Warning: Permanently added '10.128.1.173' (ED25519) to the list of known hosts.
executing program
syzkaller login: [   36.290235][ T4296] loop0: detected capacity change from 0 to 32768
[   36.316138][ T4296] jfs: Unrecognized mount option "ÿÿ01777777777777777777777¤	Z*¬ð¿Ë m˜.Dc8'ñ@Ø×C9Gö9œùõ?À9†Så¦{»1Ÿ¿JÆöÌÕ¬¿á5Ã¦ÒÔŒöÀ‰Ýöqqÿ³±Yˆç³”ÅÚóá" or missing value
[   36.322603][ T4296] ==================================================================
[   36.324734][ T4296] BUG: KASAN: use-after-free in jfs_readdir+0xf44/0x3030
[   36.326714][ T4296] Read of size 8 at addr ffff0000cd732bd0 by task syz-executor217/4296
[   36.328889][ T4296] 
[   36.329552][ T4296] CPU: 1 PID: 4296 Comm: syz-executor217 Not tainted 6.1.133-syzkaller #0
[   36.331673][ T4296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   36.334308][ T4296] Call trace:
[   36.335281][ T4296]  dump_backtrace+0x1c8/0x1f4
[   36.336609][ T4296]  show_stack+0x2c/0x3c
[   36.337804][ T4296]  dump_stack_lvl+0x108/0x170
[   36.339079][ T4296]  print_report+0x174/0x4c0
[   36.340227][ T4296]  kasan_report+0xd4/0x130
[   36.341441][ T4296]  __asan_report_load8_noabort+0x2c/0x38
[   36.343019][ T4296]  jfs_readdir+0xf44/0x3030
[   36.344193][ T4296]  iterate_dir+0x1f4/0x4ec
[   36.345349][ T4296]  __arm64_sys_getdents64+0x1c4/0x4a0
[   36.346742][ T4296]  invoke_syscall+0x98/0x2bc
[   36.348071][ T4296]  el0_svc_common+0x138/0x258
[   36.349398][ T4296]  do_el0_svc+0x58/0x13c
[   36.350509][ T4296]  el0_svc+0x58/0x168
[   36.351411][ T4296]  el0t_64_sync_handler+0x84/0xf0
[   36.353170][ T4296]  el0t_64_sync+0x18c/0x190
[   36.354299][ T4296] 
[   36.354882][ T4296] Allocated by task 4296:
[   36.355999][ T4296]  kasan_set_track+0x4c/0x80
[   36.357161][ T4296]  kasan_save_alloc_info+0x24/0x30
[   36.358438][ T4296]  __kasan_slab_alloc+0x74/0x8c
[   36.359636][ T4296]  slab_post_alloc_hook+0x74/0x458
[   36.360877][ T4296]  kmem_cache_alloc+0x230/0x37c
[   36.362216][ T4296]  mempool_alloc_slab+0x58/0x74
[   36.363708][ T4296]  mempool_alloc+0x150/0x48c
[   36.365059][ T4296]  __get_metapage+0x618/0x1050
[   36.366329][ T4296]  dtSplitRoot+0x21c/0x1428
[   36.367665][ T4296]  dtInsert+0xf7c/0x576c
[   36.368797][ T4296]  jfs_symlink+0x718/0xef4
[   36.370176][ T4296]  vfs_symlink+0x244/0x3a8
[   36.371348][ T4296]  do_symlinkat+0x1bc/0x45c
[   36.372501][ T4296]  __arm64_sys_symlinkat+0xa4/0xbc
[   36.373775][ T4296]  invoke_syscall+0x98/0x2bc
[   36.374919][ T4296]  el0_svc_common+0x138/0x258
[   36.376051][ T4296]  do_el0_svc+0x58/0x13c
[   36.377167][ T4296]  el0_svc+0x58/0x168
[   36.378165][ T4296]  el0t_64_sync_handler+0x84/0xf0
[   36.379397][ T4296]  el0t_64_sync+0x18c/0x190
[   36.380505][ T4296] 
[   36.381130][ T4296] Freed by task 4296:
[   36.382191][ T4296]  kasan_set_track+0x4c/0x80
[   36.383367][ T4296]  kasan_save_free_info+0x38/0x5c
[   36.384676][ T4296]  ____kasan_slab_free+0x144/0x1c0
[   36.386034][ T4296]  __kasan_slab_free+0x18/0x28
[   36.387191][ T4296]  kmem_cache_free+0x2f0/0x588
[   36.388356][ T4296]  mempool_free_slab+0x28/0x38
[   36.389555][ T4296]  mempool_free+0xbc/0x2e0
[   36.390651][ T4296]  release_metapage+0x808/0xc84
[   36.391886][ T4296]  jfs_readdir+0xcb4/0x3030
[   36.393010][ T4296]  iterate_dir+0x1f4/0x4ec
[   36.394151][ T4296]  __arm64_sys_getdents64+0x1c4/0x4a0
[   36.395491][ T4296]  invoke_syscall+0x98/0x2bc
[   36.396674][ T4296]  el0_svc_common+0x138/0x258
[   36.397809][ T4296]  do_el0_svc+0x58/0x13c
[   36.398903][ T4296]  el0_svc+0x58/0x168
[   36.399912][ T4296]  el0t_64_sync_handler+0x84/0xf0
[   36.401117][ T4296]  el0t_64_sync+0x18c/0x190
[   36.402301][ T4296] 
[   36.402900][ T4296] The buggy address belongs to the object at ffff0000cd732ba0
[   36.402900][ T4296]  which belongs to the cache jfs_mp of size 184
[   36.406258][ T4296] The buggy address is located 48 bytes inside of
[   36.406258][ T4296]  184-byte region [ffff0000cd732ba0, ffff0000cd732c58)
[   36.409498][ T4296] 
[   36.410049][ T4296] The buggy address belongs to the physical page:
[   36.411635][ T4296] page:00000000ed21b7f0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10d732
[   36.414220][ T4296] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff)
[   36.416187][ T4296] raw: 05ffc00000000200 0000000000000000 dead000000000122 ffff0000c6f28000
[   36.418361][ T4296] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   36.420419][ T4296] page dumped because: kasan: bad access detected
[   36.421982][ T4296] 
[   36.422644][ T4296] Memory state around the buggy address:
[   36.424045][ T4296]  ffff0000cd732a80: fc fc fc fc fc 00 00 00 00 00 00 00 00 00 00 00
[   36.426044][ T4296]  ffff0000cd732b00: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[   36.428021][ T4296] >ffff0000cd732b80: fc fc fc fc fa fb fb fb fb fb fb fb fb fb fb fb
[   36.430072][ T4296]                                                  ^
[   36.431804][ T4296]  ffff0000cd732c00: fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc
[   36.433826][ T4296]  ffff0000cd732c80: fc fc fc 00 00 00 00 00 00 00 00 00 00 00 00 00
[   36.435918][ T4296] ==================================================================
[   36.438042][ T4296] Disabling lock debugging due to kernel taint