Warning: Permanently added '10.128.1.142' (ED25519) to the list of known hosts.
2024/12/07 14:40:26 ignoring optional flag "sandboxArg"="0"
2024/12/07 14:40:26 parsed 1 programs
[   69.671961][ T3979] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   71.378507][    T8] cfg80211: failed to load regulatory.db
[   72.468227][ T4030] veth0_vlan: entered promiscuous mode
2024/12/07 14:40:32 executed programs: 0
[   72.934327][ T2874] veth0_vlan: left promiscuous mode
[   74.374462][ T4208] veth0_vlan: entered promiscuous mode
[   75.459799][ T4414] ==================================================================
[   75.467884][ T4414] BUG: KASAN: slab-use-after-free in do_raw_spin_unlock+0x48c/0x8b0
[   75.475862][ T4414] Read of size 4 at addr ffff888178c48184 by task syz.2.25/4414
[   75.483642][ T4414] 
[   75.485962][ T4414] CPU: 1 UID: 0 PID: 4414 Comm: syz.2.25 Not tainted 6.13.0-rc1-syzkaller #0
[   75.494865][ T4414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   75.504985][ T4414] Call Trace:
[   75.508244][ T4414]  <TASK>
[   75.511155][ T4414]  dump_stack_lvl+0x108/0x280
[   75.515806][ T4414]  ? __pfx_dump_stack_lvl+0x10/0x10
[   75.520976][ T4414]  ? __pfx__printk+0x10/0x10
[   75.525538][ T4414]  ? _printk+0xce/0x120
[   75.529667][ T4414]  ? __virt_addr_valid+0x141/0x270
[   75.534788][ T4414]  ? __virt_addr_valid+0x229/0x270
[   75.539883][ T4414]  print_report+0x169/0x550
[   75.544365][ T4414]  ? __virt_addr_valid+0x141/0x270
[   75.549530][ T4414]  ? __virt_addr_valid+0x229/0x270
[   75.554616][ T4414]  ? do_raw_spin_unlock+0x48c/0x8b0
[   75.559787][ T4414]  kasan_report+0x143/0x180
[   75.564263][ T4414]  ? move_pages_pte+0x5a5/0x23e0
[   75.569173][ T4414]  ? do_raw_spin_unlock+0x48c/0x8b0
[   75.574362][ T4414]  do_raw_spin_unlock+0x48c/0x8b0
[   75.579389][ T4414]  _raw_spin_unlock+0x1e/0x50
[   75.584052][ T4414]  move_pages_pte+0x5a5/0x23e0
[   75.588797][ T4414]  ? xfd_validate_state+0x16/0x50
[   75.593797][ T4414]  ? move_pages_pte+0x2bc/0x23e0
[   75.598705][ T4414]  ? __pfx_move_pages_pte+0x10/0x10
[   75.603879][ T4414]  ? finish_task_switch+0x1ce/0x830
[   75.609048][ T4414]  ? __pfx_lock_release+0x10/0x10
[   75.614044][ T4414]  ? do_raw_spin_unlock+0x13c/0x8b0
[   75.619242][ T4414]  ? finish_task_switch+0x290/0x830
[   75.624410][ T4414]  ? __schedule+0x1702/0x23b0
[   75.629067][ T4414]  ? __pfx___schedule+0x10/0x10
[   75.633893][ T4414]  ? __pfx___pte_alloc+0x10/0x10
[   75.638805][ T4414]  ? do_raw_spin_unlock+0x13c/0x8b0
[   75.643978][ T4414]  move_pages+0x980/0x1010
[   75.648369][ T4414]  ? __pfx_move_pages+0x10/0x10
[   75.653188][ T4414]  userfaultfd_ioctl+0x744/0x4e50
[   75.658205][ T4414]  ? arch_stack_walk+0xfd/0x150
[   75.663038][ T4414]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[   75.668471][ T4414]  ? stack_trace_save+0x118/0x1d0
[   75.673498][ T4414]  ? __pfx_stack_trace_save+0x10/0x10
[   75.679050][ T4414]  ? stack_depot_save_flags+0x3a/0x770
[   75.684506][ T4414]  ? kasan_save_track+0x51/0x80
[   75.689346][ T4414]  ? kasan_save_track+0x3f/0x80
[   75.694170][ T4414]  ? kasan_save_free_info+0x40/0x50
[   75.699360][ T4414]  ? __kasan_slab_free+0x59/0x70
