Warning: Permanently added '10.128.0.104' (ED25519) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   54.805990][ T5120] ==================================================================
[   54.814080][ T5120] BUG: KASAN: slab-use-after-free in __fput+0x1b8/0x8a0
[   54.821018][ T5120] Read of size 8 at addr ffff88807e236c28 by task syz-executor273/5120
[   54.829248][ T5120] 
[   54.831559][ T5120] CPU: 0 PID: 5120 Comm: syz-executor273 Not tainted 6.9.0-rc5-syzkaller-00296-g5eb4573ea63d #0
[   54.841959][ T5120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   54.852024][ T5120] Call Trace:
executing program
[   54.855315][ T5120]  <TASK>
[   54.858248][ T5120]  dump_stack_lvl+0x241/0x360
[   54.862939][ T5120]  ? __pfx_dump_stack_lvl+0x10/0x10
[   54.868148][ T5120]  ? __pfx__printk+0x10/0x10
[   54.872728][ T5120]  ? _printk+0xd5/0x120
[   54.876870][ T5120]  ? __virt_addr_valid+0x183/0x520
[   54.881965][ T5120]  ? __virt_addr_valid+0x183/0x520
[   54.887066][ T5120]  print_report+0x169/0x550
[   54.891555][ T5120]  ? __virt_addr_valid+0x183/0x520
[   54.896659][ T5120]  ? __virt_addr_valid+0x183/0x520
executing program
[   54.901770][ T5120]  ? __virt_addr_valid+0x44e/0x520
[   54.906867][ T5120]  ? __phys_addr+0xba/0x170
[   54.911367][ T5120]  ? __fput+0x1b8/0x8a0
[   54.915517][ T5120]  kasan_report+0x143/0x180
[   54.920041][ T5120]  ? __fput+0x1b8/0x8a0
[   54.924204][ T5120]  __fput+0x1b8/0x8a0
[   54.928187][ T5120]  task_work_run+0x24f/0x310
[   54.932785][ T5120]  ? __pfx_task_work_run+0x10/0x10
[   54.937892][ T5120]  ? syscall_exit_to_user_mode+0xa3/0x370
[   54.943626][ T5120]  syscall_exit_to_user_mode+0x168/0x370
[   54.949246][ T5120]  do_syscall_64+0x102/0x240
executing program
[   54.953832][ T5120]  ? clear_bhb_loop+0x35/0x90
[   54.958503][ T5120]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   54.964398][ T5120] RIP: 0033:0x7f85a1f60599
[   54.968807][ T5120] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   54.988415][ T5120] RSP: 002b:00007f85a1f1b218 EFLAGS: 00000246 ORIG_RAX: 00000000000000e8
[   54.996837][ T5120] RAX: 0000000000000001 RBX: 00007f85a1fea348 RCX: 00007f85a1f60599
executing program
[   55.004813][ T5120] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000005
[   55.012769][ T5120] RBP: 00007f85a1fea340 R08: 0000000000000000 R09: 0000000000000000
[   55.020727][ T5120] R10: 00000000000000fa R11: 0000000000000246 R12: 00007f85a1fb718c
[   55.028702][ T5120] R13: 00007f85a1fb7078 R14: 00667562616d6475 R15: 6d64752f7665642f
[   55.036674][ T5120]  </TASK>
[   55.039681][ T5120] 
[   55.041993][ T5120] Allocated by task 5128:
[   55.046316][ T5120]  kasan_save_track+0x3f/0x80
[   55.051010][ T5120]  __kasan_slab_alloc+0x66/0x80
[   55.055868][ T5120]  kmem_cache_alloc_lru+0x178/0x350
[   55.061060][ T5120]  __d_alloc+0x31/0x700
[   55.065200][ T5120]  d_alloc_pseudo+0x1f/0xb0
[   55.069698][ T5120]  alloc_file_pseudo+0x123/0x290
[   55.074627][ T5120]  dma_buf_export+0x3dd/0x990
[   55.079301][ T5120]  udmabuf_create+0x78e/0xa10
[   55.083972][ T5120]  udmabuf_ioctl+0x304/0x4f0
[   55.088553][ T5120]  __se_sys_ioctl+0xfc/0x170
[   55.093134][ T5120]  do_syscall_64+0xf5/0x240
[   55.097626][ T5120]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   55.103513][ T5120] 
[   55.105842][ T5120] Freed by task 5128:
[   55.109824][ T5120]  kasan_save_track+0x3f/0x80
