Warning: Permanently added '10.128.0.224' (ED25519) to the list of known hosts.
2025/11/29 02:08:12 parsed 1 programs
[   89.259424][ T5802] cgroup: Unknown subsys name 'net'
[   89.426215][ T5802] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   91.181877][ T5802] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   92.078771][  T788] cfg80211: failed to load regulatory.db
[   95.124820][ T5842] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   95.133867][ T5842] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   95.142172][ T5842] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   95.155233][ T5842] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   95.166843][ T5842] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   95.175743][ T5842] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   96.019127][ T1090] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.047995][ T1090] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.086563][ T1090] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.096179][ T1090] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.432152][ T5857] chnl_net:caif_netlink_parms(): no params data found
[   96.521038][ T5857] bridge0: port 1(bridge_slave_0) entered blocking state
[   96.529372][ T5857] bridge0: port 1(bridge_slave_0) entered disabled state
[   96.536715][ T5857] bridge_slave_0: entered allmulticast mode
[   96.544742][ T5857] bridge_slave_0: entered promiscuous mode
[   96.554247][ T5857] bridge0: port 2(bridge_slave_1) entered blocking state
[   96.562362][ T5857] bridge0: port 2(bridge_slave_1) entered disabled state
[   96.569828][ T5857] bridge_slave_1: entered allmulticast mode
[   96.578093][ T5857] bridge_slave_1: entered promiscuous mode
[   96.616756][ T5857] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   96.629794][ T5857] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   96.670776][ T5857] team0: Port device team_slave_0 added
[   96.680882][ T5857] team0: Port device team_slave_1 added
[   96.712676][ T5857] batman_adv: batadv0: Adding interface: batadv_slave_0
[   96.721387][ T5857] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   96.747586][ T5857] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   96.761322][ T5857] batman_adv: batadv0: Adding interface: batadv_slave_1
[   96.770305][ T5857] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   96.798337][ T5857] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   96.871126][ T5857] hsr_slave_0: entered promiscuous mode
[   96.878177][ T5857] hsr_slave_1: entered promiscuous mode
[   97.051349][ T5857] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   97.069551][ T5857] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   97.079941][ T5857] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   97.089929][ T5857] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   97.195507][ T5857] 8021q: adding VLAN 0 to HW filter on device bond0
[   97.230200][ T5857] 8021q: adding VLAN 0 to HW filter on device team0
[   97.244633][ T1076] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.252174][ T1076] bridge0: port 1(bridge_slave_0) entered forwarding state
[   97.269427][ T1090] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.276570][ T1090] bridge0: port 2(bridge_slave_1) entered forwarding state
[   97.519000][ T5857] 8021q: adding VLAN 0 to HW filter on device batadv0
[   97.602999][ T5857] veth0_vlan: entered promiscuous mode
[   97.637647][ T5857] veth1_vlan: entered promiscuous mode
[   97.679637][ T5857] veth0_macvtap: entered promiscuous mode
[   97.691960][ T5857] veth1_macvtap: entered promiscuous mode
[   97.715723][ T5857] batman_adv: batadv0: Interface activated: batadv_slave_0
[   97.734703][ T5857] batman_adv: batadv0: Interface activated: batadv_slave_1
[   97.747980][ T5857] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   97.762023][ T5857] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   97.771469][ T5857] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   97.781371][ T5857] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   97.958648][ T2989] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/11/29 02:08:24 executed programs: 0
[   99.130058][ T5842] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   99.139255][ T5842] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   99.148211][ T5842] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   99.156729][ T5842] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   99.165638][ T5842] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   99.174574][ T5842] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   99.353847][ T5903] chnl_net:caif_netlink_parms(): no params data found
[   99.426901][ T5903] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.434589][ T5903] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.443011][ T5903] bridge_slave_0: entered allmulticast mode
[   99.450308][ T5903] bridge_slave_0: entered promiscuous mode
[   99.460376][ T5903] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.467589][ T5903] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.474756][ T5903] bridge_slave_1: entered allmulticast mode
[   99.482597][ T5903] bridge_slave_1: entered promiscuous mode
[   99.519198][ T5903] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   99.531027][ T5903] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   99.569614][ T5903] team0: Port device team_slave_0 added
[   99.578343][ T5903] team0: Port device team_slave_1 added
[   99.612676][ T5903] batman_adv: batadv0: Adding interface: batadv_slave_0
[   99.619852][ T5903] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   99.646158][ T5903] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   99.659547][ T5903] batman_adv: batadv0: Adding interface: batadv_slave_1
[   99.666526][ T5903] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   99.692972][ T5903] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   99.737758][ T5903] hsr_slave_0: entered promiscuous mode
[   99.744737][ T5903] hsr_slave_1: entered promiscuous mode
[   99.751406][ T5903] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   99.760226][ T5903] Cannot create hsr debugfs directory
[  100.350201][ T2989] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  101.278006][ T5104] Bluetooth: hci0: command tx timeout
[  102.579917][ T2989] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  102.635910][ T2989] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  103.348764][ T5104] Bluetooth: hci0: command tx timeout
[  103.693305][ T5903] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  103.705069][ T5903] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  103.720904][ T5903] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  103.744024][ T2989] hsr_slave_0: left promiscuous mode
[  103.753923][ T2989] hsr_slave_1: left promiscuous mode
[  103.761226][ T2989] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  103.771379][ T2989] batman_adv: batadv0: Removing interface: batadv_slave_0
[  103.780468][ T2989] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  103.790919][ T2989] batman_adv: batadv0: Removing interface: batadv_slave_1
[  103.799423][ T2989] bridge_slave_1: left allmulticast mode
[  103.805238][ T2989] bridge_slave_1: left promiscuous mode
[  103.812415][ T2989] bridge0: port 2(bridge_slave_1) entered disabled state
[  103.826476][ T2989] bridge_slave_0: left allmulticast mode
[  103.834168][ T2989] bridge_slave_0: left promiscuous mode
[  103.840427][ T2989] bridge0: port 1(bridge_slave_0) entered disabled state
[  103.873271][ T2989] veth1_macvtap: left promiscuous mode
[  103.879398][ T2989] veth0_macvtap: left promiscuous mode
[  103.885136][ T2989] veth1_vlan: left promiscuous mode
[  103.891476][ T2989] veth0_vlan: left promiscuous mode
[  104.360003][ T2989] team0 (unregistering): Port device team_slave_1 removed
[  104.400399][ T2989] team0 (unregistering): Port device team_slave_0 removed
[  104.438716][ T2989] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  104.475466][ T2989] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  104.828472][ T2989] bond0 (unregistering): Released all slaves
[  104.931213][ T5903] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  105.050194][ T5903] 8021q: adding VLAN 0 to HW filter on device bond0
[  105.074565][ T5903] 8021q: adding VLAN 0 to HW filter on device team0
[  105.094426][ T1090] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.101696][ T1090] bridge0: port 1(bridge_slave_0) entered forwarding state
[  105.122712][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.129927][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[  105.415543][ T5903] 8021q: adding VLAN 0 to HW filter on device batadv0
[  105.428840][ T5104] Bluetooth: hci0: command tx timeout
[  105.469046][ T5903] veth0_vlan: entered promiscuous mode
[  105.483038][ T5903] veth1_vlan: entered promiscuous mode
[  105.512680][ T5903] veth0_macvtap: entered promiscuous mode
[  105.523120][ T5903] veth1_macvtap: entered promiscuous mode
[  105.543438][ T5903] batman_adv: batadv0: Interface activated: batadv_slave_0
[  105.575778][ T5903] batman_adv: batadv0: Interface activated: batadv_slave_1
[  105.589851][ T5903] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  105.602688][ T5903] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  105.611491][ T5903] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  105.620332][ T5903] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  105.727780][ T1147] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  105.735665][ T1147] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  105.767382][ T1147] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  105.775291][ T1147] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/11/29 02:08:31 executed programs: 2
[  105.852701][ T5950] syz.0.17[5950]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[  106.149770][ T5950] loop0: detected capacity change from 0 to 32768
[  106.193968][ T5950] syz.0.17: attempt to access beyond end of device
[  106.193968][ T5950] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768
[  106.207867][ T5950] metapage_write_end_io: I/O error
[  106.213984][ T5950] ERROR: (device loop0): diWrite: ixpxd invalid
[  106.213984][ T5950] 
[  106.238221][ T5950] ERROR: (device loop0): remounting filesystem as read-only
[  106.257684][ T5950] ERROR: (device loop0): txCommit: 
[  106.257684][ T5950] 
[  106.277830][ T5950] blkno = 8f7c0, nblocks = 1
[  106.282770][ T5950] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map
[  106.282770][ T5950] 
[  106.294569][ T5950] ERROR: (device loop0): dbAllocNext: Corrupt dmap page
[  106.294569][ T5950] 
[  106.305701][ T5950] ialloc: diAlloc returned -5!
[  106.315211][ T5950] BUG: Bad page state in process syz.0.17  pfn:24cef
[  106.323855][ T5950] page:ffffea0000933bc0 refcount:0 mapcount:0 mapping:0000000000000000 index:0xd pfn:0x24cef
[  106.334255][ T5950] flags: 0xfff0000000820c(referenced|uptodate|workingset|private|node=0|zone=1|lastcpupid=0x7ff)
[  106.344985][ T5950] page_type: 0xffffffff()
[  106.351691][ T5950] raw: 00fff0000000820c ffffea000092ff48 ffffea0000953f08 0000000000000000
[  106.361339][ T5950] raw: 000000000000000d ffff888023e361f0 00000000ffffffff 0000000000000000
[  106.370361][ T5950] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[  106.378176][ T5950] page_owner tracks the page as allocated
[  106.384169][ T5950] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x140c40(GFP_NOFS|__GFP_COMP|__GFP_HARDWALL), pid 5950, tgid 5950 (syz.0.17), ts 106177299687, free_ts 105931375002
[  106.403269][ T5950]  post_alloc_hook+0x1cd/0x210
