Warning: Permanently added '10.128.1.153' (ED25519) to the list of known hosts. 1970/01/01 00:01:01 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:01:01 ignoring optional flag "type"="gce" 1970/01/01 00:01:01 parsed 1 programs [ 61.776163][ T4273] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS 1970/01/01 00:01:01 executed programs: 0 [ 62.330829][ T4300] chnl_net:caif_netlink_parms(): no params data found [ 62.369569][ T4291] chnl_net:caif_netlink_parms(): no params data found [ 62.388155][ T4301] chnl_net:caif_netlink_parms(): no params data found [ 62.425746][ T4296] chnl_net:caif_netlink_parms(): no params data found [ 62.502711][ T4294] chnl_net:caif_netlink_parms(): no params data found [ 62.515997][ T4300] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.518004][ T4300] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.520537][ T4300] device bridge_slave_0 entered promiscuous mode [ 62.529420][ T4301] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.531212][ T4301] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.533745][ T4301] device bridge_slave_0 entered promiscuous mode [ 62.552547][ T4300] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.554383][ T4300] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.557564][ T4300] device bridge_slave_1 entered promiscuous mode [ 62.565120][ T4291] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.567276][ T4291] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.569563][ T4291] device bridge_slave_0 entered promiscuous mode [ 62.573028][ T4301] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.574953][ T4301] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.577991][ T4301] device bridge_slave_1 entered promiscuous mode [ 62.597588][ T4291] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.599340][ T4291] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.602030][ T4291] device bridge_slave_1 entered promiscuous mode [ 62.649103][ T4296] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.651004][ T4296] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.653390][ T4296] device bridge_slave_0 entered promiscuous mode [ 62.658878][ T4300] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.681860][ T4301] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.687514][ T4291] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.691995][ T4291] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.695660][ T4300] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.698585][ T4296] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.700424][ T4296] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.702756][ T4296] device bridge_slave_1 entered promiscuous mode [ 62.718680][ T4301] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.756615][ T4294] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.758264][ T4294] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.760821][ T4294] device bridge_slave_0 entered promiscuous mode [ 62.788507][ T4296] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.792573][ T4291] team0: Port device team_slave_0 added [ 62.796196][ T4300] team0: Port device team_slave_0 added [ 62.798905][ T4294] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.800778][ T4294] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.803144][ T4294] device bridge_slave_1 entered promiscuous mode [ 62.807696][ T4301] team0: Port device team_slave_0 added [ 62.810659][ T4296] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.823610][ T4300] team0: Port device team_slave_1 added [ 62.826144][ T4301] team0: Port device team_slave_1 added [ 62.835528][ T4291] team0: Port device team_slave_1 added [ 62.894821][ T4294] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.898823][ T4296] team0: Port device team_slave_0 added [ 62.900851][ T4291] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.902711][ T4291] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.912588][ T4291] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.916087][ T4300] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.919604][ T4300] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.925952][ T4300] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.931665][ T4300] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.933474][ T4300] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.940208][ T4300] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.945649][ T4296] team0: Port device team_slave_1 added [ 62.948797][ T4294] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.951303][ T4301] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.953053][ T4301] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.959935][ T4301] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.963485][ T4291] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.965294][ T4291] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.973369][ T4291] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.990193][ T4301] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.991964][ T4301] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.999434][ T4301] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 63.034278][ T4296] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 63.036119][ T4296] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.044197][ T4296] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 63.049401][ T4294] team0: Port device team_slave_0 added [ 63.051328][ T4296] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 63.053150][ T4296] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.061079][ T4296] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 63.138587][ T4300] device hsr_slave_0 entered promiscuous mode [ 63.176869][ T4300] device hsr_slave_1 entered promiscuous mode [ 63.218896][ T4294] team0: Port device team_slave_1 added [ 63.258407][ T4291] device hsr_slave_0 entered promiscuous mode [ 63.296847][ T4291] device hsr_slave_1 entered promiscuous mode [ 63.336662][ T4291] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 63.338726][ T4291] Cannot create hsr debugfs directory [ 63.408509][ T4301] device hsr_slave_0 entered promiscuous mode [ 63.457399][ T4301] device hsr_slave_1 entered promiscuous mode [ 63.496641][ T4301] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 63.498496][ T4301] Cannot create hsr debugfs directory [ 63.543189][ T4294] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 63.544942][ T4294] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.551868][ T4294] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 63.618511][ T4296] device hsr_slave_0 entered promiscuous mode [ 63.656822][ T4296] device hsr_slave_1 entered promiscuous mode [ 63.697392][ T4296] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 63.699271][ T4296] Cannot create hsr debugfs directory [ 63.706118][ T4294] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 63.708335][ T4294] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.714921][ T4294] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 63.830293][ T4294] device hsr_slave_0 entered promiscuous mode [ 63.866942][ T4294] device hsr_slave_1 entered promiscuous mode [ 63.906675][ T4294] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 63.908634][ T4294] Cannot create hsr debugfs directory [ 64.027002][ T21] Bluetooth: hci4: command 0x0409 tx timeout [ 64.029233][ T13] Bluetooth: hci3: command 0x0409 tx timeout [ 64.036565][ T13] Bluetooth: hci2: command 0x0409 tx timeout [ 64.038064][ T13] Bluetooth: hci1: command 0x0409 tx timeout [ 64.039806][ T13] Bluetooth: hci0: command 0x0409 tx timeout [ 64.063029][ T4296] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 64.109727][ T4296] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 64.207173][ T4296] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 64.248512][ T4296] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 64.406313][ T4296] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.419320][ T607] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 64.421711][ T607] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 64.426319][ T4296] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.446138][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 64.450053][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 64.452406][ T153] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.454265][ T153] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.463004][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 64.465694][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 64.468335][ T153] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.470090][ T153] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.472200][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 64.475003][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 64.484497][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 64.560876][ T607] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 64.563586][ T607] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 64.577045][ T607] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 