Warning: Permanently added '10.128.1.70' (ED25519) to the list of known hosts. 2025/03/31 05:50:33 ignoring optional flag "sandboxArg"="0" 2025/03/31 05:50:33 parsed 1 programs [ 74.999337][ T2826] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 78.034513][ T2901] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 78.045489][ T2901] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 78.055176][ T2901] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 78.065303][ T2901] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 82.491494][ T2054] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.499497][ T2054] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.515787][ T1899] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 82.537195][ T2054] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.545476][ T2054] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.553904][ T2054] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 2025/03/31 05:50:43 executed programs: 0 [ 85.037836][ T3718] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 85.047852][ T3718] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 85.057484][ T3718] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 85.067362][ T3718] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 88.388071][ T517] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.396204][ T517] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.405441][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 88.416893][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.425232][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.432991][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 2025/03/31 05:50:48 executed programs: 2 [ 88.622519][ T4341] loop2: detected capacity change from 0 to 32768 [ 88.744303][ T4341] ================================================================== [ 88.752467][ T4341] BUG: KASAN: slab-out-of-bounds in diWrite+0xaaa/0x1390 [ 88.759678][ T4341] Write of size 32 at addr ffff88811704b0c0 by task syz.2.16/4341 [ 88.767519][ T4341] [ 88.769878][ T4341] CPU: 0 PID: 4341 Comm: syz.2.16 Not tainted 5.15.179-syzkaller #0 [ 88.777859][ T4341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 88.788005][ T4341] Call Trace: [ 88.791286][ T4341] [ 88.794222][ T4341] dump_stack_lvl+0x8e/0xdd [ 88.798729][ T4341] print_address_description.constprop.0.cold+0x6c/0x309 [ 88.805774][ T4341] ? diWrite+0xaaa/0x1390 [ 88.810238][ T4341] ? diWrite+0xaaa/0x1390 [ 88.814591][ T4341] kasan_report.cold+0x83/0xdf [ 88.819385][ T4341] ? diWrite+0xaaa/0x1390 [ 88.823738][ T4341] kasan_check_range+0x13d/0x180 [ 88.828693][ T4341] memcpy+0x39/0x60 [ 88.832565][ T4341] diWrite+0xaaa/0x1390 [ 88.836739][ T4341] txCommit+0x6b7/0x4110 [ 88.840988][ T4341] ? lock_acquire+0x11a/0x230 [ 88.845670][ T4341] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 88.851576][ T4341] ? dtRelink.isra.0+0xba0/0xba0 [ 88.856618][ T4341] ? txAbort+0x580/0x580 [ 88.860861][ T4341] ? lmLogClose+0x592/0x700 [ 88.865395][ T4341] ? jfs_dirty_inode+0x94/0x1e0 [ 88.870355][ T4341] ? __mark_inode_dirty+0x277/0xb70 [ 88.875859][ T4341] jfs_readdir+0x28e0/0x4230 [ 88.880467][ T4341] ? dtDelete+0x2f20/0x2f20 [ 88.884987][ T4341] ? __lock_acquire.constprop.0+0x478/0xb30 [ 88.890905][ T4341] ? lock_acquire+0x11a/0x230 [ 88.895581][ T4341] ? iterate_dir+0x50c/0x700 [ 88.900178][ T4341] ? lock_acquire+0x11a/0x230 [ 88.904973][ T4341] ? down_write_killable+0xcb/0x160 [ 88.910272][ T4341] ? down_write+0x140/0x140 [ 88.914789][ T4341] ? fsnotify_perm.part.0+0x229/0x5e0 [ 88.920207][ T4341] iterate_dir+0x1f9/0x700 [ 88.924634][ T4341] __x64_sys_getdents64+0x13a/0x2a0 [ 88.930140][ T4341] ? __ia32_sys_getdents+0x2a0/0x2a0 [ 88.935439][ T4341] ? compat_fillonedir+0x3f0/0x3f0 [ 88.940676][ T4341] ? vtime_user_exit+0xde/0x180 [ 88.945565][ T4341] ? trace_user_exit.constprop.0+0xe5/0x100 [ 88.951483][ T4341] do_syscall_64+0x33/0xb0 [ 88.955929][ T4341] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 88.961847][ T4341] RIP: 0033:0x7fece988dd29 [ 88.966311][ T4341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 88.986430][ T4341] RSP: 002b:00007fece9307038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 88.995117][ T4341] RAX: ffffffffffffffda RBX: 00007fece9a7dfa0 RCX: 00007fece988dd29 [ 89.003235][ T4341] RDX: 000000000000009e RSI: 0000000020000280 RDI: 0000000000000004 [ 89.011547][ T4341] RBP: 00007fece9909b08 R08: 0000000000000000 R09: 0000000000000000 [ 89.019671][ T4341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 89.027654][ T4341] R13: 0000000000000000 R14: 00007fece9a7dfa0 R15: 00007ffe1bfa95d8 [ 89.035674][ T4341] [ 89.038698][ T4341] [ 89.041031][ T4341] Allocated by task 4200: [ 89.045352][ T4341] kasan_save_stack+0x1b/0x40 [ 89.050044][ T4341] __kasan_slab_alloc+0x61/0x80 [ 89.054902][ T4341] kmem_cache_alloc+0x211/0x310 [ 89.059754][ T4341] security_file_alloc+0x34/0x170 [ 89.064796][ T4341] __alloc_file+0xd9/0x280 [ 89.069218][ T4341] alloc_empty_file+0x6d/0x170 [ 89.073982][ T4341] path_openat+0xe1/0x2890 [ 89.078502][ T4341] do_filp_open+0x1aa/0x400 [ 89.083161][ T4341] do_sys_openat2+0x16d/0x4d0 [ 89.087876][ T4341] __x64_sys_openat+0x13f/0x1f0 [ 89.092740][ T4341] do_syscall_64+0x33/0xb0 [ 89.097165][ T4341] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 89.103068][ T4341] [ 89.105384][ T4341] Freed by task 4200: [ 89.109351][ T4341] kasan_save_stack+0x1b/0x40 [ 89.114051][ T4341] kasan_set_track+0x1c/0x30 [ 89.118640][ T4341] kasan_set_free_info+0x20/0x30 [ 89.123626][ T4341] __kasan_slab_free+0xe0/0x110 [ 89.128699][ T4341] kmem_cache_free+0x7e/0x450 [ 89.133376][ T4341] security_file_free+0xa4/0xd0 [ 89.138345][ T4341] __fput+0x3b2/0x9f0 [ 89.142333][ T4341] task_work_run+0xdd/0x190 [ 89.146842][ T4341] do_exit+0xab2/0x2680 [ 89.151101][ T4341] do_group_exit+0x125/0x310 [ 89.155696][ T4341] __x64_sys_exit_group+0x3a/0x50 [ 89.160834][ T4341] do_syscall_64+0x33/0xb0 [ 89.165256][ T4341] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 89.171244][ T4341] [ 89.173602][ T4341] The buggy address belongs to the object at ffff88811704b070 [ 89.173602][ T4341] which belongs to the cache lsm_file_cache of size 80 [ 89.187818][ T4341] The buggy address is located 0 bytes to the right of [ 89.187818][ T4341] 80-byte region [ffff88811704b070, ffff88811704b0c0) [ 89.201371][ T4341] The buggy address belongs to the page: [ 89.207024][ T4341] page:ffffea00045c12c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11704b [ 89.217363][ T4341] flags: 0x200000000000200(slab|node=0|zone=2) [ 89.223530][ T4341] raw: 0200000000000200 ffffea000477ac40 0000000f0000000f ffff888100189000 [ 89.232194][ T4341] raw: 0000000000000000 0000000000240024 00000001ffffffff 0000000000000000 [ 89.240941][ T4341] page dumped because: kasan: bad access detected [ 89.247349][ T4341] page_owner tracks the page as allocated [ 89.253056][ T4341] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 2901, ts 79856962444, free_ts 79855699697 [ 89.269121][ T4341] get_page_from_freelist+0x1309/0x2e30 [ 89.274678][ T4341] __alloc_pages+0x2b3/0x590 [ 89.279291][ T4341] alloc_pages+0x16f/0x3d0 [ 89.283713][ T4341] allocate_slab+0x2eb/0x430 [ 89.288389][ T4341] ___slab_alloc+0xb1c/0xf80 [ 89.293022][ T4341] kmem_cache_alloc+0x2d7/0x310 [ 89.297880][ T4341] security_file_alloc+0x34/0x170 [ 89.303430][ T4341] __alloc_file+0xd9/0x280 [ 89.307869][ T4341] alloc_empty_file+0x6d/0x170 [ 89.312649][ T4341] alloc_file+0x59/0x590 [ 89.316921][ T4341] alloc_file_pseudo+0x165/0x250 [ 89.322013][ T4341] sock_alloc_file+0x4f/0x190 [ 89.326783][ T4341] __sys_socket+0x13d/0x200 [ 89.331302][ T4341] __x64_sys_socket+0x6f/0xb0 [ 89.335990][ T4341] do_syscall_64+0x33/0xb0 [ 89.340409][ T4341] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 89.346325][ T4341] page last free stack trace: [ 89.350988][ T4341] free_pcp_prepare+0x34e/0x730 [ 89.355969][ T4341] free_unref_page+0x19/0x4b0 [ 89.360778][ T4341] __mmdrop+0x51/0x2c0 [ 89.364875][ T4341] finish_task_switch.isra.0+0x49b/0x680 [ 89.370515][ T4341] __schedule+0x895/0x1d80 [ 89.375039][ T4341] schedule+0xff/0x210 [ 89.379120][ T4341] schedule_timeout+0x1db/0x260 [ 89.383967][ T4341] wait_for_completion_killable+0x1a1/0x300 [ 89.389856][ T4341] call_usermodehelper_exec+0x3ad/0x4c0 [ 89.395404][ T4341] __request_module+0x414/0x8c0 [ 89.400290][ T4341] dev_load+0xc3/0x100 [ 89.404381][ T4341] dev_ioctl+0x2d4/0xe20 [ 89.408617][ T4341] sock_do_ioctl+0x15a/0x230 [ 89.413202][ T4341] sock_ioctl+0x283/0x5f0 [ 89.417536][ T4341] __x64_sys_ioctl+0x193/0x200 [ 89.422455][ T4341] do_syscall_64+0x33/0xb0 [ 89.426895][ T4341] [ 89.429229][ T4341] Memory state around the buggy address: [ 89.434868][ T4341] ffff88811704af80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 89.442947][ T4341] ffff88811704b000: fa fb fb fb fb fb fb fb fb fb fc fc fc fc fa fb [ 89.451237][ T4341] >ffff88811704b080: fb fb fb fb fb fb fb fb fc fc fc fc fa fb fb fb [ 89.459306][ T4341] ^ [ 89.465467][ T4341] ffff88811704b100: fb fb fb fb fb fb fc fc fc fc fa fb fb fb fb fb [ 89.473532][ T4341] ffff88811704b180: fb fb fb fb fc fc fc fc fa fb fb fb fb fb fb fb [ 89.481587][ T4341] ================================================================== [ 89.489650][ T4341] Disabling lock debugging due to kernel taint [ 89.496205][ T4341] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 89.503682][ T4341] Kernel Offset: disabled [ 89.508023][ T4341] Rebooting in 86400 seconds..