[  106.409564][ T5950]  get_page_from_freelist+0x195c/0x19f0
[  106.415200][ T5950]  __alloc_pages+0x1e3/0x460
[  106.420728][ T5950]  folio_alloc+0x1e/0x30
[  106.425070][ T5950]  filemap_alloc_folio+0xdf/0x470
[  106.431719][ T5950]  do_read_cache_folio+0x36c/0x7e0
[  106.436888][ T5950]  do_read_cache_page+0x32/0x250
[  106.441994][ T5950]  __get_metapage+0x31a/0xfa0
[  106.446710][ T5950]  diReadSpecial+0x25b/0x710
[  106.451695][ T5950]  jfs_mount+0x3d1/0x860
[  106.456027][ T5950]  jfs_fill_super+0x4e2/0xac0
[  106.460813][ T5950]  mount_bdev+0x22b/0x2d0
[  106.465185][ T5950]  legacy_get_tree+0xea/0x180
[  106.470572][ T5950]  vfs_get_tree+0x8c/0x280
[  106.475073][ T5950]  do_new_mount+0x24b/0xa40
[  106.479666][ T5950]  __se_sys_mount+0x2da/0x3c0
[  106.484419][ T5950] page last free stack trace:
[  106.489170][ T5950]  free_unref_page_prepare+0x7ce/0x8e0
[  106.494989][ T5950]  free_unref_page+0x32/0x2e0
[  106.499907][ T5950]  __unfreeze_partials+0x1cf/0x210
[  106.505079][ T5950]  put_cpu_partial+0x17c/0x250
[  106.509983][ T5950]  __slab_free+0x31d/0x410
[  106.514458][ T5950]  qlist_free_all+0x75/0xe0
[  106.519064][ T5950]  kasan_quarantine_reduce+0x143/0x160
[  106.524783][ T5950]  __kasan_slab_alloc+0x22/0x80
[  106.529872][ T5950]  slab_post_alloc_hook+0x6e/0x4d0
[  106.535040][ T5950]  kmem_cache_alloc_node+0x150/0x330
[  106.540444][ T5950]  __alloc_skb+0x108/0x2c0
[  106.544890][ T5950]  inet6_netconf_notify_devconf+0x10f/0x1d0
[  106.551122][ T5950]  addrconf_ifdown+0x1544/0x1880
[  106.556134][ T5950]  addrconf_notify+0x6c6/0x1010
[  106.561202][ T5950]  notifier_call_chain+0x197/0x390
[  106.566364][ T5950]  unregister_netdevice_many_notify+0xf36/0x1810
[  106.573625][ T5950] Modules linked in:
[  106.578251][ T5950] CPU: 0 PID: 5950 Comm: syz.0.17 Not tainted syzkaller #0
[  106.585507][ T5950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  106.595624][ T5950] Call Trace:
[  106.598936][ T5950]  <TASK>
[  106.601906][ T5950]  dump_stack_lvl+0x16c/0x230
[  106.606704][ T5950]  ? show_regs_print_info+0x20/0x20
[  106.611932][ T5950]  ? swiotlb_print_info+0x70/0x70
[  106.616989][ T5950]  ? dump_page+0xba7/0x14d0
[  106.621524][ T5950]  bad_page+0x14b/0x170
[  106.625705][ T5950]  free_unref_page_prepare+0x887/0x8e0
[  106.631199][ T5950]  free_unref_page_list+0xbe/0x860
[  106.636341][ T5950]  ? __folio_memcg+0x63/0x160
[  106.641043][ T5950]  ? folio_memcg+0x127/0x480
[  106.645655][ T5950]  release_pages+0x1fa0/0x2220
[  106.650449][ T5950]  ? lru_cache_disable+0x30/0x30
[  106.655427][ T5950]  ? mlock_drain_local+0x79/0x490
[  106.660470][ T5950]  ? mlock_drain_local+0x79/0x490
[  106.665509][ T5950]  ? mlock_drain_local+0x28d/0x490
[  106.670728][ T5950]  __folio_batch_release+0x71/0xe0
[  106.675879][ T5950]  truncate_inode_pages_range+0x358/0xf00
[  106.681660][ T5950]  ? mapping_evict_folio+0x510/0x510
[  106.687080][ T5950]  ? __static_call_return0+0x9/0x10
[  106.692353][ T5950]  ? shrink_dentry_list+0x685/0x6a0
[  106.697596][ T5950]  ? sync_filesystem+0x107/0x220
[  106.702567][ T5950]  jfs_remount+0x33b/0x5b0
[  106.707021][ T5950]  ? jfs_statfs+0x550/0x550
[  106.711570][ T5950]  reconfigure_super+0x21e/0x880
[  106.716533][ T5950]  path_mount+0xd19/0xfe0
[  106.720899][ T5950]  __se_sys_mount+0x2da/0x3c0
[  106.725597][ T5950]  ? __x64_sys_mount+0xc0/0xc0
[  106.730417][ T5950]  ? lockdep_hardirqs_on+0x98/0x150
[  106.735636][ T5950]  ? __x64_sys_mount+0x20/0xc0
[  106.740434][ T5950]  do_syscall_64+0x55/0xb0
[  106.744895][ T5950]  ? clear_bhb_loop+0x40/0x90
[  106.749589][ T5950]  ? clear_bhb_loop+0x40/0x90
[  106.754292][ T5950]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  106.760208][ T5950] RIP: 0033:0x7f7d53f90eea
[  106.764689][ T5950] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  106.784507][ T5950] RSP: 002b:00007ffc6f3f0878 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  106.792957][ T5950] RAX: ffffffffffffffda RBX: 00007ffc6f3f0900 RCX: 00007f7d53f90eea
[  106.800951][ T5950] RDX: 0000200000000f40 RSI: 0000200000000f00 RDI: 0000000000000000
[  106.809199][ T5950] RBP: 0000200000000f40 R08: 00007ffc6f3f0900 R09: 0000000001258438
[  106.817294][ T5950] R10: 0000000001258438 R11: 0000000000000246 R12: 0000200000000f00
[  106.825279][ T5950] R13: 00007ffc6f3f08c0 R14: 0000000000000000 R15: 0000200000000f80
[  106.833302][ T5950]  </TASK>
[  106.847921][ T5950] Disabling lock debugging due to kernel taint
[  106.870130][   T11] kworker/u4:0: attempt to access beyond end of device
[  106.870130][   T11] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768
[  106.884629][   T11] metapage_write_end_io: I/O error
[  107.143597][ T5951] loop0: detected capacity change from 0 to 32768
[  107.163552][ T5951] syz.0.18: attempt to access beyond end of device
[  107.163552][ T5951] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768
[  107.177361][ T5951] metapage_write_end_io: I/O error
[  107.182561][ T5951] ERROR: (device loop0): diWrite: ixpxd invalid
[  107.182561][ T5951] 
[  107.191601][ T5951] ERROR: (device loop0): remounting filesystem as read-only
[  107.199595][ T5951] ERROR: (device loop0): txCommit: 
[  107.199595][ T5951] 
[  107.207962][ T5951] blkno = 8f7c0, nblocks = 1
[  107.212614][ T5951] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map
[  107.212614][ T5951] 
[  107.223336][ T5951] ERROR: (device loop0): dbAllocNext: Corrupt dmap page
[  107.223336][ T5951] 
[  107.233752][ T5951] ialloc: diAlloc returned -5!
[  107.239827][ T5951] BUG: Bad page state in process syz.0.18  pfn:2edc3
[  107.246619][ T5951] page:ffffea0000bb70c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0xd pfn:0x2edc3
[  107.256982][ T5951] flags: 0xfff0000000820c(referenced|uptodate|workingset|private|node=0|zone=1|lastcpupid=0x7ff)
[  107.267996][ T5951] page_type: 0xffffffff()
[  107.272399][ T5951] raw: 00fff0000000820c ffffea000076e708 ffffea000093edc8 0000000000000000
[  107.281948][ T5951] raw: 000000000000000d ffff88807b3abd90 00000000ffffffff 0000000000000000
[  107.290803][ T5951] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[  107.298231][ T5951] page_owner tracks the page as allocated
[  107.303979][ T5951] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x140c40(GFP_NOFS|__GFP_COMP|__GFP_HARDWALL), pid 5951, tgid 5951 (syz.0.18), ts 107160337212, free_ts 107003124388
[  107.322080][ T5951]  post_alloc_hook+0x1cd/0x210
[  107.326901][ T5951]  get_page_from_freelist+0x195c/0x19f0
[  107.332616][ T5951]  __alloc_pages+0x1e3/0x460
[  107.337336][ T5951]  folio_alloc+0x1e/0x30
[  107.341785][ T5951]  filemap_alloc_folio+0xdf/0x470
[  107.346849][ T5951]  do_read_cache_folio+0x36c/0x7e0
[  107.352063][ T5951]  do_read_cache_page+0x32/0x250
[  107.357128][ T5951]  __get_metapage+0x31a/0xfa0
[  107.361830][ T5951]  diReadSpecial+0x25b/0x710
[  107.366447][ T5951]  jfs_mount+0x3d1/0x860
[  107.370743][ T5951]  jfs_fill_super+0x4e2/0xac0
[  107.375450][ T5951]  mount_bdev+0x22b/0x2d0
[  107.379829][ T5951]  legacy_get_tree+0xea/0x180
[  107.384530][ T5951]  vfs_get_tree+0x8c/0x280
[  107.389135][ T5951]  do_new_mount+0x24b/0xa40
[  107.393670][ T5951]  __se_sys_mount+0x2da/0x3c0
[  107.398403][ T5951] page last free stack trace:
[  107.403094][ T5951]  free_unref_page_prepare+0x7ce/0x8e0
[  107.408802][ T5951]  free_unref_page+0x32/0x2e0
[  107.413537][ T5951]  __slab_free+0x35e/0x410
[  107.418083][ T5951]  qlist_free_all+0x75/0xe0
[  107.422617][ T5951]  kasan_quarantine_reduce+0x143/0x160
[  107.428188][ T5951]  __kasan_slab_alloc+0x22/0x80
[  107.433084][ T5951]  slab_post_alloc_hook+0x6e/0x4d0
[  107.438314][ T5951]  kmem_cache_alloc+0x11e/0x2e0
[  107.443494][ T5951]  ptlock_alloc+0x20/0x70
[  107.447908][ T5951]  pte_alloc_one+0xce/0x540
[  107.452440][ T5951]  __pte_alloc+0x22/0x2a0
[  107.456783][ T5951]  handle_mm_fault+0x3cc3/0x4920
[  107.461887][ T5951]  do_user_addr_fault+0xad0/0x12e0
[  107.467087][ T5951]  exc_page_fault+0x67/0x110
[  107.471693][ T5951]  asm_exc_page_fault+0x26/0x30
[  107.476659][ T5951] Modules linked in:
[  107.480977][ T5951] CPU: 1 PID: 5951 Comm: syz.0.18 Tainted: G    B              syzkaller #0
[  107.489685][ T5951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  107.499746][ T5951] Call Trace:
[  107.503031][ T5951]  <TASK>
[  107.505966][ T5951]  dump_stack_lvl+0x16c/0x230
[  107.510660][ T5951]  ? show_regs_print_info+0x20/0x20
[  107.515869][ T5951]  ? swiotlb_print_info+0x70/0x70
[  107.520918][ T5951]  ? dump_page+0xba7/0x14d0
[  107.525447][ T5951]  bad_page+0x14b/0x170
[  107.529615][ T5951]  free_unref_page_prepare+0x887/0x8e0
[  107.535134][ T5951]  free_unref_page_list+0xbe/0x860
[  107.540288][ T5951]  ? __folio_memcg+0x63/0x160
[  107.545001][ T5951]  ? folio_memcg+0x127/0x480
[  107.549598][ T5951]  release_pages+0x1fa0/0x2220
[  107.554374][ T5951]  ? lru_cache_disable+0x30/0x30
[  107.559354][ T5951]  ? mlock_drain_local+0x79/0x490
[  107.564403][ T5951]  ? mlock_drain_local+0x79/0x490
[  107.569431][ T5951]  ? mlock_drain_local+0x28d/0x490
[  107.574549][ T5951]  __folio_batch_release+0x71/0xe0
[  107.579666][ T5951]  truncate_inode_pages_range+0x358/0xf00
[  107.585499][ T5951]  ? mapping_evict_folio+0x510/0x510
[  107.590820][ T5951]  ? __static_call_return0+0x9/0x10
[  107.596042][ T5951]  ? shrink_dentry_list+0x685/0x6a0
[  107.601260][ T5951]  ? sync_filesystem+0x107/0x220
[  107.606223][ T5951]  jfs_remount+0x33b/0x5b0
[  107.610687][ T5951]  ? jfs_statfs+0x550/0x550
[  107.615211][ T5951]  reconfigure_super+0x21e/0x880
[  107.620166][ T5951]  path_mount+0xd19/0xfe0
[  107.624509][ T5951]  __se_sys_mount+0x2da/0x3c0
[  107.629197][ T5951]  ? __x64_sys_mount+0xc0/0xc0
[  107.633973][ T5951]  ? __x64_sys_mount+0x20/0xc0
[  107.638750][ T5951]  do_syscall_64+0x55/0xb0
[  107.643184][ T5951]  ? clear_bhb_loop+0x40/0x90
[  107.647883][ T5951]  ? clear_bhb_loop+0x40/0x90
[  107.652585][ T5951]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  107.658495][ T5951] RIP: 0033:0x7f7d53f90eea
[  107.662920][ T5951] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  107.682539][ T5951] RSP: 002b:00007ffc6f3f0878 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  107.690989][ T5951] RAX: ffffffffffffffda RBX: 00007ffc6f3f0900 RCX: 00007f7d53f90eea
[  107.698977][ T5951] RDX: 0000200000000f40 RSI: 0000200000000f00 RDI: 0000000000000000
[  107.706993][ T5951] RBP: 0000200000000f40 R08: 00007ffc6f3f0900 R09: 0000000001258438
[  107.714979][ T5951] R10: 0000000001258438 R11: 0000000000000246 R12: 0000200000000f00
[  107.722966][ T5951] R13: 00007ffc6f3f08c0 R14: 0000000000000000 R15: 0000200000000f80
[  107.730956][ T5951]  </TASK>
[  107.739713][ T5104] Bluetooth: hci0: command tx timeout
[  107.745543][ T1147] kworker/u4:9: attempt to access beyond end of device
[  107.745543][ T1147] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768
[  107.760058][ T1147] metapage_write_end_io: I/O error
[  108.008598][ T5952] loop0: detected capacity change from 0 to 32768
[  108.026259][ T5952] syz.0.19: attempt to access beyond end of device
[  108.026259][ T5952] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768
[  108.040152][ T5952] metapage_write_end_io: I/O error
[  108.045365][ T5952] ERROR: (device loop0): diWrite: ixpxd invalid
[  108.045365][ T5952] 
[  108.054801][ T5952] ERROR: (device loop0): remounting filesystem as read-only
[  108.063225][ T5952] ERROR: (device loop0): txCommit: 
[  108.063225][ T5952] 
[  108.076134][ T5952] blkno = 8f7c0, nblocks = 1
[  108.081517][ T5952] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map
[  108.081517][ T5952] 
[  108.092383][ T5952] ERROR: (device loop0): dbAllocNext: Corrupt dmap page
[  108.092383][ T5952] 
[  108.102565][ T5952] ialloc: diAlloc returned -5!
