Warning: Permanently added '10.128.0.99' (ED25519) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   65.855561][ T6070] ==================================================================
[   65.863765][ T6070] BUG: KASAN: slab-use-after-free in __lock_acquire+0x78/0x2100
[   65.871411][ T6070] Read of size 8 at addr ffff888034718978 by task syz-executor352/6070
[   65.879667][ T6070] 
[   65.881996][ T6070] CPU: 0 UID: 0 PID: 6070 Comm: syz-executor352 Not tainted 6.13.0-rc1-next-20241205-syzkaller #0
[   65.892652][ T6070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   65.902705][ T6070] Call Trace:
[   65.905979][ T6070]  <TASK>
[   65.908900][ T6070]  dump_stack_lvl+0x241/0x360
[   65.913584][ T6070]  ? __pfx_dump_stack_lvl+0x10/0x10
[   65.918804][ T6070]  ? __pfx__printk+0x10/0x10
[   65.923496][ T6070]  ? _printk+0xd5/0x120
[   65.927663][ T6070]  ? __virt_addr_valid+0x183/0x530
[   65.932769][ T6070]  ? __virt_addr_valid+0x183/0x530
[   65.937873][ T6070]  print_report+0x169/0x550
[   65.942376][ T6070]  ? __virt_addr_valid+0x183/0x530
[   65.947483][ T6070]  ? __virt_addr_valid+0x183/0x530
[   65.952589][ T6070]  ? __virt_addr_valid+0x45f/0x530
[   65.957702][ T6070]  ? __phys_addr+0xba/0x170
[   65.962198][ T6070]  ? __lock_acquire+0x78/0x2100
[   65.967045][ T6070]  kasan_report+0x143/0x180
[   65.971804][ T6070]  ? __lock_acquire+0x78/0x2100
[   65.976652][ T6070]  __lock_acquire+0x78/0x2100
[   65.981328][ T6070]  ? __pfx___schedule+0x10/0x10
[   65.986185][ T6070]  ? irqentry_exit+0x63/0x90
[   65.990767][ T6070]  ? lockdep_hardirqs_on+0x99/0x150
[   65.995956][ T6070]  lock_acquire+0x1ed/0x550
[   66.000457][ T6070]  ? move_pages_pte+0x8aa/0x3400
[   66.005413][ T6070]  ? __pfx_lock_acquire+0x10/0x10
[   66.010427][ T6070]  ? preempt_schedule_common+0x84/0xd0
[   66.015884][ T6070]  ? preempt_schedule+0xe1/0xf0
[   66.020727][ T6070]  ? __pfx_preempt_schedule+0x10/0x10
[   66.026176][ T6070]  ? do_raw_spin_lock+0x14f/0x370
[   66.031215][ T6070]  ? preempt_schedule_thunk+0x1a/0x30
[   66.036590][ T6070]  _raw_spin_lock+0x2e/0x40
[   66.041115][ T6070]  ? move_pages_pte+0x8aa/0x3400
[   66.046054][ T6070]  move_pages_pte+0x8aa/0x3400
[   66.050811][ T6070]  ? __lock_acquire+0x1397/0x2100
[   66.055830][ T6070]  ? move_pages_pte+0x2ee/0x3400
[   66.060764][ T6070]  ? __pfx_move_pages_pte+0x10/0x10
[   66.065977][ T6070]  ? __lock_acquire+0x1397/0x2100
[   66.071004][ T6070]  ? __pfx_lock_acquire+0x10/0x10
[   66.076023][ T6070]  ? __pte_alloc+0x1c0/0x3c0
[   66.080608][ T6070]  ? __pfx_lock_release+0x10/0x10
[   66.085632][ T6070]  ? __pfx___pte_alloc+0x10/0x10
[   66.090567][ T6070]  ? do_raw_spin_unlock+0x13c/0x8b0
[   66.095763][ T6070]  move_pages+0xe75/0x16a0
[   66.100177][ T6070]  ? __pfx_move_pages+0x10/0x10
[   66.105021][ T6070]  ? __might_fault+0xc6/0x120
[   66.109694][ T6070]  userfaultfd_ioctl+0x5221/0x6840
[   66.114808][ T6070]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[   66.120262][ T6070]  ? stack_trace_save+0x118/0x1d0
[   66.125288][ T6070]  ? __pfx_stack_trace_save+0x10/0x10
