Warning: Permanently added '10.128.1.33' (ED25519) to the list of known hosts.
2024/09/19 23:54:34 ignoring optional flag "sandboxArg"="0"
2024/09/19 23:54:35 parsed 1 programs
[ 60.673825][ T1833] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
2024/09/19 23:54:40 executed programs: 0
[ 70.385808][ T2818] ==================================================================
[ 70.393869][ T2818] BUG: KASAN: slab-use-after-free in iov_iter_advance+0x470/0x500
[ 70.401641][ T2818] Read of size 8 at addr ffff8881196d7120 by task syz.0.17/2818
[ 70.409233][ T2818]
[ 70.411611][ T2818] CPU: 0 UID: 0 PID: 2818 Comm: syz.0.17 Not tainted 6.11.0-rc6-syzkaller #0
[ 70.420346][ T2818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 70.430371][ T2818] Call Trace:
[ 70.433622][ T2818]
[ 70.436519][ T2818] dump_stack_lvl+0x5a/0x90
[ 70.440990][ T2818] print_report+0xc3/0x620
[ 70.445376][ T2818] ? srso_alias_return_thunk+0x5/0xfbef5
[ 70.451582][ T2818] ? __virt_addr_valid+0x1c5/0x2b0
[ 70.456666][ T2818] kasan_report+0xd9/0x110
[ 70.461045][ T2818] ? iov_iter_advance+0x470/0x500
[ 70.466031][ T2818] ? iov_iter_advance+0x470/0x500
[ 70.471018][ T2818] iov_iter_advance+0x470/0x500
[ 70.475916][ T2818] netfs_write_folio+0xa33/0x1e00
[ 70.480901][ T2818] netfs_writepages+0x25a/0xb60
[ 70.485713][ T2818] ? __pfx_netfs_writepages+0x10/0x10
[ 70.491052][ T2818] ? srso_alias_return_thunk+0x5/0xfbef5
[ 70.496644][ T2818] ? srso_alias_return_thunk+0x5/0xfbef5
[ 70.502234][ T2818] ? __kernel_text_address+0xd/0x40
[ 70.507399][ T2818] ? unwind_get_return_address+0x59/0xa0
[ 70.512992][ T2818] ? srso_alias_return_thunk+0x5/0xfbef5
[ 70.518597][ T2818] ? arch_stack_walk+0xa7/0x100
[ 70.523417][ T2818] do_writepages+0x172/0x780
[ 70.527973][ T2818] ? __pfx_do_writepages+0x10/0x10
[ 70.533130][ T2818] ? filemap_fdatawrite_wbc+0x103/0x180
[ 70.538637][ T2818] ? __pfx_lock_release+0x10/0x10
[ 70.543628][ T2818] ? srso_alias_return_thunk+0x5/0xfbef5
[ 70.549233][ T2818] ? do_raw_spin_lock+0x12d/0x2c0
[ 70.554218][ T2818] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 70.559682][ T2818] filemap_fdatawrite_wbc+0x10e/0x180
[ 70.565018][ T2818] __filemap_fdatawrite_range+0xaa/0xf0
[ 70.570610][ T2818] ? __pfx___filemap_fdatawrite_range+0x10/0x10
[ 70.576810][ T2818] ? find_held_lock+0x2d/0x110
[ 70.581652][ T2818] ? __pfx_debug_check_no_obj_freed+0x10/0x10
[ 70.587695][ T2818] ? __pfx_locks_remove_file+0x10/0x10
[ 70.593204][ T2818] v9fs_dir_release+0x242/0x310
[ 70.598020][ T2818] __fput+0x361/0xaf0
[ 70.601963][ T2818] ? srso_alias_return_thunk+0x5/0xfbef5
[ 70.607555][ T2818] task_work_run+0x119/0x1f0
[ 70.612113][ T2818] ? __pfx_task_work_run+0x10/0x10
[ 70.617272][ T2818] ? __pfx___x64_sys_clock_nanosleep+0x10/0x10
[ 70.623473][ T2818] syscall_exit_to_user_mode+0x180/0x190
[ 70.629070][ T2818] do_syscall_64+0x7a/0x170
[ 70.633538][ T2818] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 70.639391][ T2818] RIP: 0033:0x7ff4a803def9
[ 70.643769][ T2818] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 70.663342][ T2818] RSP: 002b:00007ffcbc931268 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 70.671808][ T2818] RAX: 0000000000000000 RBX: 00007ff4a81f7a80 RCX: 00007ff4a803def9
[ 70.679745][ T2818] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 70.687685][ T2818] RBP: 00007ff4a81f7a80 R08: 0000000000000000 R09: 00007ffcbc93155f
[ 70.695625][ T2818] R10: 000000000003fd88 R11: 0000000000000246 R12: 000000000001159a
[ 70.703562][ T2818] R13: 00007ffcbc931370 R14: 0000000000000032 R15: ffffffffffffffff
[ 70.711500][ T2818]
[ 70.714485][ T2818]
[ 70.716771][ T2818] Allocated by task 2818:
[ 70.721057][ T2818] kasan_save_stack+0x33/0x60
[ 70.725701][ T2818] kasan_save_track+0x14/0x30
[ 70.730337][ T2818] __kasan_kmalloc+0xaa/0xb0
[ 70.734887][ T2818] netfs_buffer_append_folio+0x140/0x640
[ 70.740478][ T2818] netfs_write_folio+0x41e/0x1e00
[ 70.745464][ T2818] netfs_writepages+0x25a/0xb60
[ 70.750279][ T2818] do_writepages+0x172/0x780
[ 70.754830][ T2818] filemap_fdatawrite_wbc+0x10e/0x180
[ 70.760187][ T2818] __filemap_fdatawrite_range+0xaa/0xf0
[ 70.765691][ T2818] v9fs_dir_release+0x242/0x310
[ 70.770500][ T2818] __fput+0x361/0xaf0
[ 70.774444][ T2818] task_work_run+0x119/0x1f0
[ 70.779009][ T2818] syscall_exit_to_user_mode+0x180/0x190
[ 70.784605][ T2818] do_syscall_64+0x7a/0x170
[ 70.789071][ T2818] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 70.794925][ T2818]
[ 70.797217][ T2818] Freed by task 529:
[ 70.801068][ T2818] kasan_save_stack+0x33/0x60
[ 70.805884][ T2818] kasan_save_track+0x14/0x30
[ 70.810611][ T2818] kasan_save_free_info+0x3b/0x60
[ 70.815597][ T2818] poison_slab_object+0xf7/0x160
[ 70.820497][ T2818] __kasan_slab_free+0x32/0x50
[ 70.825219][ T2818] kfree+0x121/0x360
[ 70.829073][ T2818] netfs_delete_buffer_head+0x97/0xf0
[ 70.834495][ T2818] netfs_write_collection_worker+0x18de/0x4340
[ 70.840607][ T2818] process_one_work+0x7c4/0x15e0
[ 70.845505][ T2818] worker_thread+0x6b1/0x1010
[ 70.850142][ T2818] kthread+0x277/0x330
[ 70.854175][ T2818] ret_from_fork+0x2f/0x70
[ 70.858590][ T2818] ret_from_fork_asm+0x1a/0x30
[ 70.863315][ T2818]
[ 70.865696][ T2818] The buggy address belongs to the object at ffff8881196d7000
[ 70.865696][ T2818] which belongs to the cache kmalloc-512 of size 512
[ 70.879710][ T2818] The buggy address is located 288 bytes inside of
[ 70.879710][ T2818] freed 512-byte region [ffff8881196d7000, ffff8881196d7200)
[ 70.893476][ T2818]
[ 70.895771][ T2818] The buggy address belongs to the physical page:
[ 70.902144][ T2818] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1196d4
[ 70.910955][ T2818] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 70.919418][ T2818] anon flags: 0x200000000000040(head|node=0|zone=2)
[ 70.925974][ T2818] page_type: 0xfdffffff(slab)
[ 70.930786][ T2818] raw: 0200000000000040 ffff888100041c80 0000000000000000 dead000000000001
[ 70.939596][ T2818] raw: 0000000000000000 0000000080100010 00000001fdffffff 0000000000000000
[ 70.948145][ T2818] head: 0200000000000040 ffff888100041c80 0000000000000000 dead000000000001
[ 70.956777][ T2818] head: 0000000000000000 0000000080100010 00000001fdffffff 0000000000000000
[ 70.965408][ T2818] head: 0200000000000002 ffffea000465b501 ffffffffffffffff 0000000000000000
[ 70.974040][ T2818] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[ 70.982670][ T2818] page dumped because: kasan: bad access detected
[ 70.989220][ T2818] page_owner tracks the page as allocated
[ 70.994902][ T2818] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 744, tgid 744 (udevd), ts 3689530780, free_ts 0