[  108.108287][ T5952] BUG: Bad page state in process syz.0.19  pfn:7d07f
[  108.115016][ T5952] page:ffffea0001f41fc0 refcount:0 mapcount:0 mapping:0000000000000000 index:0xd pfn:0x7d07f
[  108.126372][ T5952] flags: 0xfff0000000820c(referenced|uptodate|workingset|private|node=0|zone=1|lastcpupid=0x7ff)
[  108.137670][ T5952] page_type: 0xffffffff()
[  108.142054][ T5952] raw: 00fff0000000820c ffffea0000bf5f08 ffffea0000bb6908 0000000000000000
[  108.151968][ T5952] raw: 000000000000000d ffff88807af4f4d8 00000000ffffffff 0000000000000000
[  108.161177][ T5952] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[  108.168590][ T5952] page_owner tracks the page as allocated
[  108.174333][ T5952] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x140c40(GFP_NOFS|__GFP_COMP|__GFP_HARDWALL), pid 5952, tgid 5952 (syz.0.19), ts 108021389872, free_ts 108005677935
[  108.192868][ T5952]  post_alloc_hook+0x1cd/0x210
[  108.197746][ T5952]  get_page_from_freelist+0x195c/0x19f0
[  108.203361][ T5952]  __alloc_pages+0x1e3/0x460
[  108.208171][ T5952]  folio_alloc+0x1e/0x30
[  108.212451][ T5952]  filemap_alloc_folio+0xdf/0x470
[  108.217541][ T5952]  do_read_cache_folio+0x36c/0x7e0
[  108.222681][ T5952]  do_read_cache_page+0x32/0x250
[  108.227861][ T5952]  __get_metapage+0x31a/0xfa0
[  108.232605][ T5952]  diReadSpecial+0x25b/0x710
[  108.237340][ T5952]  jfs_mount+0x3d1/0x860
[  108.241612][ T5952]  jfs_fill_super+0x4e2/0xac0
[  108.246298][ T5952]  mount_bdev+0x22b/0x2d0
[  108.250778][ T5952]  legacy_get_tree+0xea/0x180
[  108.255508][ T5952]  vfs_get_tree+0x8c/0x280
[  108.260017][ T5952]  do_new_mount+0x24b/0xa40
[  108.264814][ T5952]  __se_sys_mount+0x2da/0x3c0
[  108.269549][ T5952] page last free stack trace:
[  108.274236][ T5952]  free_unref_page_prepare+0x7ce/0x8e0
[  108.279836][ T5952]  free_unref_page_list+0xbe/0x860
[  108.285009][ T5952]  release_pages+0x1fa0/0x2220
[  108.289820][ T5952]  tlb_flush_mmu+0x368/0x4f0
[  108.294444][ T5952]  tlb_finish_mmu+0xc3/0x1d0
[  108.299155][ T5952]  unmap_region+0x2ed/0x340
[  108.303707][ T5952]  do_vmi_align_munmap+0xffe/0x1660
[  108.309005][ T5952]  do_vmi_munmap+0x252/0x2d0
[  108.313628][ T5952]  __vm_munmap+0x193/0x3c0
[  108.318191][ T5952]  __x64_sys_munmap+0x60/0x70
[  108.322917][ T5952]  do_syscall_64+0x55/0xb0
[  108.327395][ T5952]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  108.333369][ T5952] Modules linked in:
[  108.337366][ T5952] CPU: 0 PID: 5952 Comm: syz.0.19 Tainted: G    B              syzkaller #0
[  108.346065][ T5952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  108.356145][ T5952] Call Trace:
[  108.359518][ T5952]  <TASK>
[  108.362460][ T5952]  dump_stack_lvl+0x16c/0x230
[  108.367157][ T5952]  ? show_regs_print_info+0x20/0x20
[  108.372374][ T5952]  ? swiotlb_print_info+0x70/0x70
[  108.377413][ T5952]  ? dump_page+0xba7/0x14d0
[  108.381943][ T5952]  bad_page+0x14b/0x170
[  108.386197][ T5952]  free_unref_page_prepare+0x887/0x8e0
[  108.391678][ T5952]  free_unref_page_list+0xbe/0x860
[  108.396802][ T5952]  ? __folio_memcg+0x63/0x160
[  108.401498][ T5952]  ? folio_memcg+0x127/0x480
[  108.406097][ T5952]  release_pages+0x1fa0/0x2220
[  108.410893][ T5952]  ? lru_cache_disable+0x30/0x30
[  108.415875][ T5952]  ? mlock_drain_local+0x79/0x490
[  108.420937][ T5952]  ? mlock_drain_local+0x79/0x490
[  108.425988][ T5952]  ? mlock_drain_local+0x28d/0x490
[  108.431124][ T5952]  __folio_batch_release+0x71/0xe0
[  108.436253][ T5952]  truncate_inode_pages_range+0x358/0xf00
[  108.441993][ T5952]  ? mapping_evict_folio+0x510/0x510
[  108.447306][ T5952]  ? __static_call_return0+0x9/0x10
[  108.452524][ T5952]  ? shrink_dentry_list+0x685/0x6a0
[  108.457742][ T5952]  ? sync_filesystem+0x107/0x220
[  108.462702][ T5952]  jfs_remount+0x33b/0x5b0
[  108.467155][ T5952]  ? jfs_statfs+0x550/0x550
[  108.471678][ T5952]  reconfigure_super+0x21e/0x880
[  108.476641][ T5952]  path_mount+0xd19/0xfe0
[  108.480982][ T5952]  __se_sys_mount+0x2da/0x3c0
[  108.485671][ T5952]  ? __x64_sys_mount+0xc0/0xc0
[  108.490445][ T5952]  ? __x64_sys_mount+0x20/0xc0
[  108.495219][ T5952]  do_syscall_64+0x55/0xb0
[  108.499748][ T5952]  ? clear_bhb_loop+0x40/0x90
[  108.504439][ T5952]  ? clear_bhb_loop+0x40/0x90
[  108.509130][ T5952]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  108.515037][ T5952] RIP: 0033:0x7f7d53f90eea
[  108.519475][ T5952] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  108.539179][ T5952] RSP: 002b:00007ffc6f3f0878 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  108.547610][ T5952] RAX: ffffffffffffffda RBX: 00007ffc6f3f0900 RCX: 00007f7d53f90eea
[  108.555589][ T5952] RDX: 0000200000000f40 RSI: 0000200000000f00 RDI: 0000000000000000
[  108.563570][ T5952] RBP: 0000200000000f40 R08: 00007ffc6f3f0900 R09: 0000000001258438
[  108.571551][ T5952] R10: 0000000001258438 R11: 0000000000000246 R12: 0000200000000f00
[  108.579531][ T5952] R13: 00007ffc6f3f08c0 R14: 0000000000000000 R15: 0000200000000f80
[  108.587534][ T5952]  </TASK>
[  108.597148][   T11] kworker/u4:0: attempt to access beyond end of device
[  108.597148][   T11] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768
[  108.611024][   T11] metapage_write_end_io: I/O error
[  108.852943][ T5953] loop0: detected capacity change from 0 to 32768
[  108.871811][ T5953] syz.0.20: attempt to access beyond end of device
[  108.871811][ T5953] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768
[  108.885853][ T5953] metapage_write_end_io: I/O error
[  108.891605][ T5953] ERROR: (device loop0): diWrite: ixpxd invalid
[  108.891605][ T5953] 
[  108.901260][ T5953] ERROR: (device loop0): remounting filesystem as read-only
[  108.911639][ T5953] ERROR: (device loop0): txCommit: 
[  108.911639][ T5953] 
[  108.920041][ T5953] blkno = 8f7c0, nblocks = 1
[  108.924773][ T5953] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map
[  108.924773][ T5953] 
[  108.943157][ T5953] ERROR: (device loop0): dbAllocNext: Corrupt dmap page
[  108.943157][ T5953] 
[  108.953720][ T5953] ialloc: diAlloc returned -5!
[  108.959589][ T5953] BUG: Bad page state in process syz.0.20  pfn:24407
[  108.966383][ T5953] page:ffffea00009101c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0xd pfn:0x24407
[  108.977862][ T5953] flags: 0xfff0000000820c(referenced|uptodate|workingset|private|node=0|zone=1|lastcpupid=0x7ff)
[  108.988853][ T5953] page_type: 0xffffffff()
[  108.993242][ T5953] raw: 00fff0000000820c ffffea0001f41e08 ffffea0001e40dc8 0000000000000000
[  109.002329][ T5953] raw: 000000000000000d ffff88807ad9b7c0 00000000ffffffff 0000000000000000
[  109.011359][ T5953] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[  109.019604][ T5953] page_owner tracks the page as allocated
[  109.025363][ T5953] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x140c40(GFP_NOFS|__GFP_COMP|__GFP_HARDWALL), pid 5953, tgid 5953 (syz.0.20), ts 108866672787, free_ts 108850232299
[  109.043517][ T5953]  post_alloc_hook+0x1cd/0x210
[  109.048366][ T5953]  get_page_from_freelist+0x195c/0x19f0
[  109.053961][ T5953]  __alloc_pages+0x1e3/0x460
[  109.058691][ T5953]  folio_alloc+0x1e/0x30
[  109.062979][ T5953]  filemap_alloc_folio+0xdf/0x470
[  109.068075][ T5953]  do_read_cache_folio+0x36c/0x7e0
[  109.073211][ T5953]  do_read_cache_page+0x32/0x250
[  109.078219][ T5953]  __get_metapage+0x31a/0xfa0
[  109.083107][ T5953]  diReadSpecial+0x25b/0x710
[  109.087846][ T5953]  jfs_mount+0x3d1/0x860
[  109.092125][ T5953]  jfs_fill_super+0x4e2/0xac0
[  109.097045][ T5953]  mount_bdev+0x22b/0x2d0
[  109.101436][ T5953]  legacy_get_tree+0xea/0x180
[  109.106181][ T5953]  vfs_get_tree+0x8c/0x280
[  109.111182][ T5953]  do_new_mount+0x24b/0xa40
[  109.115726][ T5953]  __se_sys_mount+0x2da/0x3c0
[  109.120474][ T5953] page last free stack trace:
[  109.125162][ T5953]  free_unref_page_prepare+0x7ce/0x8e0
[  109.130689][ T5953]  free_unref_page_list+0xbe/0x860
[  109.135850][ T5953]  release_pages+0x1fa0/0x2220
[  109.140685][ T5953]  tlb_flush_mmu+0x368/0x4f0
[  109.145307][ T5953]  tlb_finish_mmu+0xc3/0x1d0
[  109.150027][ T5953]  unmap_region+0x2ed/0x340
[  109.154569][ T5953]  do_vmi_align_munmap+0xffe/0x1660
[  109.159843][ T5953]  do_vmi_munmap+0x252/0x2d0
[  109.164454][ T5953]  __vm_munmap+0x193/0x3c0
[  109.168939][ T5953]  __x64_sys_munmap+0x60/0x70
[  109.173649][ T5953]  do_syscall_64+0x55/0xb0
[  109.178160][ T5953]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  109.184354][ T5953] Modules linked in:
[  109.188768][ T5953] CPU: 1 PID: 5953 Comm: syz.0.20 Tainted: G    B              syzkaller #0
[  109.197455][ T5953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  109.207530][ T5953] Call Trace:
[  109.210835][ T5953]  <TASK>
[  109.213770][ T5953]  dump_stack_lvl+0x16c/0x230
[  109.218467][ T5953]  ? show_regs_print_info+0x20/0x20
[  109.223673][ T5953]  ? swiotlb_print_info+0x70/0x70
[  109.228704][ T5953]  ? dump_page+0xba7/0x14d0
[  109.233218][ T5953]  bad_page+0x14b/0x170
[  109.237377][ T5953]  free_unref_page_prepare+0x887/0x8e0
[  109.242865][ T5953]  free_unref_page_list+0xbe/0x860
[  109.248003][ T5953]  ? __folio_memcg+0x63/0x160
[  109.252704][ T5953]  ? folio_memcg+0x127/0x480
[  109.257325][ T5953]  release_pages+0x1fa0/0x2220
[  109.262125][ T5953]  ? lru_cache_disable+0x30/0x30
[  109.267076][ T5953]  ? mlock_drain_local+0x79/0x490
[  109.272114][ T5953]  ? mlock_drain_local+0x79/0x490
[  109.277144][ T5953]  ? mlock_drain_local+0x28d/0x490
[  109.282258][ T5953]  __folio_batch_release+0x71/0xe0
[  109.287396][ T5953]  truncate_inode_pages_range+0x358/0xf00
[  109.293222][ T5953]  ? mapping_evict_folio+0x510/0x510
[  109.298535][ T5953]  ? __static_call_return0+0x9/0x10
[  109.303755][ T5953]  ? shrink_dentry_list+0x685/0x6a0
[  109.309097][ T5953]  ? sync_filesystem+0x107/0x220
[  109.314057][ T5953]  jfs_remount+0x33b/0x5b0
[  109.318485][ T5953]  ? jfs_statfs+0x550/0x550
[  109.322996][ T5953]  reconfigure_super+0x21e/0x880
[  109.327940][ T5953]  path_mount+0xd19/0xfe0
[  109.332285][ T5953]  __se_sys_mount+0x2da/0x3c0
[  109.336976][ T5953]  ? __x64_sys_mount+0xc0/0xc0
[  109.341767][ T5953]  ? __x64_sys_mount+0x20/0xc0
[  109.346544][ T5953]  do_syscall_64+0x55/0xb0
[  109.350978][ T5953]  ? clear_bhb_loop+0x40/0x90
[  109.355670][ T5953]  ? clear_bhb_loop+0x40/0x90
[  109.360360][ T5953]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  109.366267][ T5953] RIP: 0033:0x7f7d53f90eea
[  109.370704][ T5953] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  109.390340][ T5953] RSP: 002b:00007ffc6f3f0878 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  109.398771][ T5953] RAX: ffffffffffffffda RBX: 00007ffc6f3f0900 RCX: 00007f7d53f90eea
[  109.406837][ T5953] RDX: 0000200000000f40 RSI: 0000200000000f00 RDI: 0000000000000000
[  109.414816][ T5953] RBP: 0000200000000f40 R08: 00007ffc6f3f0900 R09: 0000000001258438
[  109.422970][ T5953] R10: 0000000001258438 R11: 0000000000000246 R12: 0000200000000f00
[  109.430951][ T5953] R13: 00007ffc6f3f08c0 R14: 0000000000000000 R15: 0000200000000f80
[  109.438938][ T5953]  </TASK>
[  109.448718][ T1147] kworker/u4:9: attempt to access beyond end of device
[  109.448718][ T1147] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768
[  109.462678][ T1147] metapage_write_end_io: I/O error
[  109.704822][ T5954] loop0: detected capacity change from 0 to 32768
[  109.724177][ T5954] syz.0.21: attempt to access beyond end of device
[  109.724177][ T5954] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768
[  109.737785][ T5954] metapage_write_end_io: I/O error
[  109.743083][ T5954] ERROR: (device loop0): diWrite: ixpxd invalid
[  109.743083][ T5954] 
[  109.752280][ T5954] ERROR: (device loop0): remounting filesystem as read-only
[  109.762589][ T5954] ERROR: (device loop0): txCommit: 
[  109.762589][ T5954] 
[  109.772580][ T5954] blkno = 8f7c0, nblocks = 1
[  109.778566][ T5954] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map
[  109.778566][ T5954] 
[  109.789906][ T5954] ERROR: (device loop0): dbAllocNext: Corrupt dmap page
[  109.789906][ T5954] 
[  109.800102][ T5954] ialloc: diAlloc returned -5!