[   66.130653][ T6070]  ? stack_depot_save_flags+0x37/0x940
[   66.136122][ T6070]  ? kasan_save_track+0x51/0x80
[   66.140965][ T6070]  ? kasan_save_track+0x3f/0x80
[   66.145804][ T6070]  ? kasan_save_free_info+0x40/0x50
[   66.151001][ T6070]  ? __kasan_slab_free+0x59/0x70
[   66.155929][ T6070]  ? kfree+0x196/0x430
[   66.160001][ T6070]  ? tomoyo_path_number_perm+0x679/0x860
[   66.165632][ T6070]  ? security_file_ioctl+0xc6/0x2a0
[   66.170822][ T6070]  ? __se_sys_ioctl+0x46/0x170
[   66.175575][ T6070]  ? do_syscall_64+0xf3/0x230
[   66.180245][ T6070]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   66.186307][ T6070]  ? do_vfs_ioctl+0xf07/0x2e40
[   66.191075][ T6070]  ? __pfx_do_vfs_ioctl+0x10/0x10
[   66.196091][ T6070]  ? mark_lock+0x9a/0x360
[   66.200422][ T6070]  ? tomoyo_path_number_perm+0x206/0x860
[   66.206047][ T6070]  ? __pfx_lock_release+0x10/0x10
[   66.211066][ T6070]  ? tomoyo_path_number_perm+0x679/0x860
[   66.216695][ T6070]  ? tomoyo_path_number_perm+0x679/0x860
[   66.222322][ T6070]  ? tomoyo_path_number_perm+0x6f9/0x860
[   66.227948][ T6070]  ? __lock_acquire+0x1397/0x2100
[   66.232982][ T6070]  ? tomoyo_path_number_perm+0x206/0x860
[   66.238609][ T6070]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[   66.244595][ T6070]  ? __fget_files+0x2a/0x410
[   66.249179][ T6070]  ? __fget_files+0x2a/0x410
[   66.253763][ T6070]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[   66.259215][ T6070]  __se_sys_ioctl+0xf5/0x170
[   66.263799][ T6070]  do_syscall_64+0xf3/0x230
[   66.268297][ T6070]  ? clear_bhb_loop+0x35/0x90
[   66.272972][ T6070]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   66.278861][ T6070] RIP: 0033:0x7fed8de85af9
[   66.283285][ T6070] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   66.302887][ T6070] RSP: 002b:00007fed8de40238 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   66.311389][ T6070] RAX: ffffffffffffffda RBX: 00007fed8df10328 RCX: 00007fed8de85af9
[   66.319375][ T6070] RDX: 0000000020000080 RSI: 00000000c028aa05 RDI: 0000000000000003
[   66.327349][ T6070] RBP: 00007fed8df10320 R08: 00007fed8de406c0 R09: 00007fed8de406c0
[   66.335315][ T6070] R10: 00007fed8de406c0 R11: 0000000000000246 R12: 00007fed8dedd334
[   66.343278][ T6070] R13: 0000000000000010 R14: 00007ffc241241e0 R15: 00007ffc241242c8
[   66.351251][ T6070]  </TASK>
[   66.354259][ T6070] 
[   66.356578][ T6070] Allocated by task 6070:
[   66.360891][ T6070]  kasan_save_track+0x3f/0x80
[   66.365563][ T6070]  __kasan_slab_alloc+0x66/0x80
[   66.370402][ T6070]  kmem_cache_alloc_noprof+0x1d9/0x380
[   66.375850][ T6070]  ptlock_alloc+0x20/0x70
[   66.380182][ T6070]  pte_alloc_one+0xd3/0x510
[   66.384675][ T6070]  do_huge_pmd_anonymous_page+0x2fb/0xb30
[   66.390478][ T6070]  handle_mm_fault+0x15a7/0x1bb0
[   66.395412][ T6070]  exc_page_fault+0x459/0x8b0
[   66.400077][ T6070]  asm_exc_page_fault+0x26/0x30
[   66.404918][ T6070] 
[   66.407246][ T6070] Freed by task 6071:
[   66.411228][ T6070]  kasan_save_track+0x3f/0x80
[   66.415919][ T6070]  kasan_save_free_info+0x40/0x50
