Warning: Permanently added '10.128.0.8' (ED25519) to the list of known hosts.
[ 52.567108][ T3541] cgroup: Unknown subsys name 'net'
[ 52.674146][ T3541] cgroup: Unknown subsys name 'rlimit'
[ 52.841959][ T3565] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 52.842193][ T3566] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 52.849662][ T3565] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 52.857265][ T3566] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 52.863987][ T3565] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 52.879104][ T3565] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 52.879157][ T3566] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 52.886364][ T3565] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 52.893536][ T3566] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 52.900477][ T3565] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 52.908184][ T3566] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 52.914355][ T3565] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 52.921173][ T3566] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 52.927892][ T3565] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 52.935498][ T3566] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 52.950929][ T3565] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 52.951207][ T3566] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 52.957950][ T3565] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 52.965249][ T3566] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 52.973847][ T3565] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 52.980022][ T3566] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 52.985880][ T3565] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[ 52.993065][ T3566] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 53.000390][ T3565] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[ 53.007233][ T3566] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 53.014222][ T3565] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[ 53.021249][ T3566] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 53.028169][ T3565] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[ 53.042757][ T3565] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 53.047870][ T3563] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
executing program
executing program
executing program
executing program
executing program
[ 54.093113][ T3577] loop2: detected capacity change from 0 to 32768
[ 54.099821][ T3572] loop0: detected capacity change from 0 to 32768
[ 54.104589][ T3579] loop3: detected capacity change from 0 to 32768
[ 54.121448][ T3576] loop4: detected capacity change from 0 to 32768
[ 54.122872][ T3578] loop1: detected capacity change from 0 to 32768
[ 54.139503][ T3577]
[ 54.139503][ T3577] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 54.139503][ T3577]
[ 54.155098][ T3572]
[ 54.155098][ T3572] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 54.155098][ T3572]
[ 54.175095][ T3579]
[ 54.175095][ T3579] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 54.175095][ T3579]
[ 54.175624][ T3576]
[ 54.175624][ T3576] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 54.175624][ T3576]
[ 54.209552][ T102]
[ 54.209552][ T102] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 54.209552][ T102]
[ 54.222051][ T3578]
[ 54.222051][ T3578] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 54.222051][ T3578]
[ 54.226503][ T9]
[ 54.226503][ T9] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 54.226503][ T9]
[ 54.239102][ T102]
[ 54.239102][ T102] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 54.239102][ T102]
[ 54.253896][ T9]
[ 54.253896][ T9] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 54.253896][ T9]
[ 54.265479][ T11]
[ 54.265479][ T11] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 54.265479][ T11]
[ 54.274106][ T102]