[  109.805418][ T5954] BUG: Bad page state in process syz.0.21  pfn:25380
[  109.813370][ T5954] page:ffffea000094e000 refcount:0 mapcount:0 mapping:0000000000000000 index:0xd pfn:0x25380
[  109.823955][ T5954] flags: 0xfff0000000820c(referenced|uptodate|workingset|private|node=0|zone=1|lastcpupid=0x7ff)
[  109.834723][ T5954] page_type: 0xffffffff()
[  109.839219][ T5954] raw: 00fff0000000820c ffffea0000924708 ffffea0001f5e5c8 0000000000000000
[  109.847916][ T5954] raw: 000000000000000d ffff88807af4fd90 00000000ffffffff 0000000000000000
[  109.856522][ T5954] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[  109.863957][ T5954] page_owner tracks the page as allocated
[  109.869912][ T5954] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x140c40(GFP_NOFS|__GFP_COMP|__GFP_HARDWALL), pid 5954, tgid 5954 (syz.0.21), ts 109720130744, free_ts 109511016307
[  109.888109][ T5954]  post_alloc_hook+0x1cd/0x210
[  109.893018][ T5954]  get_page_from_freelist+0x195c/0x19f0
[  109.898680][ T5954]  __alloc_pages+0x1e3/0x460
[  109.903542][ T5954]  folio_alloc+0x1e/0x30
[  109.908188][ T5954]  filemap_alloc_folio+0xdf/0x470
[  109.913238][ T5954]  do_read_cache_folio+0x36c/0x7e0
[  109.918476][ T5954]  do_read_cache_page+0x32/0x250
[  109.923545][ T5954]  __get_metapage+0x31a/0xfa0
[  109.928316][ T5954]  diReadSpecial+0x25b/0x710
[  109.932945][ T5954]  jfs_mount+0x3d1/0x860
[  109.937285][ T5954]  jfs_fill_super+0x4e2/0xac0
[  109.942084][ T5954]  mount_bdev+0x22b/0x2d0
[  109.946424][ T5954]  legacy_get_tree+0xea/0x180
[  109.951287][ T5954]  vfs_get_tree+0x8c/0x280
[  109.955759][ T5954]  do_new_mount+0x24b/0xa40
[  109.960318][ T5954]  __se_sys_mount+0x2da/0x3c0
[  109.965090][ T5954] page last free stack trace:
[  109.969864][ T5954]  free_unref_page_prepare+0x7ce/0x8e0
[  109.975364][ T5954]  free_unref_page+0x32/0x2e0
[  109.980105][ T5954]  __slab_free+0x35e/0x410
[  109.984549][ T5954]  qlist_free_all+0x75/0xe0
[  109.989699][ T5954]  kasan_quarantine_reduce+0x143/0x160
[  109.995260][ T5954]  __kasan_slab_alloc+0x22/0x80
[  110.000558][ T5954]  slab_post_alloc_hook+0x6e/0x4d0
[  110.005950][ T5954]  kmem_cache_alloc_node+0x150/0x330
[  110.011357][ T5954]  __alloc_skb+0x108/0x2c0
[  110.015833][ T5954]  tcp_stream_alloc_skb+0x3d/0x330
[  110.021035][ T5954]  tcp_sendmsg_locked+0xed2/0x4af0
[  110.026208][ T5954]  tcp_sendmsg+0x2f/0x50
[  110.030551][ T5954]  sock_write_iter+0x2bb/0x3f0
[  110.035350][ T5954]  vfs_write+0x43b/0x940
[  110.039664][ T5954]  ksys_write+0x147/0x250
[  110.044028][ T5954]  do_syscall_64+0x55/0xb0
[  110.048551][ T5954] Modules linked in:
[  110.052492][ T5954] CPU: 1 PID: 5954 Comm: syz.0.21 Tainted: G    B              syzkaller #0
[  110.061175][ T5954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  110.071237][ T5954] Call Trace:
[  110.074520][ T5954]  <TASK>
[  110.077453][ T5954]  dump_stack_lvl+0x16c/0x230
[  110.082247][ T5954]  ? show_regs_print_info+0x20/0x20
[  110.087459][ T5954]  ? swiotlb_print_info+0x70/0x70
[  110.092505][ T5954]  ? dump_page+0xba7/0x14d0
[  110.097020][ T5954]  bad_page+0x14b/0x170
[  110.101180][ T5954]  free_unref_page_prepare+0x887/0x8e0
[  110.106688][ T5954]  free_unref_page_list+0xbe/0x860
[  110.111837][ T5954]  ? __folio_memcg+0x63/0x160
[  110.116546][ T5954]  ? folio_memcg+0x127/0x480
[  110.121201][ T5954]  release_pages+0x1fa0/0x2220
[  110.125994][ T5954]  ? lru_cache_disable+0x30/0x30
[  110.130969][ T5954]  ? mlock_drain_local+0x79/0x490
[  110.136011][ T5954]  ? mlock_drain_local+0x79/0x490
[  110.141137][ T5954]  ? mlock_drain_local+0x28d/0x490
[  110.146259][ T5954]  __folio_batch_release+0x71/0xe0
[  110.151383][ T5954]  truncate_inode_pages_range+0x358/0xf00
[  110.157123][ T5954]  ? mapping_evict_folio+0x510/0x510
[  110.162437][ T5954]  ? __static_call_return0+0x9/0x10
[  110.167680][ T5954]  ? shrink_dentry_list+0x685/0x6a0
[  110.172902][ T5954]  ? sync_filesystem+0x107/0x220
[  110.177875][ T5954]  jfs_remount+0x33b/0x5b0
[  110.182308][ T5954]  ? jfs_statfs+0x550/0x550
[  110.186822][ T5954]  reconfigure_super+0x21e/0x880
[  110.191786][ T5954]  path_mount+0xd19/0xfe0
[  110.196128][ T5954]  __se_sys_mount+0x2da/0x3c0
[  110.200817][ T5954]  ? __x64_sys_mount+0xc0/0xc0
[  110.205683][ T5954]  ? __x64_sys_mount+0x20/0xc0
[  110.210459][ T5954]  do_syscall_64+0x55/0xb0
[  110.214894][ T5954]  ? clear_bhb_loop+0x40/0x90
[  110.219609][ T5954]  ? clear_bhb_loop+0x40/0x90
[  110.224301][ T5954]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  110.230204][ T5954] RIP: 0033:0x7f7d53f90eea
[  110.234630][ T5954] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  110.254244][ T5954] RSP: 002b:00007ffc6f3f0878 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  110.262695][ T5954] RAX: ffffffffffffffda RBX: 00007ffc6f3f0900 RCX: 00007f7d53f90eea
[  110.270677][ T5954] RDX: 0000200000000f40 RSI: 0000200000000f00 RDI: 0000000000000000
[  110.278658][ T5954] RBP: 0000200000000f40 R08: 00007ffc6f3f0900 R09: 0000000001258438
[  110.286635][ T5954] R10: 0000000001258438 R11: 0000000000000246 R12: 0000200000000f00
[  110.294623][ T5954] R13: 00007ffc6f3f08c0 R14: 0000000000000000 R15: 0000200000000f80
[  110.302611][ T5954]  </TASK>
[  110.312988][ T2989] kworker/u4:10: attempt to access beyond end of device
[  110.312988][ T2989] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768
[  110.327052][ T2989] metapage_write_end_io: I/O error
[  110.570161][ T5955] loop0: detected capacity change from 0 to 32768
[  110.586881][ T5955] metapage_write_end_io: I/O error
[  110.592470][ T5955] ERROR: (device loop0): diWrite: ixpxd invalid
[  110.592470][ T5955] 
[  110.601546][ T5955] ERROR: (device loop0): remounting filesystem as read-only
[  110.609130][ T5955] ERROR: (device loop0): txCommit: 
[  110.609130][ T5955] 
[  110.618450][ T5955] blkno = 8f7c0, nblocks = 1
[  110.623130][ T5955] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map
[  110.623130][ T5955] 
[  110.636282][ T5955] ERROR: (device loop0): dbAllocNext: Corrupt dmap page
[  110.636282][ T5955] 
[  110.645765][ T5955] ialloc: diAlloc returned -5!
