Warning: Permanently added '10.128.0.9' (ED25519) to the list of known hosts.
executing program
[   73.083396][ T5216] loop0: detected capacity change from 0 to 32768
[   73.164634][ T5216] ==================================================================
[   73.172758][ T5216] BUG: KASAN: slab-use-after-free in __mutex_lock+0xfe/0xd70
[   73.180273][ T5216] Read of size 8 at addr ffff8880229254b0 by task syz-executor357/5216
[   73.183544][ T5218] syz-executor357: attempt to access beyond end of device
[   73.183544][ T5218] loop14: rw=0, sector=8, nr_sectors = 8 limit=0
[   73.188514][ T5216] 
[   73.188537][ T5216] CPU: 0 UID: 0 PID: 5216 Comm: syz-executor357 Not tainted 6.11.0-rc3-syzkaller-00156-gd7a5aa4b3c00 #0
[   73.188564][ T5216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[   73.188579][ T5216] Call Trace:
[   73.188588][ T5216]  <TASK>
[   73.188596][ T5216]  dump_stack_lvl+0x241/0x360
[   73.188623][ T5216]  ? __pfx_dump_stack_lvl+0x10/0x10
[   73.188644][ T5216]  ? __pfx__printk+0x10/0x10
[   73.202128][ T5218] lbmIODone: I/O error in JFS log
[   73.204285][ T5216]  ? _printk+0xd5/0x120
[   73.215743][ T5218] *** Log Format Error ! ***
[   73.259915][ T5216]  ? __virt_addr_valid+0x183/0x530
[   73.265036][ T5216]  ? __virt_addr_valid+0x183/0x530
[   73.270149][ T5216]  print_report+0x169/0x550
[   73.274655][ T5216]  ? __virt_addr_valid+0x183/0x530
[   73.279766][ T5216]  ? __virt_addr_valid+0x183/0x530
[   73.284876][ T5216]  ? __virt_addr_valid+0x45f/0x530
[   73.290020][ T5216]  ? __phys_addr+0xba/0x170
[   73.294523][ T5216]  ? __mutex_lock+0xfe/0xd70
[   73.299115][ T5216]  kasan_report+0x143/0x180
[   73.303641][ T5216]  ? __mutex_lock+0xfe/0xd70
[   73.308252][ T5216]  __mutex_lock+0xfe/0xd70
[   73.312667][ T5216]  ? lock_metapage+0x2fa/0x370
[   73.317496][ T5216]  ? dbFreeBits+0x7ea/0xd90
[   73.322005][ T5216]  ? __pfx___mutex_lock+0x10/0x10
[   73.327030][ T5216]  ? dbJoin+0x255/0x310
[   73.331230][ T5216]  dbFreeBits+0x7ea/0xd90
[   73.335563][ T5216]  dbFree+0x35b/0x680
[   73.339550][ T5216]  dbDiscardAG+0x8a9/0xa20
[   73.343976][ T5216]  ? __pfx_dbDiscardAG+0x10/0x10
[   73.348919][ T5216]  ? __pfx_lock_release+0x10/0x10
[   73.353955][ T5216]  jfs_ioc_trim+0x433/0x670
[   73.358492][ T5216]  jfs_ioctl+0x2d0/0x3e0
[   73.362762][ T5216]  ? __pfx_jfs_ioctl+0x10/0x10
[   73.367635][ T5216]  ? __fget_files+0x29/0x470
[   73.372250][ T5216]  ? bpf_lsm_file_ioctl+0x9/0x10
[   73.377211][ T5216]  ? security_file_ioctl+0x87/0xb0
[   73.382336][ T5216]  ? __pfx_jfs_ioctl+0x10/0x10
[   73.387110][ T5216]  __se_sys_ioctl+0xfc/0x170
[   73.391725][ T5216]  do_syscall_64+0xf3/0x230
[   73.396239][ T5216]  ? clear_bhb_loop+0x35/0x90
[   73.400923][ T5216]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.406832][ T5216] RIP: 0033:0x7f4b8c992809
[   73.411261][ T5216] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   73.430880][ T5216] RSP: 002b:00007f4b8c948218 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   73.439302][ T5216] RAX: ffffffffffffffda RBX: 00007f4b8ca1f6c8 RCX: 00007f4b8c992809
[   73.447277][ T5216] RDX: 0000000020000680 RSI: 00000000c0185879 RDI: 0000000000000005
[   73.455252][ T5216] RBP: 00007f4b8ca1f6c0 R08: 0000000000000000 R09: 0000000000000000
[   73.463221][ T5216] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4b8c9ec0e4
[   73.471279][ T5216] R13: 00007f4b8c9e607e R14: 0037656c69662f2e R15: 0000200002000001
[   73.479258][ T5216]  </TASK>
[   73.482276][ T5216] 
[   73.484621][ T5216] Allocated by task 5216:
[   73.488942][ T5216]  kasan_save_track+0x3f/0x80
[   73.493629][ T5216]  __kasan_kmalloc+0x98/0xb0
[   73.498216][ T5216]  __kmalloc_cache_noprof+0x19c/0x2c0
[   73.503594][ T5216]  dbMount+0x58/0x9b0
