Warning: Permanently added '10.128.1.132' (ED25519) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
[  154.522334][ T3529] loop0: detected capacity change from 0 to 32768
[  154.549673][ T3532] loop1: detected capacity change from 0 to 32768
[  154.550929][ T3531] loop4: detected capacity change from 0 to 32768
[  154.579253][ T3532] 
[  154.579253][ T3532]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  154.579253][ T3532] 
[  154.590614][ T3530] loop3: detected capacity change from 0 to 32768
[  154.595776][ T3532] 
[  154.595776][ T3532]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  154.595776][ T3532] 
[  154.601828][ T3533] loop2: detected capacity change from 0 to 32768
[  154.617379][ T3532] 
[  154.617379][ T3532]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  154.617379][ T3532] 
[  154.620241][ T3529] 
[  154.620241][ T3529]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  154.620241][ T3529] 
[  154.641012][  T275] 
[  154.641012][  T275]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  154.641012][  T275] 
[  154.652843][ T3529] 
[  154.652843][ T3529]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  154.652843][ T3529] 
[  154.665323][  T155] 
[  154.665323][  T155]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  154.665323][  T155] 
[  154.677128][  T155] 
[  154.677128][  T155]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  154.677128][  T155] 
[  154.688000][ T3531] 
[  154.688000][ T3531]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  154.688000][ T3531] 
[  154.688720][ T3529] 
[  154.688720][ T3529]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  154.688720][ T3529] 
[  154.699033][ T3530] 
[  154.699033][ T3530]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  154.699033][ T3530] 
[  154.710792][ T3525] 
[  154.710792][ T3525]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  154.710792][ T3525] 
[  154.720279][ T3533] 
[  154.720279][ T3533]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  154.720279][ T3533] 
[  154.736037][  T276] 
[  154.736037][  T276]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  154.736037][  T276] 
[  154.754644][  T275] 
[  154.754644][  T275]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  154.754644][  T275] 
[  154.759321][ T3531] 
[  154.759321][ T3531]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  154.759321][ T3531] 
[  154.776252][ T3525] 
[  154.776252][ T3525]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  154.776252][ T3525] 
[  154.787633][  T144] 
[  154.787633][  T144]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  154.787633][  T144] 
[  154.798910][  T144] 
[  154.798910][  T144]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  154.798910][  T144] 
[  154.805723][ T3531] 
[  154.805723][ T3531]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  154.805723][ T3531] 
[  154.822143][  T275] 
[  154.822143][  T275]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  154.822143][  T275] 
[  154.827923][  T276] 
[  154.827923][  T276]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  154.827923][  T276] 
[  154.843755][ T3533] 
[  154.843755][ T3533]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  154.843755][ T3533] 
[  154.847224][ T3524] 
[  154.847224][ T3524]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  154.847224][ T3524] 
[  154.854987][ T3530] 
[  154.854987][ T3530]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  154.854987][ T3530] 
[  154.869674][  T144] 
[  154.869674][  T144]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  154.869674][  T144] 
[  154.901351][ T3533] 
[  154.901351][ T3533]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  154.901351][ T3533] 
[  154.905521][  T144] 
[  154.905521][  T144]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  154.905521][  T144] 
[  154.920629][ T3530] 
[  154.920629][ T3530]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  154.920629][ T3530] 
[  154.927079][ T3524] 
[  154.927079][ T3524]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  154.927079][ T3524] 
[  154.946521][ T3528] 
[  154.946521][ T3528]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  154.946521][ T3528] 
[  154.957591][  T276] 
[  154.957591][  T276]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  154.957591][  T276] 
[  154.965090][  T275] 
[  154.965090][  T275]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  154.965090][  T275] 
[  154.978734][ T3528] 
[  154.978734][ T3528]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  154.978734][ T3528] 
[  154.980307][  T146] 
[  154.980307][  T146]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  154.980307][  T146] 
