Warning: Permanently added '10.128.1.168' (ED25519) to the list of known hosts. 2025/05/02 05:06:09 ignoring optional flag "sandboxArg"="0" 2025/05/02 05:06:10 parsed 1 programs [ 72.541248][ T2830] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 74.448496][ T2857] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 74.459039][ T2857] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 74.470276][ T2857] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 74.482233][ T2857] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 78.951150][ T1519] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.959269][ T1519] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.969663][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 78.991401][ T1518] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.999824][ T1518] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.007523][ T1519] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 2025/05/02 05:06:18 executed programs: 0 [ 81.095829][ T3423] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 81.106043][ T3423] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 81.115768][ T3423] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 81.126180][ T3423] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 85.028178][ T1519] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.037177][ T1519] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.046862][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 85.070867][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.079601][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.089115][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 2025/05/02 05:06:24 executed programs: 2 [ 85.319016][ T4171] loop2: detected capacity change from 0 to 32768 [ 85.402580][ T4171] ================================================================== [ 85.411391][ T4171] BUG: KASAN: use-after-free in diWrite+0xaaa/0x1390 [ 85.418729][ T4171] Write of size 32 at addr ffff8881292d00c0 by task syz.2.16/4171 [ 85.426905][ T4171] [ 85.429359][ T4171] CPU: 1 PID: 4171 Comm: syz.2.16 Not tainted 5.15.180-syzkaller #0 [ 85.437598][ T4171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 85.447830][ T4171] Call Trace: [ 85.451200][ T4171] [ 85.454140][ T4171] dump_stack_lvl+0x8e/0xdd [ 85.458831][ T4171] print_address_description.constprop.0.cold+0x6c/0x309 [ 85.466049][ T4171] ? diWrite+0xaaa/0x1390 [ 85.470579][ T4171] ? diWrite+0xaaa/0x1390 [ 85.475293][ T4171] kasan_report.cold+0x83/0xdf [ 85.480072][ T4171] ? diWrite+0xaaa/0x1390 [ 85.484517][ T4171] kasan_check_range+0x13d/0x180 [ 85.489824][ T4171] memcpy+0x39/0x60 [ 85.493752][ T4171] diWrite+0xaaa/0x1390 [ 85.498014][ T4171] txCommit+0x6b7/0x4110 [ 85.502601][ T4171] ? lock_acquire+0x11a/0x230 [ 85.507642][ T4171] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 85.514007][ T4171] ? dtRelink.isra.0+0xc40/0xc40 [ 85.518967][ T4171] ? txAbort+0x580/0x580 [ 85.523321][ T4171] ? lmLogShutdown+0x652/0x760 [ 85.528199][ T4171] ? jfs_dirty_inode+0x94/0x1e0 [ 85.533216][ T4171] ? __mark_inode_dirty+0x277/0xb70 [ 85.538807][ T4171] jfs_readdir+0x295a/0x4440 [ 85.543597][ T4171] ? dtDelete+0x2ff0/0x2ff0 [ 85.548311][ T4171] ? __lock_acquire.constprop.0+0x478/0xb30 [ 85.554495][ T4171] ? lock_acquire+0x11a/0x230 [ 85.559473][ T4171] ? iterate_dir+0x50c/0x700 [ 85.564078][ T4171] ? lock_acquire+0x11a/0x230 [ 85.568760][ T4171] ? down_write_killable+0xcb/0x160 [ 85.573972][ T4171] ? down_write+0x140/0x140 [ 85.578469][ T4171] ? fsnotify_perm.part.0+0x229/0x5e0 [ 85.583850][ T4171] iterate_dir+0x1f9/0x700 [ 85.588466][ T4171] __x64_sys_getdents64+0x13a/0x2a0 [ 85.593892][ T4171] ? __ia32_sys_getdents+0x2a0/0x2a0 [ 85.599369][ T4171] ? compat_fillonedir+0x3f0/0x3f0 [ 85.604775][ T4171] ? vtime_user_exit+0xde/0x180 [ 85.609805][ T4171] ? trace_user_exit.constprop.0+0xe5/0x100 [ 85.615929][ T4171] do_syscall_64+0x33/0xb0 [ 85.620359][ T4171] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 85.626359][ T4171] RIP: 0033:0x7f616ce6ed29 [ 85.630890][ T4171] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 85.650591][ T4171] RSP: 002b:00007f616c8e8038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 85.659859][ T4171] RAX: ffffffffffffffda RBX: 00007f616d05efa0 RCX: 00007f616ce6ed29 [ 85.668252][ T4171] RDX: 000000000000009e RSI: 0000000020000280 RDI: 0000000000000004 [ 85.676300][ T4171] RBP: 00007f616ceeab08 R08: 0000000000000000 R09: 0000000000000000 [ 85.685078][ T4171] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.693416][ T4171] R13: 0000000000000000 R14: 00007f616d05efa0 R15: 00007ffd96b30a98 [ 85.701497][ T4171] [ 85.704793][ T4171] [ 85.707149][ T4171] Allocated by task 4023: [ 85.711739][ T4171] kasan_save_stack+0x1b/0x40 [ 85.716736][ T4171] __kasan_slab_alloc+0x61/0x80 [ 85.721951][ T4171] kmem_cache_alloc+0x211/0x310 [ 85.726882][ T4171] __pmd_alloc+0x98/0x4b0 [ 85.732178][ T4171] copy_page_range+0x27e7/0x3490 [ 85.737334][ T4171] copy_process+0x5dc1/0x7d00 [ 85.742681][ T4171] kernel_clone+0xe7/0xbd0 [ 85.747602][ T4171] __do_sys_clone+0xc1/0x100 [ 85.752582][ T4171] do_syscall_64+0x33/0xb0 [ 85.757121][ T4171] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 85.763352][ T4171] [ 85.765915][ T4171] Freed by task 4036: [ 85.770133][ T4171] kasan_save_stack+0x1b/0x40 [ 85.774994][ T4171] kasan_set_track+0x1c/0x30 [ 85.779683][ T4171] kasan_set_free_info+0x20/0x30 [ 85.784633][ T4171] __kasan_slab_free+0xe0/0x110 [ 85.790020][ T4171] kmem_cache_free+0x7e/0x450 [ 85.795379][ T4171] ___pmd_free_tlb+0x41/0x180 [ 85.800308][ T4171] free_pgd_range+0x9a8/0xbe0 [ 85.805095][ T4171] free_pgtables+0x212/0x300 [ 85.809710][ T4171] exit_mmap+0x1df/0x6d0 [ 85.815091][ T4171] __mmput+0xd6/0x440 [ 85.819418][ T4171] mmput+0x40/0x50 [ 85.823346][ T4171] do_exit+0x9e1/0x2680 [ 85.827519][ T4171] do_group_exit+0x125/0x310 [ 85.832634][ T4171] __x64_sys_exit_group+0x3a/0x50 [ 85.837855][ T4171] do_syscall_64+0x33/0xb0 [ 85.843148][ T4171] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 85.849519][ T4171] [ 85.852247][ T4171] The buggy address belongs to the object at ffff8881292d00c0 [ 85.852247][ T4171] which belongs to the cache page->ptl of size 64 [ 85.866973][ T4171] The buggy address is located 0 bytes inside of [ 85.866973][ T4171] 64-byte region [ffff8881292d00c0, ffff8881292d0100) [ 85.882444][ T4171] The buggy address belongs to the page: [ 85.888826][ T4171] page:ffffea0004a4b400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1292d0 [ 85.899469][ T4171] flags: 0x200000000000200(slab|node=0|zone=2) [ 85.906021][ T4171] raw: 0200000000000200 0000000000000000 dead000000000122 ffff88810004f780 [ 85.915384][ T4171] raw: 0000000000000000 00000000002a002a 00000001ffffffff 0000000000000000 [ 85.924239][ T4171] page dumped because: kasan: bad access detected [ 85.930832][ T4171] page_owner tracks the page as allocated [ 85.936988][ T4171] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 4023, ts 84220965726, free_ts 84217231381 [ 85.954521][ T4171] get_page_from_freelist+0x1309/0x2e30 [ 85.960546][ T4171] __alloc_pages+0x2b3/0x590 [ 85.965319][ T4171] alloc_pages+0x16f/0x3d0 [ 85.969743][ T4171] allocate_slab+0x2eb/0x430 [ 85.974428][ T4171] ___slab_alloc+0xb1c/0xf80 [ 85.979236][ T4171] kmem_cache_alloc+0x2d7/0x310 [ 85.984554][ T4171] __pmd_alloc+0x98/0x4b0 [ 85.989054][ T4171] copy_page_range+0x27e7/0x3490 [ 85.994029][ T4171] copy_process+0x5dc1/0x7d00 [ 85.999454][ T4171] kernel_clone+0xe7/0xbd0 [ 86.004171][ T4171] __do_sys_clone+0xc1/0x100 [ 86.008910][ T4171] do_syscall_64+0x33/0xb0 [ 86.013653][ T4171] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 86.019565][ T4171] page last free stack trace: [ 86.024594][ T4171] free_pcp_prepare+0x34e/0x730 [ 86.029931][ T4171] free_unref_page+0x19/0x4b0 [ 86.035591][ T4171] tlb_finish_mmu+0x24f/0x8c0 [ 86.041230][ T4171] exit_mmap+0x1ea/0x6d0 [ 86.045486][ T4171] __mmput+0xd6/0x440 [ 86.049729][ T4171] mmput+0x40/0x50 [ 86.053977][ T4171] do_exit+0x9e1/0x2680 [ 86.058140][ T4171] do_group_exit+0x125/0x310 [ 86.062936][ T4171] __x64_sys_exit_group+0x3a/0x50 [ 86.068820][ T4171] do_syscall_64+0x33/0xb0 [ 86.073754][ T4171] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 86.080050][ T4171] [ 86.082462][ T4171] Memory state around the buggy address: [ 86.088105][ T4171] ffff8881292cff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 86.097512][ T4171] ffff8881292d0000: fa fb fb fb fb fb fb fb fc fc fc fc fa fb fb fb [ 86.106022][ T4171] >ffff8881292d0080: fb fb fb fb fc fc fc fc fa fb fb fb fb fb fb fb [ 86.114688][ T4171] ^ [ 86.121412][ T4171] ffff8881292d0100: fc fc fc fc fa fb fb fb fb fb fb fb fc fc fc fc [ 86.129759][ T4171] ffff8881292d0180: fa fb fb fb fb fb fb fb fc fc fc fc fa fb fb fb [ 86.138415][ T4171] ================================================================== [ 86.146808][ T4171] Disabling lock debugging due to kernel taint [ 86.153933][ T4171] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 86.163437][ T4171] Kernel Offset: disabled [ 86.168700][ T4171] Rebooting in 86400 seconds..