Warning: Permanently added '10.128.1.176' (ED25519) to the list of known hosts. 2025/06/19 01:42:33 ignoring optional flag "sandboxArg"="0" 2025/06/19 01:42:34 parsed 1 programs [ 83.326291][ T4345] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 85.823006][ T914] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.830966][ T914] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.871073][ T37] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.879262][ T37] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.844680][ T4356] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 87.854576][ T4356] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 87.863440][ T4356] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 87.873453][ T4356] netdevsim netdevsim0 netdevsim3: renamed from eth3 2025/06/19 01:42:45 executed programs: 0 [ 100.898111][ T4790] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 100.911999][ T4790] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 100.921544][ T4784] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 100.963709][ T4790] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 100.977102][ T4784] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 101.006014][ T4785] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 101.018476][ T4790] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 101.029099][ T4784] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 101.042488][ T4785] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 101.053900][ T4784] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 101.091216][ T4785] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 101.132174][ T4785] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 101.419836][ T4783] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 101.432395][ T4778] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 101.443491][ T4778] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 101.454823][ T4783] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 101.475748][ T4778] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 101.487768][ T4783] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 101.515584][ T4778] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 101.531269][ T4783] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 123.490614][ T14] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.498741][ T14] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.568513][ T14] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.577117][ T14] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.606721][ T1351] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.614575][ T1351] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.628508][ T1992] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.636437][ T1992] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 2025/06/19 01:43:17 executed programs: 10 [ 123.866442][ T37] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.874362][ T37] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.984976][ T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.992844][ T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.076880][ T51] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.084798][ T51] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.172509][ T1917] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.180469][ T1917] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.199670][ T37] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.207550][ T37] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.227143][ T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.235236][ T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.372607][ T6951] loop1: detected capacity change from 0 to 32768 [ 124.451059][ T6951] ================================================================== [ 124.459189][ T6951] BUG: KASAN: slab-use-after-free in diWrite+0xb08/0x1490 [ 124.466339][ T6951] Write of size 32 at addr ffff88816f9300c0 by task syz.1.17/6951 [ 124.474158][ T6951] [ 124.476512][ T6951] CPU: 1 UID: 0 