[ 71.014739][ T2818] post_alloc_hook+0x283/0x300
[ 71.019467][ T2818] get_page_from_freelist+0x117b/0x3620
[ 71.024974][ T2818] __alloc_pages_noprof+0x345/0x620
[ 71.030141][ T2818] alloc_slab_page+0x4e/0xf0
[ 71.034692][ T2818] allocate_slab+0x5b/0x200
[ 71.039246][ T2818] ___slab_alloc+0xc2a/0x13f0
[ 71.043969][ T2818] __slab_alloc.constprop.0+0x4d/0x90
[ 71.049476][ T2818] __kmalloc_cache_noprof+0x324/0x370
[ 71.054812][ T2818] kernfs_fop_open+0x25c/0xda0
[ 71.059536][ T2818] do_dentry_open+0x624/0x1150
[ 71.064257][ T2818] vfs_open+0x7d/0x350
[ 71.068340][ T2818] path_openat+0x1d3b/0x2d10
[ 71.072890][ T2818] do_filp_open+0x1ba/0x400
[ 71.077350][ T2818] do_sys_openat2+0x133/0x170
[ 71.081987][ T2818] __x64_sys_openat+0x134/0x1d0
[ 71.086799][ T2818] do_syscall_64+0x6d/0x170
[ 71.091266][ T2818] page_owner free stack trace missing
[ 71.096594][ T2818]
[ 71.098881][ T2818] Memory state around the buggy address:
[ 71.104471][ T2818] ffff8881196d7000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 71.112493][ T2818] ffff8881196d7080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 71.120600][ T2818] >ffff8881196d7100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 71.128704][ T2818] ^
[ 71.133771][ T2818] ffff8881196d7180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 71.142138][ T2818] ffff8881196d7200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 71.150246][ T2818] ==================================================================
[ 71.158493][ T2818] Disabling lock debugging due to kernel taint
2024/09/19 23:54:46 executed programs: 5
[ 71.422968][ T2821] ==================================================================
[ 71.431052][ T2821] BUG: KASAN: slab-use-after-free in iov_iter_advance+0x470/0x500
[ 71.438828][ T2821] Read of size 8 at addr ffff888106320d20 by task syz.0.18/2821
[ 71.446416][ T2821]
[ 71.448709][ T2821] CPU: 0 UID: 0 PID: 2821 Comm: syz.0.18 Tainted: G B 6.11.0-rc6-syzkaller #0
[ 71.458905][ T2821] Tainted: [B]=BAD_PAGE
[ 71.463018][ T2821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 71.473056][ T2821] Call Trace:
[ 71.476317][ T2821]
[ 71.479214][ T2821] dump_stack_lvl+0x5a/0x90
[ 71.483687][ T2821] print_report+0xc3/0x620
[ 71.488064][ T2821] ? srso_alias_return_thunk+0x5/0xfbef5
[ 71.493692][ T2821] ? __virt_addr_valid+0x1c5/0x2b0
[ 71.498764][ T2821] kasan_report+0xd9/0x110
[ 71.503140][ T2821] ? iov_iter_advance+0x470/0x500
[ 71.508125][ T2821] ? iov_iter_advance+0x470/0x500
[ 71.513107][ T2821] iov_iter_advance+0x470/0x500
[ 71.517918][ T2821] netfs_write_folio+0xa33/0x1e00
[ 71.522922][ T2821] netfs_writepages+0x25a/0xb60
[ 71.527736][ T2821] ? __pfx_netfs_writepages+0x10/0x10
[ 71.533103][ T2821] ? srso_alias_return_thunk+0x5/0xfbef5
[ 71.538728][ T2821] ? srso_alias_return_thunk+0x5/0xfbef5
[ 71.544324][ T2821] ? __kernel_text_address+0xd/0x40
[ 71.549580][ T2821] ? unwind_get_return_address+0x59/0xa0
[ 71.555349][ T2821] ? srso_alias_return_thunk+0x5/0xfbef5
[ 71.560942][ T2821] ? arch_stack_walk+0xa7/0x100
[ 71.565759][ T2821] do_writepages+0x172/0x780
[ 71.570318][ T2821] ? srso_alias_return_thunk+0x5/0xfbef5
[ 71.575913][ T2821] ? __pfx_do_writepages+0x10/0x10
[ 71.580987][ T2821] ? lock_release+0x4ab/0x5d0
[ 71.585632][ T2821] ? filemap_fdatawrite_wbc+0x103/0x180
[ 71.591143][ T2821] ? __pfx_lock_release+0x10/0x10
[ 71.596128][ T2821] ? srso_alias_return_thunk+0x5/0xfbef5
[ 71.601722][ T2821] ? do_raw_spin_lock+0x12d/0x2c0
[ 71.606794][ T2821] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 71.612128][ T2821] ? lock_acquire+0x24a/0x2c0
[ 71.616767][ T2821] filemap_fdatawrite_wbc+0x10e/0x180
[ 71.622190][ T2821] __filemap_fdatawrite_range+0xaa/0xf0
[ 71.627702][ T2821] ? __pfx___filemap_fdatawrite_range+0x10/0x10
[ 71.633911][ T2821] ? __pfx_debug_check_no_obj_freed+0x10/0x10
[ 71.639940][ T2821] ? __pfx_locks_remove_file+0x10/0x10
[ 71.645363][ T2821] v9fs_dir_release+0x242/0x310
[ 71.650187][ T2821] __fput+0x361/0xaf0
[ 71.654391][ T2821] ? srso_alias_return_thunk+0x5/0xfbef5
[ 71.659985][ T2821] task_work_run+0x119/0x1f0
[ 71.664548][ T2821] ? __pfx_task_work_run+0x10/0x10
[ 71.669618][ T2821] ? srso_alias_return_thunk+0x5/0xfbef5
[ 71.675213][ T2821] syscall_exit_to_user_mode+0x180/0x190
[ 71.680811][ T2821] do_syscall_64+0x7a/0x170
[ 71.685366][ T2821] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 71.691405][ T2821] RIP: 0033:0x7ff4a803def9
[ 71.695785][ T2821] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 71.715358][ T2821] RSP: 002b:00007ffcbc931268 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 71.723737][ T2821] RAX: 0000000000000000 RBX: 00007ff4a81f7a80 RCX: 00007ff4a803def9
[ 71.732119][ T2821] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 71.740055][ T2821] RBP: 00007ff4a81f7a80 R08: 0000000000000000 R09: 00007ffcbc93155f
[ 71.748097][ T2821] R10: 000000000003fd88 R11: 0000000000000246 R12: 000000000001199b
[ 71.756121][ T2821] R13: 00007ffcbc931370 R14: 0000000000000032 R15: ffffffffffffffff
[ 71.764058][ T2821]
[ 71.767058][ T2821]
[ 71.769363][ T2821] Allocated by task 2821:
[ 71.773665][ T2821] kasan_save_stack+0x33/0x60
[ 71.778306][ T2821] kasan_save_track+0x14/0x30
[ 71.782945][ T2821] __kasan_kmalloc+0xaa/0xb0
[ 71.787497][ T2821] netfs_buffer_append_folio+0x140/0x640
[ 71.793100][ T2821] netfs_write_folio+0x41e/0x1e00
[ 71.798086][ T2821] netfs_writepages+0x25a/0xb60
[ 71.802902][ T2821] do_writepages+0x172/0x780
[ 71.807460][ T2821] filemap_fdatawrite_wbc+0x10e/0x180
[ 71.812796][ T2821] __filemap_fdatawrite_range+0xaa/0xf0
[ 71.818304][ T2821] v9fs_dir_release+0x242/0x310
[ 71.823122][ T2821] __fput+0x361/0xaf0
[ 71.827069][ T2821] task_work_run+0x119/0x1f0
[ 71.831626][ T2821] syscall_exit_to_user_mode+0x180/0x190
[ 71.837221][ T2821] do_syscall_64+0x7a/0x170
[ 71.841690][ T2821] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 71.847545][ T2821]
[ 71.849835][ T2821] Freed by task 529:
[ 71.853690][ T2821] kasan_save_stack+0x33/0x60
[ 71.858335][ T2821] kasan_save_track+0x14/0x30
[ 71.862971][ T2821] kasan_save_free_info+0x3b/0x60
[ 71.867956][ T2821] poison_slab_object+0xf7/0x160
[ 71.872853][ T2821] __kasan_slab_free+0x32/0x50
[ 71.877671][ T2821] kfree+0x121/0x360
[ 71.881616][ T2821] netfs_delete_buffer_head+0x97/0xf0
[ 71.887037][ T2821] netfs_write_collection_worker+0x18de/0x4340
[ 71.893153][ T2821] process_one_work+0x7c4/0x15e0
[ 71.898051][ T2821] worker_thread+0x6b1/0x1010
[ 71.902730][ T2821] kthread+0x277/0x330
[ 71.906761][ T2821] ret_from_fork+0x2f/0x70
[ 71.911142][ T2821] ret_from_fork_asm+0x1a/0x30
