Warning: Permanently added '10.128.1.102' (ED25519) to the list of known hosts. 2025/01/03 05:45:57 ignoring optional flag "sandboxArg"="0" 2025/01/03 05:45:57 parsed 1 programs [ 71.131979][ T18] cfg80211: failed to load regulatory.db [ 72.656665][ T3180] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 73.220666][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.228740][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.236432][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 73.247348][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.255270][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.263115][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 74.350324][ T3213] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 74.358450][ T3213] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 74.366869][ T3213] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 74.375636][ T3213] netdevsim netdevsim0 netdevsim3: renamed from eth3 2025/01/03 05:46:05 executed programs: 0 [ 79.663444][ T3675] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 79.673874][ T3675] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 79.685900][ T3675] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 79.695058][ T3675] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 82.975813][ T47] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.984029][ T47] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.992845][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 83.015955][ T32] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.024121][ T32] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.033209][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 83.219512][ T4397] loop2: detected capacity change from 0 to 32768 2025/01/03 05:46:11 executed programs: 3 [ 83.580561][ T4433] loop2: detected capacity change from 0 to 32768 [ 83.619679][ T4433] ================================================================== [ 83.627876][ T4433] BUG: KASAN: use-after-free in jfs_readdir+0x1313/0x4410 [ 83.635002][ T4433] Read of size 8 at addr ffff8881713ef6f8 by task syz.2.17/4433 [ 83.642633][ T4433] [ 83.644968][ T4433] CPU: 0 PID: 4433 Comm: syz.2.17 Not tainted 5.16.0-syzkaller #0 [ 83.652749][ T4433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 83.663012][ T4433] Call Trace: [ 83.666371][ T4433] [ 83.669421][ T4433] dump_stack_lvl+0x210/0x2fc [ 83.674085][ T4433] ? exfat_msg+0x17d/0x17d [ 83.678482][ T4433] ? _printk+0xd1/0x111 [ 83.682622][ T4433] ? vprintk_emit+0x18a/0x200 [ 83.687278][ T4433] ? panic+0x652/0x652 [ 83.691339][ T4433] ? _raw_spin_lock_irqsave+0xd0/0x110 [ 83.696790][ T4433] ? kmem_cache_free+0xc8/0x1f0 [ 83.701820][ T4433] print_address_description+0x62/0x350 [ 83.707374][ T4433] ? jfs_readdir+0x1313/0x4410 [ 83.712214][ T4433] kasan_report+0x16b/0x1c0 [ 83.716747][ T4433] ? jfs_readdir+0x1313/0x4410 [ 83.721489][ T4433] jfs_readdir+0x1313/0x4410 [ 83.726067][ T4433] ? is_dynamic_key+0x160/0x160 [ 83.730910][ T4433] ? __lock_acquire+0x63c/0xbc0 [ 83.735834][ T4433] ? dtInitRoot+0x690/0x690 [ 83.740512][ T4433] ? iterate_dir+0x131/0x570 [ 83.745099][ T4433] ? down_write+0x160/0x160 [ 83.749698][ T4433] ? fsnotify_perm+0x438/0x5a0 [ 83.754448][ T4433] iterate_dir+0x229/0x570 [ 83.759024][ T4433] __se_sys_getdents+0x1eb/0x4b0 [ 83.763958][ T4433] ? __x64_sys_getdents+0x80/0x80 [ 83.768983][ T4433] ? __context_tracking_exit+0x4d/0x80 [ 83.774522][ T4433] ? fillonedir+0x420/0x420 [ 83.779027][ T4433] ? __context_tracking_exit+0x76/0x80 [ 83.784475][ T4433] ? syscall_enter_from_user_mode+0x1d8/0x230 [ 83.790529][ T4433] do_syscall_64+0x4b/0xb0 [ 83.794945][ T4433] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 83.800835][ T4433] RIP: 0033:0x7f5278591d29 [ 83.805256][ T4433] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 83.825164][ T4433] RSP: 002b:00007f527800b038 EFLAGS: 00000246 ORIG_RAX: 000000000000004e [ 83.833570][ T4433] RAX: ffffffffffffffda RBX: 00007f5278781fa0 RCX: 00007f5278591d29 [ 83.841524][ T4433] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 83.849478][ T4433] RBP: 00007f527860db08 R08: 0000000000000000 R09: 0000000000000000 [ 83.857441][ T4433] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 83.865538][ T4433] R13: 0000000000000000 R14: 00007f5278781fa0 R15: 00007fff555eff28 [ 83.873611][ T4433] [ 83.876688][ T4433] [ 83.879133][ T4433] Allocated by task 4433: [ 83.883465][ T4433] __kasan_slab_alloc+0xb1/0xf0 [ 83.888315][ T4433] slab_post_alloc_hook+0x54/0x2f0 [ 83.893414][ T4433] kmem_cache_alloc+0x107/0x2a0 [ 83.898272][ T4433] mempool_alloc+0x14f/0x560 [ 83.902880][ T4433] __get_metapage+0x638/0xfa0 [ 83.907647][ T4433] dtSplitRoot+0x23c/0x16c0 [ 83.912377][ T4433] dtInsert+0x1254/0x6720 [ 83.916822][ T4433] jfs_mkdir+0x7f3/0xbb0 [ 83.921065][ T4433] vfs_mkdir+0x216/0x3d0 [ 83.925720][ T4433] do_mkdirat+0x249/0x4c0 [ 83.930145][ T4433] __x64_sys_mkdirat+0x85/0x90 [ 83.934894][ T4433] do_syscall_64+0x4b/0xb0 [ 83.939388][ T4433] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 83.945356][ T4433] [ 83.947666][ T4433] Freed by task 4433: [ 83.951630][ T4433] kasan_set_track+0x4b/0x80 [ 83.956217][ T4433] kasan_set_free_info+0x1f/0x40 [ 83.961226][ T4433] ____kasan_slab_free+0x102/0x140 [ 83.966407][ T4433] slab_free_freelist_hook+0x12c/0x1a0 [ 83.971859][ T4433] kmem_cache_free+0xc8/0x1f0 [ 83.976603][ T4433] release_metapage+0x9f9/0xec0 [ 83.981434][ T4433] jfs_readdir+0x1041/0x4410 [ 83.986180][ T4433] iterate_dir+0x229/0x570 [ 83.990675][ T4433] __se_sys_getdents+0x1eb/0x4b0 [ 83.995591][ T4433] do_syscall_64+0x4b/0xb0 [ 83.999999][ T4433] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 84.005992][ T4433] [ 84.008303][ T4433] The buggy address belongs to the object at ffff8881713ef6c8 [ 84.008303][ T4433] which belongs to the cache jfs_mp of size 184 [ 84.021923][ T4433] The buggy address is located 48 bytes inside of [ 84.021923][ T4433] 184-byte region [ffff8881713ef6c8, ffff8881713ef780) [ 84.035114][ T4433] The buggy address belongs to the page: [ 84.040750][ T4433] page:ffffea0005c4fbc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1713ef [ 84.051070][ T4433] flags: 0x100000000000200(slab|node=0|zone=2) [ 84.057218][ T4433] raw: 0100000000000200 0000000000000000 dead000000000122 ffff88810ab5c8c0 [ 84.065869][ T4433] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 84.074435][ T4433] page dumped because: kasan: bad access detected [ 84.080845][ T4433] page_owner tracks the page as allocated [ 84.086896][ T4433] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192800(GFP_NOWAIT|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 4433, ts 83594360413, free_ts 83516176480 [ 84.106040][ T4433] get_page_from_freelist+0x3a61/0x3c60 [ 84.111587][ T4433] __alloc_pages+0x277/0x700 [ 84.116166][ T4433] new_slab+0x9c/0x440 [ 84.120218][ T4433] ___slab_alloc+0x5c1/0xac0 [ 84.124880][ T4433] kmem_cache_alloc+0x19e/0x2a0 [ 84.129713][ T4433] mempool_alloc+0x14f/0x560 [ 84.134302][ T4433] __get_metapage+0x638/0xfa0 [ 84.139067][ T4433] diAllocAG+0x325/0x1a80 [ 84.143592][ T4433] diAlloc+0x326/0x1630 [ 84.147756][ T4433] ialloc+0x8b/0x970 [ 84.151735][ T4433] jfs_mkdir+0x1c1/0xbb0 [ 84.155974][ T4433] vfs_mkdir+0x216/0x3d0 [ 84.160197][ T4433] do_mkdirat+0x249/0x4c0 [ 84.164591][ T4433] __x64_sys_mkdirat+0x85/0x90 [ 84.169344][ T4433] do_syscall_64+0x4b/0xb0 [ 84.173829][ T4433] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 84.179706][ T4433] page last free stack trace: [ 84.184366][ T4433] free_unref_page_prepare+0xb4c/0xc00 [ 84.189812][ T4433] free_unref_page_list+0x1e0/0x850 [ 84.195377][ T4433] release_pages+0x16b7/0x1910 [ 84.200138][ T4433] tlb_finish_mmu+0x177/0x320 [ 84.204999][ T4433] exit_mmap+0x3cd/0x650 [ 84.209412][ T4433] __mmput+0x112/0x3b0 [ 84.213490][ T4433] exit_mm+0x13a/0x200 [ 84.217540][ T4433] do_exit+0xacb/0x2930 [ 84.221858][ T4433] do_group_exit+0x144/0x310 [ 84.226548][ T4433] __x64_sys_exit_group+0x3b/0x40 [ 84.231604][ T4433] do_syscall_64+0x4b/0xb0 [ 84.236016][ T4433] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 84.242443][ T4433] [ 84.244753][ T4433] Memory state around the buggy address: [ 84.250363][ T4433] ffff8881713ef580: 00 00 fc fc fc fc fc fc fc fc fa fb fb fb fb fb [ 84.258553][ T4433] ffff8881713ef600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 84.266620][ T4433] >ffff8881713ef680: fb fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb [ 84.274842][ T4433] ^ [ 84.282897][ T4433] ffff8881713ef700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 84.291029][ T4433] ffff8881713ef780: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 84.299158][ T4433] ================================================================== [ 84.307210][ T4433] Disabling lock debugging due to kernel taint [ 84.314393][ T4433] Kernel panic - not syncing: panic_on_warn set ... [ 84.314823][ T4433] Kernel Offset: disabled [ 84.325802][ T4433] Rebooting in 86400 seconds..