no interfaces have a carrier
[   47.341930][ T5490] 8021q: adding VLAN 0 to HW filter on device bond0
[   47.352505][ T5490] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting crond: OK
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.1.104' (ED25519) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
syzkaller login: [   74.262625][ T5837] loop1: detected capacity change from 0 to 32768
[   74.268542][ T5834] loop4: detected capacity change from 0 to 32768
[   74.282139][ T5836] loop2: detected capacity change from 0 to 32768
[   74.284852][ T5830] loop0: detected capacity change from 0 to 32768
[   74.330452][   T30] audit: type=1800 audit(1749451648.503:2): pid=5834 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor216" name="file1" dev="loop4" ino=4 res=0 errno=0
[   74.360812][ T5838] loop3: detected capacity change from 0 to 32768
[   74.442720][   T30] audit: type=1800 audit(1749451648.503:3): pid=5837 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor216" name="file1" dev="loop1" ino=4 res=0 errno=0
[   74.528107][   T30] audit: type=1800 audit(1749451648.503:4): pid=5836 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor216" name="file1" dev="loop2" ino=4 res=0 errno=0
[   74.571169][   T30] audit: type=1800 audit(1749451648.563:5): pid=5830 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor216" name="file1" dev="loop0" ino=4 res=0 errno=0
executing program
executing program
[   74.653942][   T30] audit: type=1800 audit(1749451648.653:6): pid=5838 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor216" name="file1" dev="loop3" ino=4 res=0 errno=0
executing program
executing program
executing program
[   75.818617][ T5850] loop0: detected capacity change from 0 to 32768
[   75.845051][ T5845] loop4: detected capacity change from 0 to 32768
[   75.879749][ T5851] loop1: detected capacity change from 0 to 32768
[   75.885323][   T30] audit: type=1800 audit(1749451650.053:7): pid=5845 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor216" name="file1" dev="loop4" ino=4 res=0 errno=0
[   75.889331][ T5847] loop2: detected capacity change from 0 to 32768
[   76.003827][   T30] audit: type=1800 audit(1749451650.103:8): pid=5850 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor216" name="file1" dev="loop0" ino=4 res=0 errno=0
[   76.068682][ T5853] loop3: detected capacity change from 0 to 32768
[   76.112998][   T30] audit: type=1800 audit(1749451650.133:9): pid=5851 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor216" name="file1" dev="loop1" ino=4 res=0 errno=0
[   76.215840][   T30] audit: type=1800 audit(1749451650.203:10): pid=5847 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor216" name="file1" dev="loop2" ino=4 res=0 errno=0
[   76.261906][   T30] audit: type=1800 audit(1749451650.283:11): pid=5853 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor216" name="file1" dev="loop3" ino=4 res=0 errno=0
executing program
executing program
executing program
executing program
executing program
[   77.328123][ T5855] loop4: detected capacity change from 0 to 32768
[   77.385384][ T5857] loop3: detected capacity change from 0 to 32768
[   77.520687][ T5859] loop2: detected capacity change from 0 to 32768
executing program
executing program
[   77.753318][ T5863] loop1: detected capacity change from 0 to 32768