[  110.653690][ T5955] BUG: Bad page state in process syz.0.22  pfn:25f84
[  110.660849][ T5955] page:ffffea000097e100 refcount:0 mapcount:0 mapping:0000000000000000 index:0xd pfn:0x25f84
[  110.671159][ T5955] flags: 0xfff0000000820c(referenced|uptodate|workingset|private|node=0|zone=1|lastcpupid=0x7ff)
[  110.682143][ T5955] page_type: 0xffffffff()
[  110.686525][ T5955] raw: 00fff0000000820c ffffea0001d8ed48 ffffea0000b72a48 0000000000000000
[  110.695340][ T5955] raw: 000000000000000d ffff8880254b6000 00000000ffffffff 0000000000000000
[  110.704050][ T5955] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[  110.711761][ T5955] page_owner tracks the page as allocated
[  110.717550][ T5955] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x140c40(GFP_NOFS|__GFP_COMP|__GFP_HARDWALL), pid 5955, tgid 5955 (syz.0.22), ts 110582221555, free_ts 110567497606
[  110.735807][ T5955]  post_alloc_hook+0x1cd/0x210
[  110.740694][ T5955]  get_page_from_freelist+0x195c/0x19f0
[  110.746273][ T5955]  __alloc_pages+0x1e3/0x460
[  110.751017][ T5955]  folio_alloc+0x1e/0x30
[  110.755316][ T5955]  filemap_alloc_folio+0xdf/0x470
[  110.760486][ T5955]  do_read_cache_folio+0x36c/0x7e0
[  110.765633][ T5955]  do_read_cache_page+0x32/0x250
[  110.770672][ T5955]  __get_metapage+0x31a/0xfa0
[  110.775384][ T5955]  diReadSpecial+0x25b/0x710
[  110.780059][ T5955]  jfs_mount+0x3d1/0x860
[  110.784313][ T5955]  jfs_fill_super+0x4e2/0xac0
[  110.790098][ T5955]  mount_bdev+0x22b/0x2d0
[  110.794476][ T5955]  legacy_get_tree+0xea/0x180
[  110.799272][ T5955]  vfs_get_tree+0x8c/0x280
[  110.803724][ T5955]  do_new_mount+0x24b/0xa40
[  110.808312][ T5955]  __se_sys_mount+0x2da/0x3c0
[  110.813011][ T5955] page last free stack trace:
[  110.817735][ T5955]  free_unref_page_prepare+0x7ce/0x8e0
[  110.823391][ T5955]  free_unref_page_list+0xbe/0x860
[  110.828581][ T5955]  release_pages+0x1fa0/0x2220
[  110.833364][ T5955]  tlb_flush_mmu+0x368/0x4f0
[  110.838035][ T5955]  tlb_finish_mmu+0xc3/0x1d0
[  110.842655][ T5955]  unmap_region+0x2ed/0x340
[  110.847210][ T5955]  do_vmi_align_munmap+0xffe/0x1660
[  110.852433][ T5955]  do_vmi_munmap+0x252/0x2d0
[  110.857220][ T5955]  __vm_munmap+0x193/0x3c0
[  110.861682][ T5955]  __x64_sys_munmap+0x60/0x70
[  110.866373][ T5955]  do_syscall_64+0x55/0xb0
[  110.871202][ T5955]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  110.877179][ T5955] Modules linked in:
[  110.881109][ T5955] CPU: 1 PID: 5955 Comm: syz.0.22 Tainted: G    B              syzkaller #0
[  110.889794][ T5955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  110.899858][ T5955] Call Trace:
[  110.903147][ T5955]  <TASK>
[  110.906085][ T5955]  dump_stack_lvl+0x16c/0x230
[  110.910813][ T5955]  ? show_regs_print_info+0x20/0x20
[  110.916024][ T5955]  ? swiotlb_print_info+0x70/0x70
[  110.921060][ T5955]  ? dump_page+0xba7/0x14d0
[  110.925582][ T5955]  bad_page+0x14b/0x170
[  110.929759][ T5955]  free_unref_page_prepare+0x887/0x8e0
[  110.935240][ T5955]  free_unref_page_list+0xbe/0x860
[  110.940392][ T5955]  ? __folio_memcg+0x63/0x160
[  110.945111][ T5955]  ? folio_memcg+0x127/0x480
[  110.949729][ T5955]  release_pages+0x1fa0/0x2220
[  110.954559][ T5955]  ? lru_cache_disable+0x30/0x30
[  110.959511][ T5955]  ? mlock_drain_local+0x79/0x490
[  110.964547][ T5955]  ? mlock_drain_local+0x79/0x490
[  110.969600][ T5955]  ? mlock_drain_local+0x28d/0x490
[  110.974722][ T5955]  __folio_batch_release+0x71/0xe0
[  110.979842][ T5955]  truncate_inode_pages_range+0x358/0xf00
[  110.985574][ T5955]  ? mapping_evict_folio+0x510/0x510
[  110.990886][ T5955]  ? __static_call_return0+0x9/0x10
[  110.996113][ T5955]  ? shrink_dentry_list+0x685/0x6a0
[  111.001332][ T5955]  ? sync_filesystem+0x107/0x220
[  111.006289][ T5955]  jfs_remount+0x33b/0x5b0
[  111.010718][ T5955]  ? jfs_statfs+0x550/0x550
[  111.015237][ T5955]  reconfigure_super+0x21e/0x880
[  111.020283][ T5955]  path_mount+0xd19/0xfe0
[  111.024622][ T5955]  __se_sys_mount+0x2da/0x3c0
[  111.029328][ T5955]  ? __x64_sys_mount+0xc0/0xc0
[  111.034112][ T5955]  ? __x64_sys_mount+0x20/0xc0
[  111.038887][ T5955]  do_syscall_64+0x55/0xb0
[  111.043329][ T5955]  ? clear_bhb_loop+0x40/0x90
[  111.048020][ T5955]  ? clear_bhb_loop+0x40/0x90
[  111.052706][ T5955]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  111.058613][ T5955] RIP: 0033:0x7f7d53f90eea
[  111.063037][ T5955] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  111.082648][ T5955] RSP: 002b:00007ffc6f3f0878 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  111.091075][ T5955] RAX: ffffffffffffffda RBX: 00007ffc6f3f0900 RCX: 00007f7d53f90eea
[  111.099057][ T5955] RDX: 0000200000000f40 RSI: 0000200000000f00 RDI: 0000000000000000
[  111.107052][ T5955] RBP: 0000200000000f40 R08: 00007ffc6f3f0900 R09: 0000000001258438
[  111.115031][ T5955] R10: 0000000001258438 R11: 0000000000000246 R12: 0000200000000f00
[  111.123024][ T5955] R13: 00007ffc6f3f08c0 R14: 0000000000000000 R15: 0000200000000f80
[  111.131129][ T5955]  </TASK>
[  111.142566][ T2989] metapage_write_end_io: I/O error
2025/11/29 02:08:36 executed programs: 8
[  111.385619][ T5956] loop0: detected capacity change from 0 to 32768
[  111.404090][ T5956] bio_check_eod: 2 callbacks suppressed
[  111.404106][ T5956] syz.0.23: attempt to access beyond end of device
[  111.404106][ T5956] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768
[  111.423958][ T5956] metapage_write_end_io: I/O error
[  111.432542][ T5956] ERROR: (device loop0): diWrite: ixpxd invalid
[  111.432542][ T5956] 
[  111.442484][ T5956] ERROR: (device loop0): remounting filesystem as read-only
[  111.451928][ T5956] ERROR: (device loop0): txCommit: 
[  111.451928][ T5956] 
[  111.468499][ T5956] blkno = 8f7c0, nblocks = 1
[  111.473161][ T5956] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map
[  111.473161][ T5956] 
[  111.483791][ T5956] ERROR: (device loop0): dbAllocNext: Corrupt dmap page
[  111.483791][ T5956] 
[  111.493606][ T5956] ialloc: diAlloc returned -5!
[  111.499374][ T5956] BUG: Bad page state in process syz.0.23  pfn:2437f
[  111.506168][ T5956] page:ffffea000090dfc0 refcount:0 mapcount:0 mapping:0000000000000000 index:0xd pfn:0x2437f
[  111.516842][ T5956] flags: 0xfff0000000820c(referenced|uptodate|workingset|private|node=0|zone=1|lastcpupid=0x7ff)
[  111.527554][ T5956] page_type: 0xffffffff()
[  111.531994][ T5956] raw: 00fff0000000820c ffffea0000ab3808 ffffea0000ab2d88 0000000000000000
[  111.540973][ T5956] raw: 000000000000000d ffff8880254b6aa8 00000000ffffffff 0000000000000000
[  111.549641][ T5956] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[  111.557084][ T5956] page_owner tracks the page as allocated
[  111.562986][ T5956] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x140c40(GFP_NOFS|__GFP_COMP|__GFP_HARDWALL), pid 5956, tgid 5956 (syz.0.23), ts 111398975296, free_ts 111382899203
[  111.581203][ T5956]  post_alloc_hook+0x1cd/0x210
[  111.586026][ T5956]  get_page_from_freelist+0x195c/0x19f0
[  111.592325][ T5956]  __alloc_pages+0x1e3/0x460
[  111.597029][ T5956]  folio_alloc+0x1e/0x30
[  111.601312][ T5956]  filemap_alloc_folio+0xdf/0x470
[  111.606352][ T5956]  do_read_cache_folio+0x36c/0x7e0
[  111.611525][ T5956]  do_read_cache_page+0x32/0x250
[  111.616491][ T5956]  __get_metapage+0x31a/0xfa0
[  111.621233][ T5956]  diReadSpecial+0x25b/0x710
[  111.625851][ T5956]  jfs_mount+0x3d1/0x860
[  111.630149][ T5956]  jfs_fill_super+0x4e2/0xac0
[  111.634850][ T5956]  mount_bdev+0x22b/0x2d0
[  111.639265][ T5956]  legacy_get_tree+0xea/0x180
[  111.644167][ T5956]  vfs_get_tree+0x8c/0x280
[  111.648659][ T5956]  do_new_mount+0x24b/0xa40
[  111.653225][ T5956]  __se_sys_mount+0x2da/0x3c0
[  111.657970][ T5956] page last free stack trace:
[  111.662656][ T5956]  free_unref_page_prepare+0x7ce/0x8e0
[  111.668573][ T5956]  free_unref_page_list+0xbe/0x860
[  111.673712][ T5956]  release_pages+0x1fa0/0x2220
[  111.678512][ T5956]  tlb_flush_mmu+0x368/0x4f0
[  111.683138][ T5956]  tlb_finish_mmu+0xc3/0x1d0
[  111.687874][ T5956]  unmap_region+0x2ed/0x340
[  111.692415][ T5956]  do_vmi_align_munmap+0xffe/0x1660
[  111.697680][ T5956]  do_vmi_munmap+0x252/0x2d0
[  111.702300][ T5956]  __vm_munmap+0x193/0x3c0
[  111.706741][ T5956]  __x64_sys_munmap+0x60/0x70
[  111.711494][ T5956]  do_syscall_64+0x55/0xb0
[  111.715936][ T5956]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  111.721897][ T5956] Modules linked in:
[  111.725813][ T5956] CPU: 1 PID: 5956 Comm: syz.0.23 Tainted: G    B              syzkaller #0
[  111.734494][ T5956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  111.744556][ T5956] Call Trace:
[  111.747845][ T5956]  <TASK>
[  111.750779][ T5956]  dump_stack_lvl+0x16c/0x230
[  111.755470][ T5956]  ? show_regs_print_info+0x20/0x20
[  111.760677][ T5956]  ? swiotlb_print_info+0x70/0x70
[  111.765707][ T5956]  ? dump_page+0xba7/0x14d0
[  111.770221][ T5956]  bad_page+0x14b/0x170
[  111.774375][ T5956]  free_unref_page_prepare+0x887/0x8e0
[  111.779878][ T5956]  free_unref_page_list+0xbe/0x860
[  111.785021][ T5956]  ? __folio_memcg+0x63/0x160
[  111.789713][ T5956]  ? folio_memcg+0x127/0x480
[  111.794315][ T5956]  release_pages+0x1fa0/0x2220
[  111.799095][ T5956]  ? lru_cache_disable+0x30/0x30
[  111.804045][ T5956]  ? mlock_drain_local+0x79/0x490
[  111.809079][ T5956]  ? mlock_drain_local+0x79/0x490
[  111.814110][ T5956]  ? mlock_drain_local+0x28d/0x490
[  111.819236][ T5956]  __folio_batch_release+0x71/0xe0
[  111.824400][ T5956]  truncate_inode_pages_range+0x358/0xf00
[  111.830170][ T5956]  ? mapping_evict_folio+0x510/0x510
[  111.835488][ T5956]  ? __static_call_return0+0x9/0x10
[  111.840707][ T5956]  ? shrink_dentry_list+0x685/0x6a0
[  111.845924][ T5956]  ? sync_filesystem+0x107/0x220
[  111.850883][ T5956]  jfs_remount+0x33b/0x5b0
[  111.855323][ T5956]  ? jfs_statfs+0x550/0x550
[  111.859850][ T5956]  reconfigure_super+0x21e/0x880
[  111.864812][ T5956]  path_mount+0xd19/0xfe0
[  111.869152][ T5956]  __se_sys_mount+0x2da/0x3c0
[  111.873838][ T5956]  ? __x64_sys_mount+0xc0/0xc0
[  111.878613][ T5956]  ? __x64_sys_mount+0x20/0xc0
[  111.883384][ T5956]  do_syscall_64+0x55/0xb0
[  111.887828][ T5956]  ? clear_bhb_loop+0x40/0x90
[  111.892519][ T5956]  ? clear_bhb_loop+0x40/0x90
[  111.897213][ T5956]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  111.903141][ T5956] RIP: 0033:0x7f7d53f90eea
[  111.907584][ T5956] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  111.927224][ T5956] RSP: 002b:00007ffc6f3f0878 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  111.935676][ T5956] RAX: ffffffffffffffda RBX: 00007ffc6f3f0900 RCX: 00007f7d53f90eea
[  111.943683][ T5956] RDX: 0000200000000f40 RSI: 0000200000000f00 RDI: 0000000000000000
[  111.951674][ T5956] RBP: 0000200000000f40 R08: 00007ffc6f3f0900 R09: 0000000001258438
[  111.959750][ T5956] R10: 0000000001258438 R11: 0000000000000246 R12: 0000200000000f00
[  111.967734][ T5956] R13: 00007ffc6f3f08c0 R14: 0000000000000000 R15: 0000200000000f80
[  111.975730][ T5956]  </TASK>
[  111.983964][ T1147] kworker/u4:9: attempt to access beyond end of device
[  111.983964][ T1147] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768
[  111.998315][ T1147] metapage_write_end_io: I/O error
[  112.250508][ T5957] loop0: detected capacity change from 0 to 32768
[  112.263165][ T5957] syz.0.24: attempt to access beyond end of device
[  112.263165][ T5957] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768
[  112.277433][ T5957] metapage_write_end_io: I/O error
[  112.282722][ T5957] ERROR: (device loop0): diWrite: ixpxd invalid
[  112.282722][ T5957] 
[  112.291464][ T5957] ERROR: (device loop0): remounting filesystem as read-only
[  112.298920][ T5957] ERROR: (device loop0): txCommit: 
[  112.298920][ T5957] 
[  112.307688][ T5957] blkno = 8f7c0, nblocks = 1
[  112.312332][ T5957] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map
[  112.312332][ T5957] 
[  112.326696][ T5957] ERROR: (device loop0): dbAllocNext: Corrupt dmap page
[  112.326696][ T5957] 
[  112.336463][ T5957] ialloc: diAlloc returned -5!