64.579517][ T607] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 64.583220][ T607] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 64.585807][ T607] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 64.593539][ T607] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 64.600967][ T4296] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 64.604228][ T4296] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 64.615004][ T670] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 64.619235][ T670] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 64.758977][ T670] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 64.761021][ T670] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 64.768245][ T4296] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.786059][ T670] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 64.790989][ T670] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 64.805626][ T607] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 64.809724][ T607] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 64.813071][ T607] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 64.815527][ T607] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 64.824775][ T4296] device veth0_vlan entered promiscuous mode [ 64.831333][ T4296] device veth1_vlan entered promiscuous mode [ 64.856002][ T607] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 64.858824][ T607] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 64.861587][ T607] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 64.864114][ T607] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 64.875128][ T4296] device veth0_macvtap entered promiscuous mode [ 64.880676][ T4296] device veth1_macvtap entered promiscuous mode [ 64.896617][ T4296] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.898502][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 64.900965][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 64.903469][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 64.906048][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 64.918759][ T4296] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.922540][ T4296] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.924750][ T4296] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.934793][ T4296] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.937585][ T4296] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.941816][ T670] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 64.944395][ T670] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 64.978124][ T4300] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 65.018738][ T4300] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 65.085442][ T4300] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 65.118360][ T4300] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 65.205498][ T153] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.207984][ T153] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.213972][ T607] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 65.253376][ T4301] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 65.253422][ T153] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.263021][ T153] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.296376][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 65.305447][ T4301] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 65.360339][ T4294] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 65.404086][ T4301] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 65.465763][ T4301] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 65.538343][ T4294] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 65.578580][ T4294] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 65.649682][ T4291] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 65.689569][ T4294] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 65.745235][ T4300] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.758084][ T4480] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 65.765066][ T4291] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 65.790148][ T4291] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 65.828553][ T4291] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 65.875581][ T4300] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.884844][ T4480] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 65.888131][ T4480] Zero length message leads to an empty skb [ 65.918315][ T607] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 65.930287][ T607] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 65.984830][ T607] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 65.987844][ T607] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 65.990575][ T607] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.992422][ T607] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.998555][ T607] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 66.001157][ T607] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 66.003659][ T607] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.005552][ T607] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.009184][ T607] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 66.013576][ T607] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 66.016367][ T607] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 66.029901][ T607] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 66.041922][ T607] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 66.044578][ T607] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 66.055058][ T4486] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 66.061082][ T607] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 66.064103][ T607] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 66.096931][ T4486] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 66.108757][ T4055] Bluetooth: hci0: command 0x041b tx timeout [ 66.110511][ T4055] Bluetooth: hci1: command 0x041b tx timeout [ 66.127887][ T4055] Bluetooth: hci2: command 0x041b tx timeout [ 66.129518][ T607] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 66.132052][ T607] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 66.134455][ T607] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 66.138071][ T4055] Bluetooth: hci3: command 0x041b tx timeout [ 66.156696][ T4055] Bluetooth: hci4: command 0x041b tx timeout [ 66.164479][ T607] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 66.172804][ T4496] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 66.177376][ T4300] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 66.202968][ T4301] 8021q: adding VLAN 0 to HW filter on device bond0 [ 66.214903][ T4496] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 66.262820][ T4301] 8021q: adding VLAN 0 to HW filter on device team0 [ 66.270401][ T4294] 8021q: adding VLAN 0 to HW filter on device bond0 [ 66.272387][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 66.275111][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 66.278506][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 66.285641][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 66.290231][ T153] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.292163][ T153] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.311960][ T4294] 8021q: adding VLAN 0 to HW filter on device team0 [ 66.317268][ T4500] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 66.320068][ T4500] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 66.324627][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 66.340022][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 66.357793][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 66.360158][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 66.365711][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 66.368948][ T153] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.370844][ T153] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.373130][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 66.375840][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 66.379001][ T153] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.380864][ T153] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.398612][ T4504] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 66.401313][ T4504] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 66.423279][ T4291] 8021q: adding VLAN 0 to HW filter on device bond0 [ 66.430874][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 66.433644][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 66.436956][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 66.442320][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 66.445035][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 66.448595][ T153] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.450376][ T153] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.452518][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 66.455426][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 66.481401][ T4291] 8021q: adding VLAN 0 to