./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2191760164

<...>
Warning: Permanently added '10.128.0.125' (ED25519) to the list of known hosts.
execve("./syz-executor2191760164", ["./syz-executor2191760164"], 0x7fff5eb95d10 /* 10 vars */) = 0
brk(NULL)                               = 0x55556b73b000
brk(0x55556b73bd00)                     = 0x55556b73bd00
arch_prctl(ARCH_SET_FS, 0x55556b73b380) = 0
set_tid_address(0x55556b73b650)         = 5829
set_robust_list(0x55556b73b660, 24)     = 0
rseq(0x55556b73bca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor2191760164", 4096) = 28
getrandom("\xff\x8e\x9a\x56\x27\xf1\x27\x2e", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x55556b73bd00
brk(0x55556b75cd00)                     = 0x55556b75cd00
brk(0x55556b75d000)                     = 0x55556b75d000
mprotect(0x7f38f7f3f000, 16384, PROT_READ) = 0
mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000
mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000
mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5830 attached
 <unfinished ...>
[pid  5830] set_robust_list(0x55556b73b660, 24 <unfinished ...>
[pid  5829] <... clone resumed>, child_tidptr=0x55556b73b650) = 5830
[pid  5830] <... set_robust_list resumed>) = 0
[pid  5830] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5830] getppid()                   = 0
[pid  5830] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  5830] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  5830] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  5830] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  5830] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid  5830] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  5830] unshare(CLONE_NEWNS)        = 0
[pid  5830] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  5830] unshare(CLONE_NEWIPC)       = 0
[pid  5830] unshare(CLONE_NEWCGROUP)    = 0
[pid  5830] unshare(CLONE_NEWUTS)       = 0
[pid  5830] unshare(CLONE_SYSVSEM)      = 0
[pid  5830] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5830] write(3, "16777216", 8)     = 8
[pid  5830] close(3)                    = 0
[pid  5830] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  5830] write(3, "536870912", 9)    = 9
[pid  5830] close(3)                    = 0
[pid  5830] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5830] write(3, "1024", 4)         = 4
[pid  5830] close(3)                    = 0
[pid  5830] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5830] write(3, "8192", 4)         = 4
[pid  5830] close(3)                    = 0
[pid  5830] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5830] write(3, "1024", 4)         = 4
[pid  5830] close(3)                    = 0
[pid  5830] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  5830] write(3, "1024", 4)         = 4
[pid  5830] close(3)                    = 0
[pid  5830] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  5830] write(3, "1024 1048576 500 1024", 21) = 21
[pid  5830] close(3)                    = 0
[pid  5830] getpid()                    = 1
[pid  5830] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5830] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5830] unshare(CLONE_NEWNET)       = 0
