Warning: Permanently added '10.128.0.43' (ED25519) to the list of known hosts.
2024/05/12 19:32:08 ignoring optional flag "sandboxArg"="0"
2024/05/12 19:32:08 parsed 1 programs
2024/05/12 19:32:09 executed programs: 0
[   44.807647][ T1213] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
2024/05/12 19:32:19 executed programs: 5
[   55.362355][ T3344] general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN PTI
[   55.374559][ T3344] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]
[   55.382960][ T3344] CPU: 0 PID: 3344 Comm: syz-executor.1 Not tainted 5.15.0-rc1-syzkaller #0
[   55.391708][ T3344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[   55.401754][ T3344] RIP: 0010:__fput+0x389/0x8c0
[   55.406593][ T3344] Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 65 04 00 00 48 b8 00 00 00 00 00 fc ff df 4d 8b 48 68 49 8d 79 28 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 5e 04 00 00 49 8b 51 28 be 08 00 00 00 4c 89 44
[   55.426539][ T3344] RSP: 0018:ffffc900030efe58 EFLAGS: 00010206
[   55.433019][ T3344] RAX: dffffc0000000000 RBX: ffff88807757ad00 RCX: 1ffffffff0fd3a1c
[   55.441611][ T3344] RDX: 0000000000000005 RSI: 0000000000000004 RDI: 0000000000000028
[   55.449657][ T3344] RBP: ffff8880686de804 R08: ffff88807bf751a0 R09: 0000000000000000
[   55.457825][ T3344] R10: ffffed100207e499 R11: 0000000000000008 R12: 0000000000080007
[   55.466041][ T3344] R13: ffff8880686de790 R14: ffff8880095be920 R15: ffff8880686de780
[   55.474166][ T3344] FS:  00007f7761fa66c0(0000) GS:ffff8880bac00000(0000) knlGS:0000000000000000
[   55.483078][ T3344] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   55.489998][ T3344] CR2: 00007ffc8aad5f84 CR3: 0000000075a08000 CR4: 00000000003506f0
[   55.498660][ T3344] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   55.506807][ T3344] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   55.515165][ T3344] Call Trace:
[   55.518440][ T3344]  task_work_run+0xc5/0x150
[   55.523020][ T3344]  exit_to_user_mode_prepare+0x16e/0x170
[   55.529006][ T3344]  syscall_exit_to_user_mode+0x13/0x30
[   55.534622][ T3344]  do_syscall_64+0x4a/0x90
[   55.539112][ T3344]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   55.545158][ T3344] RIP: 0033:0x7f7762445ea9
[   55.549552][ T3344] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   55.569223][ T3344] RSP: 002b:00007f7761fa60c8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[   55.577617][ T3344] RAX: 0000000000000000 RBX: 00007f7762574050 RCX: 00007f7762445ea9
[   55.585581][ T3344] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000000000003
[   55.593603][ T3344] RBP: 00007f77624924a4 R08: 0000000000000000 R09: 0000000000000000
[   55.601719][ T3344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   55.609684][ T3344] R13: 000000000000006e R14: 00007f7762574050 R15: 00007fffb6578128
[   55.617656][ T3344] Modules linked in:
[   55.640299][ T3336] ==================================================================
[   55.648762][ T3336] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x8a/0x440
[   55.657091][ T3336] 
[   55.659408][ T3336] CPU: 1 PID: 3336 Comm: syz-executor.1 Tainted: G      D           5.15.0-rc1-syzkaller #0
[   55.666082][ T3344] ---[ end trace 763112bc69d90168 ]---
[   55.669719][ T3336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[   55.675341][ T3344] RIP: 0010:__fput+0x389/0x8c0
[   55.685457][ T3336] Call Trace:
[   55.685463][ T3336]  dump_stack_lvl+0x41/0x5e
[   55.685470][ T3336]  print_address_description.constprop.0.cold+0x6c/0x30a
[   55.685480][ T3336]  ? kmem_cache_free+0x8a/0x440
[   55.685485][ T3336]  ? kmem_cache_free+0x8a/0x440
[   55.685490][ T3336]  kasan_report_invalid_free+0x51/0x80
[   55.685497][ T3336]  __kasan_slab_free+0x124/0x130
[   55.685502][ T3336]  slab_free_freelist_hook+0x81/0x190
[   55.685511][ T3336]  kmem_cache_free+0x8a/0x440
