Warning: Permanently added '10.128.0.158' (ED25519) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
[   58.133242][ T5046] ==================================================================
[   58.141517][ T5046] BUG: KASAN: slab-use-after-free in madvise_collapse+0xa6c/0xb50
[   58.149516][ T5046] Read of size 8 at addr ffff88802b4e6588 by task syz-executor296/5046
[   58.157862][ T5046] 
[   58.160267][ T5046] CPU: 0 PID: 5046 Comm: syz-executor296 Not tainted 6.5.0-rc2-next-20230721-syzkaller #0
[   58.170148][ T5046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[   58.180198][ T5046] Call Trace:
[   58.183562][ T5046]  <TASK>
[   58.186488][ T5046]  dump_stack_lvl+0xd9/0x1b0
[   58.191100][ T5046]  print_report+0xc4/0x620
[   58.195521][ T5046]  ? __virt_addr_valid+0x5e/0x2d0
[   58.200543][ T5046]  ? __phys_addr+0xc6/0x140
[   58.205053][ T5046]  kasan_report+0xda/0x110
[   58.209472][ T5046]  ? madvise_collapse+0xa6c/0xb50
[   58.214495][ T5046]  ? madvise_collapse+0xa6c/0xb50
[   58.219516][ T5046]  madvise_collapse+0xa6c/0xb50
[   58.224368][ T5046]  ? current_is_khugepaged+0x30/0x30
[   58.229654][ T5046]  ? mt_slot+0x4f/0x1b0
[   58.233806][ T5046]  ? mas_prev_slot+0x3b0/0x13c0
[   58.238658][ T5046]  madvise_vma_behavior+0x200/0x1e60
[   58.244028][ T5046]  ? madvise_vma_anon_name+0xf0/0xf0
[   58.249309][ T5046]  ? mas_prev+0xc6/0x480
[   58.253559][ T5046]  ? madvise_vma_anon_name+0xf0/0xf0
[   58.258850][ T5046]  ? find_vma_prev+0xe8/0x160
[   58.263551][ T5046]  ? vm_unmapped_area+0x9d0/0x9d0
[   58.268690][ T5046]  ? lock_sync+0x190/0x190
[   58.273210][ T5046]  ? preempt_count_sub+0x150/0x150
[   58.278331][ T5046]  ? madvise_vma_anon_name+0xf0/0xf0
[   58.283618][ T5046]  madvise_walk_vmas+0x1cf/0x2c0
[   58.288557][ T5046]  ? __remove_memory+0x40/0x40
[   58.293321][ T5046]  ? lockdep_hardirqs_on+0x7d/0x100
[   58.298534][ T5046]  do_madvise+0x333/0x660
[   58.302863][ T5046]  ? madvise_set_anon_name+0x110/0x110
[   58.308418][ T5046]  ? set_compat_user_sigmask+0x2a0/0x2a0
[   58.314054][ T5046]  ? folio_memcg_unlock+0x2d0/0x2d0
[   58.319259][ T5046]  __x64_sys_madvise+0xaa/0x110
[   58.324200][ T5046]  ? syscall_enter_from_user_mode+0x26/0x80
[   58.330182][ T5046]  do_syscall_64+0x38/0xb0
[   58.334690][ T5046]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   58.340585][ T5046] RIP: 0033:0x7f7ec298d359
[   58.345005][ T5046] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   58.365047][ T5046] RSP: 002b:00007f7ec292d238 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
[   58.373561][ T5046] RAX: ffffffffffffffda RBX: 00007f7ec2a17318 RCX: 00007f7ec298d359
[   58.381611][ T5046] RDX: 0000000000000019 RSI: 000000000060005f RDI: 0000000020000000
[   58.389583][ T5046] RBP: 00007f7ec2a17310 R08: 00007fffd329edf7 R09: 00007f7ec292d6c0
[   58.397555][ T5046] R10: 0000000000000000 R11: 0000000000000246 R12: b635773f07ebbeea
[   58.405519][ T5046] R13: 000000000000006e R14: 00007fffd329ed10 R15: 00007fffd329edf8
[   58.413488][ T5046]  </TASK>
[   58.416508][ T5046] 
[   58.418821][ T5046] Allocated by task 5033:
[   58.423393][ T5046]  kasan_save_stack+0x33/0x50
[   58.428069][ T5046]  kasan_set_track+0x25/0x30
[   58.432662][ T5046]  __kasan_slab_alloc+0x81/0x90
[   58.437511][ T5046]  kmem_cache_alloc+0x172/0x3b0
[   58.442360][ T5046]  vm_area_alloc+0x1f/0x220
[   58.446855][ T5046]  mmap_region+0x386/0x2640
[   58.451357][ T5046]  do_mmap+0x87c/0xed0
[   58.455421][ T5046]  vm_mmap_pgoff+0x1a6/0x3b0
[   58.460007][ T5046]  ksys_mmap_pgoff+0x7d/0x5b0
[   58.464684][ T5046]  do_syscall_64+0x38/0xb0
[   58.469187][ T5046]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   58.475167][ T5046] 
