./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4030385163

<...>
Warning: Permanently added '10.128.0.236' (ED25519) to the list of known hosts.
execve("./syz-executor4030385163", ["./syz-executor4030385163"], 0x7ffc30e9c6a0 /* 10 vars */) = 0
brk(NULL)                               = 0x55558b105000
brk(0x55558b105d00)                     = 0x55558b105d00
arch_prctl(ARCH_SET_FS, 0x55558b105380) = 0
set_tid_address(0x55558b105650)         = 5825
set_robust_list(0x55558b105660, 24)     = 0
rseq(0x55558b105ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor4030385163", 4096) = 28
getrandom("\xdf\x36\xeb\xbb\xb5\x36\xf7\xdd", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x55558b105d00
brk(0x55558b126d00)                     = 0x55558b126d00
brk(0x55558b127000)                     = 0x55558b127000
mprotect(0x7fb1c06ca000, 16384, PROT_READ) = 0
mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000
mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000
mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5826 attached
 <unfinished ...>
[pid  5826] set_robust_list(0x55558b105660, 24 <unfinished ...>
[pid  5825] <... clone resumed>, child_tidptr=0x55558b105650) = 5826
[pid  5826] <... set_robust_list resumed>) = 0
[pid  5826] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5826] getppid()                   = 0
[pid  5826] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  5826] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  5826] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  5826] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  5826] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid  5826] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  5826] unshare(CLONE_NEWNS)        = 0
[pid  5826] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  5826] unshare(CLONE_NEWIPC)       = 0
[pid  5826] unshare(CLONE_NEWCGROUP)    = 0
[pid  5826] unshare(CLONE_NEWUTS)       = 0
[pid  5826] unshare(CLONE_SYSVSEM)      = 0
[pid  5826] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5826] write(3, "16777216", 8)     = 8
[pid  5826] close(3)                    = 0
[pid  5826] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  5826] write(3, "536870912", 9)    = 9
[pid  5826] close(3)                    = 0
[pid  5826] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5826] write(3, "1024", 4)         = 4
[pid  5826] close(3)                    = 0
[pid  5826] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5826] write(3, "8192", 4)         = 4
[pid  5826] close(3)                    = 0
[pid  5826] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5826] write(3, "1024", 4)         = 4
[pid  5826] close(3)                    = 0
[pid  5826] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  5826] write(3, "1024", 4)         = 4
[pid  5826] close(3)                    = 0
[pid  5826] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  5826] write(3, "1024 1048576 500 1024", 21) = 21
[pid  5826] close(3)                    = 0
[pid  5826] getpid()                    = 1
[pid  5826] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5826] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5826] unshare(CLONE_NEWNET)       = 0
