Warning: Permanently added '10.128.0.196' (ED25519) to the list of known hosts.
Setting up swapspace version 1, size = 127995904 bytes
syzkaller login: [ 59.285799][ T5811] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 59.376289][ T5814] chnl_net:caif_netlink_parms(): no params data found
[ 59.420960][ T5814] bridge0: port 1(bridge_slave_0) entered blocking state
[ 59.428717][ T5814] bridge0: port 1(bridge_slave_0) entered disabled state
[ 59.436069][ T5814] bridge_slave_0: entered allmulticast mode
[ 59.442667][ T5814] bridge_slave_0: entered promiscuous mode
[ 59.451289][ T5814] bridge0: port 2(bridge_slave_1) entered blocking state
[ 59.458523][ T5814] bridge0: port 2(bridge_slave_1) entered disabled state
[ 59.465751][ T5814] bridge_slave_1: entered allmulticast mode
[ 59.472315][ T5814] bridge_slave_1: entered promiscuous mode
[ 59.494242][ T5814] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 59.505921][ T5814] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 59.528960][ T5814] team0: Port device team_slave_0 added
[ 59.536457][ T5814] team0: Port device team_slave_1 added
[ 59.555104][ T5814] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 59.562048][ T5814] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 59.588049][ T5814] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 59.600229][ T5814] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 59.607708][ T5814] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 59.633934][ T5814] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 59.663259][ T5814] hsr_slave_0: entered promiscuous mode
[ 59.669552][ T5814] hsr_slave_1: entered promiscuous mode
[ 59.752543][ T5814] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 59.762814][ T5814] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 59.771645][ T5814] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 59.780480][ T5814] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 59.802384][ T5814] bridge0: port 2(bridge_slave_1) entered blocking state
[ 59.809558][ T5814] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 59.817327][ T5814] bridge0: port 1(bridge_slave_0) entered blocking state
[ 59.824474][ T5814] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 59.866073][ T5814] 8021q: adding VLAN 0 to HW filter on device bond0
[ 59.881969][ T3010] bridge0: port 1(bridge_slave_0) entered disabled state
[ 59.890940][ T3010] bridge0: port 2(bridge_slave_1) entered disabled state
[ 59.907462][ T5814] 8021q: adding VLAN 0 to HW filter on device team0
[ 59.919074][ T80] bridge0: port 1(bridge_slave_0) entered blocking state
[ 59.926179][ T80] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 59.938319][ T3010] bridge0: port 2(bridge_slave_1) entered blocking state
[ 59.945440][ T3010] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 59.990042][ T5814] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 60.023443][ T5814] veth0_vlan: entered promiscuous mode
[ 60.032548][ T5814] veth1_vlan: entered promiscuous mode
[ 60.054915][ T5814] veth0_macvtap: entered promiscuous mode
[ 60.062729][ T5814] veth1_macvtap: entered promiscuous mode
[ 60.080167][ T5814] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 60.092611][ T5814] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 60.102770][ T5814] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 60.111658][ T5814] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 60.120659][ T5814] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 60.129806][ T5814] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
executing program
[ 60.184789][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 60.192770][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 60.218053][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 60.227061][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 60.248749][ T5814] loop0: detected capacity change from 0 to 128
[ 60.264075][ T5814] VFS: Found a Xenix FS (block size = 1024) on device loop0
[ 60.277793][ T5814] syz-executor147: attempt to access beyond end of device
[ 60.277793][ T5814] loop0: rw=0, sector=6491536, nr_sectors = 2 limit=128
