Warning: Permanently added '10.128.0.196' (ED25519) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
[ 136.993315][ T4278] loop2: detected capacity change from 0 to 32768
[ 137.000450][ T4280] loop1: detected capacity change from 0 to 32768
[ 137.009791][ T4279] loop3: detected capacity change from 0 to 32768
[ 137.010065][ T4281] loop0: detected capacity change from 0 to 32768
[ 137.016847][ T4277] loop4: detected capacity change from 0 to 32768
[ 137.067722][ T26] audit: type=1800 audit(1749439593.516:2): pid=4278 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor263" name="file1" dev="loop2" ino=4 res=0 errno=0
[ 137.160766][ T26] audit: type=1800 audit(1749439593.546:3): pid=4279 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor263" name="file1" dev="loop3" ino=4 res=0 errno=0
[ 137.303504][ T26] audit: type=1800 audit(1749439593.546:4): pid=4280 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor263" name="file1" dev="loop1" ino=4 res=0 errno=0
[ 137.454992][ T26] audit: type=1800 audit(1749439593.556:5): pid=4277 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor263" name="file1" dev="loop4" ino=4 res=0 errno=0
[ 137.612474][ T26] audit: type=1800 audit(1749439593.556:6): pid=4281 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor263" name="file1" dev="loop0" ino=4 res=0 errno=0
[ 137.829908][ T4277] ERROR: (device loop4): dbAdjCtl: the maximum free buddy is not the old root
[ 137.829908][ T4277]
[ 137.859965][ T4279] ERROR: (device loop3): dbAdjCtl: the maximum free buddy is not the old root
[ 137.859965][ T4279]
[ 137.871800][ T4278] ERROR: (device loop2): dbAdjCtl: the maximum free buddy is not the old root
[ 137.871800][ T4278]
[ 137.883787][ T4281] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root
[ 137.883787][ T4281]
[ 137.887620][ T4280] ERROR: (device loop1): dbAdjCtl: the maximum free buddy is not the old root
[ 137.887620][ T4280]
[ 137.907884][ T4277] ERROR: (device loop4): remounting filesystem as read-only
[ 137.921170][ T4279] ERROR: (device loop3): remounting filesystem as read-only
[ 137.928687][ T4278] ERROR: (device loop2): remounting filesystem as read-only
[ 137.936450][ T4281] ERROR: (device loop0): remounting filesystem as read-only
[ 137.977027][ T4280] ERROR: (device loop1): remounting filesystem as read-only
executing program
[ 138.338301][ T107] ==================================================================
[ 138.346533][ T107] BUG: KASAN: use-after-free in jfs_lazycommit+0x74f/0xa50
[ 138.354317][ T107] Read of size 4 at addr ffff88801866e094 by task jfsCommit/107
[ 138.362336][ T107]
[ 138.364709][ T107] CPU: 0 PID: 107 Comm: jfsCommit Not tainted 6.1.141-syzkaller #0
[ 138.372816][ T107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 138.383774][ T107] Call Trace:
[ 138.387335][ T107]
[ 138.390490][ T107] dump_stack_lvl+0x168/0x22e
[ 138.395661][ T107] ? __lock_acquire+0x7c50/0x7c50
[ 138.401320][ T107] ? show_regs_print_info+0x12/0x12
[ 138.406715][ T107] ? load_image+0x3b0/0x3b0
[ 138.411969][ T107] ? _raw_spin_lock_irqsave+0xb0/0xf0
[ 138.417831][ T107] ? __virt_addr_valid+0x188/0x540
