Warning: Permanently added '10.128.0.184' (ED25519) to the list of known hosts.
executing program
[   75.290250][ T5835] loop0: detected capacity change from 0 to 32768
[   75.315630][ T5835] ==================================================================
[   75.323757][ T5835] BUG: KASAN: slab-use-after-free in diWrite+0xde3/0x19b0
[   75.330959][ T5835] Write of size 32 at addr ffff8880336df0c0 by task syz-executor238/5835
[   75.339452][ T5835] 
[   75.341825][ T5835] CPU: 1 UID: 0 PID: 5835 Comm: syz-executor238 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0
[   75.352615][ T5835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   75.362700][ T5835] Call Trace:
[   75.365986][ T5835]  <TASK>
[   75.368931][ T5835]  dump_stack_lvl+0x241/0x360
[   75.373629][ T5835]  ? __pfx_dump_stack_lvl+0x10/0x10
[   75.378843][ T5835]  ? __pfx__printk+0x10/0x10
[   75.383498][ T5835]  ? _printk+0xd5/0x120
[   75.387672][ T5835]  ? __virt_addr_valid+0x183/0x530
[   75.392901][ T5835]  ? __virt_addr_valid+0x183/0x530
[   75.398047][ T5835]  print_report+0x169/0x550
[   75.402569][ T5835]  ? __virt_addr_valid+0x183/0x530
[   75.407689][ T5835]  ? __virt_addr_valid+0x183/0x530
[   75.412821][ T5835]  ? __virt_addr_valid+0x45f/0x530
[   75.417955][ T5835]  ? __phys_addr+0xba/0x170
[   75.422472][ T5835]  ? diWrite+0xde3/0x19b0
[   75.426801][ T5835]  kasan_report+0x143/0x180
[   75.431307][ T5835]  ? diWrite+0xde3/0x19b0
[   75.435721][ T5835]  kasan_check_range+0x282/0x290
[   75.440745][ T5835]  ? diWrite+0xde3/0x19b0
[   75.445074][ T5835]  __asan_memcpy+0x40/0x70
[   75.449519][ T5835]  diWrite+0xde3/0x19b0
[   75.453678][ T5835]  txCommit+0xa1a/0x6b90
[   75.457954][ T5835]  ? txLock+0x2b8/0x1f40
[   75.462197][ T5835]  ? add_index+0x34c/0x1620
[   75.466748][ T5835]  ? __pfx_add_index+0x10/0x10
[   75.471536][ T5835]  ? __pfx_txCommit+0x10/0x10
[   75.476225][ T5835]  ? rcu_is_watching+0x15/0xb0
[   75.481001][ T5835]  ? __mark_inode_dirty+0x3db/0xe90
[   75.486219][ T5835]  add_missing_indices+0x8b3/0xbf0
[   75.491341][ T5835]  ? __pfx_add_missing_indices+0x10/0x10
[   75.496999][ T5835]  ? alloc_pages_noprof+0xef/0x170
[   75.502130][ T5835]  jfs_readdir+0x1fc5/0x3c50
[   75.506745][ T5835]  ? __pfx_jfs_readdir+0x10/0x10
[   75.511691][ T5835]  ? __pfx_lock_acquire+0x10/0x10
[   75.516826][ T5835]  ? down_write+0x18c/0x220
[   75.521331][ T5835]  ? __pfx_down_write+0x10/0x10
[   75.526184][ T5835]  ? __pfx_jfs_readdir+0x10/0x10
[   75.531146][ T5835]  wrap_directory_iterator+0x91/0xd0
[   75.536444][ T5835]  iterate_dir+0x571/0x800
[   75.540870][ T5835]  __se_sys_getdents64+0x1e2/0x4b0
[   75.545988][ T5835]  ? __pfx___se_sys_getdents64+0x10/0x10
[   75.551625][ T5835]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   75.557606][ T5835]  ? __pfx_filldir64+0x10/0x10
[   75.562392][ T5835]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   75.568736][ T5835]  ? exc_page_fault+0x590/0x8c0
[   75.573885][ T5835]  ? do_syscall_64+0xb6/0x230
[   75.578580][ T5835]  do_syscall_64+0xf3/0x230
[   75.583091][ T5835]  ? clear_bhb_loop+0x35/0x90
[   75.587786][ T5835]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.593713][ T5835] RIP: 0033:0x7f211e65be99