[  154.992296][  T275] 
[  154.992296][  T275]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  154.992296][  T275] 
[  155.000369][  T155] 
[  155.000369][  T155]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  155.000369][  T155] 
[  155.021567][  T275] ==================================================================
[  155.029752][  T275] BUG: KASAN: use-after-free in txEnd+0x350/0x560
[  155.036187][  T275] Write of size 8 at addr ffff88801d581040 by task jfsCommit/275
[  155.039806][  T146] 
[  155.039806][  T146]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  155.039806][  T146] 
[  155.043893][  T275] 
[  155.054726][  T155] 
[  155.054726][  T155]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  155.054726][  T155] 
[  155.056588][  T275] CPU: 1 PID: 275 Comm: jfsCommit Not tainted 5.15.156-syzkaller #0
[  155.074934][  T275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[  155.079785][ T3527] 
[  155.079785][ T3527]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  155.079785][ T3527] 
[  155.084998][  T275] Call Trace:
[  155.085006][  T275]  <TASK>
[  155.101581][  T275]  dump_stack_lvl+0x1e3/0x2d0
[  155.106274][  T275]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  155.109951][  T276] 
[  155.109951][  T276]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  155.109951][  T276] 
[  155.111908][  T275]  ? _printk+0xd1/0x120
[  155.123231][ T3527] 
[  155.123231][ T3527]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  155.123231][ T3527] 
[  155.126541][  T275]  ? __wake_up_klogd+0xcc/0x100
[  155.137712][  T276] 
[  155.137712][  T276]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  155.137712][  T276] 
executing program
[  155.141754][  T275]  ? panic+0x860/0x860
[  155.141779][  T275]  ? _raw_spin_lock_irqsave+0xdd/0x120
[  155.141803][  T275]  ? __mutex_unlock_slowpath+0x6f6/0x750
[  155.167291][  T275]  print_address_description+0x63/0x3b0
[  155.172846][  T275]  ? txEnd+0x350/0x560
[  155.176916][  T275]  kasan_report+0x16b/0x1c0
[  155.181421][  T275]  ? txEnd+0x350/0x560
[  155.185495][  T275]  kasan_check_range+0x27e/0x290
[  155.190431][  T275]  txEnd+0x350/0x560
[  155.194329][  T275]  jfs_lazycommit+0x60d/0xc30
[  155.199006][  T275]  ? _raw_spin_unlock_irqrestore+0x8b/0x130
[  155.204923][  T275]  ? lockdep_hardirqs_on+0x94/0x130
[  155.210127][  T275]  ? txFreelock+0x580/0x580
[  155.214631][  T275]  ? sched_dynamic_update+0x240/0x240
[  155.220012][  T275]  kthread+0x3f6/0x4f0
[  155.224077][  T275]  ? txFreelock+0x580/0x580
[  155.228582][  T275]  ? kthread_blkcg+0xd0/0xd0
[  155.233192][  T275]  ret_from_fork+0x1f/0x30
[  155.237625][  T275]  </TASK>
[  155.240640][  T275] 
[  155.242957][  T275] Allocated by task 3531:
[  155.247275][  T275]  ____kasan_kmalloc+0xba/0xf0
[  155.247610][ T3526] 
[  155.247610][ T3526]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  155.247610][ T3526] 
[  155.252031][  T275]  kmem_cache_alloc_trace+0x143/0x290
[  155.252051][  T275]  lmLogOpen+0x314/0x1030
[  155.252069][  T275]  jfs_mount_rw+0xe3/0x640
[  155.252084][  T275]  jfs_fill_super+0x69f/0xc70
[  155.272655][ T3526] 
[  155.272655][ T3526]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  155.272655][ T3526] 
[  155.276515][  T275]  mount_bdev+0x2c9/0x3f0
[  155.276534][  T275]  legacy_get_tree+0xeb/0x180
[  155.300537][  T275]  vfs_get_tree+0x88/0x270
[  155.304954][  T275]  do_new_mount+0x2ba/0xb40
[  155.309457][  T275]  __se_sys_mount+0x2d5/0x3c0
[  155.314137][  T275]  do_syscall_64+0x3b/0xb0
[  155.318557][  T275]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  155.324470][  T275] 
[  155.326801][  T275] Freed by task 3528:
[  155.330772][  T275]  kasan_set_track+0x4b/0x80
[  155.335363][  T275]  kasan_set_free_info+0x1f/0x40
[  155.340298][  T275]  ____kasan_slab_free+0xd8/0x120
[  155.345323][  T275]  slab_free_freelist_hook+0xdd/0x160
[  155.350698][  T275]  kfree+0xf1/0x270
[  155.354504][  T275]  lmLogClose+0x29d/0x530
[  155.358835][  T275]  jfs_umount+0x298/0x370
[  155.363171][  T275]  jfs_put_super+0x86/0x180
[  155.367670][  T275]  generic_shutdown_super+0x136/0x2c0
[  155.373049][  T275]  kill_block_super+0x7a/0xe0
[  155.377733][  T275]  deactivate_locked_super+0xa0/0x110
[  155.383104][  T275]  cleanup_mnt+0x44e/0x500
[  155.387517][  T275]  task_work_run+0x129/0x1a0
[  155.392110][  T275]  exit_to_user_mode_loop+0x106/0x130
[  155.397485][  T275]  exit_to_user_mode_prepare+0xb1/0x140
[  155.403035][  T275]  syscall_exit_to_user_mode+0x5d/0x240
[  155.408595][  T275]  do_syscall_64+0x47/0xb0
[  155.413020][  T275]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  155.418928][  T275] 