[ 138.423093][ T107] ? __virt_addr_valid+0x465/0x540
[ 138.428611][ T107] ? jfs_lazycommit+0x74f/0xa50
[ 138.433588][ T107] print_report+0xa8/0x220
[ 138.439010][ T107] kasan_report+0x10b/0x140
[ 138.443596][ T107] ? jfs_lazycommit+0x74f/0xa50
[ 138.448584][ T107] jfs_lazycommit+0x74f/0xa50
[ 138.453295][ T107] ? txFreelock+0x5a0/0x5a0
[ 138.457916][ T107] ? _raw_spin_unlock_irqrestore+0x82/0x100
[ 138.464731][ T107] ? do_task_dead+0xd0/0xd0
[ 138.469738][ T107] ? _raw_spin_unlock_irqrestore+0xaa/0x100
[ 138.475662][ T107] ? __kthread_parkme+0x162/0x1c0
[ 138.480889][ T107] kthread+0x29d/0x330
[ 138.485070][ T107] ? txFreelock+0x5a0/0x5a0
[ 138.489771][ T107] ? kthread_blkcg+0xd0/0xd0
[ 138.494815][ T107] ret_from_fork+0x1f/0x30
[ 138.499292][ T107]
[ 138.502336][ T107]
[ 138.504674][ T107] Allocated by task 4281:
[ 138.509307][ T107] kasan_set_track+0x4b/0x70
[ 138.527661][ T107] __kasan_kmalloc+0x8e/0xa0
[ 138.532533][ T107] jfs_fill_super+0xd2/0xac0
[ 138.537550][ T107] mount_bdev+0x287/0x3c0
[ 138.542004][ T107] legacy_get_tree+0xe6/0x180
[ 138.546905][ T107] vfs_get_tree+0x88/0x270
[ 138.551441][ T107] do_new_mount+0x24a/0xa40
[ 138.556055][ T107] __se_sys_mount+0x2d6/0x3c0
[ 138.560776][ T107] do_syscall_64+0x4c/0xa0
[ 138.565480][ T107] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 138.571608][ T107]
[ 138.574134][ T107] Freed by task 4272:
[ 138.578259][ T107] kasan_set_track+0x4b/0x70
[ 138.583138][ T107] kasan_save_free_info+0x2d/0x50
[ 138.588363][ T107] ____kasan_slab_free+0x126/0x1e0
[ 138.594028][ T107] slab_free_freelist_hook+0x131/0x1a0
[ 138.600152][ T107] __kmem_cache_free+0xb6/0x1f0
[ 138.605135][ T107] generic_shutdown_super+0x130/0x340
[ 138.610613][ T107] kill_block_super+0x7c/0xe0
[ 138.615998][ T107] deactivate_locked_super+0x93/0xf0
[ 138.621492][ T107] cleanup_mnt+0x463/0x4f0
[ 138.626360][ T107] task_work_run+0x1ca/0x250
[ 138.631317][ T107] exit_to_user_mode_loop+0xe6/0x110
[ 138.636795][ T107] exit_to_user_mode_prepare+0xb1/0x140
[ 138.642465][ T107] syscall_exit_to_user_mode+0x16/0x40
[ 138.647940][ T107] do_syscall_64+0x58/0xa0
[ 138.652378][ T107] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 138.658686][ T107]
[ 138.662196][ T107] The buggy address belongs to the object at ffff88801866e000
[ 138.662196][ T107] which belongs to the cache kmalloc-256 of size 256
[ 138.676365][ T107] The buggy address is located 148 bytes inside of
[ 138.676365][ T107] 256-byte region [ffff88801866e000, ffff88801866e100)
[ 138.689655][ T107]
[ 138.692263][ T107] The buggy address belongs to the physical page:
[ 138.698872][ T107] page:ffffea0000619b80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1866e
[ 138.709427][ T107] head:ffffea0000619b80 order:1 compound_mapcount:0 compound_pincount:0
[ 138.718768][ T107] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 138.727135][ T107] raw: 00fff00000010200 ffffea0000619d00 dead000000000004 ffff888017441b40
[ 138.735777][ T107] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[ 138.744380][ T107] page dumped because: kasan: bad access detected
[ 138.750901][ T107] page_owner tracks the page as allocated