[   55.114513][ T5120]  kasan_save_free_info+0x40/0x50
[   55.119548][ T5120]  poison_slab_object+0xa6/0xe0
[   55.124395][ T5120]  __kasan_slab_free+0x37/0x60
[   55.129145][ T5120]  kmem_cache_free+0x10b/0x2c0
[   55.133905][ T5120]  __dentry_kill+0x497/0x630
[   55.138588][ T5120]  dput+0x19f/0x2b0
[   55.142387][ T5120]  __fput+0x678/0x8a0
[   55.146364][ T5120]  task_work_run+0x24f/0x310
[   55.150943][ T5120]  syscall_exit_to_user_mode+0x168/0x370
[   55.156562][ T5120]  do_syscall_64+0x102/0x240
[   55.161134][ T5120]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   55.167025][ T5120] 
[   55.169354][ T5120] The buggy address belongs to the object at ffff88807e236bc0
[   55.169354][ T5120]  which belongs to the cache dentry of size 312
[   55.182974][ T5120] The buggy address is located 104 bytes inside of
[   55.182974][ T5120]  freed 312-byte region [ffff88807e236bc0, ffff88807e236cf8)
[   55.196753][ T5120] 
[   55.199062][ T5120] The buggy address belongs to the physical page:
[   55.205447][ T5120] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7e236
[   55.214187][ T5120] head: order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   55.221708][ T5120] ksm flags: 0xfff80000000840(slab|head|node=0|zone=1|lastcpupid=0xfff)
[   55.230025][ T5120] page_type: 0xffffffff()
[   55.234364][ T5120] raw: 00fff80000000840 ffff888015eeb8c0 ffffea0001f89100 dead000000000003
[   55.242956][ T5120] raw: 0000000000000000 0000000000150015 00000001ffffffff 0000000000000000
[   55.251520][ T5120] head: 00fff80000000840 ffff888015eeb8c0 ffffea0001f89100 dead000000000003
[   55.260170][ T5120] head: 0000000000000000 0000000000150015 00000001ffffffff 0000000000000000
[   55.268820][ T5120] head: 00fff80000000001 ffffea0001f88d81 dead000000000122 00000000ffffffff
[   55.277467][ T5120] head: 0000000200000000 0000000000000000 00000000ffffffff 0000000000000000
[   55.286112][ T5120] page dumped because: kasan: bad access detected
[   55.292508][ T5120] page_owner tracks the page as allocated
[   55.298204][ T5120] page last allocated via order 1, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_RECLAIMABLE), pid 4540, tgid -1281857381 (udevd), ts 4540, free_ts 14990488689
[   55.320679][ T5120]  post_alloc_hook+0x1ea/0x210
[   55.325445][ T5120]  get_page_from_freelist+0x3410/0x35b0
[   55.330977][ T5120]  __alloc_pages+0x256/0x6c0
[   55.335548][ T5120]  alloc_slab_page+0x5f/0x160
[   55.340207][ T5120]  new_slab+0x84/0x2f0
[   55.344257][ T5120]  ___slab_alloc+0xc73/0x1260
[   55.348934][ T5120]  kmem_cache_alloc_lru+0x253/0x350
[   55.354142][ T5120]  __d_alloc+0x31/0x700
[   55.358310][ T5120]  d_alloc+0x4b/0x190
[   55.362292][ T5120]  lookup_one_qstr_excl+0xce/0x260
[   55.367388][ T5120]  filename_create+0x297/0x540
[   55.372135][ T5120]  do_symlinkat+0xf9/0x3a0
[   55.376533][ T5120]  __x64_sys_symlink+0x7e/0x90
[   55.381279][ T5120]  do_syscall_64+0xf5/0x240
[   55.385766][ T5120]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   55.391650][ T5120] page last free pid 1 tgid 1 stack trace:
[   55.397431][ T5120]  free_unref_page_prepare+0x986/0xab0
[   55.402870][ T5120]  free_unref_page+0x37/0x3f0
[   55.407525][ T5120]  free_contig_range+0x9e/0x160
[   55.412369][ T5120]  destroy_args+0x8a/0x890
[   55.416803][ T5120]  debug_vm_pgtable+0x4be/0x550
[   55.421656][ T5120]  do_one_initcall+0x248/0x880
[   55.426406][ T5120]  do_initcall_level+0x157/0x210
