DUID 00:04:52:37:01:18:ef:18:23:1a:50:cb:d1:49:65:cf:57:ac
forked to background, child pid 3914
[   48.706338][ T3915] 8021q: adding VLAN 0 to HW filter on device bond0
[   48.736364][ T3915] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.1.76' (ED25519) to the list of known hosts.
executing program
syzkaller login: [   71.951479][ T4245] loop0: detected capacity change from 0 to 32768
[   71.959351][ T4245] =======================================================
[   71.959351][ T4245] WARNING: The mand mount option has been deprecated and
[   71.959351][ T4245]          and is ignored by this kernel. Remove the mand
[   71.959351][ T4245]          option from the mount to silence this warning.
[   71.959351][ T4245] =======================================================
[   72.009873][ T4245] JFS: metapage_get_blocks failed
[   72.015594][ T4245] ERROR: (device loop0): release_metapage: write_one_page() failed
[   72.015594][ T4245] 
[   72.027164][ T4245] ERROR: (device loop0): remounting filesystem as read-only
[   72.046679][  T107] blkno = 5002c, nblocks = 1
[   72.051459][  T107] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map
[   72.051459][  T107] 
[   72.062675][  T107] ERROR: (device loop0): remounting filesystem as read-only
[   72.070940][  T107] BUG: Bad page state in process jfsCommit  pfn:799a8
[   72.077762][  T107] page:ffffea0001e66a00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x24 pfn:0x799a8
[   72.089441][  T107] flags: 0xfff00000002047(locked|referenced|uptodate|workingset|private|node=0|zone=1|lastcpupid=0x7ff)
[   72.100782][  T107] raw: 00fff00000002047 dead000000000100 dead000000000122 0000000000000000
[   72.109475][  T107] raw: 0000000000000024 ffff888075b5fba0 00000000ffffffff 0000000000000000
[   72.118175][  T107] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[   72.125486][  T107] page_owner tracks the page as allocated
[   72.131352][  T107] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x40c40(GFP_NOFS|__GFP_COMP), pid 4245, tgid 4245 (syz-executor506), ts 72006528876, free_ts 66030792721
[   72.148443][  T107]  post_alloc_hook+0x18d/0x1b0
[   72.153229][  T107]  get_page_from_freelist+0x3731/0x38d0
[   72.158822][  T107]  __alloc_pages+0x28d/0x770
[   72.163433][  T107]  folio_alloc+0x1a/0x50
[   72.167681][  T107]  filemap_alloc_folio+0xda/0x4f0
[   72.173021][  T107]  do_read_cache_folio+0x2a7/0x810
[   72.178313][  T107]  do_read_cache_page+0x32/0x220
[   72.183286][  T107]  __get_metapage+0x32c/0x1040
[   72.188127][  T107]  diRead+0x707/0xbb0
[   72.192131][  T107]  jfs_iget+0x88/0x3b0
[   72.196198][  T107]  jfs_lookup+0x222/0x400
[   72.200600][  T107]  __lookup_slow+0x27e/0x3d0
[   72.205215][  T107]  lookup_slow+0x53/0x70
[   72.209558][  T107]  walk_component+0x2d0/0x400
[   72.214265][  T107]  path_lookupat+0x16f/0x450
[   72.218922][  T107]  filename_lookup+0x251/0x600
[   72.223712][  T107] page last free stack trace:
[   72.228435][  T107]  free_unref_page_prepare+0xf63/0x1120
[   72.233999][  T107]  free_unref_page+0x33/0x3e0
[   72.238750][  T107]  pipe_read+0x6e1/0x12a0
[   72.243113][  T107]  vfs_read+0x88d/0xbf0
[   72.247272][  T107]  ksys_read+0x19c/0x2c0
[   72.251572][  T107]  do_syscall_64+0x3b/0xb0
[   72.256024][  T107]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   72.262006][  T107] Modules linked in:
[   72.265943][  T107] CPU: 0 PID: 107 Comm: jfsCommit Not tainted 6.1.116-syzkaller #0
