Warning: Permanently added '10.128.0.187' (ED25519) to the list of known hosts.
2024/02/16 19:33:06 ignoring optional flag "sandboxArg"="0"
2024/02/16 19:33:07 parsed 1 programs
[ 51.933904][ T5052] cgroup: Unknown subsys name 'net'
[ 52.071903][ T5052] cgroup: Unknown subsys name 'rlimit'
2024/02/16 19:33:08 executed programs: 0
[ 53.437785][ T5052] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 53.494988][ T5061] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 53.502577][ T5061] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 53.510545][ T5061] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 53.518554][ T5061] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 53.526191][ T5061] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 53.533328][ T5061] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 53.657121][ T5060] chnl_net:caif_netlink_parms(): no params data found
[ 53.711832][ T5060] bridge0: port 1(bridge_slave_0) entered blocking state
[ 53.719360][ T5060] bridge0: port 1(bridge_slave_0) entered disabled state
[ 53.726742][ T5060] bridge_slave_0: entered allmulticast mode
[ 53.733453][ T5060] bridge_slave_0: entered promiscuous mode
[ 53.742016][ T5060] bridge0: port 2(bridge_slave_1) entered blocking state
[ 53.749193][ T5060] bridge0: port 2(bridge_slave_1) entered disabled state
[ 53.756471][ T5060] bridge_slave_1: entered allmulticast mode
[ 53.763114][ T5060] bridge_slave_1: entered promiscuous mode
[ 53.788083][ T5060] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 53.799385][ T5060] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 53.827437][ T5060] team0: Port device team_slave_0 added
[ 53.837187][ T5060] team0: Port device team_slave_1 added
[ 53.859557][ T5060] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 53.866529][ T5060] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 53.892431][ T5060] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 53.904999][ T5060] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 53.911937][ T5060] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 53.938143][ T5060] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 53.974681][ T5060] hsr_slave_0: entered promiscuous mode
[ 53.980990][ T5060] hsr_slave_1: entered promiscuous mode
[ 54.081605][ T5060] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 54.092260][ T5060] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 54.102275][ T5060] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 54.111805][ T5060] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 54.135442][ T5060] bridge0: port 2(bridge_slave_1) entered blocking state
[ 54.142601][ T5060] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 54.150464][ T5060] bridge0: port 1(bridge_slave_0) entered blocking state
[ 54.157573][ T5060] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 54.212197][ T5060] 8021q: adding VLAN 0 to HW filter on device bond0
[ 54.228389][ T27] bridge0: port 1(bridge_slave_0) entered disabled state
[ 54.238968][ T27] bridge0: port 2(bridge_slave_1) entered disabled state
[ 54.251951][ T5060] 8021q: adding VLAN 0 to HW filter on device team0
[ 54.264044][ T5071] bridge0: port 1(bridge_slave_0) entered blocking state
[ 54.271161][ T5071] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 54.285608][ T8] bridge0: port 2(bridge_slave_1) entered blocking state
[ 54.292695][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 54.425946][ T5060] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 54.462776][ T5060] veth0_vlan: entered promiscuous mode
[ 54.475634][ T5060] veth1_vlan: entered promiscuous mode
[ 54.501722][ T5060] veth0_macvtap: entered promiscuous mode
[ 54.511278][ T5060] veth1_macvtap: entered promiscuous mode
