Warning: Permanently added '10.128.0.192' (ED25519) to the list of known hosts. executing program executing program executing program executing program executing program [ 38.226985][ T6404] loop0: detected capacity change from 0 to 32768 [ 38.380257][ T6409] loop2: detected capacity change from 0 to 32768 [ 38.446972][ T6403] loop1: detected capacity change from 0 to 32768 executing program [ 38.521482][ T6402] loop4: detected capacity change from 0 to 32768 [ 38.554286][ T6410] loop3: detected capacity change from 0 to 32768 executing program executing program executing program executing program [ 38.904222][ T6412] loop0: detected capacity change from 0 to 32768 [ 38.977244][ T6418] loop2: detected capacity change from 0 to 32768 [ 39.045273][ T6421] loop3: detected capacity change from 0 to 32768 [ 39.094463][ T6414] loop1: detected capacity change from 0 to 32768 [ 39.165533][ T6423] loop4: detected capacity change from 0 to 32768 executing program executing program executing program executing program executing program [ 39.564906][ T6435] loop2: detected capacity change from 0 to 32768 [ 39.573223][ T6434] loop3: detected capacity change from 0 to 32768 [ 39.633667][ T6429] loop0: detected capacity change from 0 to 32768 [ 39.748191][ T6439] loop4: detected capacity change from 0 to 32768 executing program executing program executing program [ 39.880590][ T6438] loop1: detected capacity change from 0 to 32768 executing program [ 40.064829][ T6448] loop0: detected capacity change from 0 to 32768 executing program executing program [ 40.257480][ T6443] loop2: detected capacity change from 0 to 32768 [ 40.336312][ T6452] loop1: detected capacity change from 0 to 32768 [ 40.403607][ T6447] loop3: detected capacity change from 0 to 32768 executing program [ 40.479539][ T6450] loop4: detected capacity change from 0 to 32768 executing program executing program executing program [ 40.735579][ T6455] loop0: detected capacity change from 0 to 32768 [ 40.869159][ T6458] loop2: detected capacity change from 0 to 32768 executing program [ 40.944286][ T6466] loop4: detected capacity change from 0 to 32768 [ 40.951899][ T6461] loop1: detected capacity change from 0 to 32768 [ 41.001005][ T6464] loop3: detected capacity change from 0 to 32768 executing program executing program executing program executing program [ 41.382467][ T6474] loop2: detected capacity change from 0 to 32768 [ 41.392299][ T6468] loop0: detected capacity change from 0 to 32768 [ 41.510129][ T6476] loop4: detected capacity change from 0 to 32768 executing program executing program executing program [ 41.746725][ T6478] loop1: detected capacity change from 0 to 32768 [ 41.778151][ T6485] loop2: detected capacity change from 0 to 32768 [ 41.822495][ T6480] loop3: detected capacity change from 0 to 32768 executing program executing program executing program [ 42.047928][ T6487] loop4: detected capacity change from 0 to 32768 executing program [ 42.239445][ T6495] loop3: detected capacity change from 0 to 32768 [ 42.245134][ T6483] loop0: detected capacity change from 0 to 32768 [ 42.322197][ T6490] loop1: detected capacity change from 0 to 32768 executing program [ 42.488721][ T6498] loop4: