Warning: Permanently added '10.128.1.184' (ED25519) to the list of known hosts. 2024/09/17 20:28:21 ignoring optional flag "sandboxArg"="0" 2024/09/17 20:28:21 parsed 1 programs [ 85.349260][ T3343] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 87.495599][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.503677][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.518356][ T783] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.526286][ T783] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.183900][ T3413] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 89.195258][ T3413] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 89.205305][ T3413] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 89.221229][ T3413] netdevsim netdevsim0 netdevsim3: renamed from eth3 2024/09/17 20:28:33 executed programs: 0 [ 98.428101][ T4145] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 98.443439][ T4145] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 98.453444][ T4145] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 98.463269][ T4145] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 102.825247][ T783] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.833324][ T783] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.847850][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.856380][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 2024/09/17 20:28:40 executed programs: 2 [ 102.931257][ T4745] ================================================================== [ 102.939335][ T4745] BUG: KASAN: slab-use-after-free in smk_access+0xab/0x3f0 [ 102.946628][ T4745] Read of size 8 at addr ffff8881056c1b20 by task syz.0.15/4745 [ 102.954265][ T4745] [ 102.956642][ T4745] CPU: 0 UID: 60928 PID: 4745 Comm: syz.0.15 Not tainted 6.11.0-rc1-syzkaller #0 [ 102.965848][ T4745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 102.976009][ T4745] Call Trace: [ 102.979443][ T4745] [ 102.982476][ T4745] dump_stack_lvl+0x231/0x330 [ 102.987163][ T4745] ? __pfx_dump_stack_lvl+0x10/0x10 [ 102.992386][ T4745] ? __pfx__printk+0x10/0x10 [ 102.996970][ T4745] ? _printk+0xd5/0x120 [ 103.001217][ T4745] ? __virt_addr_valid+0x169/0x380 [ 103.006336][ T4745] print_report+0x169/0x550 [ 103.010826][ T4745] ? __virt_addr_valid+0x169/0x380 [ 103.015927][ T4745] ? __virt_addr_valid+0x2c1/0x380 [ 103.021107][ T4745] ? __phys_addr+0x90/0x130 [ 103.025605][ T4745] ? smk_access+0xab/0x3f0 [ 103.030116][ T4745] kasan_report+0x143/0x180 [ 103.034614][ T4745] ? smk_access+0xab/0x3f0 [ 103.039033][ T4745] smk_access+0xab/0x3f0 [ 103.043297][ T4745] smack_watch_key+0x2ac/0x370 [ 103.048072][ T4745] ? __pfx_smack_watch_key+0x10/0x10 [ 103.053378][ T4745] ? __kasan_kmalloc+0x98/0xb0 [ 103.058158][ T4745] security_watch_key+0x65/0x90 [ 103.063019][ T4745] keyctl_watch_key+0x2b7/0x480 [ 103.067866][ T4745] __se_sys_keyctl+0x409/0xc10 [ 103.072629][ T4745] ? do_futex+0x33b/0x560 [ 103.077066][ T4745] ? __pfx___se_sys_keyctl+0x10/0x10 [ 103.082415][ T4745] ? __pfx_do_futex+0x10/0x10 [ 103.087710][ T4745] ? __se_sys_futex+0x3f9/0x480 [ 103.092656][ T4745] ? __pfx___se_sys_futex+0x10/0x10 [ 103.097851][ T4745] ? switch_fpu_return+0x10f/0x180 [ 103.102997][ T4745] ? __x64_sys_keyctl+0x20/0xc0 [ 103.108383][ T4745] do_syscall_64+0x8d/0x190 [ 103.112908][ T4745] ? clear_bhb_loop+0x35/0x90 [ 103.117609][ T4745] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.123696][ T4745] RIP: 0033:0x7f91164fdef9 [ 103.128199][ T4745] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 103.148073][ T4745] RSP: 002b:00007f9115f7f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 103.156576][ T4745] RAX: ffffffffffffffda RBX: 00007f91166b5f80 RCX: 00007f91164fdef9 [ 103.164532][ T4745] RDX: 0000000000000004 RSI: 000000002eb862bd RDI: 0000000000000020 [ 103.172495][ T4745] RBP: 00007f9116570b76 R08: 0000000000000000 R09: 0000000000000000 [ 103.180548][ T4745] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 103.188593][ T4745] R13: 0000000000000000 R14: 00007f91166b5f80 R15: 00007ffdd617dfa8 [ 103.196641][ T4745] [ 103.199654][ T4745] [ 103.201955][ T4745] Allocated by task 4327: [ 103.206261][ T4745] kasan_save_track+0x3f/0x80 [ 103.210948][ T4745] __kasan_kmalloc+0x98/0xb0 [ 103.215787][ T4745] __kmalloc_node_track_caller_noprof+0x1fb/0x460 [ 103.222277][ T4745] kstrdup+0x3a/0x80 [ 103.226162][ T4745] bprm_change_interp+0x82/0xc0 [ 103.230995][ T4745] load_script+0x6a4/0x820 [ 103.235439][ T4745] bprm_execve+0x769/0x1590 [ 103.239927][ T4745] do_execveat_common+0x55a/0x6f0 [ 103.244957][ T4745] __x64_sys_execve+0x92/0xb0 [ 103.249710][ T4745] do_syscall_64+0x8d/0x190 [ 103.254380][ T4745] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.260273][ T4745] [ 103.262660][ T4745] Freed by task 4327: [ 103.266629][ T4745] kasan_save_track+0x3f/0x80 [ 103.271316][ T4745] kasan_save_free_info+0x40/0x50 [ 103.276324][ T4745] poison_slab_object+0xe0/0x150 [ 103.281256][ T4745] __kasan_slab_free+0x37/0x60 [ 103.286005][ T4745] kfree+0x12f/0x310 [ 103.289877][ T4745] free_bprm+0x26e/0x2e0 [ 103.294192][ T4745] do_execveat_common+0x383/0x6f0 [ 103.299199][ T4745] __x64_sys_execve+0x92/0xb0 [ 103.303875][ T4745] do_syscall_64+0x8d/0x190 [ 103.308392][ T4745] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.314278][ T4745] [ 103.316583][ T4745] The buggy address belongs to the object at ffff8881056c1b20 [ 103.316583][ T4745] which belongs to the cache kmalloc-8 of size 8 [ 103.330269][ T4745] The buggy address is located 0 bytes inside of [ 103.330269][ T4745] freed 8-byte region [ffff8881056c1b20, ffff8881056c1b28) [ 103.343779][ T4745] [ 103.346327][ T4745] The buggy address belongs to the physical page: [ 103.352739][ T4745] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1056c1 [ 103.361599][ T4745] anon flags: 0x200000000000000(node=0|zone=2) [ 103.367746][ T4745] page_type: 0xfdffffff(slab) [ 103.372615][ T4745] raw: 0200000000000000 ffff888100041500 0000000000000000 dead000000000001 [ 103.381196][ T4745] raw: 0000000000000000 0000000080800080 00000001fdffffff 0000000000000000 [ 103.389762][ T4745] page dumped because: kasan: bad access detected [ 103.396319][ T4745] page_owner tracks the page as allocated [ 103.402023][ T4745] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid 1 (swapper/0), ts 3684132729, free_ts 0 [ 103.419537][ T4745] post_alloc_hook+0x10f/0x130 [ 103.424285][ T4745] get_page_from_freelist+0x37f4/0x3920 [ 103.429821][ T4745] __alloc_pages_noprof+0x256/0x670 [ 103.435011][ T4745] alloc_slab_page+0x5f/0x120 [ 103.439669][ T4745] allocate_slab+0x5d/0x290 [ 103.444166][ T4745] ___slab_alloc+0xa7f/0x11d0 [ 103.448823][ T4745] __kmalloc_noprof+0x25a/0x440 [ 103.453655][ T4745] acpi_ut_create_package_object+0x1d7/0x310 [ 103.459712][ T4745] acpi_ut_copy_eobject_to_iobject+0x3cb/0x9d0 [ 103.465976][ T4745] acpi_evaluate_object+0x4ba/0xaf0 [ 103.471163][ T4745] acpi_check_dsm+0x294/0x870 [ 103.475932][ T4745] smbios_attr_is_visible+0x9c/0x420 [ 103.481493][ T4745] internal_create_group+0x70f/0x1150 [ 103.487032][ T4745] sysfs_create_groups+0x56/0x120 [ 103.492083][ T4745] bus_add_device+0x168/0x460 [ 103.496847][ T4745] device_add+0x59b/0xc00 [ 103.501164][ T4745] page_owner free stack trace missing [ 103.506523][ T4745] [ 103.508829][ T4745] Memory state around the buggy address: [ 103.514523][ T4745] ffff8881056c1a00: fa fc fc fc 00 fc fc fc fa fc fc fc fa fc fc fc [ 103.522583][ T4745] ffff8881056c1a80: fa fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc [ 103.531093][ T4745] >ffff8881056c1b00: 00 fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc [ 103.539139][ T4745] ^ [ 103.544233][ T4745] ffff8881056c1b80: fa fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc [ 103.552287][ T4745] ffff8881056c1c00: 06 fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc [ 103.560349][ T4745] ================================================================== [ 103.569470][ T4745] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 103.577012][ T4745] Kernel Offset: disabled [ 103.581543][ T4745] Rebooting in 86400 seconds..