[ 54.274106][ T102] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 54.274106][ T102]
[ 54.286728][ T3548]
[ 54.286728][ T3548] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 54.286728][ T3548]
[ 54.306619][ T11]
[ 54.306619][ T11] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 54.306619][ T11]
[ 54.306804][ T3580]
[ 54.306804][ T3580] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 54.306804][ T3580]
[ 54.318821][ T133]
[ 54.318821][ T133] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 54.318821][ T133]
[ 54.339255][ T102]
[ 54.339255][ T102] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 54.339255][ T102]
[ 54.360169][ T3553]
[ 54.360169][ T3553] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 54.360169][ T3553]
[ 54.360457][ T3580]
[ 54.360457][ T3580] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 54.360457][ T3580]
[ 54.375040][ T3553]
[ 54.375040][ T3553] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 54.375040][ T3553]
[ 54.381474][ T3552]
[ 54.381474][ T3552] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 54.381474][ T3552]
[ 54.381497][ T3552]
[ 54.381497][ T3552] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 54.381497][ T3552]
[ 54.382680][ T132]
[ 54.382680][ T132] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 54.382680][ T132]
[ 54.393160][ T3548]
[ 54.393160][ T3548] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 54.393160][ T3548]
[ 54.435631][ T3551]
[ 54.435631][ T3551] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 54.435631][ T3551]
[ 54.440596][ T3550]
[ 54.440596][ T3550] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 54.440596][ T3550]
[ 54.459054][ T3551]
[ 54.459054][ T3551] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 54.459054][ T3551]
[ 54.470178][ T132]
[ 54.470178][ T132] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 54.470178][ T132]
[ 54.485784][ T3550]
[ 54.485784][ T3550] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 54.485784][ T3550]
[ 54.496387][ T133]
[ 54.496387][ T133] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 54.496387][ T133]
[ 54.512456][ T132]
[ 54.512456][ T132] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 54.512456][ T132]
[ 54.524489][ T133] ==================================================================
[ 54.532572][ T133] BUG: KASAN: use-after-free in lmLogSync+0xa2f/0xad0
[ 54.539381][ T133] Write of size 4 at addr ffff88807a662220 by task jfsCommit/133
[ 54.547105][ T133]
[ 54.549446][ T133] CPU: 0 PID: 133 Comm: jfsCommit Not tainted 6.1.90-syzkaller #0
[ 54.557343][ T133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 54.567668][ T133] Call Trace:
[ 54.571191][ T133]
[ 54.574133][ T133] dump_stack_lvl+0x1e3/0x2cb
[ 54.578847][ T133] ? nf_tcp_handle_invalid+0x642/0x642
[ 54.584418][ T133] ? panic+0x764/0x764
[ 54.588498][ T133] ? _printk+0xd1/0x111
[ 54.592660][ T133] ? __virt_addr_valid+0x17f/0x520
[ 54.597781][ T133] ? __virt_addr_valid+0x17f/0x520
[ 54.602902][ T133] print_report+0x15f/0x4f0
[ 54.607412][ T133] ? __virt_addr_valid+0x17f/0x520
[ 54.612532][ T133] ? __virt_addr_valid+0x17f/0x520
[ 54.617648][ T133] ? __virt_addr_valid+0x44a/0x520
[ 54.622770][ T133] ? __phys_addr+0xb6/0x170
[ 54.627277][ T133] ? lmLogSync+0xa2f/0xad0
[ 54.631708][ T133] kasan_report+0x136/0x160
[ 54.636229][ T133] ? lmLogSync+0xa2f/0xad0
[ 54.640666][ T133] lmLogSync+0xa2f/0xad0
[ 54.644923][ T133] ? lmWriteRecord+0x12e0/0x12e0
[ 54.649875][ T133] ? do_raw_spin_unlock+0x137/0x8a0
[ 54.655090][ T133] jfs_syncpt+0x79/0x90
[ 54.659268][ T133] txEnd+0x30b/0x560
[ 54.663224][ T133] jfs_lazycommit+0x610/0xb60
[ 54.667903][ T133] ? _raw_spin_unlock_irqrestore+0x8b/0x130
[ 54.673891][ T133] ? lockdep_hardirqs_on+0x94/0x130
[ 54.679101][ T133] ? txFreelock+0x580/0x580
[ 54.683610][ T133] ? do_task_dead+0xd0/0xd0
[ 54.688127][ T133] ? _raw_spin_unlock+0x40/0x40
executing program
[ 54.692996][ T133] ? __kthread_parkme+0x168/0x1c0
[ 54.698042][ T133] kthread+0x28d/0x320