[ 138.756803][ T107] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 2880463538, free_ts 0
[ 138.777153][ T107] post_alloc_hook+0x173/0x1a0
[ 138.781947][ T107] get_page_from_freelist+0x1a26/0x1ac0
[ 138.787855][ T107] __alloc_pages+0x1df/0x4e0
[ 138.792627][ T107] alloc_page_interleave+0x24/0x1e0
[ 138.797879][ T107] alloc_slab_page+0x5d/0x160
[ 138.802820][ T107] new_slab+0x87/0x2c0
[ 138.807627][ T107] ___slab_alloc+0xbc6/0x1220
[ 138.812513][ T107] __kmem_cache_alloc_node+0x1a0/0x260
[ 138.818171][ T107] __kmalloc_node_track_caller+0x9e/0x230
[ 138.823901][ T107] krealloc+0x6a/0x100
[ 138.828077][ T107] add_sysfs_param+0xe8/0x930
[ 138.832835][ T107] kernel_add_sysfs_param+0xaf/0x11b
[ 138.838259][ T107] param_sysfs_builtin+0x1f6/0x27c
[ 138.843584][ T107] param_sysfs_init+0x66/0x6a
[ 138.848552][ T107] do_one_initcall+0x214/0x7a0
[ 138.853388][ T107] do_initcall_level+0x137/0x1e4
[ 138.858581][ T107] page_owner free stack trace missing
[ 138.864238][ T107]
[ 138.866839][ T107] Memory state around the buggy address:
[ 138.873018][ T107] ffff88801866df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 138.882850][ T107] ffff88801866e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 138.892516][ T107] >ffff88801866e080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 138.901676][ T107] ^
[ 138.906841][ T107] ffff88801866e100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 138.916947][ T107] ffff88801866e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 138.927748][ T107] ==================================================================
[ 138.939275][ T107] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 138.947195][ T107] CPU: 0 PID: 107 Comm: jfsCommit Not tainted 6.1.141-syzkaller #0
[ 138.957547][ T107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 138.970732][ T107] Call Trace:
[ 138.974542][ T107]
[ 138.977813][ T107] dump_stack_lvl+0x168/0x22e
[ 138.982996][ T107] ? memcpy+0x3c/0x60
[ 138.987677][ T107] ? show_regs_print_info+0x12/0x12
[ 138.993100][ T107] ? load_image+0x3b0/0x3b0
[ 138.998091][ T107] panic+0x2c9/0x710
[ 139.003082][ T107] ? __lock_acquire+0x7c50/0x7c50
[ 139.008789][ T107] ? bpf_jit_dump+0xd0/0xd0
[ 139.014157][ T107] ? _raw_spin_unlock_irqrestore+0xaa/0x100
[ 139.020998][ T107] ? _raw_spin_unlock+0x40/0x40
[ 139.026367][ T107] check_panic_on_warn+0x80/0xa0
[ 139.032701][ T107] ? jfs_lazycommit+0x74f/0xa50
[ 139.037984][ T107] end_report+0x66/0x110
[ 139.042604][ T107] kasan_report+0x118/0x140
[ 139.048110][ T107] ? jfs_lazycommit+0x74f/0xa50
[ 139.053056][ T107] jfs_lazycommit+0x74f/0xa50
[ 139.058054][ T107] ? txFreelock+0x5a0/0x5a0
[ 139.063067][ T107] ? _raw_spin_unlock_irqrestore+0x82/0x100
[ 139.069519][ T107] ? do_task_dead+0xd0/0xd0
[ 139.074798][ T107] ? _raw_spin_unlock_irqrestore+0xaa/0x100
[ 139.080844][ T107] ? __kthread_parkme+0x162/0x1c0
[ 139.087743][ T107] kthread+0x29d/0x330
[ 139.092676][ T107] ? txFreelock+0x5a0/0x5a0
[ 139.097813][ T107] ? kthread_blkcg+0xd0/0xd0
[ 139.103682][ T107] ret_from_fork+0x1f/0x30
[ 139.108974][ T107]
[ 139.113093][ T107] Kernel Offset: disabled
[ 139.118244][ T107] Rebooting in 86400 seconds..