[ 71.916049][ T2821]
[ 71.918344][ T2821] The buggy address belongs to the object at ffff888106320c00
[ 71.918344][ T2821] which belongs to the cache kmalloc-512 of size 512
[ 71.932366][ T2821] The buggy address is located 288 bytes inside of
[ 71.932366][ T2821] freed 512-byte region [ffff888106320c00, ffff888106320e00)
[ 71.946155][ T2821]
[ 71.948447][ T2821] The buggy address belongs to the physical page:
[ 71.954820][ T2821] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106320
[ 71.963627][ T2821] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 71.972088][ T2821] flags: 0x200000000000040(head|node=0|zone=2)
[ 71.978223][ T2821] page_type: 0xfdffffff(slab)
[ 71.982866][ T2821] raw: 0200000000000040 ffff888100041c80 dead000000000122 0000000000000000
[ 71.991414][ T2821] raw: 0000000000000000 0000000080100010 00000001fdffffff 0000000000000000
[ 72.000023][ T2821] head: 0200000000000040 ffff888100041c80 dead000000000122 0000000000000000
[ 72.008659][ T2821] head: 0000000000000000 0000000080100010 00000001fdffffff 0000000000000000
[ 72.017292][ T2821] head: 0200000000000002 ffffea000418c801 ffffffffffffffff 0000000000000000
[ 72.025924][ T2821] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[ 72.034557][ T2821] page dumped because: kasan: bad access detected
[ 72.040931][ T2821] page_owner tracks the page as allocated
[ 72.046614][ T2821] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x1d2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 2821, tgid 2821 (syz.0.18), ts 71422173888, free_ts 71373800989
[ 72.068280][ T2821] post_alloc_hook+0x283/0x300
[ 72.073013][ T2821] get_page_from_freelist+0x117b/0x3620
[ 72.078523][ T2821] __alloc_pages_noprof+0x345/0x620
[ 72.083686][ T2821] alloc_slab_page+0x4e/0xf0
[ 72.088239][ T2821] allocate_slab+0x5b/0x200
[ 72.092707][ T2821] ___slab_alloc+0xc2a/0x13f0
[ 72.097350][ T2821] __slab_alloc.constprop.0+0x4d/0x90
[ 72.102686][ T2821] __kmalloc_cache_noprof+0x324/0x370
[ 72.108021][ T2821] netfs_buffer_append_folio+0x140/0x640
[ 72.113617][ T2821] netfs_write_folio+0x41e/0x1e00
[ 72.118609][ T2821] netfs_writepages+0x25a/0xb60
[ 72.123423][ T2821] do_writepages+0x172/0x780
[ 72.127984][ T2821] filemap_fdatawrite_wbc+0x10e/0x180
[ 72.133320][ T2821] __filemap_fdatawrite_range+0xaa/0xf0
[ 72.138827][ T2821] v9fs_dir_release+0x242/0x310
[ 72.143641][ T2821] __fput+0x361/0xaf0
[ 72.147588][ T2821] page last free pid 2821 tgid 2821 stack trace:
[ 72.153878][ T2821] __free_pages_ok+0x5fe/0xc20
[ 72.158605][ T2821] __folio_put+0x182/0x200
[ 72.162983][ T2821] p9_req_put+0x1aa/0x200
[ 72.167279][ T2821] p9_client_rpc+0x479/0xa80
[ 72.171919][ T2821] p9_client_write+0x23a/0x6e0
[ 72.176645][ T2821] v9fs_issue_write+0xda/0x150
[ 72.181376][ T2821] netfs_advance_write+0x2c3/0xea0
[ 72.186455][ T2821] netfs_write_folio+0x8c3/0x1e00
[ 72.191441][ T2821] netfs_writepages+0x25a/0xb60
[ 72.196340][ T2821] do_writepages+0x172/0x780
[ 72.200892][ T2821] filemap_fdatawrite_wbc+0x10e/0x180
[ 72.206230][ T2821] __filemap_fdatawrite_range+0xaa/0xf0
[ 72.211738][ T2821] v9fs_dir_release+0x242/0x310
[ 72.216552][ T2821] __fput+0x361/0xaf0
[ 72.220498][ T2821] task_work_run+0x119/0x1f0
[ 72.225053][ T2821] syscall_exit_to_user_mode+0x180/0x190
[ 72.230649][ T2821]
[ 72.232940][ T2821] Memory state around the buggy address:
[ 72.238618][ T2821] ffff888106320c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 72.246641][ T2821] ffff888106320c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 72.254676][ T2821] >ffff888106320d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 72.262960][ T2821] ^
[ 72.268044][ T2821] ffff888106320d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 72.276071][ T2821] ffff888106320e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 72.284108][ T2821] ==================================================================
[ 75.449862][ T2851] ==================================================================
[ 75.457926][ T2851] BUG: KASAN: slab-use-after-free in iov_iter_advance+0x470/0x500
[ 75.465698][ T2851] Read of size 8 at addr ffff88810df59120 by task syz.0.33/2851
[ 75.473285][ T2851]
[ 75.475578][ T2851] CPU: 0 UID: 0 PID: 2851 Comm: syz.0.33 Tainted: G B 6.11.0-rc6-syzkaller #0
[ 75.486228][ T2851] Tainted: [B]=BAD_PAGE
[ 75.490343][ T2851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 75.500360][ T2851] Call Trace:
[ 75.503607][ T2851]
[ 75.506577][ T2851] dump_stack_lvl+0x5a/0x90
[ 75.511045][ T2851] print_report+0xc3/0x620
[ 75.515422][ T2851] ? srso_alias_return_thunk+0x5/0xfbef5
[ 75.521029][ T2851] ? __virt_addr_valid+0x1c5/0x2b0
[ 75.526108][ T2851] kasan_report+0xd9/0x110
[ 75.530485][ T2851] ? iov_iter_advance+0x470/0x500
[ 75.535468][ T2851] ? iov_iter_advance+0x470/0x500
[ 75.540453][ T2851] iov_iter_advance+0x470/0x500
[ 75.545265][ T2851] netfs_write_folio+0xa33/0x1e00
[ 75.550254][ T2851] netfs_writepages+0x25a/0xb60
[ 75.555062][ T2851] ? __pfx_netfs_writepages+0x10/0x10
[ 75.560566][ T2851] ? srso_alias_return_thunk+0x5/0xfbef5
[ 75.566161][ T2851] ? srso_alias_return_thunk+0x5/0xfbef5
[ 75.571779][ T2851] ? __kernel_text_address+0xd/0x40
[ 75.576936][ T2851] ? unwind_get_return_address+0x59/0xa0
[ 75.582527][ T2851] ? srso_alias_return_thunk+0x5/0xfbef5
[ 75.588121][ T2851] ? arch_stack_walk+0xa7/0x100
[ 75.592935][ T2851] do_writepages+0x172/0x780
[ 75.597485][ T2851] ? srso_alias_return_thunk+0x5/0xfbef5
[ 75.603095][ T2851] ? __pfx_do_writepages+0x10/0x10
[ 75.608254][ T2851] ? lock_release+0x4ab/0x5d0
[ 75.612887][ T2851] ? filemap_fdatawrite_wbc+0x103/0x180
[ 75.618478][ T2851] ? __pfx_lock_release+0x10/0x10
[ 75.623632][ T2851] ? srso_alias_return_thunk+0x5/0xfbef5
[ 75.629223][ T2851] ? do_raw_spin_lock+0x12d/0x2c0
[ 75.634205][ T2851] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 75.639621][ T2851] ? lock_acquire+0x24a/0x2c0
[ 75.644261][ T2851] filemap_fdatawrite_wbc+0x10e/0x180
[ 75.649595][ T2851] __filemap_fdatawrite_range+0xaa/0xf0
[ 75.655116][ T2851] ? __pfx___filemap_fdatawrite_range+0x10/0x10
[ 75.661323][ T2851] ? __pfx_debug_check_no_obj_freed+0x10/0x10
[ 75.667348][ T2851] ? __pfx_locks_remove_file+0x10/0x10
[ 75.672767][ T2851] v9fs_dir_release+0x242/0x310
[ 75.677585][ T2851] __fput+0x361/0xaf0
[ 75.681530][ T2851] ? srso_alias_return_thunk+0x5/0xfbef5
[ 75.687123][ T2851] task_work_run+0x119/0x1f0
[ 75.691673][ T2851] ? __pfx_task_work_run+0x10/0x10
[ 75.696742][ T2851] ? __pfx___x64_sys_clock_nanosleep+0x10/0x10
[ 75.702871][ T2851] syscall_exit_to_user_mode+0x180/0x190
[ 75.708478][ T2851] do_syscall_64+0x7a/0x170