[  155.421255][  T275] The buggy address belongs to the object at ffff88801d581000
[  155.421255][  T275]  which belongs to the cache kmalloc-1k of size 1024
[  155.435306][  T275] The buggy address is located 64 bytes inside of
[  155.435306][  T275]  1024-byte region [ffff88801d581000, ffff88801d581400)
[  155.448024][ T3537] loop1: detected capacity change from 0 to 32768
[  155.448580][  T275] The buggy address belongs to the page:
[  155.448591][  T275] page:ffffea0000756000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1d580
[  155.448616][  T275] head:ffffea0000756000 order:3 compound_mapcount:0 compound_pincount:0
[  155.479033][  T275] flags: 0xfff80000010200(slab|head|node=0|zone=1|lastcpupid=0xfff)
[  155.487018][  T275] raw: 00fff80000010200 0000000000000000 0000000100000001 ffff888011c41dc0
[  155.495586][  T275] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[  155.504147][  T275] page dumped because: kasan: bad access detected
[  155.510536][  T275] page_owner tracks the page as allocated
[  155.516227][  T275] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, ts 7531459348, free_ts 0
[  155.534089][  T275]  get_page_from_freelist+0x322a/0x33c0
[  155.539637][  T275]  __alloc_pages+0x272/0x700
[  155.544213][  T275]  new_slab+0xb1/0x4b0
[  155.548267][  T275]  ___slab_alloc+0x6f6/0xe10
[  155.552843][  T275]  kmem_cache_alloc_node_trace+0x1ce/0x2e0
[  155.558641][  T275]  sbitmap_queue_init_node+0x178/0x880
[  155.564119][  T275]  blk_mq_init_tags+0x1c6/0x380
[  155.568969][  T275]  blk_mq_alloc_rq_map+0x7a/0x190
[  155.573981][  T275]  blk_mq_init_sched+0x21c/0x1030
[  155.578987][  T275]  elevator_init_mq+0x368/0x4d0
[  155.583825][  T275]  device_add_disk+0x8e/0xd60
[  155.588503][  T275]  add_mtd_blktrans_dev+0x1005/0x1410
[  155.593861][  T275]  mtdblock_add_mtd+0x184/0x230
[  155.598705][  T275]  blktrans_notify_add+0x90/0xf0
[  155.603630][  T275]  add_mtd_device+0xe01/0x13e0
[  155.608377][  T275]  mtd_device_parse_register+0xb76/0xd90
[  155.613996][  T275] page_owner free stack trace missing
[  155.619341][  T275] 
[  155.621645][  T275] Memory state around the buggy address:
[  155.627252][  T275]  ffff88801d580f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  155.635293][  T275]  ffff88801d580f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  155.643347][  T275] >ffff88801d581000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  155.651382][  T275]                                            ^
[  155.657509][  T275]  ffff88801d581080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  155.665567][  T275]  ffff88801d581100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  155.673626][  T275] ==================================================================
[  155.681660][  T275] Disabling lock debugging due to kernel taint
[  155.688135][  T275] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  155.695335][  T275] CPU: 1 PID: 275 Comm: jfsCommit Tainted: G    B             5.15.156-syzkaller #0
[  155.704684][  T275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[  155.714717][  T275] Call Trace:
[  155.717980][  T275]  <TASK>
[  155.720895][  T275]  dump_stack_lvl+0x1e3/0x2d0
[  155.725563][  T275]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  155.731180][  T275]  ? panic+0x860/0x860
[  155.735238][  T275]  ? preempt_schedule_common+0xa6/0xd0
[  155.740680][  T275]  ? preempt_schedule+0xd9/0xe0
[  155.745511][  T275]  panic+0x318/0x860
[  155.749402][  T275]  ? check_panic_on_warn+0x1d/0xa0
[  155.754493][  T275]  ? fb_is_primary_device+0xd0/0xd0
[  155.759691][  T275]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[  155.765663][  T275]  ? _raw_spin_unlock+0x40/0x40
[  155.770512][  T275]  check_panic_on_warn+0x7e/0xa0
[  155.775432][  T275]  ? txEnd+0x350/0x560
[  155.779485][  T275]  end_report+0x6d/0xf0
[  155.783633][  T275]  kasan_report+0x18e/0x1c0
[  155.788123][  T275]  ? txEnd+0x350/0x560
[  155.792179][  T275]  kasan_check_range+0x27e/0x290
[  155.797096][  T275]  txEnd+0x350/0x560
[  155.800973][  T275]  jfs_lazycommit+0x60d/0xc30
[  155.805632][  T275]  ? _raw_spin_unlock_irqrestore+0x8b/0x130
[  155.811513][  T275]  ? lockdep_hardirqs_on+0x94/0x130
[  155.816699][  T275]  ? txFreelock+0x580/0x580
[  155.821183][  T275]  ? sched_dynamic_update+0x240/0x240
[  155.826537][  T275]  kthread+0x3f6/0x4f0
[  155.830621][  T275]  ? txFreelock+0x580/0x580
[  155.835179][  T275]  ? kthread_blkcg+0xd0/0xd0
[  155.839752][  T275]  ret_from_fork+0x1f/0x30
[  155.844158][  T275]  </TASK>
[  155.847464][  T275] Kernel Offset: disabled
[  155.851780][  T275] Rebooting in 86400 seconds..