[   75.598150][ T5835] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   75.617859][ T5835] RSP: 002b:00007ffefb8cee98 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[   75.626292][ T5835] RAX: ffffffffffffffda RBX: 00007f211e6a5179 RCX: 00007f211e65be99
[   75.634302][ T5835] RDX: 0000000000001000 RSI: 00000000200038c0 RDI: 0000000000000005
[   75.642284][ T5835] RBP: 00007f211e6a5157 R08: 00007f211e6b063c R09: 00007f211e6b063c
[   75.650279][ T5835] R10: 00007f211e6b063c R11: 0000000000000246 R12: 00007f211e6b063c
[   75.658285][ T5835] R13: 00007f211e6a50dc R14: 0000000000000001 R15: 0000000000000001
[   75.666287][ T5835]  </TASK>
[   75.669518][ T5835] 
[   75.671842][ T5835] Allocated by task 5691:
[   75.676179][ T5835]  kasan_save_track+0x3f/0x80
[   75.680913][ T5835]  __kasan_slab_alloc+0x66/0x80
[   75.685794][ T5835]  kmem_cache_alloc_noprof+0x135/0x2a0
[   75.691271][ T5835]  skb_clone+0x20c/0x390
[   75.695534][ T5835]  dev_queue_xmit_nit+0x249/0xca0
[   75.701021][ T5835]  dev_hard_start_xmit+0x15f/0x7e0
[   75.706147][ T5835]  sch_direct_xmit+0x29c/0x5d0
[   75.710916][ T5835]  __dev_queue_xmit+0x1a8f/0x3f50
[   75.715946][ T5835]  ip_finish_output2+0xd41/0x1390
[   75.720976][ T5835]  __ip_queue_xmit+0x12ca/0x1ef0
[   75.725944][ T5835]  __tcp_transmit_skb+0x2582/0x3ba0
[   75.731157][ T5835]  tcp_recvmsg_locked+0x330f/0x3c80
[   75.736467][ T5835]  tcp_recvmsg+0x25d/0x920
[   75.741237][ T5835]  inet_recvmsg+0x150/0x2d0
[   75.745737][ T5835]  sock_recvmsg+0x1ae/0x280
[   75.750246][ T5835]  sock_read_iter+0x2c4/0x3d0
[   75.754934][ T5835]  vfs_read+0x991/0xb70
[   75.759097][ T5835]  ksys_read+0x18f/0x2b0
[   75.763340][ T5835]  do_syscall_64+0xf3/0x230
[   75.767842][ T5835]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.773739][ T5835] 
[   75.776053][ T5835] Freed by task 5691:
[   75.780026][ T5835]  kasan_save_track+0x3f/0x80
[   75.784703][ T5835]  kasan_save_free_info+0x40/0x50
[   75.789751][ T5835]  __kasan_slab_free+0x59/0x70
[   75.794518][ T5835]  kmem_cache_free+0x1a2/0x420
[   75.799302][ T5835]  packet_rcv+0x16f/0x14b0
[   75.803714][ T5835]  dev_queue_xmit_nit+0xb6e/0xca0
[   75.808739][ T5835]  dev_hard_start_xmit+0x15f/0x7e0
[   75.813871][ T5835]  sch_direct_xmit+0x29c/0x5d0
[   75.818634][ T5835]  __dev_queue_xmit+0x1a8f/0x3f50
[   75.823658][ T5835]  ip_finish_output2+0xd41/0x1390
[   75.828684][ T5835]  __ip_queue_xmit+0x12ca/0x1ef0
[   75.833618][ T5835]  __tcp_transmit_skb+0x2582/0x3ba0
[   75.838815][ T5835]  tcp_recvmsg_locked+0x330f/0x3c80
[   75.844031][ T5835]  tcp_recvmsg+0x25d/0x920
[   75.848447][ T5835]  inet_recvmsg+0x150/0x2d0
[   75.852979][ T5835]  sock_recvmsg+0x1ae/0x280
[   75.857481][ T5835]  sock_read_iter+0x2c4/0x3d0
[   75.862162][ T5835]  vfs_read+0x991/0xb70
[   75.866338][ T5835]  ksys_read+0x18f/0x2b0
[   75.870592][ T5835]  do_syscall_64+0xf3/0x230
[   75.875091][ T5835]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.881071][ T5835] 
[   75.883391][ T5835] The buggy address belongs to the object at ffff8880336df000
[   75.883391][ T5835]  which belongs to the cache skbuff_head_cache of size 240
[   75.897964][ T5835] The buggy address is located 192 bytes inside of
[   75.897964][ T5835]  freed 240-byte region [ffff8880336df000, ffff8880336df0f0)
[   75.911766][ T5835] 
[   75.914089][ T5835] The buggy address belongs to the physical page:
[   75.920501][ T5835] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x336df
