Warning: Permanently added '10.128.0.98' (ED25519) to the list of known hosts. executing program [ 552.497242][ T4264] loop0: detected capacity change from 0 to 32768 [ 552.505494][ T4264] [ 552.505494][ T4264] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 552.505494][ T4264] [ 552.511563][ T4264] [ 552.511563][ T4264] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 552.511563][ T4264] [ 552.515054][ T4264] [ 552.515054][ T4264] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 552.515054][ T4264] [ 552.517680][ T4264] [ 552.517680][ T4264] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 552.517680][ T4264] [ 552.520416][ T4264] [ 552.520416][ T4264] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 552.520416][ T4264] [ 552.525806][ T92] [ 552.525806][ T92] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 552.525806][ T92] [ 552.530400][ T4251] [ 552.530400][ T4251] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 552.530400][ T4251] [ 552.533481][ T4251] [ 552.533481][ T4251] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 552.533481][ T4251] [ 552.537194][ T92] [ 552.537194][ T92] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 552.537194][ T92] [ 552.539591][ T4263] [ 552.539591][ T4263] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 552.539591][ T4263] [ 552.543368][ T4263] [ 552.543368][ T4263] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 552.543368][ T4263] executing program [ 552.754911][ T4266] loop0: detected capacity change from 0 to 32768 [ 552.760234][ T4266] [ 552.760234][ T4266] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 552.760234][ T4266] [ 552.764735][ T4266] [ 552.764735][ T4266] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 552.764735][ T4266] [ 552.767425][ T4266] [ 552.767425][ T4266] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 552.767425][ T4266] [ 552.769844][ T4266] [ 552.769844][ T4266] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 552.769844][ T4266] [ 552.772529][ T4266] [ 552.772529][ T4266] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 552.772529][ T4266] [ 552.776582][ T92] [ 552.776582][ T92] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 552.776582][ T92] [ 552.783935][ T4251] [ 552.783935][ T4251] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 552.783935][ T4251] [ 552.786553][ T4251] [ 552.786553][ T4251] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 552.786553][ T4251] [ 552.789625][ T92] [ 552.789625][ T92] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 552.789625][ T92] [ 552.792210][ T4263] [ 552.792210][ T4263] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 552.792210][ T4263] [ 552.795311][ T4263] [ 552.795311][ T4263] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 552.795311][ T4263] executing program [ 553.004766][ T4267] loop0: detected capacity change from 0 to 32768 [ 553.009721][ T4267] [ 553.009721][ T4267] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 553.009721][ T4267] [ 553.014355][ T4267] [ 553.014355][ T4267] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 553.014355][ T4267] [ 553.017021][ T4267] [ 553.017021][ T4267] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 553.017021][ T4267] [ 553.019572][ T4267] [ 553.019572][ T4267] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 553.019572][ T4267] [ 553.022069][ T4267] [ 553.022069][ T4267] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 553.022069][ T4267] [ 553.025730][ T91] [ 553.025730][ T91] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 553.025730][ T91] [ 553.029282][ T4251] [ 553.029282][ T4251] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 553.029282][ T4251] [ 553.031777][ T4251] [ 553.031777][ T4251] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 553.031777][ T4251] [ 553.037567][ T92] [ 553.037567][ T92] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 553.037567][ T92] [ 553.040382][ T4263] [ 553.040382][ T4263] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 553.040382][ T4263] [ 553.043363][ T4263] [ 553.043363][ T4263] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 553.043363][ T4263] executing program [ 553.252567][ T4268] loop0: detected capacity change from 0 to 32768 [ 553.257908][ T4268] [ 553.257908][ T4268] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 553.257908][ T4268] [ 553.263331][ T4268] [ 