[   55.685517][ T3336]  ? task_work_run+0xc5/0x150
[   55.685526][ T3336]  task_work_run+0xc5/0x150
[   55.685532][ T3336]  exit_to_user_mode_prepare+0x16e/0x170
[   55.685541][ T3336]  syscall_exit_to_user_mode+0x13/0x30
[   55.685547][ T3336]  do_syscall_64+0x4a/0x90
[   55.690294][ T3344] Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 65 04 00 00 48 b8 00 00 00 00 00 fc ff df 4d 8b 48 68 49 8d 79 28 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 5e 04 00 00 49 8b 51 28 be 08 00 00 00 4c 89 44
[   55.693645][ T3336]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   55.693653][ T3336] RIP: 0033:0x7f7762445ea9
[   55.693659][ T3336] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   55.693664][ T3336] RSP: 002b:00007f7761fc70c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e8
[   55.693672][ T3336] RAX: 0000000000000001 RBX: 00007f7762573f80 RCX: 00007f7762445ea9
[   55.693676][ T3336] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000005
[   55.701901][ T3344] RSP: 0018:ffffc900030efe58 EFLAGS: 00010206
[   55.705443][ T3336] RBP: 00007f77624924a4 R08: 0000000000000000 R09: 0000000000000000
[   55.705448][ T3336] R10: 00000000000000fa R11: 0000000000000246 R12: 0000000000000000
[   55.705451][ T3336] R13: 0000000000000006 R14: 00007f7762573f80 R15: 00007fffb6578128
[   55.705456][ T3336] 
[   55.705458][ T3336] Allocated by task 3344:
[   55.705462][ T3336]  kasan_save_stack+0x1b/0x40
[   55.705471][ T3336]  __kasan_slab_alloc+0x83/0xb0
[   55.705476][ T3336]  kmem_cache_alloc+0x264/0x390
[   55.705480][ T3336]  __alloc_file+0x20/0x220
[   55.705485][ T3336]  alloc_empty_file+0x3c/0xf0
[   55.705490][ T3336]  alloc_file+0x54/0x510
[   55.710495][ T3344] 
[   55.715337][ T3336]  alloc_file_pseudo+0x14a/0x210
[   55.715343][ T3336]  dma_buf_export+0x59c/0xa50
[   55.715348][ T3336]  udmabuf_create+0xaff/0x1000
[   55.715353][ T3336]  udmabuf_ioctl+0x126/0x230
[   55.715356][ T3336]  __x64_sys_ioctl+0x122/0x190
[   55.715363][ T3336]  do_syscall_64+0x3c/0x90
[   55.720886][ T3344] RAX: dffffc0000000000 RBX: ffff88807757ad00 RCX: 1ffffffff0fd3a1c
[   55.726052][ T3336]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   55.726059][ T3336] 
[   55.726061][ T3336] Freed by task 17:
[   55.726064][ T3336]  kasan_save_stack+0x1b/0x40
[   55.726069][ T3336]  kasan_set_track+0x1c/0x30
[   55.731406][ T3344] RDX: 0000000000000005 RSI: 0000000000000004 RDI: 0000000000000028
[   55.736169][ T3336]  kasan_set_free_info+0x20/0x30
[   55.736176][ T3336]  __kasan_slab_free+0xff/0x130
[   55.736180][ T3336]  slab_free_freelist_hook+0x81/0x190
[   55.736187][ T3336]  kmem_cache_free+0x8a/0x440
[   55.736191][ T3336]  rcu_core+0x553/0x10c0
[   55.736196][ T3336]  __do_softirq+0x1f1/0x641
[   55.736201][ T3336] 
[   55.736203][ T3336] Last potentially related work creation:
[   55.736205][ T3336]  kasan_save_stack+0x1b/0x40
[   55.736209][ T3336]  kasan_record_aux_stack+0xe9/0x110
[   55.736213][ T3336]  call_rcu+0x98/0x6a0
[   55.736216][ T3336]  task_work_run+0xc5/0x150
[   55.736222][ T3336]  exit_to_user_mode_prepare+0x16e/0x170
[   55.736235][ T3336]  syscall_exit_to_user_mode+0x13/0x30
[   55.741443][ T3344] RBP: ffff8880686de804 R08: ffff88807bf751a0 R09: 0000000000000000
[   55.745530][ T3336]  do_syscall_64+0x4a/0x90
[   55.745539][ T3336]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   55.745545][ T3336] 
[   55.745546][ T3336] Second to last potentially related work creation:
[   55.745548][ T3336]  kasan_save_stack+0x1b/0x40
[   55.753694][ T3344] R10: ffffed100207e499 R11: 0000000000000008 R12: 0000000000080007
[   55.756915][ T3336]  kasan_record_aux_stack+0xe9/0x110
[   55.761318][ T3344] R13: ffff8880686de790 R14: ffff8880095be920 R15: ffff8880686de780
[   55.781134][ T3336]  task_work_add+0x36/0x130
[   55.781151][ T3336]  fput_many.part.0+0x87/0x110
[   55.781158][ T3336]  dma_buf_poll+0x350/0x650