[  112.342449][ T5957] BUG: Bad page state in process syz.0.24  pfn:2659f
[  112.349579][ T5957] page:ffffea00009967c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0xd pfn:0x2659f
[  112.361251][ T5957] flags: 0xfff0000000820c(referenced|uptodate|workingset|private|node=0|zone=1|lastcpupid=0x7ff)
[  112.372081][ T5957] page_type: 0xffffffff()
[  112.376462][ T5957] raw: 00fff0000000820c ffffea0000961488 ffffea0000b79948 0000000000000000
[  112.386002][ T5957] raw: 000000000000000d ffff8880253fd4d8 00000000ffffffff 0000000000000000
[  112.395033][ T5957] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[  112.403445][ T5957] page_owner tracks the page as allocated
[  112.409579][ T5957] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x140c40(GFP_NOFS|__GFP_COMP|__GFP_HARDWALL), pid 5957, tgid 5957 (syz.0.24), ts 112260024016, free_ts 111150802418
[  112.429274][ T5957]  post_alloc_hook+0x1cd/0x210
[  112.434107][ T5957]  get_page_from_freelist+0x195c/0x19f0
[  112.440118][ T5957]  __alloc_pages+0x1e3/0x460
[  112.444766][ T5957]  folio_alloc+0x1e/0x30
[  112.449302][ T5957]  filemap_alloc_folio+0xdf/0x470
[  112.454376][ T5957]  do_read_cache_folio+0x36c/0x7e0
[  112.459606][ T5957]  do_read_cache_page+0x32/0x250
[  112.464779][ T5957]  __get_metapage+0x31a/0xfa0
[  112.469576][ T5957]  diReadSpecial+0x25b/0x710
[  112.474251][ T5957]  jfs_mount+0x3d1/0x860
[  112.478573][ T5957]  jfs_fill_super+0x4e2/0xac0
[  112.483288][ T5957]  mount_bdev+0x22b/0x2d0
[  112.487680][ T5957]  legacy_get_tree+0xea/0x180
[  112.492464][ T5957]  vfs_get_tree+0x8c/0x280
[  112.496882][ T5957]  do_new_mount+0x24b/0xa40
[  112.501435][ T5957]  __se_sys_mount+0x2da/0x3c0
[  112.506139][ T5957] page last free stack trace:
[  112.510878][ T5957]  free_unref_page_prepare+0x7ce/0x8e0
[  112.516368][ T5957]  free_unref_page+0x32/0x2e0
[  112.521095][ T5957]  lmLogShutdown+0x43a/0x830
[  112.525708][ T5957]  lmLogClose+0x28a/0x520
[  112.530094][ T5957]  jfs_umount+0x2ef/0x3c0
[  112.534479][ T5957]  jfs_put_super+0x8c/0x190
[  112.539087][ T5957]  generic_shutdown_super+0x134/0x2b0
[  112.544493][ T5957]  kill_block_super+0x44/0x90
[  112.549405][ T5957]  deactivate_locked_super+0x97/0x100
[  112.554824][ T5957]  cleanup_mnt+0x429/0x4c0
[  112.559383][ T5957]  task_work_run+0x1ce/0x250
[  112.564176][ T5957]  exit_to_user_mode_loop+0xe6/0x110
[  112.569559][ T5957]  exit_to_user_mode_prepare+0xf6/0x180
[  112.575131][ T5957]  syscall_exit_to_user_mode+0x1a/0x50
[  112.580640][ T5957]  do_syscall_64+0x61/0xb0
[  112.585093][ T5957]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  112.591065][ T5957] Modules linked in:
[  112.594999][ T5957] CPU: 1 PID: 5957 Comm: syz.0.24 Tainted: G    B              syzkaller #0
[  112.603689][ T5957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  112.613754][ T5957] Call Trace:
[  112.617042][ T5957]  <TASK>
[  112.619981][ T5957]  dump_stack_lvl+0x16c/0x230
[  112.624689][ T5957]  ? show_regs_print_info+0x20/0x20
[  112.629931][ T5957]  ? swiotlb_print_info+0x70/0x70
[  112.634965][ T5957]  ? dump_page+0xba7/0x14d0
[  112.639482][ T5957]  bad_page+0x14b/0x170
[  112.643649][ T5957]  free_unref_page_prepare+0x887/0x8e0
[  112.649127][ T5957]  free_unref_page_list+0xbe/0x860
[  112.654262][ T5957]  ? __folio_memcg+0x63/0x160
[  112.658953][ T5957]  ? folio_memcg+0x127/0x480
[  112.663552][ T5957]  release_pages+0x1fa0/0x2220
[  112.668346][ T5957]  ? lru_cache_disable+0x30/0x30
[  112.673311][ T5957]  ? mlock_drain_local+0x79/0x490
[  112.678363][ T5957]  ? mlock_drain_local+0x79/0x490
[  112.683399][ T5957]  ? mlock_drain_local+0x28d/0x490
[  112.688517][ T5957]  __folio_batch_release+0x71/0xe0
[  112.693640][ T5957]  truncate_inode_pages_range+0x358/0xf00
[  112.699391][ T5957]  ? mapping_evict_folio+0x510/0x510
[  112.704695][ T5957]  ? __static_call_return0+0x9/0x10
[  112.709935][ T5957]  ? shrink_dentry_list+0x685/0x6a0
[  112.715171][ T5957]  ? sync_filesystem+0x107/0x220
[  112.720150][ T5957]  jfs_remount+0x33b/0x5b0
[  112.724672][ T5957]  ? jfs_statfs+0x550/0x550
[  112.729206][ T5957]  reconfigure_super+0x21e/0x880
[  112.734183][ T5957]  path_mount+0xd19/0xfe0
[  112.738567][ T5957]  __se_sys_mount+0x2da/0x3c0
[  112.743397][ T5957]  ? __x64_sys_mount+0xc0/0xc0
[  112.748189][ T5957]  ? __x64_sys_mount+0x20/0xc0
[  112.752977][ T5957]  do_syscall_64+0x55/0xb0
[  112.757444][ T5957]  ? clear_bhb_loop+0x40/0x90
[  112.762133][ T5957]  ? clear_bhb_loop+0x40/0x90
[  112.766824][ T5957]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  112.772729][ T5957] RIP: 0033:0x7f7d53f90eea
[  112.777164][ T5957] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  112.796793][ T5957] RSP: 002b:00007ffc6f3f0878 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  112.805222][ T5957] RAX: ffffffffffffffda RBX: 00007ffc6f3f0900 RCX: 00007f7d53f90eea
[  112.813220][ T5957] RDX: 0000200000000f40 RSI: 0000200000000f00 RDI: 0000000000000000
[  112.821211][ T5957] RBP: 0000200000000f40 R08: 00007ffc6f3f0900 R09: 0000000001258438
[  112.829193][ T5957] R10: 0000000001258438 R11: 0000000000000246 R12: 0000200000000f00
[  112.837179][ T5957] R13: 00007ffc6f3f08c0 R14: 0000000000000000 R15: 0000200000000f80
[  112.845179][ T5957]  </TASK>
[  112.855048][ T1147] kworker/u4:9: attempt to access beyond end of device
[  112.855048][ T1147] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768
[  112.870832][ T1147] metapage_write_end_io: I/O error
[  113.112271][ T5958] loop0: detected capacity change from 0 to 32768
[  113.128878][ T5958] syz.0.25: attempt to access beyond end of device
[  113.128878][ T5958] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768
[  113.142631][ T5958] metapage_write_end_io: I/O error
[  113.148329][ T5958] ERROR: (device loop0): diWrite: ixpxd invalid
[  113.148329][ T5958] 
[  113.157360][ T5958] ERROR: (device loop0): remounting filesystem as read-only
[  113.164687][ T5958] ERROR: (device loop0): txCommit: 
[  113.164687][ T5958] 
[  113.172845][ T5958] blkno = 8f7c0, nblocks = 1
[  113.178087][ T5958] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map
[  113.178087][ T5958] 
[  113.190716][ T5958] ERROR: (device loop0): dbAllocNext: Corrupt dmap page
[  113.190716][ T5958] 
[  113.200305][ T5958] ialloc: diAlloc returned -5!
[  113.205664][ T5958] BUG: Bad page state in process syz.0.25  pfn:74402
[  113.212581][ T5958] page:ffffea0001d10080 refcount:0 mapcount:0 mapping:0000000000000000 index:0xd pfn:0x74402
[  113.223341][ T5958] flags: 0xfff0000000820c(referenced|uptodate|workingset|private|node=0|zone=1|lastcpupid=0x7ff)
[  113.234025][ T5958] page_type: 0xffffffff()
[  113.238757][ T5958] raw: 00fff0000000820c ffffea000065bb88 ffffea0001809bc8 0000000000000000
[  113.247437][ T5958] raw: 000000000000000d ffff8880253fdc98 00000000ffffffff 0000000000000000
[  113.256051][ T5958] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[  113.263501][ T5958] page_owner tracks the page as allocated
[  113.269262][ T5958] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x140c40(GFP_NOFS|__GFP_COMP|__GFP_HARDWALL), pid 5958, tgid 5958 (syz.0.25), ts 113125105101, free_ts 113109644834
[  113.287974][ T5958]  post_alloc_hook+0x1cd/0x210
[  113.292816][ T5958]  get_page_from_freelist+0x195c/0x19f0
[  113.298472][ T5958]  __alloc_pages+0x1e3/0x460
[  113.303097][ T5958]  folio_alloc+0x1e/0x30
[  113.307399][ T5958]  filemap_alloc_folio+0xdf/0x470
[  113.312452][ T5958]  do_read_cache_folio+0x36c/0x7e0
[  113.317627][ T5958]  do_read_cache_page+0x32/0x250
[  113.322599][ T5958]  __get_metapage+0x31a/0xfa0
[  113.327327][ T5958]  diReadSpecial+0x25b/0x710
[  113.331959][ T5958]  jfs_mount+0x3d1/0x860
[  113.336214][ T5958]  jfs_fill_super+0x4e2/0xac0
[  113.340934][ T5958]  mount_bdev+0x22b/0x2d0
[  113.345328][ T5958]  legacy_get_tree+0xea/0x180
[  113.350062][ T5958]  vfs_get_tree+0x8c/0x280
[  113.354497][ T5958]  do_new_mount+0x24b/0xa40
[  113.359146][ T5958]  __se_sys_mount+0x2da/0x3c0
[  113.363854][ T5958] page last free stack trace:
[  113.368581][ T5958]  free_unref_page_prepare+0x7ce/0x8e0
[  113.374085][ T5958]  free_unref_page_list+0xbe/0x860
[  113.379252][ T5958]  release_pages+0x1fa0/0x2220
[  113.384224][ T5958]  tlb_flush_mmu+0x368/0x4f0
[  113.388919][ T5958]  tlb_finish_mmu+0xc3/0x1d0
[  113.393542][ T5958]  unmap_region+0x2ed/0x340
[  113.398121][ T5958]  do_vmi_align_munmap+0xffe/0x1660
[  113.403359][ T5958]  do_vmi_munmap+0x252/0x2d0
[  113.408025][ T5958]  __vm_munmap+0x193/0x3c0
[  113.412478][ T5958]  __x64_sys_munmap+0x60/0x70
[  113.417244][ T5958]  do_syscall_64+0x55/0xb0
[  113.421691][ T5958]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  113.427681][ T5958] Modules linked in:
[  113.431620][ T5958] CPU: 0 PID: 5958 Comm: syz.0.25 Tainted: G    B              syzkaller #0
[  113.440326][ T5958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  113.450380][ T5958] Call Trace:
[  113.453664][ T5958]  <TASK>
[  113.456610][ T5958]  dump_stack_lvl+0x16c/0x230
[  113.461313][ T5958]  ? show_regs_print_info+0x20/0x20
[  113.466514][ T5958]  ? swiotlb_print_info+0x70/0x70
[  113.471544][ T5958]  ? dump_page+0xba7/0x14d0
[  113.476055][ T5958]  bad_page+0x14b/0x170
[  113.480211][ T5958]  free_unref_page_prepare+0x887/0x8e0
[  113.485681][ T5958]  free_unref_page_list+0xbe/0x860
[  113.490807][ T5958]  ? __folio_memcg+0x63/0x160
[  113.495489][ T5958]  ? folio_memcg+0x127/0x480
[  113.500086][ T5958]  release_pages+0x1fa0/0x2220
[  113.504855][ T5958]  ? lru_cache_disable+0x30/0x30
[  113.509799][ T5958]  ? mlock_drain_local+0x79/0x490
[  113.514828][ T5958]  ? mlock_drain_local+0x79/0x490
[  113.519858][ T5958]  ? mlock_drain_local+0x28d/0x490
[  113.524977][ T5958]  __folio_batch_release+0x71/0xe0
[  113.530097][ T5958]  truncate_inode_pages_range+0x358/0xf00
[  113.535835][ T5958]  ? mapping_evict_folio+0x510/0x510
[  113.541141][ T5958]  ? __static_call_return0+0x9/0x10
[  113.546350][ T5958]  ? shrink_dentry_list+0x685/0x6a0
[  113.551563][ T5958]  ? sync_filesystem+0x107/0x220
[  113.556519][ T5958]  jfs_remount+0x33b/0x5b0
[  113.560949][ T5958]  ? jfs_statfs+0x550/0x550
[  113.565481][ T5958]  reconfigure_super+0x21e/0x880
[  113.570427][ T5958]  path_mount+0xd19/0xfe0
[  113.574764][ T5958]  __se_sys_mount+0x2da/0x3c0
[  113.579447][ T5958]  ? __x64_sys_mount+0xc0/0xc0
[  113.584216][ T5958]  ? __x64_sys_mount+0x20/0xc0
[  113.588991][ T5958]  do_syscall_64+0x55/0xb0
[  113.593425][ T5958]  ? clear_bhb_loop+0x40/0x90
[  113.598121][ T5958]  ? clear_bhb_loop+0x40/0x90
[  113.602808][ T5958]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  113.608751][ T5958] RIP: 0033:0x7f7d53f90eea
[  113.613176][ T5958] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  113.632792][ T5958] RSP: 002b:00007ffc6f3f0878 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  113.641213][ T5958] RAX: ffffffffffffffda RBX: 00007ffc6f3f0900 RCX: 00007f7d53f90eea
[  113.649190][ T5958] RDX: 0000200000000f40 RSI: 0000200000000f00 RDI: 0000000000000000
[  113.657164][ T5958] RBP: 0000200000000f40 R08: 00007ffc6f3f0900 R09: 0000000001258438
[  113.665139][ T5958] R10: 0000000001258438 R11: 0000000000000246 R12: 0000200000000f00
[  113.673124][ T5958] R13: 00007ffc6f3f08c0 R14: 0000000000000000 R15: 0000200000000f80
[  113.681113][ T5958]  </TASK>
[  113.689899][ T2989] kworker/u4:10: attempt to access beyond end of device
[  113.689899][ T2989] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768
[  113.704371][ T2989] metapage_write_end_io: I/O error
[  113.952141][ T5959] loop0: detected capacity change from 0 to 32768
[  113.969615][ T5959] syz.0.26: attempt to access beyond end of device
[  113.969615][ T5959] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768
[  113.983290][ T5959] metapage_write_end_io: I/O error
[  113.989185][ T5959] ERROR: (device loop0): diWrite: ixpxd invalid
[  113.989185][ T5959] 
[  113.998149][ T5959] ERROR: (device loop0): remounting filesystem as read-only
[  114.005661][ T5959] ERROR: (device loop0): txCommit: 
[  114.005661][ T5959] 
[  114.014369][ T5959] blkno = 8f7c0, nblocks = 1
[  114.019076][ T5959] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map
[  114.019076][ T5959] 
[  114.037521][ T5959] ERROR: (device loop0): dbAllocNext: Corrupt dmap page
[  114.037521][ T5959] 
[  114.046762][ T5959] ialloc: diAlloc returned -5!