[   72.273837][  T107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   72.283897][  T107] Call Trace:
[   72.287178][  T107]  <TASK>
[   72.290120][  T107]  dump_stack_lvl+0x1e3/0x2cb
[   72.294823][  T107]  ? nf_tcp_handle_invalid+0x642/0x642
[   72.300276][  T107]  ? is_module_text_address+0x140/0x140
[   72.305827][  T107]  bad_page+0x14b/0x170
[   72.309982][  T107]  free_unref_page_prepare+0x56b/0x1120
[   72.315547][  T107]  free_unref_page+0x33/0x3e0
[   72.320236][  T107]  txUnlock+0x282/0xca0
[   72.324504][  T107]  ? lockdep_hardirqs_on+0x94/0x130
[   72.329716][  T107]  jfs_lazycommit+0x5d0/0xb60
[   72.334405][  T107]  ? _raw_spin_unlock_irqrestore+0x8b/0x130
[   72.340323][  T107]  ? lockdep_hardirqs_on+0x94/0x130
[   72.345522][  T107]  ? txFreelock+0x580/0x580
[   72.350026][  T107]  ? do_task_dead+0xd0/0xd0
[   72.354540][  T107]  ? _raw_spin_unlock+0x40/0x40
[   72.359396][  T107]  ? __kthread_parkme+0x168/0x1c0
[   72.364427][  T107]  kthread+0x28d/0x320
[   72.368491][  T107]  ? txFreelock+0x580/0x580
[   72.373007][  T107]  ? kthread_blkcg+0xd0/0xd0
[   72.377590][  T107]  ret_from_fork+0x1f/0x30
[   72.382015][  T107]  </TASK>
[   72.385288][  T107] Disabling lock debugging due to kernel taint
[   72.391513][  T107] page:ffffea0001e66a00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x24 pfn:0x799a8
[   72.401813][  T107] flags: 0xfff00000002047(locked|referenced|uptodate|workingset|private|node=0|zone=1|lastcpupid=0x7ff)
[   72.413007][  T107] raw: 00fff00000002047 dead000000000100 dead000000000122 0000000000000000
[   72.421675][  T107] raw: 0000000000000024 ffff888075b5fba0 00000000ffffffff 0000000000000000
[   72.430312][  T107] page dumped because: VM_BUG_ON_FOLIO(((unsigned int) folio_ref_count(folio) + 127u <= 127u))
[   72.440707][  T107] page_owner tracks the page as allocated
[   72.446411][  T107] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x40c40(GFP_NOFS|__GFP_COMP), pid 4245, tgid 4245 (syz-executor506), ts 72006528876, free_ts 66030792721
[   72.463468][  T107]  post_alloc_hook+0x18d/0x1b0
[   72.468361][  T107]  get_page_from_freelist+0x3731/0x38d0
[   72.473906][  T107]  __alloc_pages+0x28d/0x770
[   72.478524][  T107]  folio_alloc+0x1a/0x50
[   72.482778][  T107]  filemap_alloc_folio+0xda/0x4f0
[   72.487806][  T107]  do_read_cache_folio+0x2a7/0x810
[   72.492956][  T107]  do_read_cache_page+0x32/0x220
[   72.497908][  T107]  __get_metapage+0x32c/0x1040
[   72.502720][  T107]  diRead+0x707/0xbb0
[   72.506715][  T107]  jfs_iget+0x88/0x3b0
[   72.510830][  T107]  jfs_lookup+0x222/0x400
[   72.515183][  T107]  __lookup_slow+0x27e/0x3d0
[   72.519886][  T107]  lookup_slow+0x53/0x70
[   72.524170][  T107]  walk_component+0x2d0/0x400
[   72.528888][  T107]  path_lookupat+0x16f/0x450
[   72.533501][  T107]  filename_lookup+0x251/0x600
[   72.538319][  T107] page last free stack trace:
[   72.542992][  T107]  free_unref_page_prepare+0xf63/0x1120
[   72.548571][  T107]  free_unref_page+0x33/0x3e0
[   72.553284][  T107]  pipe_read+0x6e1/0x12a0
[   72.557605][  T107]  vfs_read+0x88d/0xbf0
[   72.561801][  T107]  ksys_read+0x19c/0x2c0
[   72.566055][  T107]  do_syscall_64+0x3b/0xb0
[   72.570503][  T107]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   72.576720][  T107] ------------[ cut here ]------------
[   72.582219][  T107] kernel BUG at include/linux/mm.h:1135!