[ 75.712949][ T2851] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 75.718817][ T2851] RIP: 0033:0x7ff4a803def9
[ 75.723201][ T2851] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 75.742771][ T2851] RSP: 002b:00007ffcbc931268 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 75.751153][ T2851] RAX: 0000000000000000 RBX: 00007ff4a81f7a80 RCX: 00007ff4a803def9
[ 75.759094][ T2851] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 75.767115][ T2851] RBP: 00007ff4a81f7a80 R08: 0000000000000000 R09: 00007ffcbc93155f
[ 75.775047][ T2851] R10: 000000000003fd88 R11: 0000000000000246 R12: 000000000001297c
[ 75.782979][ T2851] R13: 00007ffcbc931370 R14: 0000000000000032 R15: ffffffffffffffff
[ 75.790915][ T2851]
[ 75.793899][ T2851]
[ 75.796185][ T2851] Allocated by task 2851:
[ 75.800471][ T2851] kasan_save_stack+0x33/0x60
[ 75.805110][ T2851] kasan_save_track+0x14/0x30
[ 75.809745][ T2851] __kasan_kmalloc+0xaa/0xb0
[ 75.814292][ T2851] netfs_buffer_append_folio+0x140/0x640
[ 75.819881][ T2851] netfs_write_folio+0x41e/0x1e00
[ 75.824862][ T2851] netfs_writepages+0x25a/0xb60
[ 75.829668][ T2851] do_writepages+0x172/0x780
[ 75.834219][ T2851] filemap_fdatawrite_wbc+0x10e/0x180
[ 75.839550][ T2851] __filemap_fdatawrite_range+0xaa/0xf0
[ 75.845052][ T2851] v9fs_dir_release+0x242/0x310
[ 75.849862][ T2851] __fput+0x361/0xaf0
[ 75.853802][ T2851] task_work_run+0x119/0x1f0
[ 75.858348][ T2851] syscall_exit_to_user_mode+0x180/0x190
[ 75.863937][ T2851] do_syscall_64+0x7a/0x170
[ 75.868398][ T2851] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 75.874387][ T2851]
[ 75.876765][ T2851] Freed by task 13:
[ 75.880531][ T2851] kasan_save_stack+0x33/0x60
[ 75.885173][ T2851] kasan_save_track+0x14/0x30
[ 75.889897][ T2851] kasan_save_free_info+0x3b/0x60
[ 75.894880][ T2851] poison_slab_object+0xf7/0x160
[ 75.899776][ T2851] __kasan_slab_free+0x32/0x50
[ 75.904498][ T2851] kfree+0x121/0x360
[ 75.908442][ T2851] netfs_delete_buffer_head+0x97/0xf0
[ 75.914033][ T2851] netfs_write_collection_worker+0x18de/0x4340
[ 75.920142][ T2851] process_one_work+0x7c4/0x15e0
[ 75.925038][ T2851] worker_thread+0x6b1/0x1010
[ 75.929671][ T2851] kthread+0x277/0x330
[ 75.933699][ T2851] ret_from_fork+0x2f/0x70
[ 75.938109][ T2851] ret_from_fork_asm+0x1a/0x30
[ 75.942849][ T2851]
[ 75.945138][ T2851] The buggy address belongs to the object at ffff88810df59000
[ 75.945138][ T2851] which belongs to the cache kmalloc-512 of size 512
[ 75.959152][ T2851] The buggy address is located 288 bytes inside of
[ 75.959152][ T2851] freed 512-byte region [ffff88810df59000, ffff88810df59200)
[ 75.973017][ T2851]
[ 75.975306][ T2851] The buggy address belongs to the physical page:
[ 75.981675][ T2851] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10df58
[ 75.990613][ T2851] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 75.999067][ T2851] flags: 0x200000000000040(head|node=0|zone=2)
[ 76.005287][ T2851] page_type: 0xfdffffff(slab)
[ 76.009926][ T2851] raw: 0200000000000040 ffff888100041c80 dead000000000122 0000000000000000
[ 76.018816][ T2851] raw: 0000000000000000 0000000080100010 00000001fdffffff 0000000000000000
[ 76.027366][ T2851] head: 0200000000000040 ffff888100041c80 dead000000000122 0000000000000000
[ 76.035994][ T2851] head: 0000000000000000 0000000080100010 00000001fdffffff 0000000000000000
[ 76.044622][ T2851] head: 0200000000000002 ffffea000437d601 ffffffffffffffff 0000000000000000
[ 76.053249][ T2851] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[ 76.061873][ T2851] page dumped because: kasan: bad access detected
[ 76.068248][ T2851] page_owner tracks the page as allocated
[ 76.073922][ T2851] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x1d2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 2851, tgid 2851 (syz.0.33), ts 75448838789, free_ts 72785553857
[ 76.095757][ T2851] post_alloc_hook+0x283/0x300
[ 76.100483][ T2851] get_page_from_freelist+0x117b/0x3620
[ 76.105993][ T2851] __alloc_pages_noprof+0x345/0x620
[ 76.111150][ T2851] alloc_slab_page+0x4e/0xf0
[ 76.115698][ T2851] allocate_slab+0x5b/0x200
[ 76.120161][ T2851] ___slab_alloc+0xc2a/0x13f0
[ 76.124803][ T2851] __slab_alloc.constprop.0+0x4d/0x90
[ 76.130138][ T2851] __kmalloc_cache_noprof+0x324/0x370
[ 76.135468][ T2851] netfs_buffer_append_folio+0x140/0x640
[ 76.141062][ T2851] netfs_write_folio+0x41e/0x1e00
[ 76.146044][ T2851] netfs_writepages+0x25a/0xb60
[ 76.150851][ T2851] do_writepages+0x172/0x780
[ 76.155404][ T2851] filemap_fdatawrite_wbc+0x10e/0x180
[ 76.160732][ T2851] __filemap_fdatawrite_range+0xaa/0xf0
[ 76.166236][ T2851] v9fs_dir_release+0x242/0x310
[ 76.171045][ T2851] __fput+0x361/0xaf0
[ 76.175010][ T2851] page last free pid 2815 tgid 2815 stack trace:
[ 76.181311][ T2851] free_unref_page+0x6ee/0xd20
[ 76.186043][ T2851] __put_partials+0x140/0x160
[ 76.190679][ T2851] qlist_free_all+0x4e/0x140
[ 76.195230][ T2851] kasan_quarantine_reduce+0x184/0x1b0
[ 76.200653][ T2851] __kasan_slab_alloc+0x69/0x90
[ 76.205465][ T2851] kmem_cache_alloc_noprof+0x121/0x350
[ 76.211054][ T2851] getname_flags.part.0+0x45/0x4a0
[ 76.216139][ T2851] do_sys_openat2+0xec/0x170
[ 76.220694][ T2851] __x64_sys_openat+0x134/0x1d0
[ 76.225506][ T2851] do_syscall_64+0x6d/0x170
[ 76.229969][ T2851] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 76.235822][ T2851]
[ 76.238110][ T2851] Memory state around the buggy address:
[ 76.243699][ T2851] ffff88810df59000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 76.251808][ T2851] ffff88810df59080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 76.259836][ T2851] >ffff88810df59100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 76.267858][ T2851] ^
[ 76.273017][ T2851] ffff88810df59180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 76.281052][ T2851] ffff88810df59200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 76.289074][ T2851] ==================================================================
[ 76.314437][ T2851] ==================================================================
[ 76.322513][ T2851] BUG: KASAN: slab-use-after-free in iov_iter_advance+0x470/0x500
[ 76.330286][ T2851] Read of size 8 at addr ffff888122872520 by task syz.0.33/2851
[ 76.337875][ T2851]
[ 76.340202][ T2851] CPU: 0 UID: 0 PID: 2851 Comm: syz.0.33 Tainted: G B 6.11.0-rc6-syzkaller #0
[ 76.350398][ T2851] Tainted: [B]=BAD_PAGE
[ 76.354509][ T2851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 76.364526][ T2851] Call Trace:
[ 76.367772][ T2851]
[ 76.370671][ T2851] dump_stack_lvl+0x5a/0x90
[ 76.375138][ T2851] print_report+0xc3/0x620
[ 76.379542][ T2851] ? srso_alias_return_thunk+0x5/0xfbef5