[  114.052594][ T5959] BUG: Bad page state in process syz.0.26  pfn:2c7fb
[  114.059367][ T5959] page:ffffea0000b1fec0 refcount:0 mapcount:0 mapping:0000000000000000 index:0xd pfn:0x2c7fb
[  114.069762][ T5959] flags: 0xfff0000000820c(referenced|uptodate|workingset|private|node=0|zone=1|lastcpupid=0x7ff)
[  114.080436][ T5959] page_type: 0xffffffff()
[  114.084800][ T5959] raw: 00fff0000000820c ffffea0001824888 ffffea0001b14b48 0000000000000000
[  114.093618][ T5959] raw: 000000000000000d ffff8880602f99b0 00000000ffffffff 0000000000000000
[  114.102610][ T5959] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[  114.109964][ T5959] page_owner tracks the page as allocated
[  114.115693][ T5959] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x140c40(GFP_NOFS|__GFP_COMP|__GFP_HARDWALL), pid 5959, tgid 5959 (syz.0.26), ts 113966368586, free_ts 113962385806
[  114.134710][ T5959]  post_alloc_hook+0x1cd/0x210
[  114.139562][ T5959]  get_page_from_freelist+0x195c/0x19f0
[  114.145168][ T5959]  __alloc_pages+0x1e3/0x460
[  114.149859][ T5959]  folio_alloc+0x1e/0x30
[  114.154131][ T5959]  filemap_alloc_folio+0xdf/0x470
[  114.159208][ T5959]  do_read_cache_folio+0x36c/0x7e0
[  114.164335][ T5959]  do_read_cache_page+0x32/0x250
[  114.169337][ T5959]  __get_metapage+0x31a/0xfa0
[  114.174032][ T5959]  diReadSpecial+0x25b/0x710
[  114.178665][ T5959]  jfs_mount+0x3d1/0x860
[  114.182933][ T5959]  jfs_fill_super+0x4e2/0xac0
[  114.187645][ T5959]  mount_bdev+0x22b/0x2d0
[  114.192026][ T5959]  legacy_get_tree+0xea/0x180
[  114.196740][ T5959]  vfs_get_tree+0x8c/0x280
[  114.201242][ T5959]  do_new_mount+0x24b/0xa40
[  114.206056][ T5959]  __se_sys_mount+0x2da/0x3c0
[  114.210783][ T5959] page last free stack trace:
[  114.215479][ T5959]  free_unref_page_prepare+0x7ce/0x8e0
[  114.221037][ T5959]  free_unref_page+0x32/0x2e0
[  114.225789][ T5959]  __slab_free+0x35e/0x410
[  114.230355][ T5959]  qlist_free_all+0x75/0xe0
[  114.234956][ T5959]  kasan_quarantine_reduce+0x143/0x160
[  114.240557][ T5959]  __kasan_kmalloc+0x22/0xa0
[  114.245207][ T5959]  __kmalloc+0xb4/0x240
[  114.249421][ T5959]  tomoyo_realpath_from_path+0xe3/0x5d0
[  114.255003][ T5959]  tomoyo_path_number_perm+0x1ea/0x590
[  114.260527][ T5959]  security_file_ioctl+0x70/0xa0
[  114.265520][ T5959]  __se_sys_ioctl+0x48/0x170
[  114.270189][ T5959]  do_syscall_64+0x55/0xb0
[  114.274639][ T5959]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  114.280591][ T5959] Modules linked in:
[  114.284518][ T5959] CPU: 0 PID: 5959 Comm: syz.0.26 Tainted: G    B              syzkaller #0
[  114.293205][ T5959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  114.303267][ T5959] Call Trace:
[  114.306560][ T5959]  <TASK>
[  114.309508][ T5959]  dump_stack_lvl+0x16c/0x230
[  114.314209][ T5959]  ? show_regs_print_info+0x20/0x20
[  114.319470][ T5959]  ? swiotlb_print_info+0x70/0x70
[  114.324503][ T5959]  ? dump_page+0xba7/0x14d0
[  114.329037][ T5959]  bad_page+0x14b/0x170
[  114.333215][ T5959]  free_unref_page_prepare+0x887/0x8e0
[  114.338700][ T5959]  free_unref_page_list+0xbe/0x860
[  114.343821][ T5959]  ? __folio_memcg+0x63/0x160
[  114.348514][ T5959]  ? folio_memcg+0x127/0x480
[  114.353120][ T5959]  release_pages+0x1fa0/0x2220
[  114.357891][ T5959]  ? lru_cache_disable+0x30/0x30
[  114.362834][ T5959]  ? mlock_drain_local+0x79/0x490
[  114.367877][ T5959]  ? mlock_drain_local+0x79/0x490
[  114.372922][ T5959]  ? mlock_drain_local+0x28d/0x490
[  114.378040][ T5959]  __folio_batch_release+0x71/0xe0
[  114.383162][ T5959]  truncate_inode_pages_range+0x358/0xf00
[  114.388890][ T5959]  ? mapping_evict_folio+0x510/0x510
[  114.394185][ T5959]  ? __static_call_return0+0x9/0x10
[  114.399390][ T5959]  ? shrink_dentry_list+0x685/0x6a0
[  114.404615][ T5959]  ? sync_filesystem+0x107/0x220
[  114.409568][ T5959]  jfs_remount+0x33b/0x5b0
[  114.413996][ T5959]  ? jfs_statfs+0x550/0x550
[  114.418512][ T5959]  reconfigure_super+0x21e/0x880
[  114.423480][ T5959]  path_mount+0xd19/0xfe0
[  114.427824][ T5959]  __se_sys_mount+0x2da/0x3c0
[  114.432507][ T5959]  ? __x64_sys_mount+0xc0/0xc0
[  114.437287][ T5959]  ? __x64_sys_mount+0x20/0xc0
[  114.442057][ T5959]  do_syscall_64+0x55/0xb0
[  114.446487][ T5959]  ? clear_bhb_loop+0x40/0x90
[  114.451186][ T5959]  ? clear_bhb_loop+0x40/0x90
[  114.455876][ T5959]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  114.461784][ T5959] RIP: 0033:0x7f7d53f90eea
[  114.466211][ T5959] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  114.485825][ T5959] RSP: 002b:00007ffc6f3f0878 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  114.494257][ T5959] RAX: ffffffffffffffda RBX: 00007ffc6f3f0900 RCX: 00007f7d53f90eea
[  114.502324][ T5959] RDX: 0000200000000f40 RSI: 0000200000000f00 RDI: 0000000000000000
[  114.510388][ T5959] RBP: 0000200000000f40 R08: 00007ffc6f3f0900 R09: 0000000001258438
[  114.518467][ T5959] R10: 0000000001258438 R11: 0000000000000246 R12: 0000200000000f00
[  114.526465][ T5959] R13: 00007ffc6f3f08c0 R14: 0000000000000000 R15: 0000200000000f80
[  114.534457][ T5959]  </TASK>
[  114.542282][ T2989] kworker/u4:10: attempt to access beyond end of device
[  114.542282][ T2989] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768
[  114.556405][ T2989] metapage_write_end_io: I/O error
[  114.804737][ T5960] loop0: detected capacity change from 0 to 32768
[  114.824037][ T5960] syz.0.27: attempt to access beyond end of device
[  114.824037][ T5960] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768
[  114.837908][ T5960] metapage_write_end_io: I/O error
[  114.843071][ T5960] ERROR: (device loop0): diWrite: ixpxd invalid
[  114.843071][ T5960] 
[  114.852442][ T5960] ERROR: (device loop0): remounting filesystem as read-only
[  114.860054][ T5960] ERROR: (device loop0): txCommit: 
[  114.860054][ T5960] 
[  114.869350][ T5960] blkno = 8f7c0, nblocks = 1
[  114.873991][ T5960] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map
[  114.873991][ T5960] 
[  114.884864][ T5960] ERROR: (device loop0): dbAllocNext: Corrupt dmap page
[  114.884864][ T5960] 
[  114.896265][ T5960] ialloc: diAlloc returned -5!