[pid  5826] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  5826] write(3, "0 65535", 7)      = 7
[pid  5826] close(3)                    = 0
[pid  5826] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
[pid  5826] write(3, "100000", 6)       = 6
[pid  5826] close(3)                    = 0
[pid  5826] mkdir("./syz-tmp", 0777)    = 0
[pid  5826] mount("", "./syz-tmp", "tmpfs", 0, NULL) = 0
[pid  5826] mkdir("./syz-tmp/newroot", 0777) = 0
[pid  5826] mkdir("./syz-tmp/newroot/dev", 0700) = 0
[pid  5826] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5826] mkdir("./syz-tmp/newroot/proc", 0700) = 0
[pid  5826] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL) = 0
[pid  5826] mkdir("./syz-tmp/newroot/selinux", 0700) = 0
[pid  5826] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid  5826] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid  5826] mkdir("./syz-tmp/newroot/sys", 0700) = 0
[pid  5826] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5826] mount("/sys/kernel/debug", "./syz-tmp/newroot/sys/kernel/debug", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5826] mount("/sys/fs/smackfs", "./syz-tmp/newroot/sys/fs/smackfs", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5826] mount("/proc/sys/fs/binfmt_misc", "./syz-tmp/newroot/proc/sys/fs/binfmt_misc", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5826] mkdir("./syz-tmp/newroot/syz-inputs", 0700) = 0
[pid  5826] mount("/syz-inputs", "./syz-tmp/newroot/syz-inputs", NULL, MS_RDONLY|MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid  5826] mkdir("./syz-tmp/pivot", 0777) = 0
[pid  5826] pivot_root("./syz-tmp", "./syz-tmp/pivot") = 0
[pid  5826] chdir("/")                  = 0
[pid  5826] umount2("./pivot", MNT_DETACH) = 0
[pid  5826] chroot("./newroot")         = 0
[pid  5826] chdir("/")                  = 0
[pid  5826] mkdir("/dev/gadgetfs", 0777) = 0
[pid  5826] mount("gadgetfs", "/dev/gadgetfs", "gadgetfs", 0, NULL) = 0
[pid  5826] mkdir("/dev/binderfs", 0777) = 0
[pid  5826] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  5826] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5826] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
executing program
[pid  5826] write(1, "executing program\n", 18) = 18
[pid  5826] memfd_create("syzkaller", 0) = 3
[pid  5826] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb1b8200000
[pid  5826] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5826] munmap(0x7fb1b8200000, 138412032) = 0
[pid  5826] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5826] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5826] close(3)                    = 0
[pid  5826] close(4)                    = 0
[pid  5826] mkdir("./file7", 0777)      = 0
[pid  5826] mount("/dev/loop0", "./file7", "jfs", MS_SYNCHRONOUS|MS_NODIRATIME, "") = 0
[pid  5826] openat(AT_FDCWD, "./file7", O_RDONLY|O_DIRECTORY) = 3
[pid  5826] chdir("./file7")            = 0
[pid  5826] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5826] renameat2(AT_FDCWD, "./file1", AT_FDCWD, "./file0/file0", 0) = 0
[pid  5826] exit_group(1)               = ?
syzkaller login: [   87.248835][ T5826] loop0: detected capacity change from 0 to 32768
[   87.307009][  T116] BUG: spinlock bad magic on CPU#1, jfsCommit/116
[   87.313517][  T116] ==================================================================
