 x25: dfff800000000000 x24: ffff8000974a8000 [ 79.667805][ T99] x23: 0000000000000001 x22: 000000000000014c x21: ffff80009b403358 [ 79.668912][ T99] x20: 0000000000000003 x19: 0000000000000000 x18: 1fffe000337db690 [ 79.670012][ T99] x17: 3d3d3d3d3d3d3d3d x16: ffff8000802112a8 x15: 0000000000000001 [ 79.671120][ T99] x14: 1ffff0001368066c x13: 0000000000000000 x12: 0000000000000000 [ 79.672279][ T99] x11: ffff70001368066d x10: 0000000000ff0100 x9 : 0000000000000029 [ 79.673433][ T99] x8 : 0000000000000003 x7 : ffffffffffffffff x6 : ffff800080502e24 [ 79.674529][ T99] x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff800081c4c3ec [ 79.675653][ T99] x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000 [ 79.676850][ T99] Call trace: [ 79.677292][ T99] txEnd+0x180/0x4f0 (P) [ 79.677890][ T99] jfs_lazycommit+0x4b4/0x94c [ 79.678571][ T99] kthread+0x5fc/0x75c [ 79.679174][ T99] ret_from_fork+0x10/0x20 [ 79.679790][ T99] Code: 12003e88 790002b7 d343fec9 b902c308 (38f96928) [ 79.680739][ T99] ---[ end trace 0000000000000000 ]--- [ 79.914863][ T99] Kernel panic - not syncing: Oops: Fatal exception [ 79.915866][ T99] SMP: stopping secondary CPUs [ 79.916622][ T99] Kernel Offset: disabled [ 79.917272][ T99] CPU features: 0x100000,0001e000,42702281,5427fea7 [ 79.918247][ T99] Memory Limit: none [ 80.124783][ T99] Rebooting in 86400 seconds..