[   58.477504][ T5046] Freed by task 5035:
[   58.481559][ T5046]  kasan_save_stack+0x33/0x50
[   58.486246][ T5046]  kasan_set_track+0x25/0x30
[   58.490935][ T5046]  kasan_save_free_info+0x2b/0x40
[   58.496036][ T5046]  ____kasan_slab_free+0x15e/0x1b0
[   58.501148][ T5046]  slab_free_freelist_hook+0x114/0x1e0
[   58.506605][ T5046]  kmem_cache_free+0xf0/0x490
[   58.511284][ T5046]  rcu_core+0x7fb/0x1bb0
[   58.515530][ T5046]  __do_softirq+0x218/0x965
[   58.520037][ T5046] 
[   58.522361][ T5046] Last potentially related work creation:
[   58.528061][ T5046]  kasan_save_stack+0x33/0x50
[   58.532739][ T5046]  __kasan_record_aux_stack+0xbc/0xd0
[   58.538114][ T5046]  __call_rcu_common.constprop.0+0x9a/0x790
[   58.544009][ T5046]  remove_vma+0x140/0x170
[   58.548343][ T5046]  do_vmi_align_munmap+0xf75/0x1710
[   58.554064][ T5046]  do_vmi_munmap+0x20e/0x450
[   58.558651][ T5046]  mmap_region+0x194/0x2640
[   58.563152][ T5046]  do_mmap+0x87c/0xed0
[   58.567218][ T5046]  vm_mmap_pgoff+0x1a6/0x3b0
[   58.571813][ T5046]  ksys_mmap_pgoff+0x7d/0x5b0
[   58.576574][ T5046]  do_syscall_64+0x38/0xb0
[   58.581039][ T5046]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   58.586939][ T5046] 
[   58.589260][ T5046] The buggy address belongs to the object at ffff88802b4e6500
[   58.589260][ T5046]  which belongs to the cache vm_area_struct of size 192
[   58.603576][ T5046] The buggy address is located 136 bytes inside of
[   58.603576][ T5046]  freed 192-byte region [ffff88802b4e6500, ffff88802b4e65c0)
[   58.617364][ T5046] 
[   58.619684][ T5046] The buggy address belongs to the physical page:
[   58.626085][ T5046] page:ffffea0000ad3980 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2b4e6
[   58.636269][ T5046] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[   58.643808][ T5046] page_type: 0xffffffff()
[   58.648146][ T5046] raw: 00fff00000000200 ffff888014674b40 ffffea0001dce680 dead000000000002
[   58.656903][ T5046] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[   58.665475][ T5046] page dumped because: kasan: bad access detected
[   58.672047][ T5046] page_owner tracks the page as allocated
[   58.677747][ T5046] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 4724, tgid 4724 (dhcpcd-run-hook), ts 33134643925, free_ts 33125953991
[   58.696319][ T5046]  post_alloc_hook+0x2d2/0x350
[   58.701353][ T5046]  get_page_from_freelist+0x10d7/0x31b0
[   58.706926][ T5046]  __alloc_pages+0x1d0/0x4a0
[   58.711541][ T5046]  alloc_pages+0x1a9/0x270
[   58.716216][ T5046]  allocate_slab+0x24e/0x380
[   58.720822][ T5046]  ___slab_alloc+0x8bc/0x1570
[   58.725597][ T5046]  __slab_alloc.constprop.0+0x56/0xa0
[   58.730968][ T5046]  kmem_cache_alloc+0x392/0x3b0
[   58.735906][ T5046]  vm_area_alloc+0x1f/0x220
[   58.740510][ T5046]  mmap_region+0x386/0x2640
[   58.745031][ T5046]  do_mmap+0x87c/0xed0
[   58.749271][ T5046]  vm_mmap_pgoff+0x1a6/0x3b0
[   58.753865][ T5046]  ksys_mmap_pgoff+0x422/0x5b0
[   58.758625][ T5046]  do_syscall_64+0x38/0xb0
[   58.763042][ T5046]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   58.768953][ T5046] page last free stack trace:
[   58.773613][ T5046]  free_unref_page_prepare+0x508/0xb90
[   58.779072][ T5046]  free_unref_page+0x33/0x3b0
[   58.783750][ T5046]  vfree+0x181/0x7a0
[   58.787653][ T5046]  delayed_vfree_work+0x56/0x70
[   58.792509][ T5046]  process_one_work+0xaa2/0x16f0
[   58.797460][ T5046]  worker_thread+0x687/0x1110
[   58.802142][ T5046]  kthread+0x33a/0x430
[   58.806203][ T5046]  ret_from_fork+0x2c/0x70
[   58.810616][ T5046]  ret_from_fork_asm+0x11/0x20
[   58.815468][ T5046] 
[   58.817783][ T5046] Memory state around the buggy address:
