Warning: Permanently added '10.128.0.205' (ED25519) to the list of known hosts.
executing program
executing program
executing program
executing program
[   80.488878][ T5777] syz-executor113[5777]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[   81.128218][ T5776] loop0: detected capacity change from 0 to 32768
[   81.190010][   T28] audit: type=1800 audit(1750404770.122:2): pid=5776 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor113" name="file1" dev="loop0" ino=4 res=0 errno=0
[   81.224572][ T5777] loop2: detected capacity change from 0 to 32768
[   81.282615][   T28] audit: type=1800 audit(1750404770.232:3): pid=5777 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor113" name="file1" dev="loop2" ino=4 res=0 errno=0
[   81.298358][ T5778] loop1: detected capacity change from 0 to 32768
[   81.332012][ T5780] loop3: detected capacity change from 0 to 32768
[   81.391743][   T28] audit: type=1800 audit(1750404770.342:4): pid=5778 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor113" name="file1" dev="loop1" ino=4 res=0 errno=0
[   81.471180][   T28] audit: type=1800 audit(1750404770.372:5): pid=5780 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor113" name="file1" dev="loop3" ino=4 res=0 errno=0
executing program
executing program
[   81.660064][  T112] ==================================================================
[   81.668207][  T112] BUG: KASAN: slab-use-after-free in jfs_lazycommit+0x753/0xa60
[   81.675920][  T112] Read of size 4 at addr ffff888023dda694 by task jfsCommit/112
[   81.683595][  T112] 
[   81.685936][  T112] CPU: 1 PID: 112 Comm: jfsCommit Not tainted 6.6.94-syzkaller #0
[   81.693766][  T112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   81.703857][  T112] Call Trace:
[   81.707186][  T112]  <TASK>
[   81.710159][  T112]  dump_stack_lvl+0x16c/0x230
[   81.714896][  T112]  ? __lock_acquire+0x7c80/0x7c80
[   81.719959][  T112]  ? show_regs_print_info+0x20/0x20
[   81.725207][  T112]  ? load_image+0x3b0/0x3b0
[   81.729768][  T112]  ? __virt_addr_valid+0x469/0x540
[   81.734915][  T112]  print_report+0xac/0x230
[   81.739366][  T112]  ? jfs_lazycommit+0x753/0xa60
[   81.744249][  T112]  kasan_report+0x117/0x150
[   81.748792][  T112]  ? _raw_spin_lock_irqsave+0xb4/0xf0
[   81.754219][  T112]  ? jfs_lazycommit+0x753/0xa60
[   81.759105][  T112]  jfs_lazycommit+0x753/0xa60
[   81.761590][  T786] cfg80211: failed to load regulatory.db
[   81.763801][  T112]  ? txFreelock+0x5a0/0x5a0
[   81.773967][  T112]  ? do_task_dead+0xd0/0xd0
[   81.778508][  T112]  ? __kthread_parkme+0x7a/0x1c0
[   81.783487][  T112]  kthread+0x2fa/0x390
[   81.787578][  T112]  ? txFreelock+0x5a0/0x5a0
[   81.792113][  T112]  ? kthread_blkcg+0xd0/0xd0
[   81.796739][  T112]  ret_from_fork+0x48/0x80
[   81.801278][  T112]  ? kthread_blkcg+0xd0/0xd0
[   81.805890][  T112]  ret_from_fork_asm+0x11/0x20
[   81.810690][  T112]  </TASK>
[   81.813728][  T112] 
[   81.816061][  T112] Allocated by task 5777:
[   81.820406][  T112]  kasan_set_track+0x4e/0x70
[   81.825030][  T112]  __kasan_kmalloc+0x8f/0xa0
[   81.829644][  T112]  jfs_fill_super+0xd6/0xac0
[   81.834267][  T112]  mount_bdev+0x22b/0x2d0
[   81.838628][  T112]  legacy_get_tree+0xea/0x180
[   81.843337][  T112]  vfs_get_tree+0x8c/0x280
[   81.847783][  T112]  do_new_mount+0x24b/0xa40
[   81.852300][  T112]  __se_sys_mount+0x2da/0x3c0
[   81.856995][  T112]  do_syscall_64+0x55/0xb0
[   81.861434][  T112]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   81.867357][  T112] 
[   81.869693][  T112] Freed by task 5771:
[   81.873679][  T112]  kasan_set_track+0x4e/0x70
[   81.878279][  T112]  kasan_save_free_info+0x2e/0x50
[   81.883323][  T112]  ____kasan_slab_free+0x126/0x1e0
[   81.888443][  T112]  slab_free_freelist_hook+0x130/0x1b0
[   81.893906][  T112]  __kmem_cache_free+0xba/0x1f0
[   81.898791][  T112]  generic_shutdown_super+0x134/0x2b0
[   81.904168][  T112]  kill_block_super+0x44/0x90
[   81.908852][  T112]  deactivate_locked_super+0x97/0x100
[   81.914225][  T112]  cleanup_mnt+0x429/0x4c0
[   81.918647][  T112]  task_work_run+0x1ce/0x250
[   81.923243][  T112]  exit_to_user_mode_loop+0xe6/0x110
[   81.928538][  T112]  exit_to_user_mode_prepare+0xb1/0x140
[   81.934093][  T112]  syscall_exit_to_user_mode+0x1a/0x50
[   81.939575][  T112]  do_syscall_64+0x61/0xb0
[   81.944002][  T112]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   81.949991][  T112] 