[ 54.529405][ T5060] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 54.544828][ T5060] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 54.555536][ T5060] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 54.565472][ T5060] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 54.574445][ T5060] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 54.583140][ T5060] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 54.655018][ T5071] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 54.663005][ T5071] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 54.693076][ T5070] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 54.701083][ T5070] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 54.957011][ T5078] loop0: detected capacity change from 0 to 32768
[ 54.978210][ T5078]
[ 54.978210][ T5078] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 54.978210][ T5078]
[ 55.011535][ T2428]
[ 55.011535][ T2428] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 55.011535][ T2428]
[ 55.022396][ T2428]
[ 55.022396][ T2428] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 55.022396][ T2428]
[ 55.036498][ T5060]
[ 55.036498][ T5060] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 55.036498][ T5060]
[ 55.048674][ T110]
[ 55.048674][ T110] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 55.048674][ T110]
[ 55.059804][ T5060]
[ 55.059804][ T5060] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 55.059804][ T5060]
[ 55.406534][ T5079] loop0: detected capacity change from 0 to 32768
[ 55.434761][ T5079]
[ 55.434761][ T5079] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 55.434761][ T5079]
[ 55.458495][ T11]
[ 55.458495][ T11] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 55.458495][ T11]
[ 55.468951][ T11]
[ 55.468951][ T11] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 55.468951][ T11]
[ 55.480999][ T109]
[ 55.480999][ T109] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 55.480999][ T109]
[ 55.492510][ T5060]
[ 55.492510][ T5060] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 55.492510][ T5060]
[ 55.503547][ T5060]
[ 55.503547][ T5060] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 55.503547][ T5060]
[ 55.555012][ T5061] Bluetooth: hci0: command 0x0409 tx timeout
[ 55.842314][ T5080] loop0: detected capacity change from 0 to 32768
[ 55.858738][ T5080]
[ 55.858738][ T5080] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 55.858738][ T5080]
[ 55.881615][ T2414]
[ 55.881615][ T2414] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 55.881615][ T2414]
[ 55.893835][ T2414]
[ 55.893835][ T2414] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 55.893835][ T2414]
[ 55.905996][ T109]
[ 55.905996][ T109] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 55.905996][ T109]
[ 55.917084][ T5060]
[ 55.917084][ T5060] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 55.917084][ T5060]
[ 55.928151][ T5060]
[ 55.928151][ T5060] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 55.928151][ T5060]
[ 56.273488][ T5081] loop0: detected capacity change from 0 to 32768
[ 56.296396][ T5081]
[ 56.296396][ T5081] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 56.296396][ T5081]
[ 56.322465][ T2428]
[ 56.322465][ T2428] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 56.322465][ T2428]
[ 56.333386][ T2428]
[ 56.333386][ T2428] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 56.333386][ T2428]
[ 56.344510][ T110]
[ 56.344510][ T110] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 56.344510][ T110]
[ 56.357038][ T5060]
[ 56.357038][ T5060] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 56.357038][ T5060]
[ 56.368450][ T5060]