[   87.321597][  T116] BUG: KASAN: slab-out-of-bounds in string+0x231/0x2b0
[   87.328482][  T116] Read of size 1 at addr ffff88807b7fd338 by task jfsCommit/116
[   87.336102][  T116] 
[   87.338435][  T116] CPU: 1 UID: 0 PID: 116 Comm: jfsCommit Not tainted 6.15.0-rc6-syzkaller-00346-g5723cc3450bc #0 PREEMPT(full) 
[   87.338459][  T116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   87.338475][  T116] Call Trace:
[   87.338481][  T116]  <TASK>
[   87.338489][  T116]  dump_stack_lvl+0x189/0x250
[   87.338511][  T116]  ? __virt_addr_valid+0x18c/0x540
[   87.338531][  T116]  ? rcu_is_watching+0x15/0xb0
[   87.338552][  T116]  ? __pfx_dump_stack_lvl+0x10/0x10
[   87.338570][  T116]  ? rcu_is_watching+0x15/0xb0
[   87.338590][  T116]  ? lock_release+0x4b/0x3e0
[   87.338610][  T116]  ? __virt_addr_valid+0x18c/0x540
[   87.338627][  T116]  ? __virt_addr_valid+0x469/0x540
[   87.338645][  T116]  print_report+0xb4/0x290
[   87.338660][  T116]  ? string+0x231/0x2b0
[   87.338672][  T116]  kasan_report+0x118/0x150
[   87.338697][  T116]  ? number+0x81/0xf60
[   87.338709][  T116]  ? string+0x231/0x2b0
[   87.338724][  T116]  string+0x231/0x2b0
[   87.338738][  T116]  vsnprintf+0x739/0xf00
[   87.338754][  T116]  vprintk_store+0x3c7/0xd00
[   87.338778][  T116]  ? __pfx_vprintk_store+0x10/0x10
[   87.338799][  T116]  ? __console_unlock+0x136/0x1a0
[   87.338814][  T116]  ? llist_add_batch+0x108/0x1e0
[   87.338829][  T116]  ? __pfx_llist_add_batch+0x10/0x10
[   87.338844][  T116]  ? tick_nohz_tick_stopped+0x86/0xb0
[   87.338868][  T116]  ? is_printk_cpu_sync_owner+0x32/0x40
[   87.338885][  T116]  vprintk_emit+0x21e/0x7a0
[   87.338898][  T116]  ? __pfx_vprintk_emit+0x10/0x10
[   87.338910][  T116]  ? __is_module_percpu_address+0x28/0x3f0
[   87.338923][  T116]  ? rcu_is_watching+0x15/0xb0
[   87.338942][  T116]  ? __kasan_check_byte+0x12/0x40
[   87.338964][  T116]  ? rcu_is_watching+0x15/0xb0
[   87.338984][  T116]  ? is_dynamic_key+0xd6/0x1c0
[   87.339001][  T116]  ? rcu_is_watching+0x15/0xb0
[   87.339023][  T116]  _printk+0xcf/0x120
[   87.339046][  T116]  ? __pfx__printk+0x10/0x10
[   87.339065][  T116]  ? is_dynamic_key+0x1ac/0x1c0
[   87.339083][  T116]  ? register_lock_class+0xc9/0x320
[   87.339105][  T116]  spin_dump+0x102/0x1a0
[   87.339126][  T116]  do_raw_spin_lock+0x1ca/0x290
[   87.339141][  T116]  ? __wake_up_common_lock+0x2f/0x1f0
[   87.339157][  T116]  ? __pfx_do_raw_spin_lock+0x10/0x10
[   87.339176][  T116]  _raw_spin_lock_irqsave+0xb3/0xf0
[   87.339192][  T116]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[   87.339206][  T116]  ? dbFree+0x4d1/0x650
[   87.339224][  T116]  __wake_up_common_lock+0x2f/0x1f0
[   87.339243][  T116]  release_metapage+0x13c/0xac0
[   87.339264][  T116]  ? txFreeMap+0xb19/0xde0
[   87.339283][  T116]  ? do_raw_spin_unlock+0x122/0x240
[   87.339300][  T116]  xtTruncate+0xe71/0x2dd0
[   87.339321][  T116]  ? __pfx_xtTruncate+0x10/0x10
[   87.339340][  T116]  ? reacquire_held_locks+0x127/0x1d0
[   87.339361][  T116]  ? __mark_inode_dirty+0x4a6/0xdf0
[   87.339378][  T116]  ? __asan_memset+0x22/0x50
[   87.339395][  T116]  ? __dquot_initialize+0x218/0xcb0
[   87.339409][  T116]  jfs_free_zero_link+0x33a/0x4a0
[   87.339430][  T116]  ? __pfx_jfs_free_zero_link+0x10/0x10