[pid  5830] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  5830] write(3, "0 65535", 7)      = 7
[pid  5830] close(3)                    = 0
[pid  5830] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
[pid  5830] write(3, "100000", 6)       = 6
[pid  5830] close(3)                    = 0
[pid  5830] mkdir("./syz-tmp", 0777)    = 0
[pid  5830] mount("", "./syz-tmp", "tmpfs", 0, NULL) = 0
[pid  5830] mkdir("./syz-tmp/newroot", 0777) = 0
[pid  5830] mkdir("./syz-tmp/newroot/dev", 0700) = 0
[pid  5830] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5830] mkdir("./syz-tmp/newroot/proc", 0700) = 0
[pid  5830] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL) = 0
[pid  5830] mkdir("./syz-tmp/newroot/selinux", 0700) = 0
[pid  5830] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid  5830] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid  5830] mkdir("./syz-tmp/newroot/sys", 0700) = 0
[pid  5830] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5830] mount("/sys/kernel/debug", "./syz-tmp/newroot/sys/kernel/debug", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5830] mount("/sys/fs/smackfs", "./syz-tmp/newroot/sys/fs/smackfs", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5830] mount("/proc/sys/fs/binfmt_misc", "./syz-tmp/newroot/proc/sys/fs/binfmt_misc", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5830] mkdir("./syz-tmp/newroot/syz-inputs", 0700) = 0
[pid  5830] mount("/syz-inputs", "./syz-tmp/newroot/syz-inputs", NULL, MS_RDONLY|MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid  5830] mkdir("./syz-tmp/pivot", 0777) = 0
[pid  5830] pivot_root("./syz-tmp", "./syz-tmp/pivot") = 0
[pid  5830] chdir("/")                  = 0
[pid  5830] umount2("./pivot", MNT_DETACH) = 0
[pid  5830] chroot("./newroot")         = 0
[pid  5830] chdir("/")                  = 0
[pid  5830] mkdir("/dev/gadgetfs", 0777) = 0
[pid  5830] mount("gadgetfs", "/dev/gadgetfs", "gadgetfs", 0, NULL) = 0
[pid  5830] mkdir("/dev/binderfs", 0777) = 0
[pid  5830] mount("binder", "/dev/binderfs", "binder", 0, NULL) = -1 ENODEV (No such device)
[pid  5830] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5830] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  5830] write(1, "executing program\n", 18executing program
) = 18
[pid  5830] memfd_create("syzkaller", 0) = 3
[pid  5830] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f38efa00000
[pid  5830] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5830] munmap(0x7f38efa00000, 138412032) = 0
[pid  5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5830] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5830] close(3)                    = 0
[pid  5830] close(4)                    = 0
[pid  5830] mkdir("./file7", 0777)      = 0
[pid  5830] mount("/dev/loop0", "./file7", "jfs", MS_SYNCHRONOUS|MS_NODIRATIME, "") = 0
[pid  5830] openat(AT_FDCWD, "./file7", O_RDONLY|O_DIRECTORY) = 3
[   88.178059][ T5830] loop0: detected capacity change from 0 to 32768
[pid  5830] chdir("./file7")            = 0
[pid  5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5830] unlinkat(AT_FDCWD, "./file0/file0", 0) = 0
[pid  5830] write(-1, NULL, 0)          = -1 EBADF (Bad file descriptor)