executing program
[   77.842502][ T5861] loop0: detected capacity change from 0 to 32768
[   78.236760][  T112] ==================================================================
[   78.244869][  T112] BUG: KASAN: slab-use-after-free in jfs_lazycommit+0x74b/0xa90
[   78.252546][  T112] Read of size 4 at addr ffff888071ef3c94 by task jfsCommit/112
[   78.260168][  T112] 
[   78.262499][  T112] CPU: 0 UID: 0 PID: 112 Comm: jfsCommit Not tainted 6.15.0-syzkaller-13804-g939f15e640f1 #0 PREEMPT(full) 
[   78.262515][  T112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   78.262527][  T112] Call Trace:
[   78.262536][  T112]  <TASK>
[   78.262543][  T112]  dump_stack_lvl+0x189/0x250
[   78.262565][  T112]  ? __virt_addr_valid+0x1c8/0x5c0
[   78.262577][  T112]  ? rcu_is_watching+0x15/0xb0
[   78.262595][  T112]  ? __kasan_check_byte+0x12/0x40
[   78.262610][  T112]  ? __pfx_dump_stack_lvl+0x10/0x10
[   78.262627][  T112]  ? rcu_is_watching+0x15/0xb0
[   78.262645][  T112]  ? lock_release+0x4b/0x3e0
[   78.262663][  T112]  ? __virt_addr_valid+0x1c8/0x5c0
[   78.262674][  T112]  ? __virt_addr_valid+0x4a5/0x5c0
[   78.262687][  T112]  print_report+0xd2/0x2b0
[   78.262702][  T112]  ? jfs_lazycommit+0x74b/0xa90
[   78.262717][  T112]  kasan_report+0x118/0x150
[   78.262732][  T112]  ? _raw_spin_lock_irqsave+0xb3/0xf0
[   78.262753][  T112]  ? jfs_lazycommit+0x74b/0xa90
[   78.262771][  T112]  jfs_lazycommit+0x74b/0xa90
[   78.262788][  T112]  ? __pfx_jfs_lazycommit+0x10/0x10
[   78.262804][  T112]  ? __pfx_default_wake_function+0x10/0x10
[   78.262820][  T112]  ? __kthread_parkme+0x7b/0x200
[   78.262839][  T112]  ? __kthread_parkme+0x1a1/0x200
[   78.262859][  T112]  kthread+0x70e/0x8a0
[   78.262873][  T112]  ? __pfx_jfs_lazycommit+0x10/0x10
[   78.262888][  T112]  ? __pfx_kthread+0x10/0x10
[   78.262901][  T112]  ? _raw_spin_unlock_irq+0x23/0x50
[   78.262917][  T112]  ? lockdep_hardirqs_on+0x9c/0x150
[   78.262934][  T112]  ? __pfx_kthread+0x10/0x10
[   78.262947][  T112]  ret_from_fork+0x3fc/0x770
[   78.262964][  T112]  ? __pfx_ret_from_fork+0x10/0x10
[   78.262982][  T112]  ? __switch_to_asm+0x39/0x70
[   78.262994][  T112]  ? __switch_to_asm+0x33/0x70
[   78.263005][  T112]  ? __pfx_kthread+0x10/0x10
[   78.263018][  T112]  ret_from_fork_asm+0x1a/0x30
[   78.263034][  T112]  </TASK>
[   78.263039][  T112] 
[   78.446938][  T112] Allocated by task 5863:
[   78.451255][  T112]  kasan_save_track+0x3e/0x80
[   78.455922][  T112]  __kasan_kmalloc+0x93/0xb0
[   78.460500][  T112]  __kmalloc_cache_noprof+0x230/0x3d0
[   78.465861][  T112]  jfs_fill_super+0xc2/0xd90
[   78.470440][  T112]  get_tree_bdev_flags+0x40e/0x4d0
[   78.475537][  T112]  vfs_get_tree+0x92/0x2b0
[   78.479938][  T112]  do_new_mount+0x24a/0xa40
[   78.484439][  T112]  __se_sys_mount+0x317/0x410
[   78.489104][  T112]  do_syscall_64+0xfa/0x3b0
[   78.493595][  T112]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   78.499476][  T112] 
[   78.501783][  T112] Freed by task 5825:
[   78.505745][  T112]  kasan_save_track+0x3e/0x80
[   78.510407][  T112]  kasan_save_free_info+0x46/0x50
[   78.515424][  T112]  __kasan_slab_free+0x62/0x70
[   78.520179][  T112]  kfree+0x18e/0x440
[   78.524057][  T112]  generic_shutdown_super+0x132/0x2c0