[ 56.368450][ T5060] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 56.368450][ T5060]
[ 56.722110][ T5082] loop0: detected capacity change from 0 to 32768
[ 56.743450][ T5082]
[ 56.743450][ T5082] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 56.743450][ T5082]
[ 56.766729][ T2414]
[ 56.766729][ T2414] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 56.766729][ T2414]
[ 56.777298][ T2414]
[ 56.777298][ T2414] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 56.777298][ T2414]
[ 56.788001][ T5060]
[ 56.788001][ T5060] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 56.788001][ T5060]
[ 56.799761][ T109]
[ 56.799761][ T109] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 56.799761][ T109]
[ 56.810920][ T5060]
[ 56.810920][ T5060] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 56.810920][ T5060]
[ 57.150031][ T5083] loop0: detected capacity change from 0 to 32768
[ 57.168339][ T5083]
[ 57.168339][ T5083] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 57.168339][ T5083]
[ 57.191427][ T11]
[ 57.191427][ T11] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 57.191427][ T11]
[ 57.202347][ T11]
[ 57.202347][ T11] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 57.202347][ T11]
[ 57.214587][ T5060]
[ 57.214587][ T5060] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 57.214587][ T5060]
[ 57.225637][ T109]
[ 57.225637][ T109] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 57.225637][ T109]
[ 57.237389][ T5060]
[ 57.237389][ T5060] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 57.237389][ T5060]
[ 57.551675][ T5084] loop0: detected capacity change from 0 to 32768
[ 57.578167][ T5084]
[ 57.578167][ T5084] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 57.578167][ T5084]
[ 57.599269][ T3377]
[ 57.599269][ T3377] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 57.599269][ T3377]
[ 57.609760][ T3377]
[ 57.609760][ T3377] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 57.609760][ T3377]
[ 57.620615][ T110]
[ 57.620615][ T110] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 57.620615][ T110]
[ 57.631323][ T5060]
[ 57.631323][ T5060] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 57.631323][ T5060]
[ 57.642133][ T5061] Bluetooth: hci0: command 0x041b tx timeout
[ 57.647568][ T5060]
[ 57.647568][ T5060] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 57.647568][ T5060]
[ 58.019322][ T5085] loop0: detected capacity change from 0 to 32768
[ 58.038712][ T5085]
[ 58.038712][ T5085] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 58.038712][ T5085]
[ 58.064848][ T2428]
[ 58.064848][ T2428] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 58.064848][ T2428]
[ 58.075363][ T2428]
[ 58.075363][ T2428] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 58.075363][ T2428]
[ 58.086652][ T110]
[ 58.086652][ T110] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 58.086652][ T110]
[ 58.097824][ T5060]
[ 58.097824][ T5060] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 58.097824][ T5060]
[ 58.108458][ T5060]
[ 58.108458][ T5060] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 58.108458][ T5060]
2024/02/16 19:33:13 executed programs: 9
[ 58.425362][ T5086] loop0: detected capacity change from 0 to 32768
[ 58.442790][ T5086]
[ 58.442790][ T5086] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 58.442790][ T5086]
[ 58.465932][ T11]
[ 58.465932][ T11] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 58.465932][ T11]
[ 58.476481][ T11]
[ 58.476481][ T11] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 58.476481][ T11]
[ 58.487894][ T5060]
[ 58.487894][ T5060] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 58.487894][ T5060]
[ 58.498689][ T110]