553.263331][ T4268] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 553.263331][ T4268] [ 553.266261][ T4268] [ 553.266261][ T4268] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 553.266261][ T4268] [ 553.269095][ T4268] [ 553.269095][ T4268] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 553.269095][ T4268] [ 553.271737][ T4268] [ 553.271737][ T4268] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 553.271737][ T4268] [ 553.275972][ T91] [ 553.275972][ T91] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 553.275972][ T91] [ 553.280374][ T4251] [ 553.280374][ T4251] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 553.280374][ T4251] [ 553.283424][ T4251] [ 553.283424][ T4251] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 553.283424][ T4251] [ 553.285977][ T4263] [ 553.285977][ T4263] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 553.285977][ T4263] [ 553.288714][ T92] [ 553.288714][ T92] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 553.288714][ T92] [ 553.291336][ T4263] [ 553.291336][ T4263] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 553.291336][ T4263] executing program [ 553.495987][ T4269] loop0: detected capacity change from 0 to 32768 [ 553.500697][ T4269] [ 553.500697][ T4269] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 553.500697][ T4269] [ 553.505288][ T4269] [ 553.505288][ T4269] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 553.505288][ T4269] [ 553.508013][ T4269] [ 553.508013][ T4269] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 553.508013][ T4269] [ 553.510625][ T4269] [ 553.510625][ T4269] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 553.510625][ T4269] [ 553.514043][ T4269] [ 553.514043][ T4269] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 553.514043][ T4269] [ 553.517490][ T91] [ 553.517490][ T91] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 553.517490][ T91] [ 553.521075][ T9] [ 553.521075][ T9] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 553.521075][ T9] [ 553.523874][ T9] [ 553.523874][ T9] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 553.523874][ T9] [ 553.526811][ T4263] [ 553.526811][ T4263] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 553.526811][ T4263] [ 553.529418][ T92] [ 553.529418][ T92] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 553.529418][ T92] [ 553.531784][ T4263] [ 553.531784][ T4263] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 553.531784][ T4263] executing program [ 553.737587][ T4270] loop0: detected capacity change from 0 to 32768 [ 553.742265][ T4270] [ 553.742265][ T4270] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 553.742265][ T4270] [ 553.746595][ T4270] [ 553.746595][ T4270] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 553.746595][ T4270] [ 553.749501][ T4270] [ 553.749501][ T4270] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 553.749501][ T4270] [ 553.752234][ T4270] [ 553.752234][ T4270] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 553.752234][ T4270] [ 553.755271][ T4270] [ 553.755271][ T4270] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 553.755271][ T4270] [ 553.758531][ T91] [ 553.758531][ T91] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 553.758531][ T91] [ 553.764146][ T4251] [ 553.764146][ T4251] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 553.764146][ T4251] [ 553.766757][ T4251] [ 553.766757][ T4251] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 553.766757][ T4251] [ 553.769410][ T4263] [ 553.769410][ T4263] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 553.769410][ T4263] [ 553.772044][ T92] [ 553.772044][ T92] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 553.772044][ T92] [ 553.775025][ T4263] [ 553.775025][ T4263] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 553.775025][ T4263] executing program [ 553.980609][ T4271] loop0: detected capacity change from 0 to 32768 [ 553.985933][ T4271] [ 553.985933][ T4271] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 553.985933][ T4271] [ 553.989978][ T4271] [ 553.989978][ T4271] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 553.989978][ T4271] [ 553.993371][ T4271] [ 553.993371][ T4271] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 553.993371][ T4271] [ 553.995936][ T4271] [ 553.995936][ T4271] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 553.995936][ T4271] [ 