[pid  5830] exit_group(1)               = ?
[   88.256303][  T116] BUG: spinlock bad magic on CPU#0, jfsCommit/116
[   88.262860][  T116] ==================================================================
[   88.270981][  T116] BUG: KASAN: slab-out-of-bounds in string+0x227/0x2b0
[   88.277892][  T116] Read of size 1 at addr ffff88807bae40c8 by task jfsCommit/116
[   88.285566][  T116] 
[   88.287918][  T116] CPU: 0 UID: 0 PID: 116 Comm: jfsCommit Not tainted 6.15.0-rc2-syzkaller-00037-g834a4a689699 #0 PREEMPT(full) 
[   88.287937][  T116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   88.287950][  T116] Call Trace:
[   88.287957][  T116]  <TASK>
[   88.287964][  T116]  dump_stack_lvl+0x241/0x360
[   88.287992][  T116]  ? __pfx_dump_stack_lvl+0x10/0x10
[   88.288012][  T116]  ? rcu_is_watching+0x15/0xb0
[   88.288029][  T116]  ? __virt_addr_valid+0x183/0x530
[   88.288047][  T116]  ? lock_release+0x4e/0x3e0
[   88.288062][  T116]  ? __virt_addr_valid+0x183/0x530
[   88.288080][  T116]  ? __virt_addr_valid+0x183/0x530
[   88.288099][  T116]  print_report+0x16e/0x5b0
[   88.288125][  T116]  ? __virt_addr_valid+0x183/0x530
[   88.288142][  T116]  ? __virt_addr_valid+0x183/0x530
[   88.288160][  T116]  ? __virt_addr_valid+0x45f/0x530
[   88.288177][  T116]  ? __phys_addr+0xba/0x170
[   88.288195][  T116]  ? string+0x227/0x2b0
[   88.288208][  T116]  kasan_report+0x143/0x180
[   88.288221][  T116]  ? string+0x227/0x2b0
[   88.288235][  T116]  string+0x227/0x2b0
[   88.288249][  T116]  vsnprintf+0x8b6/0x1230
[   88.288261][  T116]  ? this_cpu_in_panic+0x4f/0x80
[   88.288281][  T116]  ? __pfx_vsnprintf+0x10/0x10
[   88.288297][  T116]  vprintk_store+0x484/0x1240
[   88.288317][  T116]  ? __pfx_console_flush_all+0x10/0x10
[   88.288337][  T116]  ? __pfx_vprintk_store+0x10/0x10
[   88.288353][  T116]  ? prb_read_valid+0xab/0xf0
[   88.288369][  T116]  ? __pfx___console_unlock+0x10/0x10
[   88.288393][  T116]  ? console_unlock+0x2fe/0x3b0
[   88.288411][  T116]  ? __irq_work_queue_local+0x137/0x410
[   88.288428][  T116]  ? is_printk_cpu_sync_owner+0x32/0x40
[   88.288450][  T116]  vprintk_emit+0x298/0xa40
[   88.288468][  T116]  ? __pfx_vprintk_emit+0x10/0x10
[   88.288488][  T116]  ? rcu_is_watching+0x15/0xb0
[   88.288507][  T116]  _printk+0xd5/0x120
[   88.288526][  T116]  ? __pfx__printk+0x10/0x10
[   88.288543][  T116]  ? is_dynamic_key+0x1ac/0x1c0
[   88.288569][  T116]  spin_bug+0x13b/0x1d0
[   88.288589][  T116]  do_raw_spin_lock+0x20d/0x370
[   88.288610][  T116]  ? __pfx_do_raw_spin_lock+0x10/0x10
[   88.288632][  T116]  _raw_spin_lock_irqsave+0xe4/0x130
[   88.288648][  T116]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[   88.288663][  T116]  ? __pfx___might_resched+0x10/0x10
[   88.288682][  T116]  __wake_up_common_lock+0x25/0x1e0
[   88.288706][  T116]  release_metapage+0x158/0xa90
[   88.288726][  T116]  xtTruncate+0x1026/0x32a0
[   88.288754][  T116]  ? __pfx_xtTruncate+0x10/0x10
[   88.288784][  T116]  jfs_free_zero_link+0x47f/0x700
[   88.288800][  T116]  ? inode_wait_for_writeback+0x115/0x2c0
[   88.288818][  T116]  ? __pfx_jfs_free_zero_link+0x10/0x10
[   88.288838][  T116]  jfs_evict_inode+0x362/0x440