[ 58.498689][ T110] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 58.498689][ T110]
[ 58.509251][ T5060]
[ 58.509251][ T5060] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 58.509251][ T5060]
[ 58.824724][ T5087] loop0: detected capacity change from 0 to 32768
[ 58.847354][ T5087]
[ 58.847354][ T5087] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 58.847354][ T5087]
[ 58.869198][ T11]
[ 58.869198][ T11] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 58.869198][ T11]
[ 58.879674][ T11]
[ 58.879674][ T11] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 58.879674][ T11]
[ 58.891288][ T109]
[ 58.891288][ T109] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 58.891288][ T109]
[ 58.902174][ T5060]
[ 58.902174][ T5060] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 58.902174][ T5060]
[ 58.913279][ T5060]
[ 58.913279][ T5060] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 58.913279][ T5060]
[ 59.245488][ T5088] loop0: detected capacity change from 0 to 32768
[ 59.258976][ T5088]
[ 59.258976][ T5088] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 59.258976][ T5088]
[ 59.282222][ T2414]
[ 59.282222][ T2414] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 59.282222][ T2414]
[ 59.292970][ T2414]
[ 59.292970][ T2414] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 59.292970][ T2414]
[ 59.304681][ T5060]
[ 59.304681][ T5060] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 59.304681][ T5060]
[ 59.316591][ T109]
[ 59.316591][ T109] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 59.316591][ T109]
[ 59.327286][ T5060]
[ 59.327286][ T5060] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 59.327286][ T5060]
[ 59.656115][ T5089] loop0: detected capacity change from 0 to 32768
[ 59.668494][ T5089]
[ 59.668494][ T5089] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 59.668494][ T5089]
[ 59.689406][ T3377]
[ 59.689406][ T3377] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 59.689406][ T3377]
[ 59.700095][ T3377]
[ 59.700095][ T3377] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 59.700095][ T3377]
[ 59.711696][ T5060]
[ 59.711696][ T5060] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 59.711696][ T5060]
[ 59.715268][ T5061] Bluetooth: hci0: command 0x040f tx timeout
[ 59.729213][ T5060]
[ 59.729213][ T5060] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 59.729213][ T5060]
[ 59.740797][ T109]
[ 59.740797][ T109] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 59.740797][ T109]
[ 59.754009][ T109] ==================================================================
[ 59.762088][ T109] BUG: KASAN: slab-use-after-free in txEnd+0x354/0x560
[ 59.768938][ T109] Write of size 8 at addr ffff88802fcb8840 by task jfsCommit/109
[ 59.776631][ T109]
[ 59.778932][ T109] CPU: 1 PID: 109 Comm: jfsCommit Not tainted 6.8.0-rc4-syzkaller-00267-g0f1dd5e91e2b #0
[ 59.788707][ T109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 59.798739][ T109] Call Trace:
[ 59.801998][ T109]
[ 59.804917][ T109] dump_stack_lvl+0x1e7/0x2e0
[ 59.809585][ T109] ? __pfx_dump_stack_lvl+0x10/0x10
[ 59.814774][ T109] ? __pfx__printk+0x10/0x10
[ 59.819361][ T109] ? _printk+0xd5/0x120
[ 59.823499][ T109] ? __virt_addr_valid+0x183/0x520
[ 59.828590][ T109] ? __virt_addr_valid+0x183/0x520
[ 59.833690][ T109] print_report+0x167/0x540
[ 59.838184][ T109] ? __virt_addr_valid+0x183/0x520
[ 59.843277][ T109] ? __virt_addr_valid+0x183/0x520
[ 59.848367][ T109] ? __virt_addr_valid+0x44e/0x520
[ 59.853459][ T109] ? __phys_addr+0xba/0x170
[ 59.857941][ T109] ? txEnd+0x354/0x560
[ 59.861985][ T109] kasan_report+0x142/0x180
[ 59.866482][ T109] ? txEnd+0x354/0x560
[ 59.870533][ T109] kasan_check_range+0x282/0x290
[ 59.875450][ T109] txEnd+0x354/0x560