553.998511][ T4271] [ 553.998511][ T4271] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 553.998511][ T4271] [ 554.001735][ T91] [ 554.001735][ T91] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 554.001735][ T91] [ 554.006269][ T9] [ 554.006269][ T9] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 554.006269][ T9] [ 554.008605][ T9] [ 554.008605][ T9] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 554.008605][ T9] [ 554.011263][ T4263] [ 554.011263][ T4263] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 554.011263][ T4263] [ 554.014940][ T4263] [ 554.014940][ T4263] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 554.014940][ T4263] [ 554.023164][ T91] ================================================================== [ 554.025198][ T91] BUG: KASAN: use-after-free in __mutex_lock_common+0xbec/0x21a0 [ 554.027179][ T91] Read of size 8 at addr ffff0000cbc2a108 by task jfsCommit/91 [ 554.028963][ T91] [ 554.029427][ T91] CPU: 0 PID: 91 Comm: jfsCommit Not tainted 6.1.90-syzkaller #0 [ 554.031493][ T91] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 554.033801][ T91] Call trace: [ 554.034547][ T91] dump_backtrace+0x1c8/0x1f4 [ 554.035593][ T91] show_stack+0x2c/0x3c [ 554.036536][ T91] dump_stack_lvl+0x108/0x170 [ 554.037649][ T91] print_report+0x174/0x4c0 [ 554.038712][ T91] kasan_report+0xd4/0x130 [ 554.039747][ T91] __asan_report_load8_noabort+0x2c/0x38 [ 554.041104][ T91] __mutex_lock_common+0xbec/0x21a0 [ 554.042326][ T91] mutex_lock_nested+0x38/0x44 [ 554.043544][ T91] jfs_syncpt+0x30/0x98 [ 554.044548][ T91] txEnd+0x2ec/0x558 [ 554.045457][ T91] jfs_lazycommit+0x4c4/0x988 [ 554.046602][ T91] kthread+0x250/0x2d8 [ 554.047574][ T91] ret_from_fork+0x10/0x20 [ 554.048580][ T91] [ 554.049098][ T91] Allocated by task 4271: [ 554.050207][ T91] kasan_set_track+0x4c/0x80 [ 554.051306][ T91] kasan_save_alloc_info+0x24/0x30 [ 554.052504][ T91] __kasan_kmalloc+0xac/0xc4 [ 554.053679][ T91] kmalloc_trace+0x7c/0x94 [ 554.054791][ T91] lmLogOpen+0x290/0xdb0 [ 554.055914][ T91] jfs_mount_rw+0xe4/0x57c [ 554.056994][ T91] jfs_fill_super+0x4f0/0x9f0 [ 554.058186][ T91] mount_bdev+0x274/0x370 [ 554.059195][ T91] jfs_do_mount+0x44/0x58 [ 554.060203][ T91] legacy_get_tree+0xd4/0x16c [ 554.061359][ T91] vfs_get_tree+0x90/0x274 [ 554.062395][ T91] do_new_mount+0x278/0x8fc [ 554.063499][ T91] path_mount+0x590/0xe5c [ 554.064542][ T91] __arm64_sys_mount+0x45c/0x594 [ 554.065663][ T91] invoke_syscall+0x98/0x2c0 [ 554.066822][ T91] el0_svc_common+0x138/0x258 [ 554.068053][ T91] do_el0_svc+0x64/0x218 [ 554.069113][ T91] el0_svc+0x58/0x168 [ 554.070125][ T91] el0t_64_sync_handler+0x84/0xf0 [ 554.071389][ T91] el0t_64_sync+0x18c/0x190 [ 554.072405][ T91] [ 554.072977][ T91] Freed by task 4263: [ 554.073993][ T91] kasan_set_track+0x4c/0x80 [ 554.075095][ T91] kasan_save_free_info+0x38/0x5c [ 554.076246][ T91] ____kasan_slab_free+0x144/0x1c0 [ 554.077498][ T91] __kasan_slab_free+0x18/0x28 [ 554.078656][ T91] __kmem_cache_free+0x2c0/0x4b4 [ 554.079816][ T91] kfree+0xcc/0x1b8 [ 554.080745][ T91] lmLogClose+0x270/0x4d8 [ 554.081788][ T91] jfs_umount+0x24c/0x338 [ 554.082824][ T91] jfs_put_super+0x90/0x188 [ 554.083851][ T91] generic_shutdown_super+0x130/0x328 [ 554.085124][ T91] kill_block_super+0x70/0xdc [ 554.086222][ T91] deactivate_locked_super+0xac/0x124 [ 554.087459][ T91] deactivate_super+0xf0/0x110 [ 554.088613][ T91] cleanup_mnt+0x394/0x41c [ 554.089749][ T91] __cleanup_mnt+0x20/0x30 [ 554.090830][ T91] task_work_run+0x240/0x2f0 [ 554.092005][ T91] do_notify_resume+0x2148/0x3474 [ 554.093127][ T91] el0_svc+0x9c/0x168 [ 554.093857][ T91] el0t_64_sync_handler+0x84/0xf0 [ 554.094756][ T91] el0t_64_sync+0x18c/0x190 [ 554.095593][ T91] [ 554.096018][ T91] The buggy address belongs to the object at ffff0000cbc2a000 [ 554.096018][ T91] which belongs to the cache kmalloc-1k of size 1024 [ 554.099002][ T91] The buggy address is located 264 bytes inside of [ 554.099002][ T91] 1024-byte region [ffff0000cbc2a000, ffff0000cbc2a400) [ 554.102432][ T91] [ 554.102950][ T91] The buggy address belongs to the physical page: [ 554.104496][ T91] page:0000000053b58f65 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10bc28 [ 554.107057][ T91] head:0000000053b58f65 order:3 compound_mapcount:0 compound_pincount:0 [ 554.108982][ T91] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 554.110977][ T91] raw: 05ffc00000010200 