[   55.781165][ T3336]  ep_item_poll+0xe0/0x1b0
[   55.781171][ T3336]  do_epoll_wait+0x5e1/0x1300
[   55.781175][ T3336]  __x64_sys_epoll_wait+0x126/0x240
[   55.781179][ T3336]  do_syscall_64+0x3c/0x90
[   55.781186][ T3336]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   55.781192][ T3336] 
[   55.781195][ T3336] The buggy address belongs to the object at ffff8880686de780
[   55.781195][ T3336]  which belongs to the cache filp of size 464
[   55.781199][ T3336] The buggy address is located 0 bytes inside of
[   55.781199][ T3336]  464-byte region [ffff8880686de780, ffff8880686de950)
[   55.781204][ T3336] The buggy address belongs to the page:
[   55.781209][ T3336] page:ffffea0001a1b780 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x686de
[   55.781215][ T3336] head:ffffea0001a1b780 order:1 compound_mapcount:0
[   55.781218][ T3336] memcg:ffff88807d5c6301
[   55.781220][ T3336] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   55.781230][ T3336] raw: 00fff00000010200 ffffea0001a1cf80 0000000900000002 ffff888008574640
[   55.791248][ T3344] FS:  00007f7761fa66c0(0000) GS:ffff8880bac00000(0000) knlGS:0000000000000000
[   55.791847][ T3336] raw: 0000000000000000 00000000000c000c 00000001ffffffff ffff88807d5c6301
[   55.812986][ T3344] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   55.820710][ T3336] page dumped because: kasan: bad access detected
[   55.820716][ T3336] page_owner tracks the page as allocated
[   55.820718][ T3336] page last allocated via order 1, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 1442, ts 45945111140, free_ts 45890270324
[   55.820730][ T3336]  get_page_from_freelist+0x1357/0x2ea0
[   55.829383][ T3344] CR2: 000055bc345d7008 CR3: 0000000075a08000 CR4: 00000000003506f0
[   55.837066][ T3336]  __alloc_pages+0x1b2/0x480
[   55.837075][ T3336]  allocate_slab+0x2eb/0x420
[   55.837080][ T3336]  ___slab_alloc+0x8e2/0xbf0
[   55.837084][ T3336]  __slab_alloc.constprop.0+0x45/0x80
[   55.837088][ T3336]  kmem_cache_alloc+0x343/0x390
[   55.837092][ T3336]  __alloc_file+0x20/0x220
[   55.837098][ T3336]  alloc_empty_file+0x3c/0xf0
[   55.837102][ T3336]  path_openat+0xe0/0x20a0
[   55.837109][ T3336]  do_filp_open+0x199/0x3d0
[   55.837113][ T3336]  do_sys_openat2+0x11e/0x400
[   55.837116][ T3336]  __x64_sys_openat+0x11b/0x1d0
[   55.843937][ T3344] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   55.851624][ T3336]  do_syscall_64+0x3c/0x90
[   55.851634][ T3336]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   55.859822][ T3344] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   55.867615][ T3336] page last free stack trace:
[   55.867618][ T3336]  free_pcp_prepare+0x3a5/0x8a0
[   55.867628][ T3336]  free_unref_page+0x19/0x500
[   55.867632][ T3336]  __mmdrop+0x45/0x230
[   55.867638][ T3336]  do_exit+0x89d/0x22c0
[   55.867644][ T3336]  do_group_exit+0xe7/0x2a0
[   55.867649][ T3336]  __x64_sys_exit_group+0x35/0x40
[   55.867654][ T3336]  do_syscall_64+0x3c/0x90
[   55.867660][ T3336]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   55.867667][ T3336] 
[   55.867668][ T3336] Memory state around the buggy address:
[   55.867672][ T3336]  ffff8880686de680: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc
[   55.867676][ T3336]  ffff8880686de700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   55.871031][ T3344] Kernel panic - not syncing: Fatal exception
[   55.874290][ T3336] >ffff8880686de780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   56.429051][ T3336]                    ^
[   56.433280][ T3336]  ffff8880686de800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   56.441317][ T3336]  ffff8880686de880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   56.449525][ T3336] ==================================================================
[   56.458185][ T3344] Kernel Offset: disabled
[   56.462534][ T3344] Rebooting in 86400 seconds..