[ 54.702128][ T133] ? txFreelock+0x580/0x580
[ 54.706646][ T133] ? kthread_blkcg+0xd0/0xd0
[ 54.711246][ T133] ret_from_fork+0x1f/0x30
[ 54.715693][ T133]
[ 54.718710][ T133]
[ 54.721039][ T133] Allocated by task 3576:
[ 54.725452][ T133] kasan_set_track+0x4b/0x70
[ 54.730057][ T133] __kasan_kmalloc+0x97/0xb0
[ 54.734661][ T133] lmLogOpen+0x314/0x1030
[ 54.739002][ T133] jfs_mount_rw+0xe3/0x640
[ 54.743606][ T133] jfs_fill_super+0x67d/0xc40
[ 54.748293][ T133] mount_bdev+0x2c9/0x3f0
[ 54.752639][ T133] legacy_get_tree+0xeb/0x180
[ 54.757336][ T133] vfs_get_tree+0x88/0x270
[ 54.761773][ T133] do_new_mount+0x2ba/0xb40
[ 54.766290][ T133] __se_sys_mount+0x2d5/0x3c0
[ 54.770989][ T133] do_syscall_64+0x3b/0xb0
[ 54.775417][ T133] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 54.781316][ T133]
[ 54.783643][ T133] Freed by task 3551:
[ 54.787624][ T133] kasan_set_track+0x4b/0x70
[ 54.792228][ T133] kasan_save_free_info+0x27/0x40
[ 54.797356][ T133] ____kasan_slab_free+0xd6/0x120
[ 54.802393][ T133] __kmem_cache_free+0x25c/0x3c0
[ 54.807353][ T133] lmLogClose+0x29d/0x530
[ 54.811708][ T133] jfs_umount+0x298/0x370
[ 54.816046][ T133] jfs_put_super+0x86/0x180
[ 54.820546][ T133] generic_shutdown_super+0x130/0x340
[ 54.825927][ T133] kill_block_super+0x7a/0xe0
[ 54.830602][ T133] deactivate_locked_super+0xa0/0x110
[ 54.835968][ T133] cleanup_mnt+0x490/0x520
[ 54.840379][ T133] task_work_run+0x246/0x300
[ 54.844965][ T133] exit_to_user_mode_loop+0xde/0x100
[ 54.850233][ T133] exit_to_user_mode_prepare+0xb1/0x140
[ 54.855770][ T133] syscall_exit_to_user_mode+0x60/0x270
[ 54.861300][ T133] do_syscall_64+0x47/0xb0
[ 54.865704][ T133] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 54.871585][ T133]
[ 54.873893][ T133] The buggy address belongs to the object at ffff88807a662000
[ 54.873893][ T133] which belongs to the cache kmalloc-1k of size 1024
[ 54.888017][ T133] The buggy address is located 544 bytes inside of
[ 54.888017][ T133] 1024-byte region [ffff88807a662000, ffff88807a662400)
[ 54.901361][ T133]
[ 54.903677][ T133] The buggy address belongs to the physical page:
[ 54.910069][ T133] page:ffffea0001e99800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7a660
[ 54.920203][ T133] head:ffffea0001e99800 order:3 compound_mapcount:0 compound_pincount:0
[ 54.928946][ T133] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 54.937017][ T133] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888012441dc0
[ 54.945605][ T133] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[ 54.954172][ T133] page dumped because: kasan: bad access detected
[ 54.960566][ T133] page_owner tracks the page as allocated
[ 54.966259][ T133] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 3577, tgid 3573 (syz-executor259), ts 54134279890, free_ts 54098396048
[ 54.989339][ T133] post_alloc_hook+0x18d/0x1b0
[ 54.994091][ T133] get_page_from_freelist+0x31a1/0x3320
[ 54.999624][ T133] __alloc_pages+0x28d/0x770
[ 55.004200][ T133] alloc_slab_page+0x6a/0x150
[ 55.008874][ T133] new_slab+0x84/0x2d0
[ 55.012935][ T133] ___slab_alloc+0xc20/0x1270
[ 55.017602][ T133] __kmem_cache_alloc_node+0x19f/0x260
[ 55.023053][ T133] kmalloc_trace+0x26/0xe0
[ 55.027454][ T133] lmLogOpen+0x314/0x1030
[ 55.031774][ T133] jfs_mount_rw+0xe3/0x640
[ 55.036264][ T133] jfs_fill_super+0x67d/0xc40
[ 55.040925][ T133] mount_bdev+0x2c9/0x3f0
[ 55.045239][ T133] legacy_get_tree+0xeb/0x180
[ 55.049903][ T133] vfs_get_tree+0x88/0x270
[ 55.054304][ T133] do_new_mount+0x2ba/0xb40
[ 55.058793][ T133] __se_sys_mount+0x2d5/0x3c0
[ 55.063458][ T133] page last free stack trace:
[ 55.068111][ T133] free_unref_page_prepare+0xf63/0x1120
[ 55.073638][ T133] free_unref_page+0x33/0x3e0
[ 55.078298][ T133] __unfreeze_partials+0x1b7/0x210
[ 55.083399][ T133] put_cpu_partial+0x17b/0x250
[ 55.088150][ T133] qlist_free_all+0x76/0xe0
[ 55.092640][ T133] kasan_quarantine_reduce+0x156/0x170
[ 55.098082][ T133] __kasan_slab_alloc+0x1f/0x70