[   88.288852][  T116]  ? __pfx_jfs_evict_inode+0x10/0x10
[   88.288866][  T116]  evict+0x4f9/0x9b0
[   88.288889][  T116]  ? __pfx_evict+0x10/0x10
[   88.288916][  T116]  ? iput+0x713/0xa50
[   88.288934][  T116]  txUpdateMap+0x948/0xb20
[   88.288956][  T116]  ? __pfx_txUpdateMap+0x10/0x10
[   88.288973][  T116]  ? schedule+0x90/0x360
[   88.288991][  T116]  jfs_lazycommit+0x49c/0xba0
[   88.289009][  T116]  ? _raw_spin_unlock_irqrestore+0x90/0x140
[   88.289024][  T116]  ? lockdep_hardirqs_on+0x9d/0x150
[   88.289043][  T116]  ? __pfx_jfs_lazycommit+0x10/0x10
[   88.289062][  T116]  ? __pfx_default_wake_function+0x10/0x10
[   88.289078][  T116]  ? __kthread_parkme+0x1a8/0x200
[   88.289095][  T116]  ? __pfx_jfs_lazycommit+0x10/0x10
[   88.289114][  T116]  kthread+0x7b7/0x940
[   88.289133][  T116]  ? __pfx_jfs_lazycommit+0x10/0x10
[   88.289152][  T116]  ? __pfx_kthread+0x10/0x10
[   88.289169][  T116]  ? __pfx_kthread+0x10/0x10
[   88.289187][  T116]  ? __pfx_kthread+0x10/0x10
[   88.289205][  T116]  ? __pfx_kthread+0x10/0x10
[   88.289223][  T116]  ? _raw_spin_unlock_irq+0x23/0x50
[   88.289236][  T116]  ? lockdep_hardirqs_on+0x9d/0x150
[   88.289252][  T116]  ? __pfx_kthread+0x10/0x10
[   88.289271][  T116]  ret_from_fork+0x4b/0x80
[   88.289285][  T116]  ? __pfx_kthread+0x10/0x10
[   88.289303][  T116]  ret_from_fork_asm+0x1a/0x30
[   88.289329][  T116]  </TASK>
[   88.289335][  T116] 
[   88.675715][  T116] The buggy address belongs to the object at ffff88807bae4088
[   88.675715][  T116]  which belongs to the cache jfs_ip of size 2232
[   88.689420][  T116] The buggy address is located 64 bytes inside of
[   88.689420][  T116]  allocated 2232-byte region [ffff88807bae4088, ffff88807bae4940)
[   88.703581][  T116] 
[   88.705898][  T116] The buggy address belongs to the physical page:
[   88.712408][  T116] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7bae0
[   88.721172][  T116] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   88.729688][  T116] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[   88.737244][  T116] page_type: f5(slab)
[   88.741232][  T116] raw: 00fff00000000040 ffff88801c76a000 dead000000000122 0000000000000000
[   88.749828][  T116] raw: 0000000000000000 00000000800d000d 00000000f5000000 0000000000000000
[   88.758442][  T116] head: 00fff00000000040 ffff88801c76a000 dead000000000122 0000000000000000
[   88.767127][  T116] head: 0000000000000000 00000000800d000d 00000000f5000000 0000000000000000
[   88.775797][  T116] head: 00fff00000000003 ffffea0001eeb801 00000000ffffffff 00000000ffffffff
[   88.784464][  T116] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[   88.793128][  T116] page dumped because: kasan: bad access detected
[   88.799548][  T116] page_owner tracks the page as allocated
[   88.805263][  T116] page last allocated via order 3, migratetype Reclaimable, gfp_mask 0xd2050(__GFP_RECLAIMABLE|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5830, tgid 5830 (syz-executor219), ts 88211987063, free_ts 31285519334
[   88.827846][  T116]  post_alloc_hook+0x1f4/0x240
[   88.832643][  T116]  get_page_from_freelist+0x351d/0x36b0
[   88.838192][  T116]  __alloc_frozen_pages_noprof+0x211/0x5b0