[   72.587902][  T107] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[   72.593984][  T107] CPU: 0 PID: 107 Comm: jfsCommit Tainted: G    B              6.1.116-syzkaller #0
[   72.603345][  T107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   72.613403][  T107] RIP: 0010:put_metapage+0x25c/0x300
[   72.618685][  T107] Code: 2c 24 49 81 e5 ff 0f 00 00 74 21 e8 9e 51 81 fe e9 a0 00 00 00 e8 94 51 81 fe 48 8b 3c 24 48 c7 c6 a0 e9 44 8b e8 d4 16 c1 fe <0f> 0b 48 8b 1c 24 48 89 df be 08 00 00 00 e8 71 db d8 fe 48 c1 eb
[   72.638375][  T107] RSP: 0018:ffffc90002cdfcb8 EFLAGS: 00010246
[   72.644443][  T107] RAX: 7c1abaae8e2e2b00 RBX: 000000000000007f RCX: ffffffff816ab877
[   72.652415][  T107] RDX: 0000000000000000 RSI: ffffffff8b5d77a0 RDI: ffffffff8b5d7760
[   72.660385][  T107] RBP: ffff888075b5fba0 R08: dffffc0000000000 R09: fffffbfff1d34106
[   72.668357][  T107] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
[   72.676333][  T107] R13: ffffea0001e66a34 R14: 1ffff1100eb6bf79 R15: ffff888075b5fbc8
[   72.684305][  T107] FS:  0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
[   72.693235][  T107] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   72.699814][  T107] CR2: 000055bdd9f6efd0 CR3: 000000000d08e000 CR4: 00000000003506f0
[   72.707807][  T107] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   72.715772][  T107] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   72.723745][  T107] Call Trace:
[   72.727032][  T107]  <TASK>
[   72.729990][  T107]  ? __die_body+0x5e/0xa0
[   72.734524][  T107]  ? die+0x83/0xb0
[   72.738256][  T107]  ? do_trap+0x11e/0x350
[   72.742590][  T107]  ? put_metapage+0x25c/0x300
[   72.747263][  T107]  ? put_metapage+0x25c/0x300
[   72.751940][  T107]  ? do_error_trap+0x13d/0x1e0
[   72.756705][  T107]  ? put_metapage+0x25c/0x300
[   72.761382][  T107]  ? do_int3+0x30/0x30
[   72.765453][  T107]  ? rcu_is_watching+0x11/0xb0
[   72.770219][  T107]  ? handle_invalid_op+0x2c/0x40
[   72.775161][  T107]  ? put_metapage+0x25c/0x300
[   72.779834][  T107]  ? exc_invalid_op+0x2f/0x40
[   72.784509][  T107]  ? asm_exc_invalid_op+0x16/0x20
[   72.789544][  T107]  ? lock_release+0xc7/0xa20
[   72.794144][  T107]  ? put_metapage+0x25c/0x300
[   72.798819][  T107]  ? put_metapage+0x25c/0x300
[   72.803495][  T107]  txUnlock+0x42f/0xca0
[   72.807656][  T107]  jfs_lazycommit+0x5d0/0xb60
[   72.812332][  T107]  ? _raw_spin_unlock_irqrestore+0x8b/0x130
[   72.818231][  T107]  ? lockdep_hardirqs_on+0x94/0x130
[   72.823437][  T107]  ? txFreelock+0x580/0x580
[   72.827940][  T107]  ? do_task_dead+0xd0/0xd0
[   72.832451][  T107]  ? _raw_spin_unlock+0x40/0x40
[   72.837307][  T107]  ? __kthread_parkme+0x168/0x1c0
[   72.842344][  T107]  kthread+0x28d/0x320
[   72.846413][  T107]  ? txFreelock+0x580/0x580
[   72.850915][  T107]  ? kthread_blkcg+0xd0/0xd0
[   72.855509][  T107]  ret_from_fork+0x1f/0x30
[   72.859938][  T107]  </TASK>
[   72.862960][  T107] Modules linked in:
[   72.867096][  T107] ---[ end trace 0000000000000000 ]---
[   72.872705][  T107] RIP: 0010:put_metapage+0x25c/0x300
[   72.878117][  T107] Code: 2c 24 49 81 e5 ff 0f 00 00 74 21 e8 9e 51 81 fe e9 a0 00 00 00 e8 94 51 81 fe 48 8b 3c 24 48 c7 c6 a0 e9 44 8b e8 d4 16 c1 fe <0f> 0b 48 8b 1c 24 48 89 df be 08 00 00 00 e8 71 db d8 fe 48 c1 eb
[   72.897833][  T107] RSP: 0018:ffffc90002cdfcb8 EFLAGS: 00010246
[   72.904009][  T107] RAX: 7c1abaae8e2e2b00 RBX: 000000000000007f RCX: ffffffff816ab877
[   72.912092][  T107] RDX: 0000000000000000 RSI: ffffffff8b5d77a0 RDI: ffffffff8b5d7760
[   72.920105][  T107] RBP: ffff888075b5fba0 R08: dffffc0000000000 R09: fffffbfff1d34106
[   72.928123][  T107] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
[   72.936152][  T107] R13: ffffea0001e66a34 R14: 1ffff1100eb6bf79 R15: ffff888075b5fbc8
[   72.944156][  T107] FS:  0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
[   72.953133][  T107] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   72.959759][  T107] CR2: 00007ff2027180f8 CR3: 000000000d08e000 CR4: 00000000003506e0
[   72.967752][  T107] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   72.975763][  T107] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   72.983858][  T107] Kernel panic - not syncing: Fatal exception
[   72.990240][  T107] Kernel Offset: disabled
[   72.994584][  T107] Rebooting in 86400 seconds..