[   66.420949][ T6070]  __kasan_slab_free+0x59/0x70
[   66.425704][ T6070]  kmem_cache_free+0x195/0x410
[   66.430461][ T6070]  ___pte_free_tlb+0x2b/0x140
[   66.435224][ T6070]  free_pte+0x142/0x190
[   66.439404][ T6070]  unmap_page_range+0x4062/0x48d0
[   66.444428][ T6070]  zap_page_range_single+0x45c/0x630
[   66.449708][ T6070]  do_madvise+0x2774/0x4d90
[   66.454206][ T6070]  __x64_sys_madvise+0xa6/0xc0
[   66.458962][ T6070]  do_syscall_64+0xf3/0x230
[   66.463459][ T6070]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   66.469346][ T6070] 
[   66.471663][ T6070] The buggy address belongs to the object at ffff888034718960
[   66.471663][ T6070]  which belongs to the cache page->ptl of size 64
[   66.485532][ T6070] The buggy address is located 24 bytes inside of
[   66.485532][ T6070]  freed 64-byte region [ffff888034718960, ffff8880347189a0)
[   66.499145][ T6070] 
[   66.501473][ T6070] The buggy address belongs to the physical page:
[   66.507890][ T6070] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x34718
[   66.516646][ T6070] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   66.523747][ T6070] page_type: f5(slab)
[   66.527720][ T6070] raw: 00fff00000000000 ffff88801ac4f780 dead000000000122 0000000000000000
[   66.536383][ T6070] raw: 0000000000000000 00000000802a002a 00000000f5000000 0000000000000000
[   66.544949][ T6070] page dumped because: kasan: bad access detected
[   66.551384][ T6070] page_owner tracks the page as allocated
[   66.557087][ T6070] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5823, tgid 5823 (syz-executor352), ts 65548803787, free_ts 65433386693
[   66.576615][ T6070]  post_alloc_hook+0x1f4/0x240
[   66.581382][ T6070]  get_page_from_freelist+0x365c/0x37a0
[   66.587009][ T6070]  __alloc_frozen_pages_noprof+0x292/0x710
[   66.592807][ T6070]  alloc_pages_mpol+0x30e/0x550
[   66.597656][ T6070]  allocate_slab+0x8f/0x3a0
[   66.602149][ T6070]  ___slab_alloc+0xc27/0x14a0
[   66.606822][ T6070]  __slab_alloc+0x58/0xa0
[   66.611152][ T6070]  kmem_cache_alloc_noprof+0x268/0x380
[   66.616614][ T6070]  __pmd_alloc+0x10b/0x670
[   66.621069][ T6070]  copy_pmd_range+0x7352/0x77a0
[   66.626082][ T6070]  copy_page_range+0x99f/0xe90
[   66.630847][ T6070]  copy_mm+0x12d2/0x2060
[   66.635096][ T6070]  copy_process+0x1845/0x3d80
[   66.639770][ T6070]  kernel_clone+0x226/0x8e0
[   66.644267][ T6070]  __x64_sys_clone+0x258/0x2a0
[   66.649019][ T6070]  do_syscall_64+0xf3/0x230
[   66.653521][ T6070] page last free pid 6052 tgid 6051 stack trace:
[   66.659835][ T6070]  free_frozen_pages+0xe0d/0x10e0
[   66.664885][ T6070]  __folio_put+0x2b3/0x360
[   66.669391][ T6070]  tlb_remove_table_rcu+0x76/0xf0
[   66.674405][ T6070]  rcu_core+0xaaa/0x17a0
[   66.678657][ T6070]  handle_softirqs+0x2d4/0x9b0
[   66.683441][ T6070]  __irq_exit_rcu+0xf7/0x220
[   66.688046][ T6070]  irq_exit_rcu+0x9/0x30
[   66.692301][ T6070]  sysvec_apic_timer_interrupt+0xa6/0xc0
[   66.697938][ T6070]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   66.703914][ T6070] 