HW filter on device team0 [ 66.494761][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 66.500517][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 66.503154][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 66.505988][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 66.514569][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 66.533219][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 66.535374][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 66.538998][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 66.541628][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 66.544508][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 66.547533][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 66.550067][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 66.562105][ T4294] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 66.564711][ T4294] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 66.584706][ T4301] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 66.589100][ T4301] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 66.591613][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 66.594051][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 66.596327][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 66.600326][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 66.602718][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 66.605061][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 66.608684][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 66.611206][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 66.613752][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 66.616308][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 66.619678][ T153] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.621401][ T153] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.637539][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 66.640068][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 66.642508][ T153] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.644422][ T153] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.656632][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 66.659596][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 66.661501][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 66.663597][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 66.667914][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 66.693373][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 66.696116][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 66.705453][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 66.718059][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 66.720878][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 66.725770][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 66.732521][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 66.742097][ T4291] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 66.745251][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 66.755466][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 66.759081][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 66.764280][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 66.771516][ T4300] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.818592][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 66.821239][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 66.858421][ T4300] device veth0_vlan entered promiscuous mode [ 66.864635][ T4300] device veth1_vlan entered promiscuous mode [ 66.874378][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 66.876934][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 66.879582][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 66.903430][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 66.906051][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 66.909993][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 66.921285][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 66.923322][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 66.956660][ T4294] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.961752][ T4300] device veth0_macvtap entered promiscuous mode [ 66.968313][ T4300] device veth1_macvtap entered promiscuous mode [ 66.977119][ T670] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 66.979915][ T670] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 66.982535][ T670] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 66.988341][ T670] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 67.002130][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 67.004072][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 67.029212][ T4291] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 67.034608][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 67.038462][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 67.045417][ T4301] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 67.058299][ T4300] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.061053][ T4300] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.064794][ T4300] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 67.087480][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 67.090045][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 67.094996][ T4300] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.104072][ T4300] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.108451][ T4300] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 67.132912][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 67.135454][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 67.138540][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 67.144412][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 67.154020][ T4300] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.156328][ T4300] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.163746][ T4300] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.165893][ T4300] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.196009][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 67.201275][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 67.203905][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 67.206935][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 67.209636][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 67.212572][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 67.227681][ T4301] device veth0_vlan entered promiscuous mode [ 67.232416][ T4291] device veth0_vlan entered promiscuous mode [ 67.259730][ T4301] device veth1_vlan entered promiscuous mode [ 67.271871][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 67.274208][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 67.277141][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 67.279631][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 67.282096][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 67.285502][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 67.294760][ T4291] device veth1_vlan entered promiscuous mode [ 67.324659][ T607] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 67.327273][ T607] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 67.329733][ T607] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 67.351695][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 67.354198][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 67.358995][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 67.363375][ T4301] device veth0_macvtap entered promiscuous mode [ 67.375314][ T4301] device veth1_macvtap entered promiscuous mode [ 67.386187][ T148] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.390724][ T148] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.396904][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 67.405859][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 67.410670][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 67.416149][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 67.423685][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 67.435756][ T4301] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.444890][ T4301] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.448162][ T4301] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.450643][ T4301] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.454274][ T4301] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 67.458227][ T4294] device veth0_vlan entered promiscuous mode [ 67.465111][ T4294] device veth1_vlan entered promiscuous mode [ 67.479200][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 67.481509][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 67.483851][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 67.486165][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 67.493489][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 67.514335][ T4301] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.517282][ T4301] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.519875][ T4301] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.522494][ T4301] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.526074][ T4301] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 67.545402][ T4291] device veth0_macvtap entered promiscuous mode [ 67.557002][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 67.559436][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 67.561972][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 67.564676][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 67.574470][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 67.580275][ T4301] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.582450][ T4301] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.584636][ T4301] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.588605][ T607] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.590786][ T607] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.593830][ T4301] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.601901][ T4291] device veth1_macvtap entered promiscuous mode [ 67.607465][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 67.609936][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 67.612369][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 67.653133][ T4294] device veth0_macvtap entered promiscuous mode [ 67.655581][ T670] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 67.658824][ T670] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 67.671902][ T670] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 67.688578][ T4291] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.691275][ T4291] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.693697][ T4291] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.696258][ T4291] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.752934][ T4291] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.755484][ T4291] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.760091][ T4291] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 67.765903][ T4294] device veth1_macvtap entered promiscuous mode [ 67.774381][ T670] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 67.777626][ T670] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 67.781110][ T670] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 67.793332][ T4291] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.796294][ T4291] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.806694][ T4291] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.809506][ T4291] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.811932][ T4291] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.814569][ T4291] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! 1970/01/01 00:01:07 executed programs: 11 [ 67.824224][ T4291] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 67.849302][ T670] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 67.851871][ T670] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 67.869767][ T4291] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.871978][ T4291] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.874213][ T4291] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.881907][ T4291] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.902578][ T4294] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.905113][ T4294] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.914057][ T4294] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.916965][ T4294] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.919511][ T4294] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.922116][ T4294] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.924570][ T4294] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.935170][ T4294] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.940231][ T4294] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 67.964686][ T670] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 67.975222][ T670] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 67.980229][ T4294] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.982991][ T4294] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.985442][ T4294] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.989111][ T4294] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.991554][ T4294] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.994183][ T4294] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.996945][ T4294] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.999499][ T4294] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.003769][ T4294] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 68.015495][ T153] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.027859][ T153] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.038887][ T607] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 68.041223][ T607] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 68.043801][ T607] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 68.064560][ T4294] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.068570][ T4294] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.070823][ T4294] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.073080][ T4294] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.085742][ T670] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.088096][ T670] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.092069][ T670] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 68.158154][ T148] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.160172][ T148] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.162888][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 68.186944][ T4054] Bluetooth: hci4: command 0x040f tx timeout [ 68.189109][ T4054] Bluetooth: hci3: command 0x040f tx timeout [ 68.190827][ T4054] Bluetooth: hci2: command 0x040f tx timeout [ 68.192488][ T4054] Bluetooth: hci1: command 0x040f tx timeout [ 68.196804][ T4054] Bluetooth: hci0: command 0x040f tx timeout [ 68.234644][ T148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.238853][ T148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.247320][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 68.306893][ T516] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.308877][ T516] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.318835][ T516] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 68.330247][ T516] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.332284][ T516] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.335053][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 69.628894][ T3320] cfg80211: failed to load regulatory.db [ 69.638950][ T2055] ieee802154 phy0 wpan0: encryption failed: -22 [ 69.640769][ T2055] ieee802154 phy1 wpan1: encryption failed: -22 [ 70.267256][ T3320] Bluetooth: hci0: command 0x0419 tx timeout [ 70.276568][ T3320] Bluetooth: hci1: command 0x0419 tx timeout [ 70.278332][ T3320] Bluetooth: hci2: command 0x0419 tx timeout [ 70.288360][ T3320] Bluetooth: hci3: command 0x0419 tx timeout [ 70.294614][ T3320] Bluetooth: hci4: command 0x0419 tx timeout [ 70.770603][ T4887] __nla_validate_parse: 252 callbacks suppressed [ 70.770617][ T4887] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'. [ 70.774678][ T4887] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'. [ 70.810107][ T4884] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 70.812780][ T4888] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 70.815486][ T4888] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 70.818466][ T4890] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 70.822210][ T4884] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 70.827068][ T4890] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 70.876717][ T4892] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 70.879498][ T4892] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. 