PID: 6951 Comm: syz.1.17 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(undef) [ 124.476528][ T6951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 124.476542][ T6951] Call Trace: [ 124.476548][ T6951] [ 124.476553][ T6951] dump_stack_lvl+0x18a/0x250 [ 124.476574][ T6951] ? __pfx_dump_stack_lvl+0x10/0x10 [ 124.476588][ T6951] ? rcu_is_watching+0x1f/0xa0 [ 124.476603][ T6951] ? lock_release+0x42/0x2f0 [ 124.476618][ T6951] ? lock_acquire+0x69/0x210 [ 124.476634][ T6951] ? __virt_addr_valid+0x1a8/0x400 [ 124.476650][ T6951] ? __virt_addr_valid+0x301/0x400 [ 124.476665][ T6951] print_report+0xd2/0x2b0 [ 124.476687][ T6951] ? diWrite+0xb08/0x1490 [ 124.476702][ T6951] kasan_report+0x118/0x150 [ 124.476718][ T6951] ? diWrite+0xb08/0x1490 [ 124.476732][ T6951] kasan_check_range+0x2b0/0x2c0 [ 124.476748][ T6951] ? diWrite+0xb08/0x1490 [ 124.476761][ T6951] __asan_memcpy+0x40/0x70 [ 124.476773][ T6951] diWrite+0xb08/0x1490 [ 124.476789][ T6951] txCommit+0x852/0x51b0 [ 124.476806][ T6951] ? txLock+0xae2/0x1c70 [ 124.476820][ T6951] ? __pfx_txCommit+0x10/0x10 [ 124.476835][ T6951] ? __pfx_jfs_dirty_inode+0x10/0x10 [ 124.476853][ T6951] ? rcu_is_watching+0x1f/0xa0 [ 124.476867][ T6951] ? __mark_inode_dirty+0x2e9/0xb50 [ 124.476884][ T6951] add_missing_indices+0x865/0xc30 [ 124.476903][ T6951] ? __pfx_add_missing_indices+0x10/0x10 [ 124.476921][ T6951] ? alloc_pages_noprof+0xbe/0x160 [ 124.476937][ T6951] jfs_readdir+0x1d81/0x3af0 [ 124.476959][ T6951] ? __pfx_jfs_readdir+0x10/0x10 [ 124.476979][ T6951] ? down_write+0x104/0x160 [ 124.476996][ T6951] ? __pfx_down_write+0x10/0x10 [ 124.477013][ T6951] ? __pfx_jfs_readdir+0x10/0x10 [ 124.477029][ T6951] wrap_directory_iterator+0x96/0xe0 [ 124.477043][ T6951] iterate_dir+0x599/0x750 [ 124.477056][ T6951] __se_sys_getdents64+0xe4/0x240 [ 124.477069][ T6951] ? __pfx___se_sys_getdents64+0x10/0x10 [ 124.477082][ T6951] ? __pfx_filldir64+0x10/0x10 [ 124.477095][ T6951] ? switch_fpu_return+0x12c/0x1c0 [ 124.477111][ T6951] do_syscall_64+0x8f/0x250 [ 124.477128][ T6951] ? fpregs_assert_state_consistent+0x66/0x90 [ 124.477144][ T6951] ? clear_bhb_loop+0x60/0xb0 [ 124.477157][ T6951] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.477170][ T6951] RIP: 0033:0x7f819478cde9 [ 124.477195][ T6951] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 124.477206][ T6951] RSP: 002b:00007f8195631038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 124.477223][ T6951] RAX: ffffffffffffffda RBX: 00007f81949a5fa0 RCX: 00007f819478cde9 [ 124.477233][ T6951] RDX: 0000000000001000 RSI: 0000400000000f80 RDI: 0000000000000005 [ 124.477241][ T6951] RBP: 00007f819480e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 124.477250][ T6951] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 124.477258][ T6951] R13: 0000000000000000 R14: 00007f81949a5fa0 R15: 00007ffcf7961018 [ 124.477269][ T6951] [ 124.477274][ T6951] [ 124.771110][ T6951] Allocated by task 6909: [ 124.775600][ T6951] kasan_save_track+0x3e/0x80 [ 124.780266][ T6951] __kasan_slab_alloc+0x6c/0x80 [ 124.785103][ T6951] kmem_cache_alloc_noprof+0x1b1/0x400 [ 124.790548][ T6951] anon_vma_fork+0xde/0x500 [ 124.795041][ T6951] dup_mmap+0x990/0x19b0 [ 124.799269][ T6951] copy_mm+0x133/0x4b0 [ 124.803327][ T6951] copy_process+0x1455/0x3700 [ 124.807991][ T6951] kernel_clone+0x21c/0x820 [ 124.812477][ T6951] __x64_sys_clone+0x18b/0x1e0 [ 124.817228][ T6951] do_syscall_64+0x8f/0x250 [ 124.821723][ T6951] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.827600][ T6951] [ 124.829927][ T6951] Freed by task 23: [ 124.833738][ T6951] kasan_save_track+0x3e/0x80 [ 124.838562][ T6951] kasan_save_free_info+0x46/0x50 [ 124.843591][ T6951] __kasan_slab_free+0x62/0x70 [ 124.848350][ T6951] slab_free_after_rcu_debug+0x131/0x290 [ 124.854010][ T6951] rcu_core+0xbee/0x1530 [ 124.858259][ T6951] handle_softirqs+0x1a8/0x520 [ 124.863036][ T6951] run_ksoftirqd+0x28/0x40 [ 124.867531][ T6951] smpboot_thread_fn+0x4c8/0x980 [ 124.872462][ T6951] kthread+0x66a/0x760 [ 124.876525][ T6951] ret_from_fork+0x1b7/0x380 [ 124.881141][ T6951] ret_from_fork_asm+0x1a/0x30 [ 124.885983][ T6951] [ 124.888395][ T6951] Last potentially related work creation: [ 124.894135][ T6951] kasan_save_stack+0x3e/0x60 [ 124.898830][ T6951] kasan_record_aux_stack+0xbd/0xd0 [ 124.904027][ T6951] kmem_cache_free+0x2b5/0x460 [ 124.908876][ T6951] __put_anon_vma+0x11a/0x2b0 [ 124.913543][ T6951] unlink_anon_vmas+0x471/0x5c0 [ 124.918470][ T6951] free_pgtables+0x78e/0xa70 [ 124.923075][ T6951] exit_mmap+0x41b/0xa10 [ 124.927315][ T6951] __mmput+0x118/0x420 [ 124.931369][ T6951] exec_mmap+0x5a8/0x6a0 [ 124.935599][ T6951] begin_new_exec+0x11a5/0x1f00 [ 124.940431][ T6951] load_elf_binary+0x96a/0x2790 [ 124.945270][ T6951] bprm_execve+0x797/0x11a0 [ 124.949761][ T6951] do_execveat_common+0x930/0xae0 [ 124.954776][ T6951] __x64_sys_execve+0x94/0xb0 [ 124.959442][ T6951] do_syscall_64+0x8f/0x250 [ 124.963938][ T6951] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.969836][ T6951] [ 124.972167][ T6951] The buggy address belongs to the object at ffff88816f930000 [ 124.972167][ T6951] which belongs to the cache anon_vma of size 208 [ 124.985947][ T6951] The buggy address is located 192 bytes inside of [ 124.985947][ T6951] freed 208-byte region [ffff88816f930000, ffff88816f9300d0) [ 124.999741][ T6951] [ 125.002137][ T6951] The buggy address belongs to the physical page: [ 125.008543][ T6951] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x16f930 [ 125.017377][ T6951] memcg:ffff88816f973401 [ 125.021639][ T6951] ksm flags: 0x100000000000000(node=0|zone=2) [ 125.027710][ T6951] page_type: f5(slab) [ 125.031683][ T6951] raw: 0100000000000000 ffff88810129a140 ffffea0005f4d780 dead000000000003 [ 125.040264][ T6951] raw: 0000000000000000 00000000000f000f 00000000f5000000 ffff88816f973401 [ 125.048826][ T6951] page dumped because: kasan: bad access detected [ 125.055231][ T6951] page_owner tracks the page as allocated [ 125.061022][ T6951] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 2691, tgid 2691 (dhcpcd-run-hook), ts 18505807087, free_ts 9730191106 [ 125.080459][ T6951] post_alloc_hook+0x168/0x1a0 [ 125.085219][ T6951] get_page_from_freelist+0x364b/0x3780 [ 125.090837][ T6951] __alloc_frozen_pages_noprof+0x26b/0x460 [ 125.096629][ T6951] alloc_pages_mpol+0x232/0x460 [ 125.101466][ T6951] allocate_slab+0x8a/0x350 [ 125.105956][ T6951] ___slab_alloc+0x9dc/0x10e0 [ 125.110721][ T6951] kmem_cache_alloc_noprof+0x26e/0x400 [ 125.116256][ T6951] __anon_vma_prepare+0xec/0x4a0 [ 125.121351][ T6951] handle_mm_fault+0x3a6b/0x4230 [ 125.126281][ T6951] do_user_addr_fault+0x964/0x1260 [ 125.131383][ T6951] exc_page_fault+0x62/0xa0 [ 125.135873][ T6951] asm_exc_page_fault+0x26/0x30 [ 125.140714][ T6951] page last free pid 1 tgid 1 stack trace: [ 125.146500][ T6951] __free_frozen_pages+0xc25/0xe10 [ 125.151616][ T6951] free_contig_range+0x19b/0x420 [ 125.156567][ T6951] destroy_args+0x7e/0x5d0 [ 125.161151][ T6951] debug_vm_pgtable+0x39f/0x610 [ 125.165991][ T6951] do_one_initcall+0x1e5/0x6d0 [ 125.170750][ T6951] do_initcall_level+0x14a/0x260 [ 125.175760][ T6951] do_initcalls+0x69/0xd0 [ 125.180072][ T6951] kernel_init_freeable+0x393/0x520 [ 125.185339][ T6951] kernel_init+0x1d/0x1d0 [ 125.189649][ T6951] ret_from_fork+0x1b7/0x380 [ 125.194219][ T6951] ret_from_fork_asm+0x1a/0x30 [ 125.198972][ T6951] [ 125.201278][ T6951] Memory state around the buggy address: [ 125.206893][ T6951] ffff88816f92ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 125.214937][ T6951] ffff88816f930000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 125.222993][ T6951] >ffff88816f930080: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 125.231034][ T6951] ^ [ 125.237169][ T6951] ffff88816f930100: fc fc fa fb fb fb fb fb fb fb fb fb fb fb fb fb [ 125.245226][ T6951] ffff88816f930180: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 125.253269][ T6951] ================================================================== [ 125.262475][ T6951] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 125.269980][ T6951] Kernel Offset: disabled [ 125.274298][ T6951] Rebooting in 86400 seconds..