[   66.706229][ T6070] Memory state around the buggy address:
[   66.711841][ T6070]  ffff888034718800: 00 00 00 00 fc fc fc fc 00 00 00 00 00 00 00 00
[   66.719892][ T6070]  ffff888034718880: fc fc fc fc 00 00 00 00 00 00 00 00 fc fc fc fc
[   66.727945][ T6070] >ffff888034718900: 00 00 00 00 00 00 00 00 fc fc fc fc fa fb fb fb
[   66.735990][ T6070]                                                                 ^
[   66.744044][ T6070]  ffff888034718980: fb fb fb fb fc fc fc fc fa fb fb fb fb fb fb fb
[   66.752116][ T6070]  ffff888034718a00: fc fc fc fc 00 00 00 00 00 00 00 00 fc fc fc fc
[   66.760212][ T6070] ==================================================================
[   66.768367][ T6070] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   66.775640][ T6070] CPU: 0 UID: 0 PID: 6070 Comm: syz-executor352 Not tainted 6.13.0-rc1-next-20241205-syzkaller #0
[   66.786307][ T6070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   66.796352][ T6070] Call Trace:
[   66.799629][ T6070]  <TASK>
[   66.802550][ T6070]  dump_stack_lvl+0x241/0x360
[   66.807241][ T6070]  ? __pfx_dump_stack_lvl+0x10/0x10
[   66.812434][ T6070]  ? __pfx__printk+0x10/0x10
[   66.817019][ T6070]  ? rcu_is_watching+0x15/0xb0
[   66.821817][ T6070]  ? lock_release+0xbf/0xa30
[   66.826488][ T6070]  ? vscnprintf+0x5d/0x90
[   66.830810][ T6070]  panic+0x349/0x880
[   66.834702][ T6070]  ? check_panic_on_warn+0x21/0xb0
[   66.839806][ T6070]  ? __pfx_panic+0x10/0x10
[   66.844223][ T6070]  ? do_raw_spin_unlock+0x13c/0x8b0
[   66.849443][ T6070]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   66.855330][ T6070]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   66.861648][ T6070]  ? print_report+0x502/0x550
[   66.866499][ T6070]  check_panic_on_warn+0x86/0xb0
[   66.871435][ T6070]  ? __lock_acquire+0x78/0x2100
[   66.876282][ T6070]  end_report+0x77/0x160
[   66.880633][ T6070]  kasan_report+0x154/0x180
[   66.885595][ T6070]  ? __lock_acquire+0x78/0x2100
[   66.890476][ T6070]  __lock_acquire+0x78/0x2100
[   66.895176][ T6070]  ? __pfx___schedule+0x10/0x10
[   66.900027][ T6070]  ? irqentry_exit+0x63/0x90
[   66.904610][ T6070]  ? lockdep_hardirqs_on+0x99/0x150
[   66.909800][ T6070]  lock_acquire+0x1ed/0x550
[   66.914310][ T6070]  ? move_pages_pte+0x8aa/0x3400
[   66.919253][ T6070]  ? __pfx_lock_acquire+0x10/0x10
[   66.924269][ T6070]  ? preempt_schedule_common+0x84/0xd0
[   66.929724][ T6070]  ? preempt_schedule+0xe1/0xf0
[   66.934567][ T6070]  ? __pfx_preempt_schedule+0x10/0x10
[   66.939929][ T6070]  ? do_raw_spin_lock+0x14f/0x370
[   66.944953][ T6070]  ? preempt_schedule_thunk+0x1a/0x30
[   66.950322][ T6070]  _raw_spin_lock+0x2e/0x40
[   66.954818][ T6070]  ? move_pages_pte+0x8aa/0x3400
[   66.959749][ T6070]  move_pages_pte+0x8aa/0x3400
[   66.964503][ T6070]  ? __lock_acquire+0x1397/0x2100
[   66.969520][ T6070]  ? move_pages_pte+0x2ee/0x3400
[   66.974454][ T6070]  ? __pfx_move_pages_pte+0x10/0x10
[   66.979647][ T6070]  ? __lock_acquire+0x1397/0x2100
[   66.984673][ T6070]  ? __pfx_lock_acquire+0x10/0x10