1970/01/01 00:01:12 executed programs: 246 [ 74.594493][ C0] ================================================================== [ 74.596702][ C0] BUG: KASAN: use-after-free in advance_sched+0x7e0/0x858 [ 74.598534][ C0] Read of size 8 at addr ffff0000c2050210 by task syz-executor.1/4296 [ 74.600695][ C0] [ 74.601255][ C0] CPU: 0 PID: 4296 Comm: syz-executor.1 Not tainted 5.15.167-syzkaller #0 [ 74.603282][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 74.605741][ C0] Call trace: [ 74.606591][ C0] dump_backtrace+0x0/0x530 [ 74.607724][ C0] show_stack+0x2c/0x3c [ 74.608809][ C0] dump_stack_lvl+0x108/0x170 [ 74.609930][ C0] print_address_description+0x7c/0x3f0 [ 74.611291][ C0] kasan_report+0x174/0x1e4 [ 74.612453][ C0] __asan_report_load8_noabort+0x44/0x50 [ 74.613870][ C0] advance_sched+0x7e0/0x858 [ 74.615053][ C0] __hrtimer_run_queues+0x484/0xca4 [ 74.616342][ C0] hrtimer_interrupt+0x2c0/0xb64 [ 74.617557][ C0] arch_timer_handler_virt+0x74/0x88 [ 74.618881][ C0] handle_percpu_devid_irq+0x29c/0x7fc [ 74.620228][ C0] handle_domain_irq+0xec/0x178 [ 74.621431][ C0] gic_handle_irq+0x78/0x1c8 [ 74.622532][ C0] call_on_irq_stack+0x24/0x4c [ 74.623725][ C0] do_interrupt_handler+0x74/0x94 [ 74.625008][ C0] el1_interrupt+0x30/0x58 [ 74.626177][ C0] el1h_64_irq_handler+0x18/0x24 [ 74.627420][ C0] el1h_64_irq+0x78/0x7c [ 74.628571][ C0] _raw_spin_unlock_irqrestore+0xbc/0x158 [ 74.630046][ C0] debug_object_activate+0x258/0x4b0 [ 74.631376][ C0] call_rcu+0x48/0xb40 [ 74.632389][ C0] evict+0x7ac/0x894 [ 74.633356][ C0] iput+0x744/0x824 [ 74.634296][ C0] dentry_unlink_inode+0x37c/0x4bc [ 74.635681][ C0] __dentry_kill+0x324/0x5e4 [ 74.636828][ C0] dentry_kill+0xc8/0x250 [ 74.637934][ C0] dput+0x21c/0x458 [ 74.638878][ C0] __fput+0x494/0x800 [ 74.639895][ C0] ____fput+0x20/0x30 [ 74.640897][ C0] task_work_run+0x130/0x1e4 [ 74.642048][ C0] do_notify_resume+0x262c/0x32b8 [ 74.643282][ C0] el0_svc+0xfc/0x1f0 [ 74.644281][ C0] el0t_64_sync_handler+0x84/0xe4 [ 74.645525][ C0] el0t_64_sync+0x1a0/0x1a4 [ 74.646696][ C0] [ 74.647244][ C0] Allocated by task 5364: [ 74.648341][ C0] ____kasan_kmalloc+0xbc/0xfc [ 74.649551][ C0] __kasan_kmalloc+0x10/0x1c [ 74.650653][ C0] kmem_cache_alloc_trace+0x27c/0x47c [ 74.651983][ C0] taprio_change+0x3b0/0x3604 [ 74.653156][ C0] qdisc_change+0x228/0x548 [ 74.654296][ C0] tc_modify_qdisc+0x116c/0x1364 [ 74.655562][ C0] rtnetlink_rcv_msg+0xa74/0xdac [ 74.656810][ C0] netlink_rcv_skb+0x20c/0x3b8 [ 74.658015][ C0] rtnetlink_rcv+0x28/0x38 [ 74.659090][ C0] netlink_unicast+0x664/0x938 [ 74.660306][ C0] netlink_sendmsg+0x844/0xb38 [ 74.661500][ C0] ____sys_sendmsg+0x584/0x870 [ 74.662735][ C0] ___sys_sendmsg+0x214/0x294 [ 74.663916][ C0] __sys_sendmmsg+0x23c/0x648 [ 74.665105][ C0] __arm64_sys_sendmmsg+0xa0/0xbc [ 74.666324][ C0] invoke_syscall+0x98/0x2b8 [ 74.667448][ C0] el0_svc_common+0x138/0x258 [ 74.668614][ C0] do_el0_svc+0x58/0x14c [ 74.669673][ C0] el0_svc+0x7c/0x1f0 [ 74.670729][ C0] el0t_64_sync_handler+0x84/0xe4 [ 74.671986][ C0] el0t_64_sync+0x1a0/0x1a4 [ 74.673150][ C0] [ 74.673712][ C0] Freed by task 3641: [ 74.674766][ C0] kasan_set_track+0x4c/0x84 [ 74.675904][ C0] kasan_set_free_info+0x28/0x4c [ 74.677135][ C0] ____kasan_slab_free+0x118/0x164 [ 74.678420][ C0] __kasan_slab_free+0x18/0x28 [ 74.679643][ C0] slab_free_freelist_hook+0x128/0x1ec [ 74.680995][ C0] kfree+0x178/0x410 [ 74.681966][ C0] taprio_free_sched_cb+0x154/0x174 [ 74.683294][ C0] rcu_core+0x830/0x1b34 [ 74.684360][ C0] rcu_core_si+0x10/0x1c [ 74.685420][ C0] handle_softirqs+0x384/0xdbc [ 74.686584][ C0] __irq_exit_rcu+0x268/0x4d8 [ 74.687667][ C0] irq_exit+0x14/0x88 [ 74.688748][ C0] handle_domain_irq+0xf4/0x178 [ 74.689964][ C0] gic_handle_irq+0x78/0x1c8 [ 74.691189][ C0] [ 74.691780][ C0] Last potentially related work creation: [ 74.693259][ C0] kasan_save_stack+0x38/0x68 [ 74.694452][ C0] kasan_record_aux_stack+0xd4/0x11c [ 74.695729][ C0] call_rcu+0x118/0xb40 [ 74.696807][ C0] taprio_change+0x2e14/0x3604 [ 74.697999][ C0] qdisc_change+0x228/0x548 [ 74.699102][ C0] tc_modify_qdisc+0x116c/0x1364 [ 74.700421][ C0] rtnetlink_rcv_msg+0xa74/0xdac [ 74.701739][ C0] netlink_rcv_skb+0x20c/0x3b8 [ 74.702918][ C0] rtnetlink_rcv+0x28/0x38 [ 74.703987][ C0] netlink_unicast+0x664/0x938 [ 74.705203][ C0] netlink_sendmsg+0x844/0xb38 [ 74.706396][ C0] ____sys_sendmsg+0x584/0x870 [ 74.707632][ C0] ___sys_sendmsg+0x214/0x294 [ 74.708800][ C0] __sys_sendmmsg+0x23c/0x648 [ 74.709988][ C0] __arm64_sys_sendmmsg+0xa0/0xbc [ 74.711321][ C0] invoke_syscall+0x98/0x2b8 [ 74.712536][ C0] el0_svc_common+0x138/0x258 [ 74.713771][ C0] do_el0_svc+0x58/0x14c [ 74.714849][ C0] el0_svc+0x7c/0x1f0 [ 74.715826][ C0] el0t_64_sync_handler+0x84/0xe4 [ 74.717154][ C0] el0t_64_sync+0x1a0/0x1a4 [ 74.718241][ C0] [ 74.718794][ C0] The buggy address belongs to the object at ffff0000c2050200 [ 74.718794][ C0] which belongs to the cache kmalloc-128 of size 128 [ 74.722290][ C0] The buggy address is located 16 bytes inside of [ 74.722290][ C0] 128-byte region [ffff0000c2050200, ffff0000c2050280) [ 74.725608][ C0] The buggy address belongs to the page: [ 74.726979][ C0] page:000000006f927d94 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff0000c2050d00 pfn:0x102050 [ 74.729924][ C0] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff) [ 74.731891][ C0] raw: 05ffc00000000200 fffffc0003435588 fffffc000366ddc8 ffff0000c0002300 [ 74.734085][ C0] raw: ffff0000c2050d00 000000000010000f 00000001ffffffff 0000000000000000 [ 74.736223][ C0] page dumped because: kasan: bad access detected [ 74.737869][ C0] [ 74.738465][ C0] Memory state around the buggy address: [ 74.739931][ C0] ffff0000c2050100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 74.741817][ C0] ffff0000c2050180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.743839][ C0] >ffff0000c2050200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 74.745889][ C0] ^ [ 74.747068][ C0] ffff0000c2050280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.749104][ C0] ffff0000c2050300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 74.751214][ C0] ================================================================== [ 74.753250][ C0] Disabling lock debugging due to kernel taint [ 74.786933][ C0] ================================================================== [ 74.789117][ C0] BUG: KASAN: double-free or invalid-free in kfree+0x178/0x410 [ 74.791085][ C0] [ 74.791664][ C0] CPU: 0 PID: 14 Comm: ksoftirqd/0 Tainted: G B 5.15.167-syzkaller #0 [ 74.794094][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 74.796549][ C0] Call trace: [ 74.797433][ C0] dump_backtrace+0x0/0x530 [ 74.798570][ C0] show_stack+0x2c/0x3c [ 74.799641][ C0] dump_stack_lvl+0x108/0x170 [ 74.800782][ C0] print_address_description+0x7c/0x3f0 [ 74.802159][ C0] kasan_report_invalid_free+0x64/0x94 [ 74.803535][ C0] ____kasan_slab_free+0x134/0x164 [ 74.804818][ C0] __kasan_slab_free+0x18/0x28 [ 74.806070][ C0] slab_free_freelist_hook+0x128/0x1ec [ 74.807578][ C0] kfree+0x178/0x410 [ 74.808666][ C0] taprio_free_sched_cb+0x154/0x174 [ 74.809991][ C0] rcu_core+0x830/0x1b34 [ 74.811048][ C0] rcu_core_si+0x10/0x1c [ 74.812162][ C0] handle_softirqs+0x384/0xdbc [ 74.813437][ C0] run_ksoftirqd+0x6c/0x29c [ 74.814517][ C0] smpboot_thread_fn+0x4b0/0x920 [ 74.815767][ C0] kthread+0x37c/0x45c [ 74.816809][ C0] ret_from_fork+0x10/0x20 [ 74.817948][ C0] [ 74.818577][ C0] Allocated by task 5364: [ 74.819709][ C0] ____kasan_kmalloc+0xbc/0xfc [ 74.820910][ C0] __kasan_kmalloc+0x10/0x1c [ 74.822032][ C0] kmem_cache_alloc_trace+0x27c/0x47c [ 74.823484][ C0] taprio_change+0x3b0/0x3604 [ 74.824641][ C0] qdisc_change+0x228/0x548 [ 74.825776][ C0] tc_modify_qdisc+0x116c/0x1364 [ 74.827030][ C0] rtnetlink_rcv_msg+0xa74/0xdac [ 74.828307][ C0] netlink_rcv_skb+0x20c/0x3b8 [ 74.829425][ C0] rtnetlink_rcv+0x28/0x38 [ 74.830563][ C0] netlink_unicast+0x664/0x938 [ 74.831767][ C0] netlink_sendmsg+0x844/0xb38 [ 74.832933][ C0] ____sys_sendmsg+0x584/0x870 [ 74.834197][ C0] ___sys_sendmsg+0x214/0x294 [ 74.835393][ C0] __sys_sendmmsg+0x23c/0x648 [ 74.836503][ C0] __arm64_sys_sendmmsg+0xa0/0xbc [ 74.837784][ C0] invoke_syscall+0x98/0x2b8 [ 74.838890][ C0] el0_svc_common+0x138/0x258 [ 74.840039][ C0] do_el0_svc+0x58/0x14c [ 74.841090][ C0] el0_svc+0x7c/0x1f0 [ 74.842070][ C0] el0t_64_sync_handler+0x84/0xe4 [ 74.843401][ C0] el0t_64_sync+0x1a0/0x1a4 [ 74.844543][ C0] [ 74.845126][ C0] Freed by task 0: [ 74.846043][ C0] (stack is not available) [ 74.847167][ C0] [ 74.847782][ C0] Last potentially related work creation: [ 74.849196][ C0] kasan_save_stack+0x38/0x68 [ 74.850433][ C0] kasan_record_aux_stack+0xd4/0x11c [ 74.851717][ C0] call_rcu+0x118/0xb40 [ 74.852755][ C0] advance_sched+0x4e4/0x858 [ 74.853903][ C0] __hrtimer_run_queues+0x484/0xca4 [ 74.855228][ C0] hrtimer_interrupt+0x2c0/0xb64 [ 74.856434][ C0] arch_timer_handler_virt+0x74/0x88 [ 74.857720][ C0] handle_percpu_devid_irq+0x29c/0x7fc [ 74.859103][ C0] handle_domain_irq+0xec/0x178 [ 74.860329][ C0] gic_handle_irq+0x78/0x1c8 [ 74.861505][ C0] [ 74.862037][ C0] Second to last potentially related work creation: [ 74.863724][ C0] kasan_save_stack+0x38/0x68 [ 74.864942][ C0] kasan_record_aux_stack+0xd4/0x11c [ 74.866358][ C0] call_rcu+0x118/0xb40 [ 74.867394][ C0] taprio_change+0x2e14/0x3604 [ 74.868682][ C0] qdisc_change+0x228/0x548 [ 74.869790][ C0] tc_modify_qdisc+0x116c/0x1364 [ 74.871011][ C0] rtnetlink_rcv_msg+0xa74/0xdac [ 74.872279][ C0] netlink_rcv_skb+0x20c/0x3b8 [ 74.873504][ C0] rtnetlink_rcv+0x28/0x38 [ 74.874614][ C0] netlink_unicast+0x664/0x938 [ 74.875829][ C0] netlink_sendmsg+0x844/0xb38 [ 74.877004][ C0] ____sys_sendmsg+0x584/0x870 [ 74.878221][ C0] ___sys_sendmsg+0x214/0x294 [ 74.879434][ C0] __sys_sendmmsg+0x23c/0x648 [ 74.880694][ C0] __arm64_sys_sendmmsg+0xa0/0xbc [ 74.881953][ C0] invoke_syscall+0x98/0x2b8 [ 74.883094][ C0] el0_svc_common+0x138/0x258 [ 74.884216][ C0] do_el0_svc+0x58/0x14c [ 74.885242][ C0] el0_svc+0x7c/0x1f0 [ 74.886194][ C0] el0t_64_sync_handler+0x84/0xe4 [ 74.887501][ C0] el0t_64_sync+0x1a0/0x1a4 [ 74.888576][ C0] [ 74.889202][ C0] The buggy address belongs to the object at ffff0000c2050200 [ 74.889202][ C0] which belongs to the cache kmalloc-128 of size 128 [ 74.892697][ C0] The buggy address is located 0 bytes inside of [ 74.892697][ C0] 128-byte region [ffff0000c2050200, ffff0000c2050280) [ 74.896031][ C0] The buggy address