[   75.929271][ T5835] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   75.936380][ T5835] page_type: f5(slab)
[   75.940361][ T5835] raw: 00fff00000000000 ffff88801dec0780 dead000000000122 0000000000000000
[   75.948943][ T5835] raw: 0000000000000000 00000000000c000c 00000001f5000000 0000000000000000
[   75.957519][ T5835] page dumped because: kasan: bad access detected
[   75.963931][ T5835] page_owner tracks the page as allocated
[   75.969643][ T5835] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5691, tgid 5691 (sshd), ts 65488149768, free_ts 64301147302
[   75.988221][ T5835]  post_alloc_hook+0x1f3/0x230
[   75.993015][ T5835]  get_page_from_freelist+0x363e/0x3790
[   75.998566][ T5835]  __alloc_pages_noprof+0x292/0x710
[   76.003767][ T5835]  alloc_pages_mpol_noprof+0x3e8/0x680
[   76.009226][ T5835]  alloc_slab_page+0x6a/0x140
[   76.013908][ T5835]  allocate_slab+0x5a/0x2f0
[   76.018436][ T5835]  ___slab_alloc+0xcd1/0x14b0
[   76.023114][ T5835]  __slab_alloc+0x58/0xa0
[   76.027465][ T5835]  kmem_cache_alloc_noprof+0x1c1/0x2a0
[   76.032942][ T5835]  skb_clone+0x20c/0x390
[   76.037209][ T5835]  dev_queue_xmit_nit+0x249/0xca0
[   76.042254][ T5835]  dev_hard_start_xmit+0x15f/0x7e0
[   76.047373][ T5835]  sch_direct_xmit+0x29c/0x5d0
[   76.052166][ T5835]  __dev_queue_xmit+0x1a8f/0x3f50
[   76.057204][ T5835]  ip_finish_output2+0xd41/0x1390
[   76.062241][ T5835]  __ip_queue_xmit+0x12ca/0x1ef0
[   76.067190][ T5835] page last free pid 5691 tgid 5691 stack trace:
[   76.073520][ T5835]  free_unref_page+0xded/0x1130
[   76.078374][ T5835]  __put_partials+0xeb/0x130
[   76.082966][ T5835]  put_cpu_partial+0x17c/0x250
[   76.087734][ T5835]  __slab_free+0x2ea/0x3d0
[   76.092174][ T5835]  qlist_free_all+0x9a/0x140
[   76.096766][ T5835]  kasan_quarantine_reduce+0x14f/0x170
[   76.102229][ T5835]  __kasan_slab_alloc+0x23/0x80
[   76.107090][ T5835]  kmem_cache_alloc_noprof+0x135/0x2a0
[   76.112557][ T5835]  ptlock_alloc+0x20/0x70
[   76.116909][ T5835]  pte_alloc_one+0xd3/0x610
[   76.121411][ T5835]  __pte_alloc+0x79/0x3c0
[   76.125746][ T5835]  handle_pte_fault+0x510e/0x68a0
[   76.130775][ T5835]  handle_mm_fault+0x1053/0x1ad0
[   76.135712][ T5835]  exc_page_fault+0x459/0x8c0
[   76.140397][ T5835]  asm_exc_page_fault+0x26/0x30
[   76.145246][ T5835] 
[   76.147577][ T5835] Memory state around the buggy address:
[   76.153225][ T5835]  ffff8880336def80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   76.161288][ T5835]  ffff8880336df000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   76.169347][ T5835] >ffff8880336df080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[   76.177401][ T5835]                                            ^
[   76.183545][ T5835]  ffff8880336df100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[   76.191602][ T5835]  ffff8880336df180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   76.199656][ T5835] ==================================================================
[   76.208397][ T5835] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   76.215630][ T5835] CPU: 1 UID: 0 PID: 5835 Comm: syz-executor238 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0
[   76.226402][ T5835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   76.236469][ T5835] Call Trace:
[   76.239756][ T5835]  <TASK>
[   76.242694][ T5835]  dump_stack_lvl+0x241/0x360