[   75.704312][ T4414]  ? kfree+0x17c/0x3d0
[   75.708355][ T4414]  ? tomoyo_path_number_perm+0x531/0x6c0
[   75.713958][ T4414]  ? security_file_ioctl+0x61/0x120
[   75.719140][ T4414]  ? __se_sys_ioctl+0x39/0x100
[   75.723894][ T4414]  ? do_syscall_64+0x8d/0x190
[   75.728600][ T4414]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.734733][ T4414]  ? __pfx_do_vfs_ioctl+0x10/0x10
[   75.739762][ T4414]  ? tomoyo_path_number_perm+0x1c7/0x6c0
[   75.745394][ T4414]  ? __pfx_lock_release+0x10/0x10
[   75.750402][ T4414]  ? tomoyo_path_number_perm+0x531/0x6c0
[   75.756008][ T4414]  ? tomoyo_path_number_perm+0x531/0x6c0
[   75.761620][ T4414]  ? tomoyo_path_number_perm+0x561/0x6c0
[   75.767224][ T4414]  ? tomoyo_path_number_perm+0x1c7/0x6c0
[   75.772830][ T4414]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[   75.778782][ T4414]  ? __lock_acquire+0x61d/0xc70
[   75.783694][ T4414]  ? __fget_files+0x2e/0x280
[   75.788258][ T4414]  __se_sys_ioctl+0xab/0x100
[   75.792905][ T4414]  do_syscall_64+0x8d/0x190
[   75.797379][ T4414]  ? clear_bhb_loop+0x35/0x90
[   75.802031][ T4414]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.807904][ T4414] RIP: 0033:0x7f2926f7ff19
[   75.812316][ T4414] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   75.831929][ T4414] RSP: 002b:00007f2927d92058 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   75.840341][ T4414] RAX: ffffffffffffffda RBX: 00007f2927145fa0 RCX: 00007f2926f7ff19
[   75.848290][ T4414] RDX: 0000000020000080 RSI: 00000000c028aa05 RDI: 0000000000000003
[   75.856238][ T4414] RBP: 00007f2926ff3986 R08: 0000000000000000 R09: 0000000000000000
[   75.864191][ T4414] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   75.872143][ T4414] R13: 0000000000000000 R14: 00007f2927145fa0 R15: 00007ffd9947b448
[   75.880092][ T4414]  </TASK>
[   75.883116][ T4414] 
[   75.885418][ T4414] Allocated by task 4413:
[   75.889719][ T4414]  kasan_save_track+0x3f/0x80
[   75.894404][ T4414]  __kasan_slab_alloc+0x66/0x80
[   75.899424][ T4414]  kmem_cache_alloc_noprof+0x1b9/0x410
[   75.904861][ T4414]  ptlock_alloc+0x1b/0x60
[   75.909167][ T4414]  pte_alloc_one+0xc1/0x3b0
[   75.913655][ T4414]  do_huge_pmd_anonymous_page+0x240/0x8d0
[   75.919345][ T4414]  handle_mm_fault+0xf9b/0x1920
[   75.924238][ T4414]  exc_page_fault+0x432/0x7b0
[   75.928888][ T4414]  asm_exc_page_fault+0x26/0x30
[   75.933711][ T4414] 
[   75.936011][ T4414] Freed by task 4415:
[   75.939962][ T4414]  kasan_save_track+0x3f/0x80
[   75.944611][ T4414]  kasan_save_free_info+0x40/0x50
[   75.949609][ T4414]  __kasan_slab_free+0x59/0x70
[   75.954359][ T4414]  kmem_cache_free+0x17e/0x470
[   75.959095][ T4414]  ___pte_free_tlb+0x87/0x330
[   75.963742][ T4414]  free_pte+0x11c/0x170
[   75.967964][ T4414]  unmap_page_range+0x3dee/0x43c0
[   75.972958][ T4414]  zap_page_range_single+0x3d2/0x550
[   75.978212][ T4414]  do_madvise+0x24be/0x3ee0
[   75.982690][ T4414]  __x64_sys_madvise+0xa1/0xb0
[   75.987446][ T4414]  do_syscall_64+0x8d/0x190
[   75.991946][ T4414]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.997823][ T4414] 
[   76.000126][ T4414] The buggy address belongs to the object at ffff888178c48180