[   66.989691][ T6070]  ? __pte_alloc+0x1c0/0x3c0
[   66.994273][ T6070]  ? __pfx_lock_release+0x10/0x10
[   66.999297][ T6070]  ? __pfx___pte_alloc+0x10/0x10
[   67.004230][ T6070]  ? do_raw_spin_unlock+0x13c/0x8b0
[   67.009433][ T6070]  move_pages+0xe75/0x16a0
[   67.013850][ T6070]  ? __pfx_move_pages+0x10/0x10
[   67.018698][ T6070]  ? __might_fault+0xc6/0x120
[   67.023372][ T6070]  userfaultfd_ioctl+0x5221/0x6840
[   67.028488][ T6070]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[   67.033945][ T6070]  ? stack_trace_save+0x118/0x1d0
[   67.038969][ T6070]  ? __pfx_stack_trace_save+0x10/0x10
[   67.044426][ T6070]  ? stack_depot_save_flags+0x37/0x940
[   67.049969][ T6070]  ? kasan_save_track+0x51/0x80
[   67.054813][ T6070]  ? kasan_save_track+0x3f/0x80
[   67.059651][ T6070]  ? kasan_save_free_info+0x40/0x50
[   67.064842][ T6070]  ? __kasan_slab_free+0x59/0x70
[   67.069767][ T6070]  ? kfree+0x196/0x430
[   67.073840][ T6070]  ? tomoyo_path_number_perm+0x679/0x860
[   67.079464][ T6070]  ? security_file_ioctl+0xc6/0x2a0
[   67.084658][ T6070]  ? __se_sys_ioctl+0x46/0x170
[   67.089412][ T6070]  ? do_syscall_64+0xf3/0x230
[   67.094086][ T6070]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   67.100154][ T6070]  ? do_vfs_ioctl+0xf07/0x2e40
[   67.104912][ T6070]  ? __pfx_do_vfs_ioctl+0x10/0x10
[   67.109932][ T6070]  ? mark_lock+0x9a/0x360
[   67.114260][ T6070]  ? tomoyo_path_number_perm+0x206/0x860
[   67.119895][ T6070]  ? __pfx_lock_release+0x10/0x10
[   67.124913][ T6070]  ? tomoyo_path_number_perm+0x679/0x860
[   67.130802][ T6070]  ? tomoyo_path_number_perm+0x679/0x860
[   67.136433][ T6070]  ? tomoyo_path_number_perm+0x6f9/0x860
[   67.142062][ T6070]  ? __lock_acquire+0x1397/0x2100
[   67.147082][ T6070]  ? tomoyo_path_number_perm+0x206/0x860
[   67.152709][ T6070]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[   67.158691][ T6070]  ? __fget_files+0x2a/0x410
[   67.163278][ T6070]  ? __fget_files+0x2a/0x410
[   67.167863][ T6070]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[   67.173323][ T6070]  __se_sys_ioctl+0xf5/0x170
[   67.177930][ T6070]  do_syscall_64+0xf3/0x230
[   67.182452][ T6070]  ? clear_bhb_loop+0x35/0x90
[   67.187136][ T6070]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   67.193058][ T6070] RIP: 0033:0x7fed8de85af9
[   67.197481][ T6070] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   67.217093][ T6070] RSP: 002b:00007fed8de40238 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   67.225511][ T6070] RAX: ffffffffffffffda RBX: 00007fed8df10328 RCX: 00007fed8de85af9
[   67.233478][ T6070] RDX: 0000000020000080 RSI: 00000000c028aa05 RDI: 0000000000000003
[   67.241440][ T6070] RBP: 00007fed8df10320 R08: 00007fed8de406c0 R09: 00007fed8de406c0
[   67.249404][ T6070] R10: 00007fed8de406c0 R11: 0000000000000246 R12: 00007fed8dedd334
[   67.257403][ T6070] R13: 0000000000000010 R14: 00007ffc241241e0 R15: 00007ffc241242c8
[   67.265392][ T6070]  </TASK>
[   67.268677][ T6070] Kernel Offset: disabled
[   67.273089][ T6070] Rebooting in 86400 seconds..