[   88.843996][  T116]  alloc_pages_mpol+0x339/0x690
[   88.848838][  T116]  allocate_slab+0x8f/0x3a0
[   88.853340][  T116]  ___slab_alloc+0xc3b/0x1500
[   88.858014][  T116]  __slab_alloc+0x58/0xa0
[   88.862337][  T116]  kmem_cache_alloc_lru_noprof+0x274/0x390
[   88.868161][  T116]  jfs_alloc_inode+0x28/0x70
[   88.872756][  T116]  alloc_inode+0x69/0x1b0
[   88.877079][  T116]  new_inode+0x22/0x180
[   88.881228][  T116]  jfs_fill_super+0x570/0xd90
[   88.885902][  T116]  get_tree_bdev_flags+0x490/0x5c0
[   88.891015][  T116]  vfs_get_tree+0x90/0x2b0
[   88.895431][  T116]  do_new_mount+0x2cf/0xb70
[   88.899929][  T116]  __se_sys_mount+0x38c/0x400
[   88.904599][  T116] page last free pid 1 tgid 1 stack trace:
[   88.910395][  T116]  __free_frozen_pages+0xddf/0x10a0
[   88.915592][  T116]  free_contig_range+0x154/0x430
[   88.920536][  T116]  destroy_args+0x94/0x4b0
[   88.924947][  T116]  debug_vm_pgtable+0x555/0x590
[   88.929793][  T116]  do_one_initcall+0x24a/0x940
[   88.934556][  T116]  do_initcall_level+0x157/0x210
[   88.939493][  T116]  do_initcalls+0x71/0xd0
[   88.943815][  T116]  kernel_init_freeable+0x432/0x5d0
[   88.949005][  T116]  kernel_init+0x1d/0x2b0
[   88.953372][  T116]  ret_from_fork+0x4b/0x80
[   88.957785][  T116]  ret_from_fork_asm+0x1a/0x30
[   88.962568][  T116] 
[   88.964881][  T116] Memory state around the buggy address:
[   88.970503][  T116]  ffff88807bae3f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   88.978557][  T116]  ffff88807bae4000: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   88.986611][  T116] >ffff88807bae4080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   88.994667][  T116]                                               ^
[   89.001069][  T116]  ffff88807bae4100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   89.009119][  T116]  ffff88807bae4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   89.017170][  T116] ==================================================================
[   89.025254][  T116] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   89.032451][  T116] CPU: 0 UID: 0 PID: 116 Comm: jfsCommit Not tainted 6.15.0-rc2-syzkaller-00037-g834a4a689699 #0 PREEMPT(full) 
[   89.044245][  T116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   89.054295][  T116] Call Trace:
[   89.057588][  T116]  <TASK>
[   89.060525][  T116]  dump_stack_lvl+0x241/0x360
[   89.065203][  T116]  ? __pfx_dump_stack_lvl+0x10/0x10
[   89.070425][  T116]  ? __pfx__printk+0x10/0x10
[   89.075019][  T116]  ? vscnprintf+0x5d/0x90
[   89.079342][  T116]  panic+0x349/0x880
[   89.083236][  T116]  ? check_panic_on_warn+0x21/0xb0
[   89.088346][  T116]  ? __pfx_panic+0x10/0x10
[   89.092765][  T116]  ? do_raw_spin_unlock+0x13c/0x8b0
[   89.097972][  T116]  ? _raw_spin_unlock_irqrestore+0xde/0x140
[   89.103885][  T116]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   89.110213][  T116]  ? print_report+0x519/0x5b0
[   89.114898][  T116]  check_panic_on_warn+0x86/0xb0
[   89.119863][  T116]  ? string+0x227/0x2b0
[   89.124013][  T116]  end_report+0x77/0x160
[   89.128344][  T116]  kasan_report+0x154/0x180
[   89.132863][  T116]  ? string+0x227/0x2b0
[   89.137055][  T116]  string+0x227/0x2b0