[   87.339451][  T116]  ? __pfx_inode_wait_for_writeback+0x10/0x10
[   87.339469][  T116]  jfs_evict_inode+0x363/0x440
[   87.339488][  T116]  ? evict+0x4f8/0x9c0
[   87.339504][  T116]  ? __pfx_jfs_evict_inode+0x10/0x10
[   87.339524][  T116]  evict+0x501/0x9c0
[   87.339543][  T116]  ? __pfx_evict+0x10/0x10
[   87.339560][  T116]  ? do_raw_spin_unlock+0x122/0x240
[   87.339576][  T116]  ? _raw_spin_unlock+0x28/0x50
[   87.339590][  T116]  ? iput+0x6d8/0x9d0
[   87.339605][  T116]  jfs_lazycommit+0x43f/0xa90
[   87.339622][  T116]  ? __pfx_jfs_lazycommit+0x10/0x10
[   87.339636][  T116]  ? __pfx_default_wake_function+0x10/0x10
[   87.339656][  T116]  ? __kthread_parkme+0x7b/0x200
[   87.339669][  T116]  ? __kthread_parkme+0x1a1/0x200
[   87.339684][  T116]  kthread+0x711/0x8a0
[   87.339700][  T116]  ? __pfx_jfs_lazycommit+0x10/0x10
[   87.339714][  T116]  ? __pfx_kthread+0x10/0x10
[   87.339730][  T116]  ? __pfx_kthread+0x10/0x10
[   87.339744][  T116]  ? _raw_spin_unlock_irq+0x23/0x50
[   87.339759][  T116]  ? lockdep_hardirqs_on+0x9c/0x150
[   87.339775][  T116]  ? __pfx_kthread+0x10/0x10
[   87.339790][  T116]  ret_from_fork+0x4b/0x80
[   87.339802][  T116]  ? __pfx_kthread+0x10/0x10
[   87.339817][  T116]  ret_from_fork_asm+0x1a/0x30
[   87.339843][  T116]  </TASK>
[   87.339848][  T116] 
[   87.744776][  T116] The buggy address belongs to the object at ffff88807b7fd2f8
[   87.744776][  T116]  which belongs to the cache jfs_ip of size 2232
[   87.758485][  T116] The buggy address is located 64 bytes inside of
[   87.758485][  T116]  allocated 2232-byte region [ffff88807b7fd2f8, ffff88807b7fdbb0)
[   87.772627][  T116] 
[   87.774948][  T116] The buggy address belongs to the physical page:
[   87.781366][  T116] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7b7f8
[   87.790131][  T116] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   87.798625][  T116] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[   87.806170][  T116] page_type: f5(slab)
[   87.810157][  T116] raw: 00fff00000000040 ffff8881476bec80 dead000000000122 0000000000000000
[   87.818741][  T116] raw: 0000000000000000 00000000800d000d 00000000f5000000 0000000000000000
[   87.827322][  T116] head: 00fff00000000040 ffff8881476bec80 dead000000000122 0000000000000000
[   87.835989][  T116] head: 0000000000000000 00000000800d000d 00000000f5000000 0000000000000000
[   87.844671][  T116] head: 00fff00000000003 ffffea0001edfe01 00000000ffffffff 00000000ffffffff
[   87.853339][  T116] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[   87.862003][  T116] page dumped because: kasan: bad access detected
[   87.868419][  T116] page_owner tracks the page as allocated
[   87.874132][  T116] page last allocated via order 3, migratetype Reclaimable, gfp_mask 0xd2050(__GFP_RECLAIMABLE|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5826, tgid 5826 (syz-executor403), ts 87271760239, free_ts 27184162145
[   87.896707][  T116]  post_alloc_hook+0x1d8/0x230
[   87.901473][  T116]  get_page_from_freelist+0x21c7/0x22a0
[   87.907023][  T116]  __alloc_frozen_pages_noprof+0x181/0x370
[   87.912828][  T116]  alloc_pages_mpol+0x232/0x4a0
[   87.917683][  T116]  allocate_slab+0x8a/0x3b0
[   87.922192][  T116]  ___slab_alloc+0xbfc/0x1480