[ 59.879327][ T109] jfs_lazycommit+0x619/0xb70
[ 59.883981][ T109] ? _raw_spin_unlock_irqrestore+0x8f/0x140
[ 59.889850][ T109] ? lockdep_hardirqs_on+0x98/0x140
[ 59.895028][ T109] ? __pfx_jfs_lazycommit+0x10/0x10
[ 59.900203][ T109] ? __pfx_default_wake_function+0x10/0x10
[ 59.905988][ T109] ? __kthread_parkme+0x168/0x1d0
[ 59.911005][ T109] ? __pfx_jfs_lazycommit+0x10/0x10
[ 59.916195][ T109] kthread+0x2ef/0x390
[ 59.920259][ T109] ? __pfx_jfs_lazycommit+0x10/0x10
[ 59.925436][ T109] ? __pfx_kthread+0x10/0x10
[ 59.930004][ T109] ret_from_fork+0x4b/0x80
[ 59.934403][ T109] ? __pfx_kthread+0x10/0x10
[ 59.938968][ T109] ret_from_fork_asm+0x1b/0x30
[ 59.943721][ T109]
[ 59.946720][ T109]
[ 59.949026][ T109] Allocated by task 5089:
[ 59.953323][ T109] kasan_save_track+0x3f/0x80
[ 59.957980][ T109] __kasan_kmalloc+0x98/0xb0
[ 59.962543][ T109] kmalloc_trace+0x1d6/0x360
[ 59.967121][ T109] lmLogOpen+0x335/0x1050
[ 59.971428][ T109] jfs_mount_rw+0xf1/0x6a0
[ 59.975824][ T109] jfs_fill_super+0x681/0xc50
[ 59.980479][ T109] mount_bdev+0x20a/0x2d0
[ 59.984784][ T109] legacy_get_tree+0xee/0x190
[ 59.989439][ T109] vfs_get_tree+0x90/0x2a0
[ 59.993834][ T109] do_new_mount+0x2be/0xb40
[ 59.998311][ T109] __se_sys_mount+0x2d9/0x3c0
[ 60.002961][ T109] do_syscall_64+0xf9/0x240
[ 60.007444][ T109] entry_SYSCALL_64_after_hwframe+0x6f/0x77
[ 60.013317][ T109]
[ 60.015619][ T109] Freed by task 5060:
[ 60.019571][ T109] kasan_save_track+0x3f/0x80
[ 60.024224][ T109] kasan_save_free_info+0x4e/0x60
[ 60.029230][ T109] poison_slab_object+0xa6/0xe0
[ 60.034062][ T109] __kasan_slab_free+0x34/0x70
[ 60.038800][ T109] kfree+0x14a/0x380
[ 60.042675][ T109] lmLogClose+0x2a1/0x530
[ 60.046980][ T109] jfs_umount+0x2ce/0x3a0
[ 60.051295][ T109] jfs_put_super+0x8a/0x190
[ 60.055775][ T109] generic_shutdown_super+0x136/0x2d0
[ 60.061133][ T109] kill_block_super+0x44/0x90
[ 60.065800][ T109] deactivate_locked_super+0xc4/0x130
[ 60.071160][ T109] cleanup_mnt+0x426/0x4c0
[ 60.075560][ T109] task_work_run+0x24e/0x310
[ 60.080127][ T109] syscall_exit_to_user_mode+0x167/0x370
[ 60.085738][ T109] do_syscall_64+0x108/0x240
[ 60.090307][ T109] entry_SYSCALL_64_after_hwframe+0x6f/0x77
[ 60.096185][ T109]
[ 60.098486][ T109] The buggy address belongs to the object at ffff88802fcb8800
[ 60.098486][ T109] which belongs to the cache kmalloc-1k of size 1024
[ 60.112517][ T109] The buggy address is located 64 bytes inside of
[ 60.112517][ T109] freed 1024-byte region [ffff88802fcb8800, ffff88802fcb8c00)
[ 60.126298][ T109]
[ 60.128601][ T109] The buggy address belongs to the physical page:
[ 60.134985][ T109] page:ffffea0000bf2e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2fcb8
[ 60.145110][ T109] head:ffffea0000bf2e00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 60.154016][ T109] anon flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 60.162397][ T109] page_type: 0xffffffff()
[ 60.166705][ T109] raw: 00fff00000000840 ffff888014c41dc0 0000000000000000 0000000000000001
[ 60.175267][ T109] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[ 60.183819][ T109] page dumped because: kasan: bad access detected
[ 60.190203][ T109] page_owner tracks the page as allocated
[ 60.195893][ T109] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4797, tgid 4797 (S50sshd), ts 32913507111, free_ts 32868688130
[ 60.216013][ T109] post_alloc_hook+0x1ea/0x210
[ 60.220760][ T109] get_page_from_freelist+0x33ea/0x3580
[ 60.226286][ T109] __alloc_pages+0x255/0x680
[ 60.230855][ T109] alloc_slab_page+0x5f/0x160
[ 60.235510][ T109] new_slab+0x84/0x2f0
[ 60.239552][ T109] ___slab_alloc+0xd17/0x13e0
[ 60.244329][ T109] __kmalloc+0x2e0/0x490
[ 60.248568][ T109] tomoyo_init_log+0x1b3d/0x2050