[ 60.292452][ T5814] Buffer I/O error on dev loop0, logical block 3245768, async page read
[ 60.301418][ T5814] ==================================================================
[ 60.309503][ T5814] BUG: KASAN: use-after-free in sysv_new_inode+0xfc7/0x1160
[ 60.316839][ T5814] Read of size 2 at addr ffff88807152f1ce by task syz-executor147/5814
[ 60.325057][ T5814]
[ 60.327384][ T5814] CPU: 0 UID: 0 PID: 5814 Comm: syz-executor147 Not tainted 6.13.0-rc1-syzkaller-00378-g62b5a46999c7 #0
[ 60.338470][ T5814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 60.348520][ T5814] Call Trace:
[ 60.351785][ T5814]
[ 60.354713][ T5814] dump_stack_lvl+0x241/0x360
[ 60.359399][ T5814] ? __pfx_dump_stack_lvl+0x10/0x10
[ 60.364585][ T5814] ? __pfx__printk+0x10/0x10
[ 60.369158][ T5814] ? _printk+0xd5/0x120
[ 60.373295][ T5814] ? __virt_addr_valid+0x183/0x530
[ 60.378387][ T5814] ? __virt_addr_valid+0x183/0x530
[ 60.383486][ T5814] print_report+0x169/0x550
[ 60.387989][ T5814] ? __virt_addr_valid+0x183/0x530
[ 60.393082][ T5814] ? __virt_addr_valid+0x183/0x530
[ 60.398171][ T5814] ? __virt_addr_valid+0x45f/0x530
[ 60.403267][ T5814] ? __phys_addr+0xba/0x170
[ 60.407772][ T5814] ? sysv_new_inode+0xfc7/0x1160
[ 60.412724][ T5814] kasan_report+0x143/0x180
[ 60.417229][ T5814] ? sysv_new_inode+0xfc7/0x1160
[ 60.422168][ T5814] sysv_new_inode+0xfc7/0x1160
[ 60.426934][ T5814] ? tomoyo_path_perm+0x5ea/0x740
[ 60.431966][ T5814] ? tomoyo_path_perm+0x287/0x740
[ 60.436986][ T5814] ? __pfx_sysv_new_inode+0x10/0x10
[ 60.442194][ T5814] ? generic_permission+0x356/0x680
[ 60.447407][ T5814] sysv_symlink+0x9f/0x180
[ 60.451832][ T5814] vfs_symlink+0x137/0x2e0
[ 60.456249][ T5814] do_symlinkat+0x222/0x3a0
[ 60.460763][ T5814] ? __virt_addr_valid+0x45f/0x530
[ 60.465878][ T5814] ? __pfx_do_symlinkat+0x10/0x10
[ 60.470900][ T5814] ? strncpy_from_user+0x152/0x270
[ 60.476012][ T5814] ? getname_flags+0x1e3/0x540
[ 60.480776][ T5814] __x64_sys_symlink+0x7a/0x90
[ 60.485536][ T5814] do_syscall_64+0xf3/0x230
[ 60.490049][ T5814] ? clear_bhb_loop+0x35/0x90
[ 60.494722][ T5814] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 60.500610][ T5814] RIP: 0033:0x7fdbbc5937e9
[ 60.505025][ T5814] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 1f 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 60.524624][ T5814] RSP: 002b:00007fffa892db78 EFLAGS: 00000246 ORIG_RAX: 0000000000000058
[ 60.533028][ T5814] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fdbbc5937e9
[ 60.541075][ T5814] RDX: 00007fdbbc592531 RSI: 00000000200059c0 RDI: 0000000020002840
[ 60.549040][ T5814] RBP: 00007fdbbc5d75fb R08: 0000000000009e7f R09: 00007fdbbc5d761d
[ 60.557002][ T5814] R10: 00007fffa892da40 R11: 0000000000000246 R12: 00007fdbbc5d7580
[ 60.564962][ T5814] R13: 0000000000000003 R14: 0000000000050012 R15: 0000000000000048
[ 60.572929][ T5814]
[ 60.575936][ T5814]
[ 60.578303][ T5814] The buggy address belongs to the physical page:
[ 60.584705][ T5814] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7152f
[ 60.593457][ T5814] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 60.600576][ T5814] raw: 00fff00000000000 ffffea0001c54c08 ffffea0001c54b88 0000000000000000
[ 60.609154][ T5814] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 60.617721][ T5814] page dumped because: kasan: bad access detected
[ 60.624125][ T5814] page_owner tracks the page as freed
[ 60.629475][ T5814] page last allocated via order 0, migratetype Movable, gfp_mask 0x8(__GFP_MOVABLE), pid 1, tgid 1 (swapper/0), ts 14997925897, free_ts 16135521430
[ 60.644395][ T5814] post_alloc_hook+0x1f3/0x230
[ 60.649151][ T5814] alloc_contig_range_noprof+0x821/0xe00
[ 60.654771][ T5814] alloc_contig_pages_noprof+0x4b3/0x5c0
[ 60.660388][ T5814] debug_vm_pgtable_alloc_huge_page+0xaf/0x100
[ 60.666532][ T5814] init_args+0x83b/0xb20
[ 60.670761][ T5814] debug_vm_pgtable+0xe0/0x550
[ 60.675513][ T5814] do_one_initcall+0x248/0x870
[ 60.680284][ T5814] do_initcall_level+0x157/0x210
[ 60.685259][ T5814] do_initcalls+0x3f/0x80
[ 60.689667][ T5814] kernel_init_freeable+0x435/0x5d0