[ 76.385310][ T2851] ? __virt_addr_valid+0x1c5/0x2b0
[ 76.390384][ T2851] kasan_report+0xd9/0x110
[ 76.394760][ T2851] ? iov_iter_advance+0x470/0x500
[ 76.399752][ T2851] ? iov_iter_advance+0x470/0x500
[ 76.404737][ T2851] iov_iter_advance+0x470/0x500
[ 76.409547][ T2851] netfs_write_folio+0xa33/0x1e00
[ 76.414534][ T2851] netfs_writepages+0x25a/0xb60
[ 76.419346][ T2851] ? __pfx_netfs_writepages+0x10/0x10
[ 76.424682][ T2851] ? srso_alias_return_thunk+0x5/0xfbef5
[ 76.430282][ T2851] ? srso_alias_return_thunk+0x5/0xfbef5
[ 76.435876][ T2851] ? __kernel_text_address+0xd/0x40
[ 76.441036][ T2851] ? unwind_get_return_address+0x59/0xa0
[ 76.446633][ T2851] ? srso_alias_return_thunk+0x5/0xfbef5
[ 76.452227][ T2851] ? arch_stack_walk+0xa7/0x100
[ 76.457042][ T2851] do_writepages+0x172/0x780
[ 76.461596][ T2851] ? srso_alias_return_thunk+0x5/0xfbef5
[ 76.467192][ T2851] ? __pfx_do_writepages+0x10/0x10
[ 76.472265][ T2851] ? lock_release+0x4ab/0x5d0
[ 76.476903][ T2851] ? filemap_fdatawrite_wbc+0x103/0x180
[ 76.482410][ T2851] ? __pfx_lock_release+0x10/0x10
[ 76.487575][ T2851] ? srso_alias_return_thunk+0x5/0xfbef5
[ 76.493171][ T2851] ? do_raw_spin_lock+0x12d/0x2c0
[ 76.498341][ T2851] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 76.503675][ T2851] ? lock_acquire+0x24a/0x2c0
[ 76.508314][ T2851] filemap_fdatawrite_wbc+0x10e/0x180
[ 76.513653][ T2851] __filemap_fdatawrite_range+0xaa/0xf0
[ 76.519160][ T2851] ? __pfx___filemap_fdatawrite_range+0x10/0x10
[ 76.525370][ T2851] ? __pfx_debug_check_no_obj_freed+0x10/0x10
[ 76.531402][ T2851] ? __pfx_locks_remove_file+0x10/0x10
[ 76.536822][ T2851] v9fs_dir_release+0x242/0x310
[ 76.541637][ T2851] __fput+0x361/0xaf0
[ 76.545585][ T2851] ? srso_alias_return_thunk+0x5/0xfbef5
[ 76.551701][ T2851] task_work_run+0x119/0x1f0
[ 76.556257][ T2851] ? __pfx_task_work_run+0x10/0x10
[ 76.561420][ T2851] ? __pfx___x64_sys_clock_nanosleep+0x10/0x10
[ 76.567543][ T2851] syscall_exit_to_user_mode+0x180/0x190
[ 76.573143][ T2851] do_syscall_64+0x7a/0x170
[ 76.577612][ T2851] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 76.583470][ T2851] RIP: 0033:0x7ff4a803def9
[ 76.587850][ T2851] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 76.607597][ T2851] RSP: 002b:00007ffcbc931268 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 76.615976][ T2851] RAX: 0000000000000000 RBX: 00007ff4a81f7a80 RCX: 00007ff4a803def9
[ 76.623935][ T2851] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 76.631871][ T2851] RBP: 00007ff4a81f7a80 R08: 0000000000000000 R09: 00007ffcbc93155f
[ 76.639807][ T2851] R10: 000000000003fd88 R11: 0000000000000246 R12: 000000000001297c
[ 76.647744][ T2851] R13: 00007ffcbc931370 R14: 0000000000000032 R15: ffffffffffffffff
[ 76.655856][ T2851]
[ 76.659276][ T2851]
[ 76.661568][ T2851] Allocated by task 2851:
[ 76.665857][ T2851] kasan_save_stack+0x33/0x60
[ 76.670498][ T2851] kasan_save_track+0x14/0x30
[ 76.675135][ T2851] __kasan_kmalloc+0xaa/0xb0
[ 76.679689][ T2851] netfs_buffer_append_folio+0x140/0x640
[ 76.685282][ T2851] netfs_write_folio+0x41e/0x1e00
[ 76.690268][ T2851] netfs_writepages+0x25a/0xb60
[ 76.695080][ T2851] do_writepages+0x172/0x780
[ 76.699633][ T2851] filemap_fdatawrite_wbc+0x10e/0x180
[ 76.704966][ T2851] __filemap_fdatawrite_range+0xaa/0xf0
[ 76.710477][ T2851] v9fs_dir_release+0x242/0x310
[ 76.715289][ T2851] __fput+0x361/0xaf0
[ 76.719234][ T2851] task_work_run+0x119/0x1f0
[ 76.723785][ T2851] syscall_exit_to_user_mode+0x180/0x190
[ 76.729378][ T2851] do_syscall_64+0x7a/0x170
[ 76.733865][ T2851] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 76.739725][ T2851]
[ 76.742016][ T2851] Freed by task 11:
[ 76.745787][ T2851] kasan_save_stack+0x33/0x60
[ 76.750426][ T2851] kasan_save_track+0x14/0x30
[ 76.755412][ T2851] kasan_save_free_info+0x3b/0x60
[ 76.760397][ T2851] poison_slab_object+0xf7/0x160
[ 76.765295][ T2851] __kasan_slab_free+0x32/0x50
[ 76.770020][ T2851] kfree+0x121/0x360
[ 76.773877][ T2851] netfs_delete_buffer_head+0x97/0xf0
[ 76.779214][ T2851] netfs_write_collection_worker+0x18de/0x4340
[ 76.785330][ T2851] process_one_work+0x7c4/0x15e0
[ 76.790237][ T2851] worker_thread+0x6b1/0x1010
[ 76.794874][ T2851] kthread+0x277/0x330
[ 76.798905][ T2851] ret_from_fork+0x2f/0x70
[ 76.803286][ T2851] ret_from_fork_asm+0x1a/0x30
[ 76.808011][ T2851]
[ 76.810303][ T2851] The buggy address belongs to the object at ffff888122872400
[ 76.810303][ T2851] which belongs to the cache kmalloc-512 of size 512
[ 76.824406][ T2851] The buggy address is located 288 bytes inside of
[ 76.824406][ T2851] freed 512-byte region [ffff888122872400, ffff888122872600)
[ 76.838165][ T2851]
[ 76.840458][ T2851] The buggy address belongs to the physical page:
[ 76.846836][ T2851] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x122870
[ 76.855664][ T2851] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 76.864151][ T2851] flags: 0x200000000000040(head|node=0|zone=2)
[ 76.870296][ T2851] page_type: 0xfdffffff(slab)
[ 76.874947][ T2851] raw: 0200000000000040 ffff888100041c80 dead000000000122 0000000000000000
[ 76.883497][ T2851] raw: 0000000000000000 0000000080100010 00000001fdffffff 0000000000000000
[ 76.892042][ T2851] head: 0200000000000040 ffff888100041c80 dead000000000122 0000000000000000
[ 76.900682][ T2851] head: 0000000000000000 0000000080100010 00000001fdffffff 0000000000000000
[ 76.909317][ T2851] head: 0200000000000002 ffffea00048a1c01 ffffffffffffffff 0000000000000000
[ 76.917946][ T2851] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[ 76.926575][ T2851] page dumped because: kasan: bad access detected
[ 76.932952][ T2851] page_owner tracks the page as allocated
[ 76.938627][ T2851] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x1d2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 2851, tgid 2851 (syz.0.33), ts 76312213606, free_ts 76299586290
[ 76.960201][ T2851] post_alloc_hook+0x283/0x300
[ 76.964930][ T2851] get_page_from_freelist+0x117b/0x3620
[ 76.970438][ T2851] __alloc_pages_noprof+0x345/0x620
[ 76.975598][ T2851] alloc_slab_page+0x4e/0xf0
[ 76.980151][ T2851] allocate_slab+0x5b/0x200
[ 76.984615][ T2851] ___slab_alloc+0xc2a/0x13f0
[ 76.989252][ T2851] __slab_alloc.constprop.0+0x4d/0x90
[ 76.994585][ T2851] __kmalloc_cache_noprof+0x324/0x370
[ 76.999917][ T2851] netfs_buffer_append_folio+0x140/0x640
[ 77.006036][ T2851] netfs_write_folio+0x41e/0x1e00
[ 77.011022][ T2851] netfs_writepages+0x25a/0xb60
[ 77.015837][ T2851] do_writepages+0x172/0x780
[ 77.020387][ T2851] filemap_fdatawrite_wbc+0x10e/0x180
[ 77.025720][ T2851] __filemap_fdatawrite_range+0xaa/0xf0