[   78.529412][  T112]  kill_block_super+0x44/0x90
[   78.534077][  T112]  deactivate_locked_super+0xbc/0x130
[   78.539431][  T112]  cleanup_mnt+0x425/0x4c0
[   78.543838][  T112]  task_work_run+0x1d1/0x260
[   78.548415][  T112]  exit_to_user_mode_loop+0xec/0x110
[   78.553689][  T112]  do_syscall_64+0x2bd/0x3b0
[   78.558264][  T112]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   78.564144][  T112] 
[   78.566457][  T112] The buggy address belongs to the object at ffff888071ef3c00
[   78.566457][  T112]  which belongs to the cache kmalloc-256 of size 256
[   78.580497][  T112] The buggy address is located 148 bytes inside of
[   78.580497][  T112]  freed 256-byte region [ffff888071ef3c00, ffff888071ef3d00)
[   78.594284][  T112] 
[   78.596595][  T112] The buggy address belongs to the physical page:
[   78.602995][  T112] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x71ef2
[   78.611742][  T112] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   78.620260][  T112] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[   78.627795][  T112] page_type: f5(slab)
[   78.631760][  T112] raw: 00fff00000000040 ffff88801a441b40 dead000000000122 0000000000000000
[   78.640327][  T112] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[   78.648900][  T112] head: 00fff00000000040 ffff88801a441b40 dead000000000122 0000000000000000
[   78.657554][  T112] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[   78.666210][  T112] head: 00fff00000000001 ffffea0001c7bc81 00000000ffffffff 00000000ffffffff
[   78.674863][  T112] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   78.683513][  T112] page dumped because: kasan: bad access detected
[   78.689913][  T112] page_owner tracks the page as allocated
[   78.695609][  T112] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5859, tgid 5858 (syz-executor216), ts 77739567015, free_ts 77736869486
[   78.717218][  T112]  post_alloc_hook+0x240/0x2a0
[   78.721971][  T112]  get_page_from_freelist+0x21d5/0x22b0
[   78.727510][  T112]  __alloc_frozen_pages_noprof+0x181/0x370
[   78.733303][  T112]  alloc_pages_mpol+0x232/0x4a0
[   78.738138][  T112]  allocate_slab+0x8a/0x3b0
[   78.742653][  T112]  ___slab_alloc+0xbfc/0x1480
[   78.747320][  T112]  __kmalloc_noprof+0x305/0x4f0
[   78.752167][  T112]  iter_file_splice_write+0x1cb/0x1000
[   78.757613][  T112]  direct_splice_actor+0x101/0x160
[   78.762716][  T112]  splice_direct_to_actor+0x5a5/0xcc0
[   78.768073][  T112]  do_splice_direct+0x181/0x270
[   78.772908][  T112]  do_sendfile+0x4da/0x7e0
[   78.777315][  T112]  __se_sys_sendfile64+0x13e/0x190
[   78.782415][  T112]  do_syscall_64+0xfa/0x3b0
[   78.786902][  T112]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   78.792780][  T112] page last free pid 5859 tgid 5858 stack trace:
[   78.799089][  T112]  __free_frozen_pages+0xc65/0xe60
[   78.804224][  T112]  __put_partials+0x161/0x1c0
[   78.808890][  T112]  put_cpu_partial+0x17c/0x250
[   78.813642][  T112]  __slab_free+0x2f7/0x400
[   78.818049][  T112]  qlist_free_all+0x97/0x140
[   78.822622][  T112]  kasan_quarantine_reduce+0x148/0x160
[   78.828065][  T112]  __kasan_slab_alloc+0x22/0x80
[   78.832901][  T112]  __kmalloc_noprof+0x224/0x4f0
[   78.837739][  T112]  iter_file_splice_write+0x1cb/0x1000