[   55.431323][ T5120]  do_initcalls+0x3f/0x80
[   55.435634][ T5120]  kernel_init_freeable+0x435/0x5d0
[   55.440813][ T5120]  kernel_init+0x1d/0x2b0
[   55.445124][ T5120]  ret_from_fork+0x4b/0x80
[   55.449523][ T5120]  ret_from_fork_asm+0x1a/0x30
[   55.454272][ T5120] 
[   55.456575][ T5120] Memory state around the buggy address:
[   55.462183][ T5120]  ffff88807e236b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   55.470236][ T5120]  ffff88807e236b80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[   55.478305][ T5120] >ffff88807e236c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   55.486367][ T5120]                                   ^
[   55.491729][ T5120]  ffff88807e236c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[   55.499774][ T5120]  ffff88807e236d00: fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 00
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   55.507823][ T5120] ==================================================================
[   55.523951][ T5120] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   55.531161][ T5120] CPU: 1 PID: 5120 Comm: syz-executor273 Not tainted 6.9.0-rc5-syzkaller-00296-g5eb4573ea63d #0
[   55.541559][ T5120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   55.551616][ T5120] Call Trace:
[   55.554881][ T5120]  <TASK>
executing program
[   55.557796][ T5120]  dump_stack_lvl+0x241/0x360
[   55.562464][ T5120]  ? __pfx_dump_stack_lvl+0x10/0x10
[   55.567652][ T5120]  ? __pfx__printk+0x10/0x10
[   55.572247][ T5120]  ? preempt_schedule+0xe1/0xf0
[   55.577087][ T5120]  ? vscnprintf+0x5d/0x90
[   55.581416][ T5120]  panic+0x349/0x860
[   55.585327][ T5120]  ? check_panic_on_warn+0x21/0xb0
[   55.590448][ T5120]  ? __pfx_panic+0x10/0x10
[   55.594856][ T5120]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   55.600835][ T5120]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   55.607161][ T5120]  ? print_report+0x502/0x550
[   55.611828][ T5120]  check_panic_on_warn+0x86/0xb0
[   55.616756][ T5120]  ? __fput+0x1b8/0x8a0
[   55.620904][ T5120]  end_report+0x77/0x160
[   55.625142][ T5120]  kasan_report+0x154/0x180
[   55.629640][ T5120]  ? __fput+0x1b8/0x8a0
[   55.633791][ T5120]  __fput+0x1b8/0x8a0
[   55.637765][ T5120]  task_work_run+0x24f/0x310
[   55.642351][ T5120]  ? __pfx_task_work_run+0x10/0x10
[   55.647454][ T5120]  ? syscall_exit_to_user_mode+0xa3/0x370
[   55.653166][ T5120]  syscall_exit_to_user_mode+0x168/0x370
[   55.658793][ T5120]  do_syscall_64+0x102/0x240
[   55.663376][ T5120]  ? clear_bhb_loop+0x35/0x90
[   55.668047][ T5120]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   55.673928][ T5120] RIP: 0033:0x7f85a1f60599
[   55.678330][ T5120] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   55.697936][ T5120] RSP: 002b:00007f85a1f1b218 EFLAGS: 00000246 ORIG_RAX: 00000000000000e8
[   55.706352][ T5120] RAX: 0000000000000001 RBX: 00007f85a1fea348 RCX: 00007f85a1f60599
[   55.714315][ T5120] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000005
[   55.722281][ T5120] RBP: 00007f85a1fea340 R08: 0000000000000000 R09: 0000000000000000
[   55.730244][ T5120] R10: 00000000000000fa R11: 0000000000000246 R12: 00007f85a1fb718c
[   55.738207][ T5120] R13: 00007f85a1fb7078 R14: 00667562616d6475 R15: 6d64752f7665642f
[   55.746177][ T5120]  </TASK>
[   55.749272][ T5120] Kernel Offset: disabled
[   55.753592][ T5120] Rebooting in 86400 seconds..