[ 77.031231][ T2851] v9fs_dir_release+0x242/0x310
[ 77.036042][ T2851] __fput+0x361/0xaf0
[ 77.039987][ T2851] page last free pid 2851 tgid 2851 stack trace:
[ 77.046272][ T2851] free_unref_page+0x6ee/0xd20
[ 77.050996][ T2851] qlist_free_all+0x4e/0x140
[ 77.055550][ T2851] kasan_quarantine_reduce+0x184/0x1b0
[ 77.061054][ T2851] __kasan_slab_alloc+0x69/0x90
[ 77.065866][ T2851] __kmalloc_cache_noprof+0x127/0x370
[ 77.071200][ T2851] netfs_buffer_append_folio+0x140/0x640
[ 77.076793][ T2851] netfs_write_folio+0x41e/0x1e00
[ 77.081778][ T2851] netfs_writepages+0x25a/0xb60
[ 77.086588][ T2851] do_writepages+0x172/0x780
[ 77.091144][ T2851] filemap_fdatawrite_wbc+0x10e/0x180
[ 77.096649][ T2851] __filemap_fdatawrite_range+0xaa/0xf0
[ 77.102154][ T2851] v9fs_dir_release+0x242/0x310
[ 77.106966][ T2851] __fput+0x361/0xaf0
[ 77.110911][ T2851] task_work_run+0x119/0x1f0
[ 77.115460][ T2851] syscall_exit_to_user_mode+0x180/0x190
[ 77.121053][ T2851] do_syscall_64+0x7a/0x170
[ 77.125518][ T2851]
[ 77.127810][ T2851] Memory state around the buggy address:
[ 77.133402][ T2851] ffff888122872400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 77.141422][ T2851] ffff888122872480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 77.149443][ T2851] >ffff888122872500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 77.157475][ T2851] ^
[ 77.162632][ T2851] ffff888122872580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 77.170657][ T2851] ffff888122872600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 77.178681][ T2851] ==================================================================
2024/09/19 23:54:52 executed programs: 21
[ 77.378872][ T2853] ==================================================================
[ 77.386944][ T2853] BUG: KASAN: slab-use-after-free in iov_iter_advance+0x470/0x500
[ 77.394717][ T2853] Read of size 8 at addr ffff88810cf44d20 by task syz.0.34/2853
[ 77.402306][ T2853]
[ 77.404600][ T2853] CPU: 1 UID: 0 PID: 2853 Comm: syz.0.34 Tainted: G B 6.11.0-rc6-syzkaller #0
[ 77.414798][ T2853] Tainted: [B]=BAD_PAGE
[ 77.418915][ T2853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 77.428956][ T2853] Call Trace:
[ 77.432206][ T2853]
[ 77.435119][ T2853] dump_stack_lvl+0x5a/0x90
[ 77.439590][ T2853] print_report+0xc3/0x620
[ 77.443970][ T2853] ? srso_alias_return_thunk+0x5/0xfbef5
[ 77.449566][ T2853] ? __virt_addr_valid+0x1c5/0x2b0
[ 77.454642][ T2853] kasan_report+0xd9/0x110
[ 77.459021][ T2853] ? iov_iter_advance+0x470/0x500
[ 77.464006][ T2853] ? iov_iter_advance+0x470/0x500
[ 77.468997][ T2853] iov_iter_advance+0x470/0x500
[ 77.473813][ T2853] netfs_write_folio+0xa33/0x1e00
[ 77.478803][ T2853] netfs_writepages+0x25a/0xb60
[ 77.483615][ T2853] ? __pfx_netfs_writepages+0x10/0x10
[ 77.488951][ T2853] ? srso_alias_return_thunk+0x5/0xfbef5
[ 77.494634][ T2853] ? srso_alias_return_thunk+0x5/0xfbef5
[ 77.500231][ T2853] ? __kernel_text_address+0xd/0x40
[ 77.505419][ T2853] ? unwind_get_return_address+0x59/0xa0
[ 77.511020][ T2853] ? srso_alias_return_thunk+0x5/0xfbef5
[ 77.516620][ T2853] ? arch_stack_walk+0xa7/0x100
[ 77.521440][ T2853] do_writepages+0x172/0x780
[ 77.526030][ T2853] ? srso_alias_return_thunk+0x5/0xfbef5
[ 77.531652][ T2853] ? __pfx_do_writepages+0x10/0x10
[ 77.536729][ T2853] ? lock_release+0x4ab/0x5d0
[ 77.541378][ T2853] ? filemap_fdatawrite_wbc+0x103/0x180
[ 77.546897][ T2853] ? __pfx_lock_release+0x10/0x10
[ 77.551884][ T2853] ? srso_alias_return_thunk+0x5/0xfbef5
[ 77.557476][ T2853] ? do_raw_spin_lock+0x12d/0x2c0
[ 77.562460][ T2853] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 77.567884][ T2853] ? lock_acquire+0x24a/0x2c0
[ 77.572521][ T2853] filemap_fdatawrite_wbc+0x10e/0x180
[ 77.577854][ T2853] __filemap_fdatawrite_range+0xaa/0xf0
[ 77.583454][ T2853] ? __pfx___filemap_fdatawrite_range+0x10/0x10
[ 77.590103][ T2853] ? __pfx_debug_check_no_obj_freed+0x10/0x10
[ 77.596133][ T2853] ? __pfx_locks_remove_file+0x10/0x10
[ 77.601554][ T2853] v9fs_dir_release+0x242/0x310
[ 77.606374][ T2853] __fput+0x361/0xaf0
[ 77.610318][ T2853] ? srso_alias_return_thunk+0x5/0xfbef5
[ 77.615910][ T2853] task_work_run+0x119/0x1f0
[ 77.620461][ T2853] ? __pfx_task_work_run+0x10/0x10
[ 77.625534][ T2853] ? __pfx___x64_sys_clock_nanosleep+0x10/0x10
[ 77.631650][ T2853] syscall_exit_to_user_mode+0x180/0x190
[ 77.637246][ T2853] do_syscall_64+0x7a/0x170
[ 77.641711][ T2853] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 77.647565][ T2853] RIP: 0033:0x7ff4a803def9
[ 77.651944][ T2853] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 77.671518][ T2853] RSP: 002b:00007ffcbc931268 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 77.680158][ T2853] RAX: 0000000000000000 RBX: 00007ff4a81f7a80 RCX: 00007ff4a803def9
[ 77.688177][ T2853] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 77.696128][ T2853] RBP: 00007ff4a81f7a80 R08: 0000000000000000 R09: 00007ffcbc93155f
[ 77.704070][ T2853] R10: 000000000003fd88 R11: 0000000000000246 R12: 0000000000013105
[ 77.712012][ T2853] R13: 00007ffcbc931370 R14: 0000000000000032 R15: ffffffffffffffff
[ 77.719953][ T2853]
[ 77.722937][ T2853]
[ 77.725229][ T2853] Allocated by task 2853:
[ 77.729521][ T2853] kasan_save_stack+0x33/0x60
[ 77.734163][ T2853] kasan_save_track+0x14/0x30
[ 77.738797][ T2853] __kasan_kmalloc+0xaa/0xb0
[ 77.743345][ T2853] netfs_buffer_append_folio+0x140/0x640
[ 77.748940][ T2853] netfs_write_folio+0x41e/0x1e00
[ 77.753926][ T2853] netfs_writepages+0x25a/0xb60
[ 77.758737][ T2853] do_writepages+0x172/0x780
[ 77.763286][ T2853] filemap_fdatawrite_wbc+0x10e/0x180
[ 77.768621][ T2853] __filemap_fdatawrite_range+0xaa/0xf0
[ 77.774128][ T2853] v9fs_dir_release+0x242/0x310
[ 77.778939][ T2853] __fput+0x361/0xaf0
[ 77.782970][ T2853] task_work_run+0x119/0x1f0
[ 77.787613][ T2853] syscall_exit_to_user_mode+0x180/0x190
[ 77.793260][ T2853] do_syscall_64+0x7a/0x170
[ 77.797815][ T2853] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 77.803671][ T2853]
[ 77.805958][ T2853] Freed by task 11:
[ 77.809735][ T2853] kasan_save_stack+0x33/0x60
[ 77.814463][ T2853] kasan_save_track+0x14/0x30
[ 77.819132][ T2853] kasan_save_free_info+0x3b/0x60
[ 77.824120][ T2853] poison_slab_object+0xf7/0x160
[ 77.829015][ T2853] __kasan_slab_free+0x32/0x50
[ 77.833834][ T2853] kfree+0x121/0x360
[ 77.837689][ T2853] netfs_delete_buffer_head+0x97/0xf0
[ 77.843019][ T2853] netfs_write_collection_worker+0x18de/0x4340
[ 77.849134][ T2853] process_one_work+0x7c4/0x15e0
[ 77.854034][ T2853] worker_thread+0x6b1/0x1010
[ 77.858757][ T2853] kthread+0x277/0x330
[ 77.862788][ T2853] ret_from_fork+0x2f/0x70