[   78.843200][  T112]  direct_splice_actor+0x101/0x160
[   78.848314][  T112]  splice_direct_to_actor+0x5a5/0xcc0
[   78.853684][  T112]  do_splice_direct+0x181/0x270
[   78.858530][  T112]  do_sendfile+0x4da/0x7e0
[   78.862936][  T112]  __se_sys_sendfile64+0x13e/0x190
[   78.868036][  T112]  do_syscall_64+0xfa/0x3b0
[   78.872612][  T112]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   78.878489][  T112] 
[   78.880797][  T112] Memory state around the buggy address:
[   78.886425][  T112]  ffff888071ef3b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   78.894490][  T112]  ffff888071ef3c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   78.902543][  T112] >ffff888071ef3c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   78.910586][  T112]                          ^
[   78.915155][  T112]  ffff888071ef3d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   78.923198][  T112]  ffff888071ef3d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   78.931242][  T112] ==================================================================
[   78.939307][  T112] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   78.946505][  T112] CPU: 0 UID: 0 PID: 112 Comm: jfsCommit Not tainted 6.15.0-syzkaller-13804-g939f15e640f1 #0 PREEMPT(full) 
[   78.957969][  T112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   78.968011][  T112] Call Trace:
[   78.971280][  T112]  <TASK>
[   78.974200][  T112]  dump_stack_lvl+0x99/0x250
[   78.978789][  T112]  ? __asan_memcpy+0x40/0x70
[   78.983365][  T112]  ? __pfx_dump_stack_lvl+0x10/0x10
[   78.988554][  T112]  ? __pfx__printk+0x10/0x10
[   78.993133][  T112]  panic+0x2db/0x790
[   78.997027][  T112]  ? __pfx_panic+0x10/0x10
[   79.001437][  T112]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   79.007321][  T112]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   79.013639][  T112]  ? print_memory_metadata+0x314/0x400
[   79.019181][  T112]  ? jfs_lazycommit+0x74b/0xa90
[   79.024031][  T112]  check_panic_on_warn+0x89/0xb0
[   79.028965][  T112]  ? jfs_lazycommit+0x74b/0xa90
[   79.033804][  T112]  end_report+0x78/0x160
[   79.038035][  T112]  kasan_report+0x129/0x150
[   79.042541][  T112]  ? _raw_spin_lock_irqsave+0xb3/0xf0
[   79.047903][  T112]  ? jfs_lazycommit+0x74b/0xa90
[   79.052745][  T112]  jfs_lazycommit+0x74b/0xa90
[   79.057413][  T112]  ? __pfx_jfs_lazycommit+0x10/0x10
[   79.062601][  T112]  ? __pfx_default_wake_function+0x10/0x10
[   79.068397][  T112]  ? __kthread_parkme+0x7b/0x200
[   79.073328][  T112]  ? __kthread_parkme+0x1a1/0x200
[   79.078346][  T112]  kthread+0x70e/0x8a0
[   79.082405][  T112]  ? __pfx_jfs_lazycommit+0x10/0x10
[   79.087592][  T112]  ? __pfx_kthread+0x10/0x10
[   79.092171][  T112]  ? _raw_spin_unlock_irq+0x23/0x50
[   79.097360][  T112]  ? lockdep_hardirqs_on+0x9c/0x150
[   79.102551][  T112]  ? __pfx_kthread+0x10/0x10
[   79.107127][  T112]  ret_from_fork+0x3fc/0x770
[   79.111706][  T112]  ? __pfx_ret_from_fork+0x10/0x10
[   79.116805][  T112]  ? __switch_to_asm+0x39/0x70
[   79.121557][  T112]  ? __switch_to_asm+0x33/0x70
[   79.126308][  T112]  ? __pfx_kthread+0x10/0x10
[   79.130883][  T112]  ret_from_fork_asm+0x1a/0x30
[   79.135639][  T112]  </TASK>
[   79.138774][  T112] Kernel Offset: disabled
[   79.143090][  T112] Rebooting in 86400 seconds..