belongs to the page: [ 74.897455][ C0] page:000000006f927d94 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff0000c2050d00 pfn:0x102050 [ 74.900339][ C0] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff) [ 74.902189][ C0] raw: 05ffc00000000200 fffffc0003435588 fffffc000366ddc8 ffff0000c0002300 [ 74.904338][ C0] raw: ffff0000c2050d00 000000000010000f 00000001ffffffff 0000000000000000 [ 74.906505][ C0] page dumped because: kasan: bad access detected [ 74.908097][ C0] [ 74.908739][ C0] Memory state around the buggy address: [ 74.910150][ C0] ffff0000c2050100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 74.912183][ C0] ffff0000c2050180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.914262][ C0] >ffff0000c2050200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 74.916306][ C0] ^ [ 74.917291][ C0] ffff0000c2050280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.919218][ C0] ffff0000c2050300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 74.921285][ C0] ================================================================== [ 75.518869][ C0] ================================================================== [ 75.521000][ C0] BUG: KASAN: double-free or invalid-free in kfree+0x178/0x410 [ 75.523040][ C0] [ 75.523638][ C0] CPU: 0 PID: 14 Comm: ksoftirqd/0 Tainted: G B 5.15.167-syzkaller #0 [ 75.525885][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 75.528391][ C0] Call trace: [ 75.529206][ C0] dump_backtrace+0x0/0x530 [ 75.530265][ C0] show_stack+0x2c/0x3c [ 75.531302][ C0] dump_stack_lvl+0x108/0x170 [ 75.532541][ C0] print_address_description+0x7c/0x3f0 [ 75.533927][ C0] kasan_report_invalid_free+0x64/0x94 [ 75.535235][ C0] ____kasan_slab_free+0x134/0x164 [ 75.536573][ C0] __kasan_slab_free+0x18/0x28 [ 75.537726][ C0] slab_free_freelist_hook+0x128/0x1ec [ 75.539114][ C0] kfree+0x178/0x410 [ 75.540087][ C0] taprio_free_sched_cb+0x154/0x174 [ 75.541387][ C0] rcu_core+0x830/0x1b34 [ 75.542516][ C0] rcu_core_si+0x10/0x1c [ 75.543588][ C0] handle_softirqs+0x384/0xdbc [ 75.544825][ C0] run_ksoftirqd+0x6c/0x29c [ 75.545997][ C0] smpboot_thread_fn+0x4b0/0x920 [ 75.547256][ C0] kthread+0x37c/0x45c [ 75.548308][ C0] ret_from_fork+0x10/0x20 [ 75.549409][ C0] [ 75.550005][ C0] Allocated by task 5476: [ 75.551094][ C0] ____kasan_kmalloc+0xbc/0xfc [ 75.552238][ C0] __kasan_kmalloc+0x10/0x1c [ 75.553441][ C0] kmem_cache_alloc_trace+0x27c/0x47c [ 75.554769][ C0] taprio_change+0x3b0/0x3604 [ 75.555964][ C0] qdisc_change+0x228/0x548 [ 75.557094][ C0] tc_modify_qdisc+0x116c/0x1364 [ 75.558357][ C0] rtnetlink_rcv_msg+0xa74/0xdac [ 75.559710][ C0] netlink_rcv_skb+0x20c/0x3b8 [ 75.560926][ C0] rtnetlink_rcv+0x28/0x38 [ 75.562038][ C0] netlink_unicast+0x664/0x938 [ 75.563192][ C0] netlink_sendmsg+0x844/0xb38 [ 75.564429][ C0] ____sys_sendmsg+0x584/0x870 [ 75.565621][ C0] ___sys_sendmsg+0x214/0x294 [ 75.566792][ C0] __sys_sendmmsg+0x23c/0x648 [ 75.567957][ C0] __arm64_sys_sendmmsg+0xa0/0xbc [ 75.569221][ C0] invoke_syscall+0x98/0x2b8 [ 75.570364][ C0] el0_svc_common+0x138/0x258 [ 75.571549][ C0] do_el0_svc+0x58/0x14c [ 75.572670][ C0] el0_svc+0x7c/0x1f0 [ 75.573666][ C0] el0t_64_sync_handler+0x84/0xe4 [ 75.574876][ C0] el0t_64_sync+0x1a0/0x1a4 [ 75.576006][ C0] [ 75.576510][ C0] Freed by task 0: [ 75.577501][ C0] (stack is not available) [ 75.578564][ C0] [ 75.579125][ C0] Last potentially related work creation: [ 75.580609][ C0] kasan_save_stack+0x38/0x68 [ 75.581775][ C0] kasan_record_aux_stack+0xd4/0x11c [ 75.583093][ C0] call_rcu+0x118/0xb40 [ 75.584170][ C0] advance_sched+0x4e4/0x858 [ 75.585311][ C0] __hrtimer_run_queues+0x484/0xca4 [ 75.586616][ C0] hrtimer_interrupt+0x2c0/0xb64 [ 75.587801][ C0] arch_timer_handler_virt+0x74/0x88 [ 75.589135][ C0] handle_percpu_devid_irq+0x29c/0x7fc [ 75.590530][ C0] handle_domain_irq+0xec/0x178 [ 75.591786][ C0] gic_handle_irq+0x78/0x1c8 [ 75.592965][ C0] [ 75.593565][ C0] Second to last potentially related work creation: [ 75.595246][ C0] kasan_save_stack+0x38/0x68 [ 75.596476][ C0] kasan_record_aux_stack+0xd4/0x11c [ 75.597801][ C0] call_rcu+0x118/0xb40 [ 75.598869][ C0] taprio_change+0x2e14/0x3604 [ 75.600113][ C0] qdisc_change+0x228/0x548 [ 75.601301][ C0] tc_modify_qdisc+0x116c/0x1364 [ 75.602650][ C0] rtnetlink_rcv_msg+0xa74/0xdac [ 75.603965][ C0] netlink_rcv_skb+0x20c/0x3b8 [ 75.605177][ C0] rtnetlink_rcv+0x28/0x38 [ 75.606305][ C0] netlink_unicast+0x664/0x938 [ 75.607551][ C0] netlink_sendmsg+0x844/0xb38 [ 75.608776][ C0] ____sys_sendmsg+0x584/0x870 [ 75.609988][ C0] ___sys_sendmsg+0x214/0x294 [ 75.611102][ C0] __sys_sendmmsg+0x23c/0x648 [ 75.612272][ C0] __arm64_sys_sendmmsg+0xa0/0xbc [ 75.613534][ C0] invoke_syscall+0x98/0x2b8 [ 75.614706][ C0] el0_svc_common+0x138/0x258 [ 75.615877][ C0] do_el0_svc+0x58/0x14c [ 75.617016][ C0] el0_svc+0x7c/0x1f0 [ 75.618039][ C0] el0t_64_sync_handler+0x84/0xe4 [ 75.619474][ C0] el0t_64_sync+0x1a0/0x1a4 [ 75.620631][ C0] [ 75.621247][ C0] The buggy address belongs to the object at ffff0000c26ee600 [ 75.621247][ C0] which belongs to the cache kmalloc-128 of size 128 [ 75.624965][ C0] The buggy address is located 0 bytes inside of [ 75.624965][ C0] 128-byte region [ffff0000c26ee600, ffff0000c26ee680) [ 75.628362][ C0] The buggy address belongs to the page: [ 75.629850][ C0] page:00000000fe71eef5 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026ee [ 75.632598][ C0] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff) [ 75.634553][ C0] raw: 05ffc00000000200 fffffc0003238880 0000000800000003 ffff0000c0002300 [ 75.636745][ C0] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 75.639028][ C0] page dumped because: kasan: bad access detected [ 75.640602][ C0] [ 75.641174][ C0] Memory state around the buggy address: [ 75.642611][ C0] ffff0000c26ee500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 75.644762][ C0] ffff0000c26ee580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.646842][ C0] >ffff0000c26ee600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 75.649010][ C0] ^ [ 75.650078][ C0] ffff0000c26ee680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.652252][ C0] ffff0000c26ee700: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.654334][ C0] ================================================================== [ 75.785086][ T5522] __nla_validate_parse: 510 callbacks suppressed [ 75.785097][ T5522] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 75.796020][ T5522] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 75.803581][ T5523] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 75.806164][ T5520] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 75.809113][ T5520] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 75.812159][ T5523] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 75.820128][ T5526] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 75.822816][ T5526] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 75.833694][ T5527] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'. [ 75.836275][ T5527] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'. 1970/01/01 00:01:17 executed programs: 549 [ 80.536683][ T4301] ================================================================== [ 80.538818][ T4301] BUG: KASAN: double-free or invalid-free in kfree+0x178/0x410 [ 80.540739][ T4301] [ 80.541345][ T4301] CPU: 0 PID: 4301 Comm: syz-executor.3 Tainted: G B 5.15.167-syzkaller #0 [ 80.543795][ T4301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 80.546467][ T4301] Call trace: [ 80.547331][ T4301] dump_backtrace+0x0/0x530 [ 80.548543][ T4301] show_stack+0x2c/0x3c [ 80.549665][ T4301] dump_stack_lvl+0x108/0x170 [ 80.550865][ T4301] print_address_description+0x7c/0x3f0 [ 80.552289][ T4301] kasan_report_invalid_free+0x64/0x94 [ 80.553736][ T4301] ____kasan_slab_free+0x134/0x164 [ 80.554989][ T4301] __kasan_slab_free+0x18/0x28 [ 80.556220][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 80.557672][ T4301] kfree+0x178/0x410 [ 80.558721][ T4301] ext4_release_dir+0x88/0xfc [ 80.559962][ T4301] __fput+0x1c4/0x800 [ 80.560984][ T4301] ____fput+0x20/0x30 [ 80.562005][ T4301] task_work_run+0x130/0x1e4 [ 80.563190][ T4301] do_exit+0x670/0x20bc [ 80.564235][ T4301] do_group_exit+0x110/0x268 [ 80.565336][ T4301] __wake_up_parent+0x0/0x60 [ 80.566516][ T4301] invoke_syscall+0x98/0x2b8 [ 80.567702][ T4301] el0_svc_common+0x138/0x258 [ 80.568987][ T4301] do_el0_svc+0x58/0x14c [ 80.570026][ T4301] el0_svc+0x7c/0x1f0 [ 80.571059][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 80.572363][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 80.573578][ T4301] [ 80.574194][ T4301] Allocated by task 4301: [ 80.575370][ T4301] ____kasan_kmalloc+0xbc/0xfc [ 80.576645][ T4301] __kasan_kmalloc+0x10/0x1c [ 80.577819][ T4301] __kmalloc+0x29c/0x4c8 [ 80.578958][ T4301] ext4_htree_store_dirent+0x84/0x494 [ 80.580387][ T4301] htree_dirblock_to_tree+0x760/0xdd4 [ 80.581802][ T4301] ext4_htree_fill_tree+0x570/0xf54 [ 80.583138][ T4301] ext4_readdir+0x26c4/0x3224 [ 80.584249][ T4301] iterate_dir+0x1f4/0x4ec [ 80.585433][ T4301] __arm64_sys_getdents64+0x1c4/0x4c4 [ 80.586845][ T4301] invoke_syscall+0x98/0x2b8 [ 