[ 60.253492][ T109] tomoyo_supervisor+0x38a/0x11f0
[ 60.258499][ T109] tomoyo_env_perm+0x178/0x210
[ 60.263244][ T109] tomoyo_find_next_domain+0x1383/0x1cf0
[ 60.268861][ T109] tomoyo_bprm_check_security+0x114/0x180
[ 60.274562][ T109] security_bprm_check+0x66/0xa0
[ 60.279479][ T109] bprm_execve+0xa55/0x1790
[ 60.283972][ T109] do_execveat_common+0x552/0x6f0
[ 60.288992][ T109] __x64_sys_execve+0x92/0xb0
[ 60.293654][ T109] page last free pid 4794 tgid 4794 stack trace:
[ 60.299957][ T109] free_unref_page_prepare+0x95d/0xa80
[ 60.305399][ T109] free_unref_page+0x37/0x3f0
[ 60.310077][ T109] __slab_free+0x349/0x410
[ 60.314489][ T109] qlist_free_all+0x6d/0xd0
[ 60.318992][ T109] kasan_quarantine_reduce+0x14f/0x170
[ 60.324431][ T109] __kasan_slab_alloc+0x23/0x80
[ 60.329259][ T109] kmem_cache_alloc+0x16f/0x340
[ 60.334087][ T109] vm_area_dup+0x27/0x290
[ 60.338394][ T109] __split_vma+0x1a9/0xd00
[ 60.342785][ T109] vma_modify+0x331/0x410
[ 60.347088][ T109] mprotect_fixup+0x4a5/0xb80
[ 60.351740][ T109] do_mprotect_pkey+0x903/0xe20
[ 60.356569][ T109] __x64_sys_mprotect+0x80/0x90
[ 60.361396][ T109] do_syscall_64+0xf9/0x240
[ 60.365881][ T109] entry_SYSCALL_64_after_hwframe+0x6f/0x77
[ 60.371755][ T109]
[ 60.374058][ T109] Memory state around the buggy address:
[ 60.379668][ T109] ffff88802fcb8700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 60.387701][ T109] ffff88802fcb8780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 60.395737][ T109] >ffff88802fcb8800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 60.403770][ T109] ^
[ 60.409893][ T109] ffff88802fcb8880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 60.417932][ T109] ffff88802fcb8900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 60.425966][ T109] ==================================================================
[ 60.444356][ T109] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 60.451656][ T109] CPU: 1 PID: 109 Comm: jfsCommit Not tainted 6.8.0-rc4-syzkaller-00267-g0f1dd5e91e2b #0
[ 60.461437][ T109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 60.471468][ T109] Call Trace:
[ 60.474729][ T109]
[ 60.477640][ T109] dump_stack_lvl+0x1e7/0x2e0
[ 60.482303][ T109] ? __pfx_dump_stack_lvl+0x10/0x10
[ 60.487483][ T109] ? __pfx__printk+0x10/0x10
[ 60.492058][ T109] ? vscnprintf+0x5d/0x90
[ 60.496367][ T109] panic+0x349/0x860
[ 60.500242][ T109] ? check_panic_on_warn+0x21/0xb0
[ 60.505340][ T109] ? __pfx_panic+0x10/0x10
[ 60.509739][ T109] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 60.515703][ T109] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 60.522006][ T109] ? print_report+0x4ff/0x540
[ 60.526667][ T109] check_panic_on_warn+0x86/0xb0
[ 60.531586][ T109] ? txEnd+0x354/0x560
[ 60.535635][ T109] end_report+0x6e/0x140
[ 60.539856][ T109] kasan_report+0x153/0x180
[ 60.544338][ T109] ? txEnd+0x354/0x560
[ 60.548390][ T109] kasan_check_range+0x282/0x290
[ 60.553308][ T109] txEnd+0x354/0x560
[ 60.557202][ T109] jfs_lazycommit+0x619/0xb70
[ 60.561870][ T109] ? _raw_spin_unlock_irqrestore+0x8f/0x140
[ 60.567837][ T109] ? lockdep_hardirqs_on+0x98/0x140
[ 60.573024][ T109] ? __pfx_jfs_lazycommit+0x10/0x10
[ 60.578205][ T109] ? __pfx_default_wake_function+0x10/0x10
[ 60.584001][ T109] ? __kthread_parkme+0x168/0x1d0
[ 60.589017][ T109] ? __pfx_jfs_lazycommit+0x10/0x10
[ 60.594201][ T109] kthread+0x2ef/0x390
[ 60.598253][ T109] ? __pfx_jfs_lazycommit+0x10/0x10
[ 60.603431][ T109] ? __pfx_kthread+0x10/0x10
[ 60.608013][ T109] ret_from_fork+0x4b/0x80
[ 60.612414][ T109] ? __pfx_kthread+0x10/0x10
[ 60.616990][ T109] ret_from_fork_asm+0x1b/0x30
[ 60.621746][ T109]
[ 60.624933][ T109] Kernel Offset: disabled
[ 60.629238][ T109] Rebooting in 86400 seconds..