[ 77.867166][ T2853] ret_from_fork_asm+0x1a/0x30
[ 77.871888][ T2853]
[ 77.874180][ T2853] The buggy address belongs to the object at ffff88810cf44c00
[ 77.874180][ T2853] which belongs to the cache kmalloc-512 of size 512
[ 77.888372][ T2853] The buggy address is located 288 bytes inside of
[ 77.888372][ T2853] freed 512-byte region [ffff88810cf44c00, ffff88810cf44e00)
[ 77.902135][ T2853]
[ 77.904430][ T2853] The buggy address belongs to the physical page:
[ 77.910886][ T2853] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10cf44
[ 77.919692][ T2853] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 77.928150][ T2853] flags: 0x200000000000040(head|node=0|zone=2)
[ 77.934265][ T2853] page_type: 0xfdffffff(slab)
[ 77.938988][ T2853] raw: 0200000000000040 ffff888100041c80 dead000000000122 0000000000000000
[ 77.947531][ T2853] raw: 0000000000000000 0000000080100010 00000001fdffffff 0000000000000000
[ 77.956075][ T2853] head: 0200000000000040 ffff888100041c80 dead000000000122 0000000000000000
[ 77.964711][ T2853] head: 0000000000000000 0000000080100010 00000001fdffffff 0000000000000000
[ 77.973435][ T2853] head: 0200000000000002 ffffea000433d101 ffffffffffffffff 0000000000000000
[ 77.982071][ T2853] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[ 77.990712][ T2853] page dumped because: kasan: bad access detected
[ 77.997094][ T2853] page_owner tracks the page as allocated
[ 78.002770][ T2853] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x1d2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 2853, tgid 2853 (syz.0.34), ts 77377982751, free_ts 77198700371
[ 78.024435][ T2853] post_alloc_hook+0x283/0x300
[ 78.029167][ T2853] get_page_from_freelist+0x117b/0x3620
[ 78.034675][ T2853] __alloc_pages_noprof+0x345/0x620
[ 78.039832][ T2853] alloc_slab_page+0x4e/0xf0
[ 78.044382][ T2853] allocate_slab+0x5b/0x200
[ 78.048843][ T2853] ___slab_alloc+0xc2a/0x13f0
[ 78.053478][ T2853] __slab_alloc.constprop.0+0x4d/0x90
[ 78.058809][ T2853] __kmalloc_cache_noprof+0x324/0x370
[ 78.064142][ T2853] netfs_buffer_append_folio+0x140/0x640
[ 78.069732][ T2853] netfs_write_folio+0x41e/0x1e00
[ 78.074714][ T2853] netfs_writepages+0x25a/0xb60
[ 78.079524][ T2853] do_writepages+0x172/0x780
[ 78.084076][ T2853] filemap_fdatawrite_wbc+0x10e/0x180
[ 78.089413][ T2853] __filemap_fdatawrite_range+0xaa/0xf0
[ 78.094916][ T2853] v9fs_dir_release+0x242/0x310
[ 78.099726][ T2853] __fput+0x361/0xaf0
[ 78.103671][ T2853] page last free pid 2851 tgid 2851 stack trace:
[ 78.109955][ T2853] free_unref_page+0x6ee/0xd20
[ 78.114686][ T2853] __put_partials+0x140/0x160
[ 78.119410][ T2853] qlist_free_all+0x4e/0x140
[ 78.123958][ T2853] kasan_quarantine_reduce+0x184/0x1b0
[ 78.129373][ T2853] __kasan_slab_alloc+0x69/0x90
[ 78.134184][ T2853] __kmalloc_cache_noprof+0x127/0x370
[ 78.139781][ T2853] netfs_buffer_append_folio+0x140/0x640
[ 78.145374][ T2853] netfs_write_folio+0x41e/0x1e00
[ 78.150359][ T2853] netfs_writepages+0x25a/0xb60
[ 78.155258][ T2853] do_writepages+0x172/0x780
[ 78.159808][ T2853] filemap_fdatawrite_wbc+0x10e/0x180
[ 78.165139][ T2853] __filemap_fdatawrite_range+0xaa/0xf0
[ 78.170642][ T2853] v9fs_dir_release+0x242/0x310
[ 78.175452][ T2853] __fput+0x361/0xaf0
[ 78.179481][ T2853] task_work_run+0x119/0x1f0
[ 78.184027][ T2853] syscall_exit_to_user_mode+0x180/0x190
[ 78.189624][ T2853]
[ 78.191917][ T2853] Memory state around the buggy address:
[ 78.197509][ T2853] ffff88810cf44c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 78.205533][ T2853] ffff88810cf44c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 78.213641][ T2853] >ffff88810cf44d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 78.221663][ T2853] ^
[ 78.226734][ T2853] ffff88810cf44d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 78.234757][ T2853] ffff88810cf44e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 78.242778][ T2853] ==================================================================
[ 78.917730][ T2859] ==================================================================
[ 78.926071][ T2859] BUG: KASAN: slab-use-after-free in iov_iter_advance+0x470/0x500
[ 78.933845][ T2859] Read of size 8 at addr ffff88811372a520 by task syz.0.37/2859
[ 78.941439][ T2859]
[ 78.943734][ T2859] CPU: 1 UID: 0 PID: 2859 Comm: syz.0.37 Tainted: G B 6.11.0-rc6-syzkaller #0
[ 78.953932][ T2859] Tainted: [B]=BAD_PAGE
[ 78.958049][ T2859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 78.968157][ T2859] Call Trace:
[ 78.971409][ T2859]
[ 78.974313][ T2859] dump_stack_lvl+0x5a/0x90
[ 78.978783][ T2859] print_report+0xc3/0x620
[ 78.983162][ T2859] ? srso_alias_return_thunk+0x5/0xfbef5
[ 78.988755][ T2859] ? __virt_addr_valid+0x1c5/0x2b0
[ 78.993828][ T2859] kasan_report+0xd9/0x110
[ 78.998231][ T2859] ? iov_iter_advance+0x470/0x500
[ 79.003269][ T2859] ? iov_iter_advance+0x470/0x500
[ 79.008256][ T2859] iov_iter_advance+0x470/0x500
[ 79.013068][ T2859] netfs_write_folio+0xa33/0x1e00
[ 79.018059][ T2859] netfs_writepages+0x25a/0xb60
[ 79.022871][ T2859] ? __pfx_netfs_writepages+0x10/0x10
[ 79.028208][ T2859] ? srso_alias_return_thunk+0x5/0xfbef5
[ 79.033806][ T2859] ? srso_alias_return_thunk+0x5/0xfbef5
[ 79.039403][ T2859] ? __kernel_text_address+0xd/0x40
[ 79.044565][ T2859] ? unwind_get_return_address+0x59/0xa0
[ 79.050160][ T2859] ? srso_alias_return_thunk+0x5/0xfbef5
[ 79.055754][ T2859] ? arch_stack_walk+0xa7/0x100
[ 79.060569][ T2859] do_writepages+0x172/0x780
[ 79.065127][ T2859] ? srso_alias_return_thunk+0x5/0xfbef5
[ 79.070723][ T2859] ? __pfx_do_writepages+0x10/0x10
[ 79.075885][ T2859] ? lock_release+0x4ab/0x5d0
[ 79.080526][ T2859] ? filemap_fdatawrite_wbc+0x103/0x180
[ 79.086037][ T2859] ? __pfx_lock_release+0x10/0x10
[ 79.091031][ T2859] ? srso_alias_return_thunk+0x5/0xfbef5
[ 79.096641][ T2859] ? do_raw_spin_lock+0x12d/0x2c0
[ 79.101632][ T2859] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 79.106965][ T2859] ? lock_acquire+0x24a/0x2c0
[ 79.111607][ T2859] filemap_fdatawrite_wbc+0x10e/0x180
[ 79.116946][ T2859] __filemap_fdatawrite_range+0xaa/0xf0
[ 79.122454][ T2859] ? __pfx___filemap_fdatawrite_range+0x10/0x10
[ 79.128664][ T2859] ? __pfx_debug_check_no_obj_freed+0x10/0x10
[ 79.134697][ T2859] ? __pfx_locks_remove_file+0x10/0x10
[ 79.140128][ T2859] v9fs_dir_release+0x242/0x310
[ 79.144945][ T2859] __fput+0x361/0xaf0
[ 79.148890][ T2859] ? srso_alias_return_thunk+0x5/0xfbef5
[ 79.154488][ T2859] task_work_run+0x119/0x1f0
[ 79.159043][ T2859] ? __pfx_task_work_run+0x10/0x10
[ 79.164141][ T2859] ? srso_alias_return_thunk+0x5/0xfbef5
[ 79.169738][ T2859] syscall_exit_to_user_mode+0x180/0x190