detected capacity change from 0 to 32768 [ 42.503912][ T6493] loop2: detected capacity change from 0 to 32768 executing program [ 42.637904][ T6493] ================================================================== [ 42.639891][ T6493] BUG: KASAN: slab-use-after-free in __mutex_lock_common+0x100/0x21a0 [ 42.642171][ T6493] Read of size 8 at addr ffff0000d29614b0 by task syz-executor126/6493 [ 42.644262][ T6493] [ 42.644876][ T6493] CPU: 0 UID: 0 PID: 6493 Comm: syz-executor126 Not tainted 6.11.0-rc5-syzkaller-gdf54f4a16f82 #0 [ 42.647784][ T6493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 42.650481][ T6493] Call trace: [ 42.651367][ T6493] dump_backtrace+0x1b8/0x1e4 [ 42.652591][ T6493] show_stack+0x2c/0x3c [ 42.653727][ T6493] dump_stack_lvl+0xe4/0x150 [ 42.654875][ T6493] print_report+0x198/0x538 [ 42.656090][ T6493] kasan_report+0xd8/0x138 [ 42.657269][ T6493] __asan_report_load8_noabort+0x20/0x2c [ 42.658694][ T6493] __mutex_lock_common+0x100/0x21a0 [ 42.659963][ T6493] mutex_lock_nested+0x2c/0x38 [ 42.661161][ T6493] dbFreeBits+0x734/0xc0c [ 42.662269][ T6493] dbFree+0x2d4/0x5b0 [ 42.663353][ T6493] dbDiscardAG+0x604/0x748 [ 42.664426][ T6493] jfs_ioc_trim+0x3cc/0x5d8 [ 42.665727][ T6493] jfs_ioctl+0x338/0x550 [ 42.666837][ T6493] __arm64_sys_ioctl+0x14c/0x1c8 [ 42.668069][ T6493] invoke_syscall+0x98/0x2b8 [ 42.669284][ T6493] el0_svc_common+0x130/0x23c [ 42.670516][ T6493] do_el0_svc+0x48/0x58 [ 42.671560][ T6493] el0_svc+0x54/0x168 [ 42.672508][ T6493] el0t_64_sync_handler+0x84/0xfc [ 42.673789][ T6493] el0t_64_sync+0x190/0x194 [ 42.674853][ T6493] [ 42.675310][ T6501] loop3: detected capacity change from 0 to 32768 [ 42.675483][ T6493] Allocated by task 6493: [ 42.675493][ T6493] kasan_save_track+0x40/0x78 [ 42.679661][ T6493] kasan_save_alloc_info+0x40/0x50 [ 42.680984][ T6493] __kasan_kmalloc+0xac/0xc4 [ 42.682197][ T6493] __kmalloc_cache_noprof+0x244/0x374 [ 42.683639][ T6493] dbMount+0x68/0x810 [ 42.684621][ T6493] jfs_mount+0x1c8/0x7a8 [ 42.685598][ T6493] jfs_fill_super+0x464/0x9f0 [ 42.686868][ T6493] mount_bdev+0x1d4/0x2a0 [ 42.688027][ T6493] jfs_do_mount+0x44/0x58 [ 42.689183][ T6493] legacy_get_tree+0xd4/0x16c [ 42.690473][ T6493] vfs_get_tree+0x90/0x28c [ 42.691729][ T6493] do_new_mount+0x278/0x900 executing program [ 42.692886][ T6493] path_mount+0x590/0xe04 [ 42.693978][ T6493] __arm64_sys_mount+0x45c/0x5a8 [ 42.695211][ T6493] invoke_syscall+0x98/0x2b8 [ 42.696397][ T6493] el0_svc_common+0x130/0x23c [ 42.697541][ T6493] do_el0_svc+0x48/0x58 [ 42.698673][ T6493] el0_svc+0x54/0x168 [ 42.699727][ T6493] el0t_64_sync_handler+0x84/0xfc [ 42.701131][ T6493] el0t_64_sync+0x190/0x194 [ 42.702295][ T6493] [ 42.702940][ T6493] Freed by task 6507: [ 42.704102][ T6493] kasan_save_track+0x40/0x78 [ 42.705420][ T6493] kasan_save_free_info+0x54/0x6c [ 42.706784][ T6493] poison_slab_object+0x128/0x180 [ 42.708115][ T6493] __kasan_slab_free+0x3c/0x70 [ 42.709485][ T6493] kfree+0x154/0x3e0 [ 42.710546][ T6493] dbUnmount+0xfc/0x168 [ 42.711728][ T6493] jfs_mount_rw+0x3d0/0x5b8 [ 42.712914][ T6493] jfs_remount+0x328/0x594 [ 42.714108][ T6493] legacy_reconfigure+0xfc/0x114 [ 42.715441][ T6493] reconfigure_super+0x1d0/0x6f0 [ 42.716761][ T6493] path_mount+0xc0c/0xe04 [ 42.717921][ T6493] __arm64_sys_mount+0x45c/0x5a8 [ 42.719189][ T6493] invoke_syscall+0x98/0x2b8 [ 42.720467][ T6493] el0_svc_common+0x130/0x23c [ 42.721774][ T6493] do_el0_svc+0x48/0x58 [ 42.722958][ T6493] el0_svc+0x54/0x168 [ 42.724078][ T6493] el0t_64_sync_handler+0x84/0xfc [ 42.725423][ T6493] el0t_64_sync+0x190/0x194 [ 42.726645][ T6493] [ 42.727292][ T6493] The buggy address belongs to the object at ffff0000d2961000 [ 42.727292][ T6493] which belongs to the cache kmalloc-2k of size 2048 [ 42.731010][ T6493] The buggy address is located 1200 bytes inside of [ 42.731010][ T6493] freed 2048-byte region [ffff0000d2961000, ffff0000d2961800) [ 42.734659][ T6493] [ 42.735283][ T6493] The buggy address belongs to the physical page: [ 42.737023][ T6493] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x112960 [ 42.739463][ T6493] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 42.741711][ T6493] flags: 0x5ffc00000000040(head|node=0|zone=2|lastcpupid=0x7ff) [ 42.743765][ T6493] page_type: 0xfdffffff(slab) [ 42.745015][ T6493] raw: 05ffc00000000040 ffff0000c0002000 fffffdffc34eca00 0000000000000002 [ 42.747425][ T6493] raw: 0000000000000000 0000000000080008 00000001fdffffff 0000000000000000 [ 42.749664][ T6493] head: 05ffc00000000040 ffff0000c0002000 fffffdffc34eca00 0000000000000002 [ 42.751892][ T6493] head: 0000000000000000 0000000000080008 00000001fdffffff 0000000000000000 [ 42.754250][ T6493] head: 05ffc00000000003 fffffdffc34a5801 ffffffffffffffff 0000000000000000 [ 42.756569][ T6493] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 42.759029][ T6493] page dumped because: kasan: bad access detected [ 42.760706][ T6493] [ 42.761350][ T6493] Memory state around the buggy address: [ 42.762851][ T6493] ffff0000d2961380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 42.765134][ T6493] ffff0000d2961400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 42.767283][ T6493] >ffff0000d2961480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 42.769457][ T6493] ^ [ 42.770964][ T6493] ffff0000d2961500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 42.773249][ T6493] ffff0000d2961580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 42.775417][ T6493] ================================================================== [ 42.791276][ T6493] Disabling lock debugging due to kernel taint executing program [ 42.875456][ T6509] loop1: detected capacity change from 0 to 32768 executing program executing program executing program [ 43.009657][ T6511] loop4: detected capacity change from 0 to 32768 [ 43.033451][ T6505] loop0: detected capacity change from 0 to 32768 executing program [ 43.154552][ T6515] loop3: detected capacity change from 0 to 32768 executing program [ 43.177099][ T6513] loop2: detected capacity change from 0 to 32768 [ 43.239905][ T6517] loop1: detected capacity change from 0 to 32768 [ 43.250558][ T6515] Unable to handle kernel paging request at virtual address dfff800000000000 [ 43.273183][ T6515] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 43.275454][ T6515] Mem abort info: executing program [ 43.298346][ T6515] ESR = 0x0000000096000005 [ 43.302607][ T6515] EC = 0x25: DABT (current