[   89.141042][  T116]  vsnprintf+0x8b6/0x1230
[   89.146415][  T116]  ? this_cpu_in_panic+0x4f/0x80
[   89.151362][  T116]  ? __pfx_vsnprintf+0x10/0x10
[   89.156132][  T116]  vprintk_store+0x484/0x1240
[   89.160813][  T116]  ? __pfx_console_flush_all+0x10/0x10
[   89.166273][  T116]  ? __pfx_vprintk_store+0x10/0x10
[   89.171402][  T116]  ? prb_read_valid+0xab/0xf0
[   89.176079][  T116]  ? __pfx___console_unlock+0x10/0x10
[   89.181457][  T116]  ? console_unlock+0x2fe/0x3b0
[   89.186308][  T116]  ? __irq_work_queue_local+0x137/0x410
[   89.191853][  T116]  ? is_printk_cpu_sync_owner+0x32/0x40
[   89.197404][  T116]  vprintk_emit+0x298/0xa40
[   89.201910][  T116]  ? __pfx_vprintk_emit+0x10/0x10
[   89.206936][  T116]  ? rcu_is_watching+0x15/0xb0
[   89.211705][  T116]  _printk+0xd5/0x120
[   89.215714][  T116]  ? __pfx__printk+0x10/0x10
[   89.220304][  T116]  ? is_dynamic_key+0x1ac/0x1c0
[   89.225160][  T116]  spin_bug+0x13b/0x1d0
[   89.229319][  T116]  do_raw_spin_lock+0x20d/0x370
[   89.234175][  T116]  ? __pfx_do_raw_spin_lock+0x10/0x10
[   89.239573][  T116]  _raw_spin_lock_irqsave+0xe4/0x130
[   89.244871][  T116]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[   89.250769][  T116]  ? __pfx___might_resched+0x10/0x10
[   89.256064][  T116]  __wake_up_common_lock+0x25/0x1e0
[   89.261283][  T116]  release_metapage+0x158/0xa90
[   89.266149][  T116]  xtTruncate+0x1026/0x32a0
[   89.270669][  T116]  ? __pfx_xtTruncate+0x10/0x10
[   89.275551][  T116]  jfs_free_zero_link+0x47f/0x700
[   89.280590][  T116]  ? inode_wait_for_writeback+0x115/0x2c0
[   89.286320][  T116]  ? __pfx_jfs_free_zero_link+0x10/0x10
[   89.291895][  T116]  jfs_evict_inode+0x362/0x440
[   89.296658][  T116]  ? __pfx_jfs_evict_inode+0x10/0x10
[   89.301956][  T116]  evict+0x4f9/0x9b0
[   89.305874][  T116]  ? __pfx_evict+0x10/0x10
[   89.310308][  T116]  ? iput+0x713/0xa50
[   89.314297][  T116]  txUpdateMap+0x948/0xb20
[   89.318717][  T116]  ? __pfx_txUpdateMap+0x10/0x10
[   89.323654][  T116]  ? schedule+0x90/0x360
[   89.327894][  T116]  jfs_lazycommit+0x49c/0xba0
[   89.332578][  T116]  ? _raw_spin_unlock_irqrestore+0x90/0x140
[   89.338468][  T116]  ? lockdep_hardirqs_on+0x9d/0x150
[   89.343665][  T116]  ? __pfx_jfs_lazycommit+0x10/0x10
[   89.348858][  T116]  ? __pfx_default_wake_function+0x10/0x10
[   89.354661][  T116]  ? __kthread_parkme+0x1a8/0x200
[   89.359694][  T116]  ? __pfx_jfs_lazycommit+0x10/0x10
[   89.364892][  T116]  kthread+0x7b7/0x940
[   89.368966][  T116]  ? __pfx_jfs_lazycommit+0x10/0x10
[   89.374182][  T116]  ? __pfx_kthread+0x10/0x10
[   89.378796][  T116]  ? __pfx_kthread+0x10/0x10
[   89.383388][  T116]  ? __pfx_kthread+0x10/0x10
[   89.387978][  T116]  ? __pfx_kthread+0x10/0x10
[   89.392572][  T116]  ? _raw_spin_unlock_irq+0x23/0x50
[   89.397768][  T116]  ? lockdep_hardirqs_on+0x9d/0x150
[   89.402965][  T116]  ? __pfx_kthread+0x10/0x10
[   89.407558][  T116]  ret_from_fork+0x4b/0x80
[   89.412150][  T116]  ? __pfx_kthread+0x10/0x10
[   89.416738][  T116]  ret_from_fork_asm+0x1a/0x30
[   89.421511][  T116]  </TASK>
[   89.424701][  T116] Kernel Offset: disabled
[   89.429023][  T116] Rebooting in 86400 seconds..