[ 55.102915][ T133] slab_post_alloc_hook+0x52/0x3a0
[ 55.108011][ T133] __kmem_cache_alloc_node+0x137/0x260
[ 55.113455][ T133] __kmalloc+0xa1/0x230
[ 55.117598][ T133] tomoyo_realpath_from_path+0xcb/0x5d0
[ 55.123127][ T133] tomoyo_path_number_perm+0x21f/0x7f0
[ 55.128567][ T133] security_file_ioctl+0x6d/0xa0
[ 55.133489][ T133] __se_sys_ioctl+0x47/0x160
[ 55.138066][ T133] do_syscall_64+0x3b/0xb0
[ 55.142471][ T133] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 55.148352][ T133]
[ 55.150663][ T133] Memory state around the buggy address:
[ 55.156274][ T133] ffff88807a662100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 55.164315][ T133] ffff88807a662180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 55.172354][ T133] >ffff88807a662200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 55.180396][ T133] ^
[ 55.185486][ T133] ffff88807a662280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 55.193537][ T133] ffff88807a662300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 55.201576][ T133] ==================================================================
[ 55.210922][ T3562] Bluetooth: hci3: command tx timeout
[ 55.216890][ T3562] Bluetooth: hci2: command tx timeout
[ 55.224177][ T3566] Bluetooth: hci1: command tx timeout
[ 55.230950][ T3568] Bluetooth: hci4: command tx timeout
[ 55.230965][ T3563] Bluetooth: hci0: command tx timeout
executing program
executing program
executing program
executing program
[ 55.931621][ T3583] loop2: detected capacity change from 0 to 32768
[ 55.982162][ T3583]
[ 55.982162][ T3583] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 55.982162][ T3583]
[ 56.051540][ T9]
[ 56.051540][ T9] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 56.051540][ T9]
[ 56.080974][ T9]
[ 56.080974][ T9] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 56.080974][ T9]
[ 56.089687][ T3591] loop3: detected capacity change from 0 to 32768
[ 56.125216][ T132]
[ 56.125216][ T132] ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 56.125216][ T132]
[ 56.125970][ T133] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 56.125982][ T133] CPU: 1 PID: 133 Comm: jfsCommit Not tainted 6.1.90-syzkaller #0
[ 56.125999][ T133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 56.126008][ T133] Call Trace:
[ 56.126013][ T133]
[ 56.126019][ T133] dump_stack_lvl+0x1e3/0x2cb
[ 56.126047][ T133] ? nf_tcp_handle_invalid+0x642/0x642
[ 56.126069][ T133] ? panic+0x764/0x764
[ 56.126084][ T133] ? preempt_schedule_common+0xa6/0xd0
[ 56.126117][ T133] ? vscnprintf+0x59/0x80
[ 56.126135][ T133] panic+0x318/0x764
[ 56.126151][ T133] ? check_panic_on_warn+0x1d/0xa0
[ 56.126169][ T133] ? memcpy_page_flushcache+0xfc/0xfc
[ 56.126187][ T133] ? _raw_spin_unlock_irqrestore+0x128/0x130
[ 56.126207][ T133] ? _raw_spin_unlock+0x40/0x40
[ 56.126223][ T133] ? print_report+0x4a3/0x4f0
[ 56.126241][ T133] check_panic_on_warn+0x7e/0xa0
[ 56.126258][ T133] ? lmLogSync+0xa2f/0xad0
[ 56.126280][ T133] end_report+0x66/0x110
[ 56.126294][ T133] kasan_report+0x143/0x160
[ 56.126312][ T133] ? lmLogSync+0xa2f/0xad0
[ 56.126335][ T133] lmLogSync+0xa2f/0xad0
[ 56.126358][ T133] ? lmWriteRecord+0x12e0/0x12e0
[ 56.126383][ T133] ? do_raw_spin_unlock+0x137/0x8a0
[ 56.126400][ T133] jfs_syncpt+0x79/0x90
[ 56.126421][ T133] txEnd+0x30b/0x560
[ 56.126437][ T133] jfs_lazycommit+0x610/0xb60
[ 56.126451][ T133] ? _raw_spin_unlock_irqrestore+0x8b/0x130
[ 56.126469][ T133] ? lockdep_hardirqs_on+0x94/0x130
[ 56.126488][ T133] ? txFreelock+0x580/0x580
[ 56.126502][ T133] ? do_task_dead+0xd0/0xd0
[ 56.126522][ T133] ? _raw_spin_unlock+0x40/0x40
[ 56.126541][ T133] ? __kthread_parkme+0x168/0x1c0
[ 56.126564][ T133] kthread+0x28d/0x320
[ 56.126577][ T133] ? txFreelock+0x580/0x580
[ 56.126591][ T133] ? kthread_blkcg+0xd0/0xd0
[ 56.126605][ T133] ret_from_fork+0x1f/0x30
[ 56.126629][ T133]
[ 56.136036][ T133] Kernel Offset: disabled
[ 56.324623][ T133] Rebooting in 86400 seconds..