[   58.823413][ T5046]  ffff88802b4e6480: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   58.831553][ T5046]  ffff88802b4e6500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   58.839691][ T5046] >ffff88802b4e6580: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   58.848004][ T5046]                       ^
[   58.852418][ T5046]  ffff88802b4e6600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   58.860468][ T5046]  ffff88802b4e6680: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   58.868519][ T5046] ==================================================================
[   59.056078][ T5046] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   59.063307][ T5046] CPU: 1 PID: 5046 Comm: syz-executor296 Not tainted 6.5.0-rc2-next-20230721-syzkaller #0
[   59.073214][ T5046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[   59.083279][ T5046] Call Trace:
[   59.086598][ T5046]  <TASK>
[   59.089538][ T5046]  dump_stack_lvl+0xd9/0x1b0
[   59.094155][ T5046]  panic+0x6a4/0x750
[   59.098081][ T5046]  ? panic_smp_self_stop+0xa0/0xa0
[   59.103321][ T5046]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   59.109611][ T5046]  ? preempt_schedule_thunk+0x1a/0x30
[   59.115026][ T5046]  ? preempt_schedule_common+0x45/0xc0
[   59.120505][ T5046]  check_panic_on_warn+0xab/0xb0
[   59.125469][ T5046]  end_report+0x108/0x150
[   59.129821][ T5046]  kasan_report+0xea/0x110
[   59.134265][ T5046]  ? madvise_collapse+0xa6c/0xb50
[   59.139319][ T5046]  ? madvise_collapse+0xa6c/0xb50
[   59.144802][ T5046]  madvise_collapse+0xa6c/0xb50
[   59.149792][ T5046]  ? current_is_khugepaged+0x30/0x30
[   59.155111][ T5046]  ? mt_slot+0x4f/0x1b0
[   59.159289][ T5046]  ? mas_prev_slot+0x3b0/0x13c0
[   59.164169][ T5046]  madvise_vma_behavior+0x200/0x1e60
[   59.169572][ T5046]  ? madvise_vma_anon_name+0xf0/0xf0
[   59.174875][ T5046]  ? mas_prev+0xc6/0x480
[   59.179138][ T5046]  ? madvise_vma_anon_name+0xf0/0xf0
[   59.184447][ T5046]  ? find_vma_prev+0xe8/0x160
[   59.189143][ T5046]  ? vm_unmapped_area+0x9d0/0x9d0
[   59.194187][ T5046]  ? lock_sync+0x190/0x190
[   59.198638][ T5046]  ? preempt_count_sub+0x150/0x150
[   59.203761][ T5046]  ? madvise_vma_anon_name+0xf0/0xf0
[   59.209094][ T5046]  madvise_walk_vmas+0x1cf/0x2c0
[   59.214293][ T5046]  ? __remove_memory+0x40/0x40
[   59.219141][ T5046]  ? lockdep_hardirqs_on+0x7d/0x100
[   59.225589][ T5046]  do_madvise+0x333/0x660
[   59.229923][ T5046]  ? madvise_set_anon_name+0x110/0x110
[   59.235640][ T5046]  ? set_compat_user_sigmask+0x2a0/0x2a0
[   59.241270][ T5046]  ? folio_memcg_unlock+0x2d0/0x2d0
[   59.246477][ T5046]  __x64_sys_madvise+0xaa/0x110
[   59.251319][ T5046]  ? syscall_enter_from_user_mode+0x26/0x80
[   59.257213][ T5046]  do_syscall_64+0x38/0xb0
[   59.261631][ T5046]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   59.267537][ T5046] RIP: 0033:0x7f7ec298d359
[   59.271976][ T5046] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   59.291776][ T5046] RSP: 002b:00007f7ec292d238 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
[   59.300211][ T5046] RAX: ffffffffffffffda RBX: 00007f7ec2a17318 RCX: 00007f7ec298d359
[   59.308282][ T5046] RDX: 0000000000000019 RSI: 000000000060005f RDI: 0000000020000000
[   59.316261][ T5046] RBP: 00007f7ec2a17310 R08: 00007fffd329edf7 R09: 00007f7ec292d6c0
[   59.324231][ T5046] R10: 0000000000000000 R11: 0000000000000246 R12: b635773f07ebbeea
[   59.332203][ T5046] R13: 000000000000006e R14: 00007fffd329ed10 R15: 00007fffd329edf8
[   59.340178][ T5046]  </TASK>
[   59.343474][ T5046] Kernel Offset: disabled
[   59.347881][ T5046] Rebooting in 86400 seconds..