[   76.000126][ T4414]  which belongs to the cache page->ptl of size 64
[   76.013889][ T4414] The buggy address is located 4 bytes inside of
[   76.013889][ T4414]  freed 64-byte region [ffff888178c48180, ffff888178c481c0)
[   76.027400][ T4414] 
[   76.029757][ T4414] The buggy address belongs to the physical page:
[   76.036152][ T4414] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x178c48
[   76.044974][ T4414] anon flags: 0x100000000000000(node=0|zone=2)
[   76.051215][ T4414] page_type: f5(slab)
[   76.055228][ T4414] raw: 0100000000000000 ffff88810004f780 ffffea0004757380 dead000000000005
[   76.063801][ T4414] raw: 0000000000000000 00000000802a002a 00000000f5000000 0000000000000000
[   76.072368][ T4414] page dumped because: kasan: bad access detected
[   76.078786][ T4414] page_owner tracks the page as allocated
[   76.084560][ T4414] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 3126, tgid 3126 (udevd), ts 14068640973, free_ts 14060442946
[   76.103198][ T4414]  post_alloc_hook+0x108/0x120
[   76.107954][ T4414]  get_page_from_freelist+0x3229/0x3370
[   76.113479][ T4414]  __alloc_frozen_pages_noprof+0x256/0x650
[   76.119263][ T4414]  alloc_pages_mpol+0x21c/0x460
[   76.124085][ T4414]  allocate_slab+0x8b/0x350
[   76.128564][ T4414]  ___slab_alloc+0x9ff/0x1130
[   76.133215][ T4414]  kmem_cache_alloc_noprof+0x279/0x410
[   76.138643][ T4414]  ptlock_alloc+0x1b/0x60
[   76.142945][ T4414]  pte_alloc_one+0xc1/0x3b0
[   76.147419][ T4414]  __pte_alloc+0x71/0x200
[   76.151911][ T4414]  copy_pud_range+0x5299/0x5880
[   76.156740][ T4414]  copy_page_range+0x52e/0x7c0
[   76.161478][ T4414]  copy_mm+0xf6a/0x1a70
[   76.165605][ T4414]  copy_process+0x1194/0x3350
[   76.170251][ T4414]  kernel_clone+0x195/0x720
[   76.174758][ T4414]  __x64_sys_clone+0x253/0x2a0
[   76.179597][ T4414] page last free pid 16 tgid 16 stack trace:
[   76.185552][ T4414]  free_frozen_pages+0xc15/0xe90
[   76.190457][ T4414]  __folio_put+0x234/0x2c0
[   76.194844][ T4414]  tlb_remove_table_rcu+0x5e/0xc0
[   76.199846][ T4414]  rcu_core+0xcb3/0x1630
[   76.204088][ T4414]  handle_softirqs+0x1ba/0x580
[   76.208914][ T4414]  run_ksoftirqd+0x28/0x40
[   76.213300][ T4414]  smpboot_thread_fn+0x578/0x7f0
[   76.218219][ T4414]  kthread+0x268/0x2c0
[   76.222260][ T4414]  ret_from_fork+0x32/0x60
[   76.226648][ T4414]  ret_from_fork_asm+0x1a/0x30
[   76.231479][ T4414] 
[   76.233879][ T4414] Memory state around the buggy address:
[   76.239565][ T4414]  ffff888178c48080: 00 00 00 00 fc fc fc fc fa fb fb fb fb fb fb fb
[   76.247602][ T4414]  ffff888178c48100: fc fc fc fc fa fb fb fb fb fb fb fb fc fc fc fc
[   76.255633][ T4414] >ffff888178c48180: fa fb fb fb fb fb fb fb fc fc fc fc fa fb fb fb
[   76.263664][ T4414]                    ^
[   76.267710][ T4414]  ffff888178c48200: fb fb fb fb fc fc fc fc fa fb fb fb fb fb fb fb
[   76.275738][ T4414]  ffff888178c48280: fc fc fc fc 00 00 00 00 00 00 00 00 fc fc fc fc
[   76.283775][ T4414] ==================================================================
[   76.292172][ T4414] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   76.299779][ T4414] Kernel Offset: disabled
[   76.304113][ T4414] Rebooting in 86400 seconds..