EL), IL = 32 bits [ 43.304251][ T6515] SET = 0, FnV = 0 [ 43.305283][ T6515] EA = 0, S1PTW = 0 [ 43.316216][ T6515] FSC = 0x05: level 1 translation fault [ 43.323284][ T6515] Data abort info: [ 43.326606][ T6515] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000 [ 43.347926][ T6515] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 executing program [ 43.357141][ T6515] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 43.361777][ T6515] [dfff800000000000] address between user and kernel address ranges [ 43.374056][ T6515] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP [ 43.375970][ T6515] Modules linked in: [ 43.376914][ T6515] CPU: 0 UID: 0 PID: 6515 Comm: syz-executor126 Tainted: G B 6.11.0-rc5-syzkaller-gdf54f4a16f82 #0 [ 43.380351][ T6515] Tainted: [B]=BAD_PAGE [ 43.381482][ T6515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 43.384151][ T6515] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 43.386010][ T6515] pc : dbFree+0xfc/0x5b0 [ 43.387031][ T6515] lr : dbFree+0xec/0x5b0 [ 43.388062][ T6515] sp : ffff8000987979a0 [ 43.389221][ T6515] x29: ffff8000987979e0 x28: 1ffff000130f2f58 x27: dfff800000000000 [ 43.391306][ T6515] x26: dfff800000000000 x25: 1fffe0001cb7664e x24: ffff0000d5d04000 [ 43.393349][ T6515] x23: ffff0000e5bb3270 x22: 0000000000000010 x21: ffff0000cc98c600 [ 43.395496][ T6515] x20: 0000000000000030 x19: 0000000000000040 x18: ffff8000986f76d8 [ 43.397592][ T6515] x17: ffff80012489c000 x16: ffff80008301a844 x15: 0000000000000001 [ 43.399591][ T6515] x14: 1fffe0001cb76268 x13: 0000000000000000 x12: 0000000000000000 [ 43.401492][ T6515] x11: 0000000000000001 x10: 0000000000ff0100 x9 : 0000000000000000 [ 43.403520][ T6515] x8 : 0000000000000000 x7 : 0000000000000000 x6 : ffff800081a99c88 [ 43.404348][ T6524] loop2: detected capacity change from 0 to 32768 [ 43.405433][ T6515] x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff80008033ef08 [ 43.409007][ T6515] x2 : 0000000000000001 x1 : 0000000000000030 x0 : 0000000000000000 [ 43.411071][ T6515] Call trace: [ 43.411838][ T6515] dbFree+0xfc/0x5b0 [ 43.412802][ T6515] dbDiscardAG+0x604/0x748 [ 43.413915][ T6515] jfs_ioc_trim+0x3cc/0x5d8 [ 43.415124][ T6515] jfs_ioctl+0x338/0x550 [ 43.416126][ T6515] __arm64_sys_ioctl+0x14c/0x1c8 [ 43.417427][ T6515] invoke_syscall+0x98/0x2b8 [ 43.418591][ T6515] el0_svc_common+0x130/0x23c [ 43.419868][ T6515] do_el0_svc+0x48/0x58 [ 43.420969][ T6515] el0_svc+0x54/0x168 [ 43.421945][ T6515] el0t_64_sync_handler+0x84/0xfc [ 43.421990][ T6521] loop0: detected capacity change from 0 to 32768 [ 43.423324][ T6515] el0t_64_sync+0x190/0x194 [ 43.426123][ T6515] Code: b4002114 f85f83a9 8b1402d3 d343fd28 (387a6908) [ 43.427923][ T6515] ---[ end trace 0000000000000000 ]--- [ 43.509463][ T6519] loop4: detected capacity change from 0 to 32768 [ 43.548611][ T6526] loop1: detected capacity change from 0 to 32768 [ 43.759076][ T6515] Kernel panic - not syncing: Oops: Fatal exception [ 43.760813][ T6515] SMP: stopping secondary CPUs [ 43.761890][ T6515] Kernel Offset: disabled [ 43.762771][ T6515] CPU features: 0x08,00000103,80100128,42017203 [ 43.764167][ T6515] Memory Limit: none [ 44.068195][ T6515] Rebooting in 86400 seconds..