[   76.247384][ T5835]  ? __pfx_dump_stack_lvl+0x10/0x10
[   76.252763][ T5835]  ? __pfx__printk+0x10/0x10
[   76.257369][ T5835]  ? preempt_schedule+0xe1/0xf0
[   76.262236][ T5835]  ? vscnprintf+0x5d/0x90
[   76.266575][ T5835]  panic+0x349/0x880
[   76.270486][ T5835]  ? check_panic_on_warn+0x21/0xb0
[   76.275608][ T5835]  ? __pfx_panic+0x10/0x10
[   76.280045][ T5835]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   76.286045][ T5835]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   76.292386][ T5835]  ? print_report+0x502/0x550
[   76.297106][ T5835]  check_panic_on_warn+0x86/0xb0
[   76.302068][ T5835]  ? diWrite+0xde3/0x19b0
[   76.306403][ T5835]  end_report+0x77/0x160
[   76.310653][ T5835]  kasan_report+0x154/0x180
[   76.315162][ T5835]  ? diWrite+0xde3/0x19b0
[   76.319500][ T5835]  kasan_check_range+0x282/0x290
[   76.324441][ T5835]  ? diWrite+0xde3/0x19b0
[   76.328779][ T5835]  __asan_memcpy+0x40/0x70
[   76.333208][ T5835]  diWrite+0xde3/0x19b0
[   76.337376][ T5835]  txCommit+0xa1a/0x6b90
[   76.341626][ T5835]  ? txLock+0x2b8/0x1f40
[   76.345876][ T5835]  ? add_index+0x34c/0x1620
[   76.350395][ T5835]  ? __pfx_add_index+0x10/0x10
[   76.355175][ T5835]  ? __pfx_txCommit+0x10/0x10
[   76.359861][ T5835]  ? rcu_is_watching+0x15/0xb0
[   76.364635][ T5835]  ? __mark_inode_dirty+0x3db/0xe90
[   76.369844][ T5835]  add_missing_indices+0x8b3/0xbf0
[   76.374971][ T5835]  ? __pfx_add_missing_indices+0x10/0x10
[   76.380619][ T5835]  ? alloc_pages_noprof+0xef/0x170
[   76.385736][ T5835]  jfs_readdir+0x1fc5/0x3c50
[   76.390353][ T5835]  ? __pfx_jfs_readdir+0x10/0x10
[   76.395318][ T5835]  ? __pfx_lock_acquire+0x10/0x10
[   76.400381][ T5835]  ? down_write+0x18c/0x220
[   76.404910][ T5835]  ? __pfx_down_write+0x10/0x10
[   76.409789][ T5835]  ? __pfx_jfs_readdir+0x10/0x10
[   76.414742][ T5835]  wrap_directory_iterator+0x91/0xd0
[   76.420050][ T5835]  iterate_dir+0x571/0x800
[   76.424483][ T5835]  __se_sys_getdents64+0x1e2/0x4b0
[   76.429614][ T5835]  ? __pfx___se_sys_getdents64+0x10/0x10
[   76.435258][ T5835]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   76.441245][ T5835]  ? __pfx_filldir64+0x10/0x10
[   76.446022][ T5835]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   76.452368][ T5835]  ? exc_page_fault+0x590/0x8c0
[   76.457289][ T5835]  ? do_syscall_64+0xb6/0x230
[   76.462012][ T5835]  do_syscall_64+0xf3/0x230
[   76.466538][ T5835]  ? clear_bhb_loop+0x35/0x90
[   76.471258][ T5835]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.477226][ T5835] RIP: 0033:0x7f211e65be99
[   76.481659][ T5835] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   76.501292][ T5835] RSP: 002b:00007ffefb8cee98 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[   76.509727][ T5835] RAX: ffffffffffffffda RBX: 00007f211e6a5179 RCX: 00007f211e65be99
[   76.517705][ T5835] RDX: 0000000000001000 RSI: 00000000200038c0 RDI: 0000000000000005
[   76.525686][ T5835] RBP: 00007f211e6a5157 R08: 00007f211e6b063c R09: 00007f211e6b063c
[   76.533687][ T5835] R10: 00007f211e6b063c R11: 0000000000000246 R12: 00007f211e6b063c
[   76.541667][ T5835] R13: 00007f211e6a50dc R14: 0000000000000001 R15: 0000000000000001
[   76.549653][ T5835]  </TASK>
[   76.552975][ T5835] Kernel Offset: disabled
[   76.557306][ T5835] Rebooting in 86400 seconds..