[  114.902104][ T5960] BUG: Bad page state in process syz.0.27  pfn:62840
[  114.909494][ T5960] page:ffffea00018a1000 refcount:0 mapcount:0 mapping:0000000000000000 index:0xd pfn:0x62840
[  114.920303][ T5960] flags: 0xfff0000000820c(referenced|uptodate|workingset|private|node=0|zone=1|lastcpupid=0x7ff)
[  114.931308][ T5960] page_type: 0xffffffff()
[  114.935689][ T5960] raw: 00fff0000000820c ffffea0001f64948 ffffea00009e8788 0000000000000000
[  114.944692][ T5960] raw: 000000000000000d ffff88823bdb8000 00000000ffffffff 0000000000000000
[  114.953431][ T5960] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[  114.960790][ T5960] page_owner tracks the page as allocated
[  114.966519][ T5960] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x140c40(GFP_NOFS|__GFP_COMP|__GFP_HARDWALL), pid 5960, tgid 5960 (syz.0.27), ts 114817759489, free_ts 114802078293
[  114.984642][ T5960]  post_alloc_hook+0x1cd/0x210
[  114.989487][ T5960]  get_page_from_freelist+0x195c/0x19f0
[  114.995050][ T5960]  __alloc_pages+0x1e3/0x460
[  114.999746][ T5960]  folio_alloc+0x1e/0x30
[  115.004026][ T5960]  filemap_alloc_folio+0xdf/0x470
[  115.009133][ T5960]  do_read_cache_folio+0x36c/0x7e0
[  115.014276][ T5960]  do_read_cache_page+0x32/0x250
[  115.019284][ T5960]  __get_metapage+0x31a/0xfa0
[  115.024139][ T5960]  diReadSpecial+0x25b/0x710
[  115.028849][ T5960]  jfs_mount+0x3d1/0x860
[  115.033120][ T5960]  jfs_fill_super+0x4e2/0xac0
[  115.037867][ T5960]  mount_bdev+0x22b/0x2d0
[  115.042217][ T5960]  legacy_get_tree+0xea/0x180
[  115.046894][ T5960]  vfs_get_tree+0x8c/0x280
[  115.051458][ T5960]  do_new_mount+0x24b/0xa40
[  115.056041][ T5960]  __se_sys_mount+0x2da/0x3c0
[  115.060782][ T5960] page last free stack trace:
[  115.065485][ T5960]  free_unref_page_prepare+0x7ce/0x8e0
[  115.070999][ T5960]  free_unref_page_list+0xbe/0x860
[  115.076135][ T5960]  release_pages+0x1fa0/0x2220
[  115.080952][ T5960]  tlb_flush_mmu+0x368/0x4f0
[  115.085570][ T5960]  tlb_finish_mmu+0xc3/0x1d0
[  115.090283][ T5960]  unmap_region+0x2ed/0x340
[  115.094812][ T5960]  do_vmi_align_munmap+0xffe/0x1660
[  115.100091][ T5960]  do_vmi_munmap+0x252/0x2d0
[  115.104712][ T5960]  __vm_munmap+0x193/0x3c0
[  115.109253][ T5960]  __x64_sys_munmap+0x60/0x70
[  115.113972][ T5960]  do_syscall_64+0x55/0xb0
[  115.118445][ T5960]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  115.124556][ T5960] Modules linked in:
[  115.128580][ T5960] CPU: 1 PID: 5960 Comm: syz.0.27 Tainted: G    B              syzkaller #0
[  115.137273][ T5960] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  115.147334][ T5960] Call Trace:
[  115.150620][ T5960]  <TASK>
[  115.153558][ T5960]  dump_stack_lvl+0x16c/0x230
[  115.158252][ T5960]  ? show_regs_print_info+0x20/0x20
[  115.163457][ T5960]  ? swiotlb_print_info+0x70/0x70
[  115.168513][ T5960]  ? dump_page+0xba7/0x14d0
[  115.173029][ T5960]  bad_page+0x14b/0x170
[  115.177206][ T5960]  free_unref_page_prepare+0x887/0x8e0
[  115.182678][ T5960]  free_unref_page_list+0xbe/0x860
[  115.187803][ T5960]  ? __folio_memcg+0x63/0x160
[  115.192494][ T5960]  ? folio_memcg+0x127/0x480
[  115.197187][ T5960]  release_pages+0x1fa0/0x2220
[  115.201962][ T5960]  ? lru_cache_disable+0x30/0x30
[  115.206995][ T5960]  ? mlock_drain_local+0x79/0x490
[  115.212036][ T5960]  ? mlock_drain_local+0x79/0x490
[  115.217161][ T5960]  ? mlock_drain_local+0x28d/0x490
[  115.222281][ T5960]  __folio_batch_release+0x71/0xe0
[  115.227407][ T5960]  truncate_inode_pages_range+0x358/0xf00
[  115.233146][ T5960]  ? mapping_evict_folio+0x510/0x510
[  115.238489][ T5960]  ? __static_call_return0+0x9/0x10
[  115.243734][ T5960]  ? shrink_dentry_list+0x685/0x6a0
[  115.248960][ T5960]  ? sync_filesystem+0x107/0x220
[  115.253930][ T5960]  jfs_remount+0x33b/0x5b0
[  115.258395][ T5960]  ? jfs_statfs+0x550/0x550
[  115.262917][ T5960]  reconfigure_super+0x21e/0x880
[  115.267869][ T5960]  path_mount+0xd19/0xfe0
[  115.272212][ T5960]  __se_sys_mount+0x2da/0x3c0
[  115.276899][ T5960]  ? __x64_sys_mount+0xc0/0xc0
[  115.281671][ T5960]  ? __x64_sys_mount+0x20/0xc0
[  115.286443][ T5960]  do_syscall_64+0x55/0xb0
[  115.290877][ T5960]  ? clear_bhb_loop+0x40/0x90
[  115.295573][ T5960]  ? clear_bhb_loop+0x40/0x90
[  115.300263][ T5960]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  115.306166][ T5960] RIP: 0033:0x7f7d53f90eea
[  115.310589][ T5960] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  115.330215][ T5960] RSP: 002b:00007ffc6f3f0878 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  115.338640][ T5960] RAX: ffffffffffffffda RBX: 00007ffc6f3f0900 RCX: 00007f7d53f90eea
[  115.346631][ T5960] RDX: 0000200000000f40 RSI: 0000200000000f00 RDI: 0000000000000000
[  115.354625][ T5960] RBP: 0000200000000f40 R08: 00007ffc6f3f0900 R09: 0000000001258438
[  115.362603][ T5960] R10: 0000000001258438 R11: 0000000000000246 R12: 0000200000000f00
[  115.370584][ T5960] R13: 00007ffc6f3f08c0 R14: 0000000000000000 R15: 0000200000000f80
[  115.378566][ T5960]  </TASK>
[  115.388903][ T2989] kworker/u4:10: attempt to access beyond end of device
[  115.388903][ T2989] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768
[  115.402898][ T2989] metapage_write_end_io: I/O error
[  115.635727][ T5961] loop0: detected capacity change from 0 to 32768
[  115.656294][ T5961] metapage_write_end_io: I/O error
[  115.661568][ T5961] ERROR: (device loop0): diWrite: ixpxd invalid
[  115.661568][ T5961] 
[  115.671077][ T5961] ERROR: (device loop0): remounting filesystem as read-only
[  115.678750][ T5961] ERROR: (device loop0): txCommit: 
[  115.678750][ T5961] 
[  115.686944][ T5961] blkno = 8f7c0, nblocks = 1
[  115.692925][ T5961] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map
[  115.692925][ T5961] 
[  115.703887][ T5961] ERROR: (device loop0): dbAllocNext: Corrupt dmap page
[  115.703887][ T5961] 
[  115.714016][ T5961] ialloc: diAlloc returned -5!
[  115.719527][ T5961] BUG: Bad page state in process syz.0.28  pfn:6c5aa
[  115.726317][ T5961] page:ffffea0001b16a80 refcount:0 mapcount:0 mapping:0000000000000000 index:0xd pfn:0x6c5aa
[  115.737872][ T5961] flags: 0xfff0000000820c(referenced|uptodate|workingset|private|node=0|zone=1|lastcpupid=0x7ff)
[  115.748922][ T5961] page_type: 0xffffffff()
[  115.753468][ T5961] raw: 00fff0000000820c ffffea0001b16408 ffffea000180c848 0000000000000000
[  115.762641][ T5961] raw: 000000000000000d ffff88801cf1a8b8 00000000ffffffff 0000000000000000
[  115.771702][ T5961] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[  115.779327][ T5961] page_owner tracks the page as allocated
[  115.785074][ T5961] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x140c40(GFP_NOFS|__GFP_COMP|__GFP_HARDWALL), pid 5961, tgid 5961 (syz.0.28), ts 115653179975, free_ts 115650988082
[  115.803233][ T5961]  post_alloc_hook+0x1cd/0x210
[  115.808086][ T5961]  get_page_from_freelist+0x195c/0x19f0
[  115.813687][ T5961]  __alloc_pages+0x1e3/0x460
[  115.818383][ T5961]  folio_alloc+0x1e/0x30
[  115.822663][ T5961]  filemap_alloc_folio+0xdf/0x470
[  115.827747][ T5961]  do_read_cache_folio+0x36c/0x7e0
[  115.832882][ T5961]  do_read_cache_page+0x32/0x250
[  115.837910][ T5961]  __get_metapage+0x31a/0xfa0
[  115.843088][ T5961]  diReadSpecial+0x25b/0x710
[  115.847776][ T5961]  jfs_mount+0x3d1/0x860
[  115.852048][ T5961]  jfs_fill_super+0x4e2/0xac0
[  115.856748][ T5961]  mount_bdev+0x22b/0x2d0
[  115.861190][ T5961]  legacy_get_tree+0xea/0x180
[  115.865904][ T5961]  vfs_get_tree+0x8c/0x280
[  115.870449][ T5961]  do_new_mount+0x24b/0xa40
[  115.874974][ T5961]  __se_sys_mount+0x2da/0x3c0
[  115.879801][ T5961] page last free stack trace:
[  115.884505][ T5961]  free_unref_page_prepare+0x7ce/0x8e0
[  115.890369][ T5961]  free_unref_page+0x32/0x2e0
[  115.895168][ T5961]  __unfreeze_partials+0x1cf/0x210
[  115.900351][ T5961]  put_cpu_partial+0x17c/0x250
[  115.905163][ T5961]  __slab_free+0x31d/0x410
[  115.909635][ T5961]  qlist_free_all+0x75/0xe0
[  115.914168][ T5961]  kasan_quarantine_reduce+0x143/0x160
[  115.919690][ T5961]  __kasan_slab_alloc+0x22/0x80
[  115.924566][ T5961]  slab_post_alloc_hook+0x6e/0x4d0
[  115.929843][ T5961]  kmem_cache_alloc+0x11e/0x2e0
[  115.934930][ T5961]  getname_flags+0xbb/0x500
[  115.939701][ T5961]  do_sys_openat2+0xcb/0x1c0
[  115.944503][ T5961]  __x64_sys_openat+0x139/0x160
[  115.949463][ T5961]  do_syscall_64+0x55/0xb0
[  115.953921][ T5961]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  115.959907][ T5961] Modules linked in:
[  115.963849][ T5961] CPU: 1 PID: 5961 Comm: syz.0.28 Tainted: G    B              syzkaller #0
[  115.972551][ T5961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  115.982613][ T5961] Call Trace:
[  115.985897][ T5961]  <TASK>
[  115.988854][ T5961]  dump_stack_lvl+0x16c/0x230
[  115.993547][ T5961]  ? show_regs_print_info+0x20/0x20
[  115.998774][ T5961]  ? swiotlb_print_info+0x70/0x70
[  116.003828][ T5961]  ? dump_page+0xba7/0x14d0
[  116.008377][ T5961]  bad_page+0x14b/0x170
[  116.012549][ T5961]  free_unref_page_prepare+0x887/0x8e0
[  116.018035][ T5961]  free_unref_page_list+0xbe/0x860
[  116.023160][ T5961]  ? __folio_memcg+0x63/0x160
[  116.027854][ T5961]  ? folio_memcg+0x127/0x480
[  116.032455][ T5961]  release_pages+0x1fa0/0x2220
[  116.037237][ T5961]  ? lru_cache_disable+0x30/0x30
[  116.042180][ T5961]  ? mlock_drain_local+0x79/0x490
[  116.047215][ T5961]  ? mlock_drain_local+0x79/0x490
[  116.052346][ T5961]  ? mlock_drain_local+0x28d/0x490
[  116.057489][ T5961]  __folio_batch_release+0x71/0xe0
[  116.062615][ T5961]  truncate_inode_pages_range+0x358/0xf00
[  116.068369][ T5961]  ? mapping_evict_folio+0x510/0x510
[  116.073673][ T5961]  ? __static_call_return0+0x9/0x10
[  116.078901][ T5961]  ? shrink_dentry_list+0x685/0x6a0
[  116.084113][ T5961]  ? sync_filesystem+0x107/0x220
[  116.089066][ T5961]  jfs_remount+0x33b/0x5b0
[  116.093497][ T5961]  ? jfs_statfs+0x550/0x550
[  116.098009][ T5961]  reconfigure_super+0x21e/0x880
[  116.103046][ T5961]  path_mount+0xd19/0xfe0
[  116.107386][ T5961]  __se_sys_mount+0x2da/0x3c0
[  116.112091][ T5961]  ? __x64_sys_mount+0xc0/0xc0
[  116.116864][ T5961]  ? __x64_sys_mount+0x20/0xc0
[  116.121650][ T5961]  do_syscall_64+0x55/0xb0
[  116.126083][ T5961]  ? clear_bhb_loop+0x40/0x90
[  116.130769][ T5961]  ? clear_bhb_loop+0x40/0x90
[  116.135460][ T5961]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  116.141364][ T5961] RIP: 0033:0x7f7d53f90eea
[  116.145794][ T5961] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  116.165421][ T5961] RSP: 002b:00007ffc6f3f0878 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  116.173859][ T5961] RAX: ffffffffffffffda RBX: 00007ffc6f3f0900 RCX: 00007f7d53f90eea
[  116.181851][ T5961] RDX: 0000200000000f40 RSI: 0000200000000f00 RDI: 0000000000000000
[  116.190270][ T5961] RBP: 0000200000000f40 R08: 00007ffc6f3f0900 R09: 0000000001258438
[  116.198249][ T5961] R10: 0000000001258438 R11: 0000000000000246 R12: 0000200000000f00
[  116.206229][ T5961] R13: 00007ffc6f3f08c0 R14: 0000000000000000 R15: 0000200000000f80
[  116.214214][ T5961]  </TASK>
[  116.223736][ T2989] metapage_write_end_io: I/O error
2025/11/29 02:08:41 executed programs: 14