[   73.507574][ T5216]  jfs_mount+0x1e0/0x830
[   73.511823][ T5216]  jfs_fill_super+0x59c/0xc50
[   73.516500][ T5216]  mount_bdev+0x20a/0x2d0
[   73.520848][ T5216]  legacy_get_tree+0xee/0x190
[   73.525531][ T5216]  vfs_get_tree+0x90/0x2a0
[   73.529941][ T5216]  do_new_mount+0x2be/0xb40
[   73.534441][ T5216]  __se_sys_mount+0x2d6/0x3c0
[   73.539117][ T5216]  do_syscall_64+0xf3/0x230
[   73.543631][ T5216]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.549551][ T5216] 
[   73.551892][ T5216] Freed by task 5218:
[   73.555871][ T5216]  kasan_save_track+0x3f/0x80
[   73.560561][ T5216]  kasan_save_free_info+0x40/0x50
[   73.565630][ T5216]  poison_slab_object+0xe0/0x150
[   73.570568][ T5216]  __kasan_slab_free+0x37/0x60
[   73.575330][ T5216]  kfree+0x149/0x360
[   73.579231][ T5216]  dbUnmount+0x11d/0x190
[   73.583477][ T5216]  jfs_mount_rw+0x4ac/0x6a0
[   73.587990][ T5216]  jfs_remount+0x3d1/0x6b0
[   73.592420][ T5216]  reconfigure_super+0x445/0x880
[   73.597363][ T5216]  __se_sys_fsconfig+0xb6e/0xf80
[   73.602295][ T5216]  do_syscall_64+0xf3/0x230
[   73.606789][ T5216]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.612680][ T5216] 
[   73.615000][ T5216] The buggy address belongs to the object at ffff888022925000
[   73.615000][ T5216]  which belongs to the cache kmalloc-2k of size 2048
[   73.629069][ T5216] The buggy address is located 1200 bytes inside of
[   73.629069][ T5216]  freed 2048-byte region [ffff888022925000, ffff888022925800)
[   73.643039][ T5216] 
[   73.645360][ T5216] The buggy address belongs to the physical page:
[   73.651772][ T5216] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x22920
[   73.660537][ T5216] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   73.669037][ T5216] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[   73.677027][ T5216] page_type: 0xfdffffff(slab)
[   73.681722][ T5216] raw: 00fff00000000040 ffff888015442000 0000000000000000 dead000000000001
[   73.690298][ T5216] raw: 0000000000000000 0000000080080008 00000001fdffffff 0000000000000000
[   73.698888][ T5216] head: 00fff00000000040 ffff888015442000 0000000000000000 dead000000000001
[   73.707557][ T5216] head: 0000000000000000 0000000080080008 00000001fdffffff 0000000000000000
[   73.716315][ T5216] head: 00fff00000000003 ffffea00008a4801 ffffffffffffffff 0000000000000000
[   73.724983][ T5216] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[   73.733646][ T5216] page dumped because: kasan: bad access detected
[   73.740057][ T5216] page_owner tracks the page as allocated
[   73.745765][ T5216] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 61, tgid 61 (kworker/u8:4), ts 9893748899, free_ts 0
[   73.765915][ T5216]  post_alloc_hook+0x1f3/0x230
[   73.770678][ T5216]  get_page_from_freelist+0x2e4c/0x2f10
[   73.776236][ T5216]  __alloc_pages_noprof+0x256/0x6c0
[   73.781433][ T5216]  alloc_slab_page+0x5f/0x120
[   73.786103][ T5216]  allocate_slab+0x5a/0x2f0
[   73.790597][ T5216]  ___slab_alloc+0xcd1/0x14b0
[   73.795271][ T5216]  __slab_alloc+0x58/0xa0
[   73.799607][ T5216]  __kmalloc_noprof+0x25a/0x400
[   73.804471][ T5216]  scsi_alloc_target+0x132/0xca0
[   73.809406][ T5216]  __scsi_scan_target+0x17d/0x1080
[   73.814519][ T5216]  scsi_scan_host_selected+0x37e/0x690
[   73.819979][ T5216]  do_scan_async+0x138/0x7a0
[   73.824570][ T5216]  async_run_entry_fn+0xa8/0x420
[   73.829510][ T5216]  process_scheduled_works+0xa2c/0x1830
[   73.835056][ T5216]  worker_thread+0x86d/0xd40
[   73.839653][ T5216]  kthread+0x2f0/0x390
[   73.843729][ T5216] page_owner free stack trace missing
[   73.849179][ T5216] 
[   73.851501][ T5216] Memory state around the buggy address:
[   73.857225][ T5216]  ffff888022925380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   73.865287][ T5216]  ffff888022925400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   73.873343][ T5216] >ffff888022925480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   73.881421][ T5216]                                      ^
[   73.887051][ T5216]  ffff888022925500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   73.895200][ T5216]  ffff888022925580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   73.903263][ T5216] ==================================================================
[   73.912056][ T5218] lmLogInit: exit(-22)
[   73.916313][ T5218] lmLogOpen: exit(-22)
[   73.920715][ T5216] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   73.927927][ T5216] CPU: 1 UID: 0 PID: 5216 Comm: syz-executor357 Not tainted 6.11.0-rc3-syzkaller-00156-gd7a5aa4b3c00 #0
[   73.939055][ T5216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[   73.949126][ T5216] Call Trace:
[   73.952431][ T5216]  <TASK>
[   73.955355][ T5216]  dump_stack_lvl+0x241/0x360
[   73.960035][ T5216]  ? __pfx_dump_stack_lvl+0x10/0x10
[   73.965233][ T5216]  ? __pfx__printk+0x10/0x10
[   73.969826][ T5216]  ? preempt_schedule+0xe1/0xf0
[   73.974689][ T5216]  ? vscnprintf+0x5d/0x90
[   73.979061][ T5216]  panic+0x349/0x860
[   73.982958][ T5216]  ? check_panic_on_warn+0x21/0xb0
[   73.988065][ T5216]  ? __pfx_panic+0x10/0x10
[   73.992487][ T5216]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   73.998506][ T5216]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   74.004832][ T5216]  ? print_report+0x502/0x550
[   74.009510][ T5216]  check_panic_on_warn+0x86/0xb0
[   74.014440][ T5216]  ? __mutex_lock+0xfe/0xd70
[   74.019030][ T5216]  end_report+0x77/0x160
[   74.023265][ T5216]  kasan_report+0x154/0x180
[   74.027781][ T5216]  ? __mutex_lock+0xfe/0xd70
[   74.032474][ T5216]  __mutex_lock+0xfe/0xd70
[   74.036893][ T5216]  ? lock_metapage+0x2fa/0x370
[   74.041847][ T5216]  ? dbFreeBits+0x7ea/0xd90
[   74.046351][ T5216]  ? __pfx___mutex_lock+0x10/0x10
[   74.051379][ T5216]  ? dbJoin+0x255/0x310
[   74.055540][ T5216]  dbFreeBits+0x7ea/0xd90
[   74.059879][ T5216]  dbFree+0x35b/0x680
[   74.063956][ T5216]  dbDiscardAG+0x8a9/0xa20
[   74.068385][ T5216]  ? __pfx_dbDiscardAG+0x10/0x10
[   74.073345][ T5216]  ? __pfx_lock_release+0x10/0x10
[   74.078394][ T5216]  jfs_ioc_trim+0x433/0x670
[   74.083027][ T5216]  jfs_ioctl+0x2d0/0x3e0
[   74.087299][ T5216]  ? __pfx_jfs_ioctl+0x10/0x10
[   74.092082][ T5216]  ? __fget_files+0x29/0x470
[   74.096715][ T5216]  ? bpf_lsm_file_ioctl+0x9/0x10
[   74.101693][ T5216]  ? security_file_ioctl+0x87/0xb0
[   74.107247][ T5216]  ? __pfx_jfs_ioctl+0x10/0x10
[   74.112023][ T5216]  __se_sys_ioctl+0xfc/0x170
[   74.116656][ T5216]  do_syscall_64+0xf3/0x230
[   74.121164][ T5216]  ? clear_bhb_loop+0x35/0x90
[   74.125846][ T5216]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.131742][ T5216] RIP: 0033:0x7f4b8c992809
[   74.136163][ T5216] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   74.155772][ T5216] RSP: 002b:00007f4b8c948218 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   74.164195][ T5216] RAX: ffffffffffffffda RBX: 00007f4b8ca1f6c8 RCX: 00007f4b8c992809
[   74.172170][ T5216] RDX: 0000000020000680 RSI: 00000000c0185879 RDI: 0000000000000005
[   74.180139][ T5216] RBP: 00007f4b8ca1f6c0 R08: 0000000000000000 R09: 0000000000000000
[   74.188110][ T5216] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4b8c9ec0e4
[   74.196080][ T5216] R13: 00007f4b8c9e607e R14: 0037656c69662f2e R15: 0000200002000001
[   74.204073][ T5216]  </TASK>
[   74.207410][ T5216] Kernel Offset: disabled
[   74.211734][ T5216] Rebooting in 86400 seconds..