[ 79.175335][ T2859] do_syscall_64+0x7a/0x170
[ 79.179977][ T2859] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 79.185853][ T2859] RIP: 0033:0x7ff4a803def9
[ 79.190233][ T2859] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 79.209807][ T2859] RSP: 002b:00007ffcbc931268 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 79.218188][ T2859] RAX: 0000000000000000 RBX: 00007ff4a81f7a80 RCX: 00007ff4a803def9
[ 79.226129][ T2859] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 79.234070][ T2859] RBP: 00007ff4a81f7a80 R08: 0000000000000000 R09: 00007ffcbc93155f
[ 79.242014][ T2859] R10: 000000000003fd88 R11: 0000000000000246 R12: 00000000000136ea
[ 79.250213][ T2859] R13: 00007ffcbc931370 R14: 0000000000000032 R15: ffffffffffffffff
[ 79.258155][ T2859]
[ 79.261148][ T2859]
[ 79.263446][ T2859] Allocated by task 2859:
[ 79.267758][ T2859] kasan_save_stack+0x33/0x60
[ 79.272404][ T2859] kasan_save_track+0x14/0x30
[ 79.277045][ T2859] __kasan_kmalloc+0xaa/0xb0
[ 79.281600][ T2859] netfs_buffer_append_folio+0x140/0x640
[ 79.287198][ T2859] netfs_write_folio+0x41e/0x1e00
[ 79.292186][ T2859] netfs_writepages+0x25a/0xb60
[ 79.296998][ T2859] do_writepages+0x172/0x780
[ 79.301551][ T2859] filemap_fdatawrite_wbc+0x10e/0x180
[ 79.306887][ T2859] __filemap_fdatawrite_range+0xaa/0xf0
[ 79.312394][ T2859] v9fs_dir_release+0x242/0x310
[ 79.317210][ T2859] __fput+0x361/0xaf0
[ 79.321155][ T2859] task_work_run+0x119/0x1f0
[ 79.325821][ T2859] syscall_exit_to_user_mode+0x180/0x190
[ 79.331416][ T2859] do_syscall_64+0x7a/0x170
[ 79.335971][ T2859] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 79.341827][ T2859]
[ 79.344120][ T2859] Freed by task 11:
[ 79.347891][ T2859] kasan_save_stack+0x33/0x60
[ 79.352532][ T2859] kasan_save_track+0x14/0x30
[ 79.357172][ T2859] kasan_save_free_info+0x3b/0x60
[ 79.362159][ T2859] poison_slab_object+0xf7/0x160
[ 79.367059][ T2859] __kasan_slab_free+0x32/0x50
[ 79.371786][ T2859] kfree+0x121/0x360
[ 79.375646][ T2859] netfs_delete_buffer_head+0x97/0xf0
[ 79.380982][ T2859] netfs_write_collection_worker+0x18de/0x4340
[ 79.387102][ T2859] process_one_work+0x7c4/0x15e0
[ 79.392268][ T2859] worker_thread+0x6b1/0x1010
[ 79.396906][ T2859] kthread+0x277/0x330
[ 79.400942][ T2859] ret_from_fork+0x2f/0x70
[ 79.405320][ T2859] ret_from_fork_asm+0x1a/0x30
[ 79.410049][ T2859]
[ 79.412342][ T2859] The buggy address belongs to the object at ffff88811372a400
[ 79.412342][ T2859] which belongs to the cache kmalloc-512 of size 512
[ 79.426361][ T2859] The buggy address is located 288 bytes inside of
[ 79.426361][ T2859] freed 512-byte region [ffff88811372a400, ffff88811372a600)
[ 79.440116][ T2859]
[ 79.442419][ T2859] The buggy address belongs to the physical page:
[ 79.448794][ T2859] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x113728
[ 79.457609][ T2859] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 79.466415][ T2859] flags: 0x200000000000040(head|node=0|zone=2)
[ 79.472620][ T2859] page_type: 0xfdffffff(slab)
[ 79.477261][ T2859] raw: 0200000000000040 ffff888100041c80 dead000000000122 0000000000000000
[ 79.485806][ T2859] raw: 0000000000000000 0000000080100010 00000001fdffffff 0000000000000000
[ 79.494873][ T2859] head: 0200000000000040 ffff888100041c80 dead000000000122 0000000000000000
[ 79.503505][ T2859] head: 0000000000000000 0000000080100010 00000001fdffffff 0000000000000000
[ 79.512136][ T2859] head: 0200000000000002 ffffea00044dca01 ffffffffffffffff 0000000000000000
[ 79.520767][ T2859] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[ 79.529398][ T2859] page dumped because: kasan: bad access detected
[ 79.535773][ T2859] page_owner tracks the page as allocated
[ 79.541452][ T2859] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x1d2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 2859, tgid 2859 (syz.0.37), ts 78915682723, free_ts 78564527863
[ 79.563031][ T2859] post_alloc_hook+0x283/0x300
[ 79.567764][ T2859] get_page_from_freelist+0x117b/0x3620
[ 79.573280][ T2859] __alloc_pages_noprof+0x345/0x620
[ 79.578441][ T2859] alloc_slab_page+0x4e/0xf0
[ 79.582999][ T2859] allocate_slab+0x5b/0x200
[ 79.587553][ T2859] ___slab_alloc+0xc2a/0x13f0
[ 79.592194][ T2859] __slab_alloc.constprop.0+0x4d/0x90
[ 79.597529][ T2859] __kmalloc_cache_noprof+0x324/0x370
[ 79.602862][ T2859] netfs_buffer_append_folio+0x140/0x640
[ 79.608458][ T2859] netfs_write_folio+0x41e/0x1e00
[ 79.613445][ T2859] netfs_writepages+0x25a/0xb60
[ 79.618257][ T2859] do_writepages+0x172/0x780
[ 79.622808][ T2859] filemap_fdatawrite_wbc+0x10e/0x180
[ 79.628143][ T2859] __filemap_fdatawrite_range+0xaa/0xf0
[ 79.633649][ T2859] v9fs_dir_release+0x242/0x310
[ 79.638462][ T2859] __fput+0x361/0xaf0
[ 79.642407][ T2859] page last free pid 2815 tgid 2815 stack trace:
[ 79.648695][ T2859] free_unref_page+0x6ee/0xd20
[ 79.653421][ T2859] __put_partials+0x140/0x160
[ 79.658060][ T2859] qlist_free_all+0x4e/0x140
[ 79.662611][ T2859] kasan_quarantine_reduce+0x184/0x1b0
[ 79.668028][ T2859] __kasan_slab_alloc+0x69/0x90
[ 79.672925][ T2859] __kmalloc_noprof+0x18e/0x450
[ 79.677738][ T2859] tomoyo_realpath_from_path+0xaf/0x7a0
[ 79.683250][ T2859] tomoyo_path_perm+0x237/0x350
[ 79.688063][ T2859] security_inode_getattr+0xcc/0x110
[ 79.693311][ T2859] vfs_fstat+0x36/0x90
[ 79.697343][ T2859] __do_sys_newfstatat+0x91/0xf0
[ 79.702244][ T2859] do_syscall_64+0x6d/0x170
[ 79.706714][ T2859] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 79.712568][ T2859]
[ 79.714860][ T2859] Memory state around the buggy address:
[ 79.721843][ T2859] ffff88811372a400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 79.729865][ T2859] ffff88811372a480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 79.737888][ T2859] >ffff88811372a500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 79.745909][ T2859] ^
[ 79.750980][ T2859] ffff88811372a580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 79.759000][ T2859] ffff88811372a600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 79.767022][ T2859] ==================================================================
[ 80.374174][ T2865] ==================================================================
[ 80.382249][ T2865] BUG: KASAN: slab-use-after-free in iov_iter_advance+0x470/0x500
[ 80.390035][ T2865] Read of size 8 at addr ffff88811513e920 by task syz.0.40/2865
[ 80.397631][ T2865]
[ 80.399924][ T2865] CPU: 1 UID: 0 PID: 2865 Comm: syz.0.40 Tainted: G B 6.11.0-rc6-syzkaller #0
[ 80.410128][ T2865] Tainted: [B]=BAD_PAGE
[ 80.414244][ T2865] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024