[ 60.694872][ T5814] kernel_init+0x1d/0x2b0
[ 60.699279][ T5814] ret_from_fork+0x4b/0x80
[ 60.703684][ T5814] ret_from_fork_asm+0x1a/0x30
[ 60.708448][ T5814] page last free pid 1 tgid 1 stack trace:
[ 60.714245][ T5814] free_unref_page+0xde3/0x1130
[ 60.719090][ T5814] free_contig_range+0x152/0x550
[ 60.724015][ T5814] destroy_args+0x92/0x910
[ 60.728423][ T5814] debug_vm_pgtable+0x4be/0x550
[ 60.733265][ T5814] do_one_initcall+0x248/0x870
[ 60.738030][ T5814] do_initcall_level+0x157/0x210
[ 60.742959][ T5814] do_initcalls+0x3f/0x80
[ 60.747276][ T5814] kernel_init_freeable+0x435/0x5d0
[ 60.752463][ T5814] kernel_init+0x1d/0x2b0
[ 60.756783][ T5814] ret_from_fork+0x4b/0x80
[ 60.761188][ T5814] ret_from_fork_asm+0x1a/0x30
[ 60.765949][ T5814]
[ 60.768267][ T5814] Memory state around the buggy address:
[ 60.773882][ T5814] ffff88807152f080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 60.781931][ T5814] ffff88807152f100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 60.789987][ T5814] >ffff88807152f180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 60.798042][ T5814] ^
[ 60.804444][ T5814] ffff88807152f200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 60.812494][ T5814] ffff88807152f280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 60.820540][ T5814] ==================================================================
[ 60.839546][ T5814] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 60.846768][ T5814] CPU: 0 UID: 0 PID: 5814 Comm: syz-executor147 Not tainted 6.13.0-rc1-syzkaller-00378-g62b5a46999c7 #0
[ 60.857889][ T5814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 60.867944][ T5814] Call Trace:
[ 60.871233][ T5814]
[ 60.874150][ T5814] dump_stack_lvl+0x241/0x360
[ 60.878818][ T5814] ? __pfx_dump_stack_lvl+0x10/0x10
[ 60.884015][ T5814] ? __pfx__printk+0x10/0x10
[ 60.888613][ T5814] ? preempt_schedule+0xe1/0xf0
[ 60.893467][ T5814] ? vscnprintf+0x5d/0x90
[ 60.897803][ T5814] panic+0x349/0x880
[ 60.901683][ T5814] ? check_panic_on_warn+0x21/0xb0
[ 60.906777][ T5814] ? __pfx_panic+0x10/0x10
[ 60.911180][ T5814] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 60.917147][ T5814] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 60.923462][ T5814] ? print_report+0x502/0x550
[ 60.928129][ T5814] check_panic_on_warn+0x86/0xb0
[ 60.933051][ T5814] ? sysv_new_inode+0xfc7/0x1160
[ 60.937981][ T5814] end_report+0x77/0x160
[ 60.942211][ T5814] kasan_report+0x154/0x180
[ 60.946696][ T5814] ? sysv_new_inode+0xfc7/0x1160
[ 60.951618][ T5814] sysv_new_inode+0xfc7/0x1160
[ 60.956367][ T5814] ? tomoyo_path_perm+0x5ea/0x740
[ 60.961371][ T5814] ? tomoyo_path_perm+0x287/0x740
[ 60.966377][ T5814] ? __pfx_sysv_new_inode+0x10/0x10
[ 60.971568][ T5814] ? generic_permission+0x356/0x680
[ 60.976756][ T5814] sysv_symlink+0x9f/0x180
[ 60.981157][ T5814] vfs_symlink+0x137/0x2e0
[ 60.985579][ T5814] do_symlinkat+0x222/0x3a0
[ 60.990090][ T5814] ? __virt_addr_valid+0x45f/0x530
[ 60.995198][ T5814] ? __pfx_do_symlinkat+0x10/0x10
[ 61.000224][ T5814] ? strncpy_from_user+0x152/0x270
[ 61.005356][ T5814] ? getname_flags+0x1e3/0x540
[ 61.010102][ T5814] __x64_sys_symlink+0x7a/0x90
[ 61.014853][ T5814] do_syscall_64+0xf3/0x230
[ 61.019342][ T5814] ? clear_bhb_loop+0x35/0x90
[ 61.024001][ T5814] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 61.029880][ T5814] RIP: 0033:0x7fdbbc5937e9
[ 61.034288][ T5814] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 1f 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 61.053900][ T5814] RSP: 002b:00007fffa892db78 EFLAGS: 00000246 ORIG_RAX: 0000000000000058
[ 61.062298][ T5814] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fdbbc5937e9
[ 61.070257][ T5814] RDX: 00007fdbbc592531 RSI: 00000000200059c0 RDI: 0000000020002840
[ 61.078213][ T5814] RBP: 00007fdbbc5d75fb R08: 0000000000009e7f R09: 00007fdbbc5d761d
[ 61.086182][ T5814] R10: 00007fffa892da40 R11: 0000000000000246 R12: 00007fdbbc5d7580
[ 61.094157][ T5814] R13: 0000000000000003 R14: 0000000000050012 R15: 0000000000000048
[ 61.102129][ T5814]
[ 61.105521][ T5814] Kernel Offset: disabled
[ 61.109835][ T5814] Rebooting in 86400 seconds..