[   87.926868][  T116]  kmem_cache_alloc_lru_noprof+0x288/0x3d0
[   87.932688][  T116]  jfs_alloc_inode+0x28/0x70
[   87.937278][  T116]  alloc_inode+0x67/0x1b0
[   87.941614][  T116]  new_inode+0x22/0x170
[   87.945767][  T116]  jfs_fill_super+0x569/0xd90
[   87.950449][  T116]  get_tree_bdev_flags+0x40b/0x4d0
[   87.955567][  T116]  vfs_get_tree+0x92/0x2b0
[   87.959989][  T116]  do_new_mount+0x24a/0xa40
[   87.964498][  T116]  __se_sys_mount+0x317/0x410
[   87.969169][  T116]  do_syscall_64+0xf6/0x210
[   87.973681][  T116] page last free pid 1 tgid 1 stack trace:
[   87.979481][  T116]  __free_frozen_pages+0xb05/0xcd0
[   87.984589][  T116]  free_contig_range+0x159/0x440
[   87.989527][  T116]  destroy_args+0x86/0x460
[   87.993951][  T116]  debug_vm_pgtable+0x3cf/0x410
[   87.998805][  T116]  do_one_initcall+0x233/0x820
[   88.003576][  T116]  do_initcall_level+0x137/0x1f0
[   88.008522][  T116]  do_initcalls+0x69/0xd0
[   88.012851][  T116]  kernel_init_freeable+0x3d9/0x570
[   88.018048][  T116]  kernel_init+0x1d/0x1d0
[   88.022382][  T116]  ret_from_fork+0x4b/0x80
[   88.026795][  T116]  ret_from_fork_asm+0x1a/0x30
[   88.031568][  T116] 
[   88.033887][  T116] Memory state around the buggy address:
[   88.039513][  T116]  ffff88807b7fd200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   88.047570][  T116]  ffff88807b7fd280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   88.055627][  T116] >ffff88807b7fd300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   88.063684][  T116]                                         ^
[   88.069570][  T116]  ffff88807b7fd380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   88.077626][  T116]  ffff88807b7fd400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   88.085690][  T116] ==================================================================
[   88.093756][  T116] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   88.100944][  T116] CPU: 1 UID: 0 PID: 116 Comm: jfsCommit Not tainted 6.15.0-rc6-syzkaller-00346-g5723cc3450bc #0 PREEMPT(full) 
[   88.112734][  T116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   88.122785][  T116] Call Trace:
[   88.126060][  T116]  <TASK>
[   88.128989][  T116]  dump_stack_lvl+0x99/0x250
[   88.133587][  T116]  ? __asan_memcpy+0x40/0x70
[   88.138187][  T116]  ? __pfx_dump_stack_lvl+0x10/0x10
[   88.143399][  T116]  ? __pfx__printk+0x10/0x10
[   88.148019][  T116]  panic+0x2db/0x790
[   88.151915][  T116]  ? __pfx_panic+0x10/0x10
[   88.156332][  T116]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   88.162225][  T116]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   88.168560][  T116]  ? print_memory_metadata+0x314/0x400
[   88.174448][  T116]  ? string+0x231/0x2b0
[   88.178613][  T116]  check_panic_on_warn+0x89/0xb0
[   88.183546][  T116]  ? string+0x231/0x2b0
[   88.187696][  T116]  end_report+0x78/0x160
[   88.191937][  T116]  kasan_report+0x129/0x150
[   88.196442][  T116]  ? number+0x81/0xf60
[   88.200533][  T116]  ? string+0x231/0x2b0
[   88.204697][  T116]  string+0x231/0x2b0
[   88.208675][  T116]  vsnprintf+0x739/0xf00
[   88.212914][  T116]  vprintk_store+0x3c7/0xd00
[   88.217509][  T116]  ? __pfx_vprintk_store+0x10/0x10
[   88.222634][  T116]  ? __console_unlock+0x136/0x1a0