0000000000000000 dead000000000122 ffff0000c0002780 [ 554.113238][ T91] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 554.115476][ T91] page dumped because: kasan: bad access detected [ 554.116975][ T91] [ 554.117518][ T91] Memory state around the buggy address: [ 554.118858][ T91] ffff0000cbc2a000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 554.120715][ T91] ffff0000cbc2a080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 554.122627][ T91] >ffff0000cbc2a100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 554.124462][ T91] ^ [ 554.125502][ T91] ffff0000cbc2a180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 554.127322][ T91] ffff0000cbc2a200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 554.129202][ T91] ================================================================== executing program [ 554.131307][ T91] Disabling lock debugging due to kernel taint [ 554.137569][ T91] Unable to handle kernel paging request at virtual address dfff800000000006 [ 554.139502][ T91] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037] [ 554.141488][ T91] Mem abort info: [ 554.142354][ T91] ESR = 0x0000000096000006 [ 554.143834][ T91] EC = 0x25: DABT (current EL), IL = 32 bits [ 554.145239][ T91] SET = 0, FnV = 0 [ 554.146162][ T91] EA = 0, S1PTW = 0 [ 554.147095][ T91] FSC = 0x06: level 2 translation fault [ 554.148455][ T91] Data abort info: [ 554.149343][ T91] ISV = 0, ISS = 0x00000006 [ 554.150419][ T91] CM = 0, WnR = 0 [ 554.151305][ T91] [dfff800000000006] address between user and kernel address ranges [ 554.153606][ T91] Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP [ 554.155275][ T91] Modules linked in: [ 554.156122][ T91] CPU: 0 PID: 91 Comm: jfsCommit Tainted: G B 6.1.90-syzkaller #0 [ 554.158040][ T91] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 554.160307][ T91] pstate: 00400005 (nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 554.162163][ T91] pc : lmLogSync+0xec/0x978 [ 554.163137][ T91] lr : lmLogSync+0xe0/0x978 [ 554.164190][ T91] sp : ffff80001d927b20 [ 554.165110][ T91] x29: ffff80001d927bf0 x28: ffff80001d269000 x27: dfff800000000000 [ 554.166944][ T91] x26: dfff800000000000 x25: ffff80001d927b40 x24: 1ffff00002bbb158 [ 554.168835][ T91] x23: 0000000000000002 x22: 0000000000000006 x21: 0000000000000030 [ 554.170606][ T91] x20: ffff0000d25a9ba0 x19: ffff0000cbc2a000 x18: 1fffe0003686b376 [ 554.172453][ T91] x17: ffff80001583d000 x16: ffff8000120a7780 x15: ffff0001b4359bbc [ 554.174159][ T91] x14: ffff0001b4359bb8 x13: 1fffe0003686b376 x12: ffff700003b24f70 [ 554.175967][ T91] x11: 0000000000ff0100 x10: 0000000000000000 x9 : ffff8000198dd950 [ 554.177906][ T91] x8 : 0000000000000006 x7 : 0000000000000000 x6 : ffff80000827c88c [ 554.179773][ T91] x5 : 0000000000000000 x4 : 0000000000000004 x3 : ffff8000099bc988 [ 554.181636][ T91] x2 : 0000000000000000 x1 : 0000000000000008 x0 : 0000000000000000 [ 554.183431][ T91] Call trace: [ 554.184129][ T91] lmLogSync+0xec/0x978 [ 554.185083][ T91] jfs_syncpt+0x74/0x98 [ 554.186025][ T91] txEnd+0x2ec/0x558 [ 554.186995][ T91] jfs_lazycommit+0x4c4/0x988 [ 554.188104][ T91] kthread+0x250/0x2d8 [ 554.189140][ T91] ret_from_fork+0x10/0x20 [ 554.190185][ T91] Code: 97bee1c5 f94002a8 9100c115 d343fea8 (387b6908) [ 554.191799][ T91] ---[ end trace 0000000000000000 ]--- [ 554.208117][ T4272] loop0: detected capacity change from 0 to 32768 [ 554.221143][ T4272] [ 554.221143][ T4272] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 554.221143][ T4272] [ 554.229701][ T4272] [ 554.229701][ T4272] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 554.229701][ T4272] [ 554.232291][ T4272] [ 554.232291][ T4272] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 554.232291][ T4272] [ 554.242858][ T4272] [ 554.242858][ T4272] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 554.242858][ T4272] [ 554.245353][ T4272] [ 554.245353][ T4272] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 554.245353][ T4272] [ 554.255537][ T92] [ 554.255537][ T92] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 554.255537][ T92] [ 554.602457][ T91] Kernel panic - not syncing: Oops: Fatal exception [ 554.604159][ T91] SMP: stopping secondary CPUs [ 554.605280][ T91] Kernel Offset: disabled [ 554.606397][ T91] CPU features: 0x00000,02070084,26017203 [ 554.607803][ T91] Memory Limit: none [ 554.977397][ T91] Rebooting in 86400 seconds..