[   81.952317][  T112] The buggy address belongs to the object at ffff888023dda600
[   81.952317][  T112]  which belongs to the cache kmalloc-256 of size 256
[   81.966805][  T112] The buggy address is located 148 bytes inside of
[   81.966805][  T112]  freed 256-byte region [ffff888023dda600, ffff888023dda700)
[   81.980616][  T112] 
[   81.982962][  T112] The buggy address belongs to the physical page:
[   81.989377][  T112] page:ffffea00008f7680 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x23dda
[   81.999575][  T112] head:ffffea00008f7680 order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   82.008510][  T112] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   82.016509][  T112] page_type: 0xffffffff()
[   82.020953][  T112] raw: 00fff00000000840 ffff888017841b40 ffffea00008fc980 dead000000000002
[   82.029552][  T112] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[   82.038161][  T112] page dumped because: kasan: bad access detected
[   82.044602][  T112] page_owner tracks the page as allocated
[   82.050315][  T112] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 42, tgid 42 (kworker/u4:2), ts 7500084494, free_ts 0
[   82.070485][  T112]  post_alloc_hook+0x1cd/0x210
[   82.075290][  T112]  get_page_from_freelist+0x195c/0x19f0
[   82.080947][  T112]  __alloc_pages+0x1e3/0x460
[   82.085642][  T112]  alloc_slab_page+0x5d/0x170
[   82.090338][  T112]  new_slab+0x87/0x2e0
[   82.094451][  T112]  ___slab_alloc+0xc6d/0x12f0
[   82.099175][  T112]  __kmem_cache_alloc_node+0x1a2/0x260
[   82.104654][  T112]  kmalloc_trace+0x2a/0xe0
[   82.109076][  T112]  scsi_probe_and_add_lun+0x273/0x4480
[   82.114543][  T112]  __scsi_scan_target+0x1ec/0x1020
[   82.119657][  T112]  scsi_scan_host_selected+0x372/0x690
[   82.125124][  T112]  do_scan_async+0x11e/0x750
[   82.129723][  T112]  async_run_entry_fn+0xa3/0x3f0
[   82.134754][  T112]  process_scheduled_works+0xa45/0x15b0
[   82.140307][  T112]  worker_thread+0xa55/0xfc0
[   82.144906][  T112]  kthread+0x2fa/0x390
[   82.148976][  T112] page_owner free stack trace missing
[   82.154343][  T112] 
[   82.156670][  T112] Memory state around the buggy address:
[   82.162299][  T112]  ffff888023dda580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   82.170362][  T112]  ffff888023dda600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   82.178435][  T112] >ffff888023dda680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   82.186495][  T112]                          ^
[   82.191100][  T112]  ffff888023dda700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   82.199253][  T112]  ffff888023dda780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   82.207400][  T112] ==================================================================
[   82.215461][  T112] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   82.223006][  T112] CPU: 1 PID: 112 Comm: jfsCommit Not tainted 6.6.94-syzkaller #0
[   82.230898][  T112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   82.240957][  T112] Call Trace:
[   82.244244][  T112]  <TASK>
[   82.247187][  T112]  dump_stack_lvl+0x16c/0x230
[   82.252136][  T112]  ? show_regs_print_info+0x20/0x20
[   82.257355][  T112]  ? load_image+0x3b0/0x3b0
[   82.261875][  T112]  panic+0x2c0/0x710
[   82.265791][  T112]  ? bpf_jit_dump+0xd0/0xd0
[   82.270299][  T112]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[   82.276201][  T112]  ? _raw_spin_unlock+0x40/0x40
[   82.281061][  T112]  ? print_memory_metadata+0x314/0x400
[   82.286526][  T112]  ? jfs_lazycommit+0x753/0xa60
[   82.291385][  T112]  check_panic_on_warn+0x84/0xa0
[   82.296329][  T112]  ? jfs_lazycommit+0x753/0xa60
[   82.301185][  T112]  end_report+0x6f/0x140
[   82.305432][  T112]  kasan_report+0x128/0x150
[   82.309942][  T112]  ? _raw_spin_lock_irqsave+0xb4/0xf0
[   82.315327][  T112]  ? jfs_lazycommit+0x753/0xa60
[   82.320185][  T112]  jfs_lazycommit+0x753/0xa60
[   82.324874][  T112]  ? txFreelock+0x5a0/0x5a0
[   82.329392][  T112]  ? do_task_dead+0xd0/0xd0
[   82.333903][  T112]  ? __kthread_parkme+0x7a/0x1c0
[   82.338861][  T112]  kthread+0x2fa/0x390
[   82.342931][  T112]  ? txFreelock+0x5a0/0x5a0
[   82.347490][  T112]  ? kthread_blkcg+0xd0/0xd0
[   82.352196][  T112]  ret_from_fork+0x48/0x80
[   82.356625][  T112]  ? kthread_blkcg+0xd0/0xd0
[   82.361218][  T112]  ret_from_fork_asm+0x11/0x20
[   82.365997][  T112]  </TASK>
[   82.369291][  T112] Kernel Offset: disabled
[   82.373760][  T112] Rebooting in 86400 seconds..