Warning: Permanently added '10.128.0.243' (ECDSA) to the list of known hosts. [ 27.141266][ T3037] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 27.143372][ T3039] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 27.145636][ T3039] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 27.147830][ T3039] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 27.149926][ T3039] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 27.151743][ T3039] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 executing program [ 27.172069][ T3036] loop0: detected capacity change from 0 to 2048 [ 27.178548][ T3042] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 27.344923][ T3036] ------------[ cut here ]------------ [ 27.346247][ T3036] refcount_t: underflow; use-after-free. [ 27.347949][ T3036] WARNING: CPU: 0 PID: 3036 at lib/refcount.c:87 refcount_dec_and_lock+0x180/0x1ec [ 27.350212][ T3036] Modules linked in: [ 27.351109][ T3036] CPU: 0 PID: 3036 Comm: syz-executor766 Not tainted 6.0.0-rc7-syzkaller-18095-gbbed346d5a96 #0 [ 27.353606][ T3036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 27.356083][ T3036] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 27.357956][ T3036] pc : refcount_dec_and_lock+0x180/0x1ec [ 27.359293][ T3036] lr : refcount_dec_and_lock+0x17c/0x1ec [ 27.360653][ T3036] sp : ffff800012943a30 [ 27.361608][ T3036] x29: ffff800012943a30 x28: ffff80000cc15042 x27: ffff0000cd14ae40 [ 27.363498][ T3036] x26: 0000000000000002 x25: 00000000ffffffff x24: 0000000000000000 [ 27.365380][ T3036] x23: 00000000c0000000 x22: 0000000000000000 x21: ffff80000d5eb4a0 [ 27.367297][ T3036] x20: ffff0000cd04eb20 x19: ffff80000d8c8000 x18: 00000000000000c0 [ 27.369179][ T3036] x17: ffff80000dd0b198 x16: ffff80000db49158 x15: ffff0000c8f40000 [ 27.371054][ T3036] x14: 0000000000000000 x13: 00000000ffffffff x12: ffff0000c8f40000 [ 27.372995][ T3036] x11: ff808000081c0d5c x10: 0000000000000000 x9 : 56364be0dd534500 [ 27.374973][ T3036] x8 : 56364be0dd534500 x7 : ffff80000819545c x6 : 0000000000000000 [ 27.376919][ T3036] x5 : 0000000000000080 x4 : 0000000000000001 x3 : 0000000000000000 [ 27.378785][ T3036] x2 : 0000000000000000 x1 : 0000000100000000 x0 : 0000000000000000 [ 27.380739][ T3036] Call trace: [ 27.381531][ T3036] refcount_dec_and_lock+0x180/0x1ec [ 27.382853][ T3036] nilfs_put_root+0x30/0x80 [ 27.384026][ T3036] nilfs_detach_log_writer+0x3b8/0x4d0 [ 27.385333][ T3036] nilfs_put_super+0x28/0x9c [ 27.386406][ T3036] generic_shutdown_super+0x8c/0x190 [ 27.387683][ T3036] kill_block_super+0x30/0x78 [ 27.388741][ T3036] deactivate_locked_super+0x70/0xe8 [ 27.390028][ T3036] deactivate_super+0xd0/0xd4 [ 27.391170][ T3036] cleanup_mnt+0x1f8/0x234 [ 27.392223][ T3036] __cleanup_mnt+0x20/0x30 [ 27.393219][ T3036] task_work_run+0xc4/0x14c [ 27.394270][ T3036] do_exit+0x26c/0xbe0 [ 27.395257][ T3036] do_group_exit+0x60/0xe8 [ 27.396269][ T3036] __wake_up_parent+0x0/0x40 [ 27.397385][ T3036] el0_svc_common+0x138/0x220 [ 27.398490][ T3036] do_el0_svc+0x48/0x164 [ 27.399498][ T3036] el0_svc+0x58/0x150 [ 27.400395][ T3036] el0t_64_sync_handler+0x84/0xf0 [ 27.401610][ T3036] el0t_64_sync+0x18c/0x190 [ 27.402658][ T3036] irq event stamp: 10710 [ 27.403650][ T3036] hardirqs last enabled at (10709): [] __up_console_sem+0xb0/0xfc [ 27.405889][ T3036] hardirqs last disabled at (10710): [] el1_dbg+0x24/0x5c [ 27.407885][ T3036] softirqs last enabled at (8060): [] _stext+0x2e4/0x37c [ 27.409919][ T3036] softirqs last disabled at (7977): [] ____do_softirq+0x14/0x20 [ 27.412160][ T3036] ---[ end trace 0000000000000000 ]---