[   88.227655][  T116]  ? llist_add_batch+0x108/0x1e0
[   88.232592][  T116]  ? __pfx_llist_add_batch+0x10/0x10
[   88.237883][  T116]  ? tick_nohz_tick_stopped+0x86/0xb0
[   88.243267][  T116]  ? is_printk_cpu_sync_owner+0x32/0x40
[   88.248815][  T116]  vprintk_emit+0x21e/0x7a0
[   88.253316][  T116]  ? __pfx_vprintk_emit+0x10/0x10
[   88.258336][  T116]  ? __is_module_percpu_address+0x28/0x3f0
[   88.264189][  T116]  ? rcu_is_watching+0x15/0xb0
[   88.269017][  T116]  ? __kasan_check_byte+0x12/0x40
[   88.274046][  T116]  ? rcu_is_watching+0x15/0xb0
[   88.278812][  T116]  ? is_dynamic_key+0xd6/0x1c0
[   88.283593][  T116]  ? rcu_is_watching+0x15/0xb0
[   88.288360][  T116]  _printk+0xcf/0x120
[   88.292363][  T116]  ? __pfx__printk+0x10/0x10
[   88.296962][  T116]  ? is_dynamic_key+0x1ac/0x1c0
[   88.301820][  T116]  ? register_lock_class+0xc9/0x320
[   88.307038][  T116]  spin_dump+0x102/0x1a0
[   88.311293][  T116]  do_raw_spin_lock+0x1ca/0x290
[   88.316161][  T116]  ? __wake_up_common_lock+0x2f/0x1f0
[   88.321536][  T116]  ? __pfx_do_raw_spin_lock+0x10/0x10
[   88.326908][  T116]  _raw_spin_lock_irqsave+0xb3/0xf0
[   88.332112][  T116]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[   88.338003][  T116]  ? dbFree+0x4d1/0x650
[   88.342162][  T116]  __wake_up_common_lock+0x2f/0x1f0
[   88.347362][  T116]  release_metapage+0x13c/0xac0
[   88.352230][  T116]  ? txFreeMap+0xb19/0xde0
[   88.356647][  T116]  ? do_raw_spin_unlock+0x122/0x240
[   88.361848][  T116]  xtTruncate+0xe71/0x2dd0
[   88.366275][  T116]  ? __pfx_xtTruncate+0x10/0x10
[   88.371128][  T116]  ? reacquire_held_locks+0x127/0x1d0
[   88.376510][  T116]  ? __mark_inode_dirty+0x4a6/0xdf0
[   88.381733][  T116]  ? __asan_memset+0x22/0x50
[   88.386328][  T116]  ? __dquot_initialize+0x218/0xcb0
[   88.391547][  T116]  jfs_free_zero_link+0x33a/0x4a0
[   88.396593][  T116]  ? __pfx_jfs_free_zero_link+0x10/0x10
[   88.402154][  T116]  ? __pfx_inode_wait_for_writeback+0x10/0x10
[   88.408223][  T116]  jfs_evict_inode+0x363/0x440
[   88.412994][  T116]  ? evict+0x4f8/0x9c0
[   88.417063][  T116]  ? __pfx_jfs_evict_inode+0x10/0x10
[   88.422344][  T116]  evict+0x501/0x9c0
[   88.426240][  T116]  ? __pfx_evict+0x10/0x10
[   88.430665][  T116]  ? do_raw_spin_unlock+0x122/0x240
[   88.435879][  T116]  ? _raw_spin_unlock+0x28/0x50
[   88.440734][  T116]  ? iput+0x6d8/0x9d0
[   88.444719][  T116]  jfs_lazycommit+0x43f/0xa90
[   88.449496][  T116]  ? __pfx_jfs_lazycommit+0x10/0x10
[   88.454689][  T116]  ? __pfx_default_wake_function+0x10/0x10
[   88.460505][  T116]  ? __kthread_parkme+0x7b/0x200
[   88.465455][  T116]  ? __kthread_parkme+0x1a1/0x200
[   88.470475][  T116]  kthread+0x711/0x8a0
[   88.474543][  T116]  ? __pfx_jfs_lazycommit+0x10/0x10
[   88.479745][  T116]  ? __pfx_kthread+0x10/0x10
[   88.484427][  T116]  ? __pfx_kthread+0x10/0x10
[   88.489036][  T116]  ? _raw_spin_unlock_irq+0x23/0x50
[   88.494233][  T116]  ? lockdep_hardirqs_on+0x9c/0x150
[   88.499438][  T116]  ? __pfx_kthread+0x10/0x10
[   88.504050][  T116]  ret_from_fork+0x4b/0x80
[   88.508487][  T116]  ? __pfx_kthread+0x10/0x10
[   88.513084][  T116]  ret_from_fork_asm+0x1a/0x30
[   88.517878][  T116]  </TASK>
[   88.521142][  T116] Kernel Offset: disabled
[   88.525476][  T116] Rebooting in 86400 seconds..