80.588074][ T4301] el0_svc_common+0x138/0x258 [ 80.589232][ T4301] do_el0_svc+0x58/0x14c [ 80.590319][ T4301] el0_svc+0x7c/0x1f0 [ 80.591305][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 80.592645][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 80.593820][ T4301] [ 80.594462][ T4301] Freed by task 4301: [ 80.595509][ T4301] kasan_set_track+0x4c/0x84 [ 80.596721][ T4301] kasan_set_free_info+0x28/0x4c [ 80.597984][ T4301] ____kasan_slab_free+0x118/0x164 [ 80.599287][ T4301] __kasan_slab_free+0x18/0x28 [ 80.600552][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 80.601941][ T4301] kfree+0x178/0x410 [ 80.602993][ T4301] ext4_release_dir+0x88/0xfc [ 80.604211][ T4301] __fput+0x1c4/0x800 [ 80.605268][ T4301] ____fput+0x20/0x30 [ 80.606311][ T4301] task_work_run+0x130/0x1e4 [ 80.607499][ T4301] do_exit+0x670/0x20bc [ 80.608600][ T4301] do_group_exit+0x110/0x268 [ 80.609791][ T4301] __wake_up_parent+0x0/0x60 [ 80.610991][ T4301] invoke_syscall+0x98/0x2b8 [ 80.612233][ T4301] el0_svc_common+0x138/0x258 [ 80.613512][ T4301] do_el0_svc+0x58/0x14c [ 80.614641][ T4301] el0_svc+0x7c/0x1f0 [ 80.615653][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 80.617001][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 80.618129][ T4301] [ 80.618685][ T4301] Last potentially related work creation: [ 80.620188][ T4301] kasan_save_stack+0x38/0x68 [ 80.621362][ T4301] kasan_record_aux_stack+0xd4/0x11c [ 80.622736][ T4301] call_rcu+0x118/0xb40 [ 80.623822][ T4301] advance_sched+0x4e4/0x858 [ 80.625010][ T4301] __hrtimer_run_queues+0x484/0xca4 [ 80.626382][ T4301] hrtimer_interrupt+0x2c0/0xb64 [ 80.627694][ T4301] arch_timer_handler_virt+0x74/0x88 [ 80.629015][ T4301] handle_percpu_devid_irq+0x29c/0x7fc [ 80.630503][ T4301] handle_domain_irq+0xec/0x178 [ 80.631723][ T4301] gic_handle_irq+0x78/0x1c8 [ 80.632909][ T4301] [ 80.633535][ T4301] The buggy address belongs to the object at ffff0000da5e0b00 [ 80.633535][ T4301] which belongs to the cache kmalloc-128 of size 128 [ 80.637264][ T4301] The buggy address is located 0 bytes inside of [ 80.637264][ T4301] 128-byte region [ffff0000da5e0b00, ffff0000da5e0b80) [ 80.640725][ T4301] The buggy address belongs to the page: [ 80.642134][ T4301] page:00000000b514051b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11a5e0 [ 80.644897][ T4301] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff) [ 80.646877][ T4301] raw: 05ffc00000000200 0000000000000000 0000000400000001 ffff0000c0002300 [ 80.649130][ T4301] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 80.651448][ T4301] page dumped because: kasan: bad access detected [ 80.653178][ T4301] [ 80.653702][ T4301] Memory state around the buggy address: [ 80.655106][ T4301] ffff0000da5e0a00: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 80.657174][ T4301] ffff0000da5e0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 80.659197][ T4301] >ffff0000da5e0b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 80.661332][ T4301] ^ [ 80.662295][ T4301] ffff0000da5e0b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 80.664364][ T4301] ffff0000da5e0c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 80.666507][ T4301] ================================================================== [ 80.678557][ T4301] ================================================================== [ 80.680531][ T4301] BUG: KASAN: double-free or invalid-free in kfree+0x178/0x410 [ 80.682324][ T4301] [ 80.682920][ T4301] CPU: 0 PID: 4301 Comm: syz-executor.3 Tainted: G B 5.15.167-syzkaller #0 [ 80.685304][ T4301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 80.687894][ T4301] Call trace: [ 80.688721][ T4301] dump_backtrace+0x0/0x530 [ 80.689918][ T4301] show_stack+0x2c/0x3c [ 80.691024][ T4301] dump_stack_lvl+0x108/0x170 [ 80.692260][ T4301] print_address_description+0x7c/0x3f0 [ 80.693677][ T4301] kasan_report_invalid_free+0x64/0x94 [ 80.695083][ T4301] ____kasan_slab_free+0x134/0x164 [ 80.696345][ T4301] __kasan_slab_free+0x18/0x28 [ 80.697617][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 80.699044][ T4301] kfree+0x178/0x410 [ 80.700181][ T4301] ext4_release_dir+0x88/0xfc [ 80.701439][ T4301] __fput+0x1c4/0x800 [ 80.702480][ T4301] ____fput+0x20/0x30 [ 80.703451][ T4301] task_work_run+0x130/0x1e4 [ 80.704588][ T4301] do_exit+0x670/0x20bc [ 80.705661][ T4301] do_group_exit+0x110/0x268 [ 80.706874][ T4301] __wake_up_parent+0x0/0x60 [ 80.708193][ T4301] invoke_syscall+0x98/0x2b8 [ 80.709372][ T4301] el0_svc_common+0x138/0x258 [ 80.710524][ T4301] do_el0_svc+0x58/0x14c [ 80.711623][ T4301] el0_svc+0x7c/0x1f0 [ 80.712650][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 80.713956][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 80.715139][ T4301] [ 80.715729][ T4301] Allocated by task 4301: [ 80.716834][ T4301] ____kasan_kmalloc+0xbc/0xfc [ 80.718117][ T4301] __kasan_kmalloc+0x10/0x1c [ 80.719296][ T4301] __kmalloc+0x29c/0x4c8 [ 80.720336][ T4301] ext4_htree_store_dirent+0x84/0x494 [ 80.721761][ T4301] htree_dirblock_to_tree+0x760/0xdd4 [ 80.723205][ T4301] ext4_htree_fill_tree+0x570/0xf54 [ 80.724506][ T4301] ext4_readdir+0x26c4/0x3224 [ 80.725672][ T4301] iterate_dir+0x1f4/0x4ec [ 80.726808][ T4301] __arm64_sys_getdents64+0x1c4/0x4c4 [ 80.728248][ T4301] invoke_syscall+0x98/0x2b8 [ 80.729462][ T4301] el0_svc_common+0x138/0x258 [ 80.730662][ T4301] do_el0_svc+0x58/0x14c [ 80.731662][ T4301] el0_svc+0x7c/0x1f0 [ 80.732675][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 80.734000][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 80.735121][ T4301] [ 80.735675][ T4301] Freed by task 4301: [ 80.736699][ T4301] kasan_set_track+0x4c/0x84 [ 80.738019][ T4301] kasan_set_free_info+0x28/0x4c [ 80.739277][ T4301] ____kasan_slab_free+0x118/0x164 [ 80.740643][ T4301] __kasan_slab_free+0x18/0x28 [ 80.741828][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 80.743204][ T4301] kfree+0x178/0x410 [ 80.744210][ T4301] ext4_release_dir+0x88/0xfc [ 80.745403][ T4301] __fput+0x1c4/0x800 [ 80.746468][ T4301] ____fput+0x20/0x30 [ 80.747476][ T4301] task_work_run+0x130/0x1e4 [ 80.748606][ T4301] do_exit+0x670/0x20bc [ 80.749747][ T4301] do_group_exit+0x110/0x268 [ 80.750920][ T4301] __wake_up_parent+0x0/0x60 [ 80.752068][ T4301] invoke_syscall+0x98/0x2b8 [ 80.753198][ T4301] el0_svc_common+0x138/0x258 [ 80.754388][ T4301] do_el0_svc+0x58/0x14c [ 80.755369][ T4301] el0_svc+0x7c/0x1f0 [ 80.756348][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 80.757568][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 80.758747][ T4301] [ 80.759403][ T4301] Last potentially related work creation: [ 80.760811][ T4301] kasan_save_stack+0x38/0x68 [ 80.761964][ T4301] kasan_record_aux_stack+0xd4/0x11c [ 80.763403][ T4301] call_rcu+0x118/0xb40 [ 80.764435][ T4301] advance_sched+0x4e4/0x858 [ 80.765538][ T4301] __hrtimer_run_queues+0x484/0xca4 [ 80.766835][ T4301] hrtimer_interrupt+0x2c0/0xb64 [ 80.767979][ T4301] arch_timer_handler_virt+0x74/0x88 [ 80.769330][ T4301] handle_percpu_devid_irq+0x29c/0x7fc [ 80.770757][ T4301] handle_domain_irq+0xec/0x178 [ 80.771895][ T4301] gic_handle_irq+0x78/0x1c8 [ 80.772982][ T4301] [ 80.773502][ T4301] The buggy address belongs to the object at ffff0000da5e0b00 [ 80.773502][ T4301] which belongs to the cache kmalloc-128 of size 128 [ 80.776930][ T4301] The buggy address is located 0 bytes inside of [ 80.776930][ T4301] 128-byte region [ffff0000da5e0b00, ffff0000da5e0b80) [ 80.780231][ T4301] The buggy address belongs to the page: [ 80.781499][ T4301] page:00000000b514051b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11a5e0 [ 80.784063][ T4301] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff) [ 80.785905][ T4301] raw: 05ffc00000000200 0000000000000000 0000000400000001 ffff0000c0002300 [ 80.788104][ T4301] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 80.790407][ T4301] page dumped because: kasan: bad access detected [ 80.792057][ T4301] [ 80.792616][ T4301] Memory state around the buggy address: [ 80.794042][ T4301] ffff0000da5e0a00: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 80.796115][ T4301] ffff0000da5e0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 80.798105][ T4301] >ffff0000da5e0b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 80.800154][ T4301] ^ [ 80.801199][ T4301] ffff0000da5e0b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 80.803203][ T4301] ffff0000da5e0c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 80.805224][ T4301] ================================================================== [ 80.818498][ T4301] ================================================================== [ 80.820494][ T4301] BUG: KASAN: double-free or invalid-free in kfree+0x178/0x410 [ 80.822473][ T4301] [ 80.823002][ T4301] CPU: 0 PID: 4301 Comm: syz-executor.3 Tainted: G B 5.15.167-syzkaller #0 [ 80.825500][ T4301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 80.827932][ T4301] Call trace: [ 80.828760][ T4301] dump_backtrace+0x0/0x530 [ 80.829814][ T4301] show_stack+0x2c/0x3c [ 80.830900][ T4301] dump_stack_lvl+0x108/0x170 [ 80.832085][ T4301] print_address_description+0x7c/0x3f0 [ 80.833520][ T4301] kasan_report_invalid_free+0x64/0x94 [ 80.834910][ T4301] ____kasan_slab_free+0x134/0x164 [ 80.836245][ T4301] __kasan_slab_free+0x18/0x28 [ 80.837468][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 80.838798][ T4301] kfree+0x178/0x410 [ 80.839763][ T4301] ext4_release_dir+0x88/0xfc [ 80.840902][ T4301] __fput+0x1c4/0x800 [ 80.841913][ T4301] ____fput+0x20/0x30 [ 80.842923][ T4301] task_work_run+0x130/0x1e4 [ 80.844123][ T4301] do_exit+0x670/0x20bc [ 80.845164][ T4301] do_group_exit+0x110/0x268 [ 80.846402][ T4301] __wake_up_parent+0x0/0x60 [ 80.847606][ T4301] invoke_syscall+0x98/0x2b8 [ 80.848757][ T4301] el0_svc_common+0x138/0x258 [ 80.850007][ T4301] do_el0_svc+0x58/0x14c [ 80.851056][ T4301] el0_svc+0x7c/0x1f0 [ 80.852101][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 80.853366][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 80.854553][ T4301] [ 80.855104][ T4301] Allocated by task 4301: [ 80.856184][ T4301] ____kasan_kmalloc+0xbc/0xfc [ 80.857498][ T4301] __kasan_kmalloc+0x10/0x1c [ 80.858718][ T4301] __kmalloc+0x29c/0x4c8 [ 80.859745][ T4301] ext4_htree_store_dirent+0x84/0x494 [ 80.861058][ T4301] htree_dirblock_to_tree+0x760/0xdd4 [ 80.862479][ T4301] ext4_htree_fill_tree+0x570/0xf54 [ 80.863761][ T4301] ext4_readdir+0x26c4/0x3224 [ 80.864996][ T4301] iterate_dir+0x1f4/0x4ec [ 80.866104][ T4301] __arm64_sys_getdents64+0x1c4/0x4c4 [ 80.867448][ T4301] invoke_syscall+0x98/0x2b8 [ 80.868658][ T4301] el0_svc_common+0x138/0x258 [ 80.869775][ T4301] do_el0_svc+0x58/0x14c [ 80.870826][ T4301] el0_svc+0x7c/0x1f0 [ 80.871845][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 80.873082][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 80.874167][ T4301] [ 80.874791][ T4301] Freed by task 4301: [ 80.875806][ T4301] kasan_set_track+0x4c/0x84 [ 80.877000][ T4301] kasan_set_free_info+0x28/0x4c [ 80.878169][ T4301] ____kasan_slab_free+0x118/0x164 [ 80.879470][ T4301] __kasan_slab_free+0x18/0x28 [ 80.880657][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 80.881974][ T4301] kfree+0x178/0x410 [ 80.882948][ T4301] ext4_release_dir+0x88/0xfc [ 80.884180][ T4301] __fput+0x1c4/0x800 [ 80.885208][ T4301] ____fput+0x20/0x30 [ 80.886229][ T4301] task_work_run+0x130/0x1e4 [ 80.887425][ T4301] do_exit+0x670/0x20bc [ 80.888442][ T4301] do_group_exit+0x110/0x268 [ 80.889595][ T4301] __wake_up_parent+0x0/0x60 [ 80.890793][ T4301] invoke_syscall+0x98/0x2b8 [ 80.891921][ T4301] el0_svc_common+0x138/0x258 [ 80.893045][ T4301] do_el0_svc+0x58/0x14c [ 80.894168][ T4301] el0_svc+0x7c/0x1f0 [ 80.895148][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 80.896506][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 80.897671][ T4301] [ 80.898223][ T4301] Last potentially related work creation: [ 80.899635][ T4301] kasan_save_stack+0x38/0x68 [ 80.900798][ T4301] kasan_record_aux_stack+0xd4/0x11c [ 80.902139][ T4301] call_rcu+0x118/0xb40 [ 80.903199][ T4301] advance_sched+0x4e4/0x858 [ 80.904294][ T4301] __hrtimer_run_queues+0x484/0xca4 [ 80.905624][ T4301] hrtimer_interrupt+0x2c0/0xb64 [ 80.906923][ T4301] arch_timer_handler_virt+0x74/0x88 [ 80.908258][ T4301] handle_percpu_devid_irq+0x29c/0x7fc [ 80.909654][ T4301] handle_domain_irq+0xec/0x178 [ 80.910902][ T4301] gic_handle_irq+0x78/0x1c8 [ 80.912037][ T4301] [ 80.912636][ T4301] The buggy address belongs to the object at ffff0000da5e0b00 [ 80.912636][ T4301] which belongs to the cache kmalloc-128 of size 128 [ 80.916058][ T4301] The buggy address is located 0 bytes inside of [ 80.916058][ T4301] 128-byte region [ffff0000da5e0b00, ffff0000da5e0b80) [ 80.919303][ T4301] The buggy address belongs to the page: [ 80.920703][ T4301] page:00000000b514051b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11a5e0 [ 80.923293][ T4301] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff) [ 80.925233][ T4301] raw: 05ffc00000000200 0000000000000000 0000000400000001 ffff0000c0002300 [ 80.927455][ T4301] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 80.929560][ T4301] page dumped because: kasan: bad access detected [ 80.931171][ T4301] [ 80.931806][ T4301] Memory state around the buggy address: [ 80.933105][ T4301] ffff0000da5e0a00: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 80.935112][ T4301] ffff0000da5e0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 80.937192][ T4301] >ffff0000da5e0b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 80.939268][ T4301] ^ [ 80.940297][ T4301] ffff0000da5e0b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 80.942322][ T4301] ffff0000da5e0c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 80.944364][ T4301] ================================================================== [ 80.961094][ T4301] ================================================================== [ 80.963085][ T4301] BUG: KASAN: double-free or invalid-free in kfree+0x178/0x410 [ 80.964933][ T4301] [ 80.965523][ T4301] CPU: 0 PID: 4301 Comm: syz-executor.3 Tainted: G B 5.15.167-syzkaller #0 [ 80.968019][ T4301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 80.970518][ T4301] Call trace: [ 80.971310][ T4301] dump_backtrace+0x0/0x530 [ 80.972364][ T4301] show_stack+0x2c/0x3c [ 80.973378][ T4301] dump_stack_lvl+0x108/0x170 [ 80.974573][ T4301] print_address_description+0x7c/0x3f0 [ 80.976043][ T4301] kasan_report_invalid_free+0x64/0x94 [ 80.977431][ T4301] ____kasan_slab_free+0x134/0x164 [ 80.978776][ T4301] __kasan_slab_free+0x18/0x28 [ 80.979964][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 80.981361][ T4301] kfree+0x178/0x410 [ 80.982427][ T4301] ext4_release_dir+0x88/0xfc [ 80.983556][ T4301] __fput+0x1c4/0x800 [ 80.984508][ T4301] ____fput+0x20/0x30 [ 80.985522][ T4301] task_work_run+0x130/0x1e4 [ 80.986674][ T4301] do_exit+0x670/0x20bc [ 80.987712][ T4301] do_group_exit+0x110/0x268 [ 80.988904][ T4301] __wake_up_parent+0x0/0x60 [ 80.990016][ T4301] invoke_syscall+0x98/0x2b8 [ 80.991219][ T4301] el0_svc_common+0x138/0x258 [ 80.992374][ T4301] do_el0_svc+0x58/0x14c [ 80.993427][ T4301] el0_svc+0x7c/0x1f0 [ 80.994438][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 80.995686][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 80.996796][ T4301] [ 80.997337][ T4301] Allocated by task 4301: [ 80.998466][ T4301] ____kasan_kmalloc+0xbc/0xfc [ 80.999690][ T4301] __kasan_kmalloc+0x10/0x1c [ 81.000853][ T4301] __kmalloc+0x29c/0x4c8 [ 81.001953][ T4301] ext4_htree_store_dirent+0x84/0x494 [ 81.003260][ T4301] htree_dirblock_to_tree+0x760/0xdd4 [ 81.004798][ T4301] ext4_htree_fill_tree+0x570/0xf54 [ 81.006183][ T4301] ext4_readdir+0x26c4/0x3224 [ 81.007443][ T4301] iterate_dir+0x1f4/0x4ec [ 81.008656][ T4301] __arm64_sys_getdents64+0x1c4/0x4c4 [ 81.010014][ T4301] invoke_syscall+0x98/0x2b8 [ 81.011177][ T4301] el0_svc_common+0x138/0x258 [ 81.012392][ T4301] do_el0_svc+0x58/0x14c [ 81.013466][ T4301] el0_svc+0x7c/0x1f0 [ 81.014520][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 81.015892][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 81.017079][ T4301] [ 81.017696][ T4301] Freed by task 4301: [ 81.018756][ T4301] kasan_set_track+0x4c/0x84 [ 81.019922][ T4301] kasan_set_free_info+0x28/0x4c [ 81.021173][ T4301] ____kasan_slab_free+0x118/0x164 [ 81.022543][ T4301] __kasan_slab_free+0x18/0x28 [ 81.023805][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 81.025221][ T4301] kfree+0x178/0x410 [ 81.026258][ T4301] ext4_release_dir+0x88/0xfc [ 81.027620][ T4301] __fput+0x1c4/0x800 [ 81.028689][ T4301] ____fput+0x20/0x30 [ 81.029722][ T4301] task_work_run+0x130/0x1e4 [ 81.030927][ T4301] do_exit+0x670/0x20bc [ 81.032010][ T4301] do_group_exit+0x110/0x268 [ 81.033234][ T4301] __wake_up_parent+0x0/0x60 [ 81.034372][ T4301] invoke_syscall+0x98/0x2b8 [ 81.035535][ T4301] el0_svc_common+0x138/0x258 [ 81.036709][ T4301] do_el0_svc+0x58/0x14c [ 81.037783][ T4301] el0_svc+0x7c/0x1f0 [ 81.038790][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 81.040029][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 81.041177][ T4301] [ 81.041744][ T4301] Last potentially related work creation: [ 81.043250][ T4301] kasan_save_stack+0x38/0x68 [ 81.044474][ T4301] kasan_record_aux_stack+0xd4/0x11c [ 81.045886][ T4301] call_rcu+0x118/0xb40 [ 81.046951][ T4301] advance_sched+0x4e4/0x858 [ 81.048128][ T4301] __hrtimer_run_queues+0x484/0xca4 [ 81.049501][ T4301] hrtimer_interrupt+0x2c0/0xb64 [ 81.050763][ T4301] arch_timer_handler_virt+0x74/0x88 [ 81.052040][ T4301] handle_percpu_devid_irq+0x29c/0x7fc [ 81.053600][ T4301] handle_domain_irq+0xec/0x178 [ 81.054876][ T4301] gic_handle_irq+0x78/0x1c8 [ 81.056088][ T4301] [ 81.056683][ T4301] The buggy address belongs to the object at ffff0000da5e0b00 [ 81.056683][ T4301] which belongs to the cache kmalloc-128 of size 128 [ 81.060376][ T4301] The buggy address is located 0 bytes inside of [ 81.060376][ T4301] 128-byte region [ffff0000da5e0b00, ffff0000da5e0b80) [ 81.063743][ T4301] The buggy address belongs to the page: [ 81.065193][ T4301] page:00000000b514051b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11a5e0 [ 81.067858][ T4301] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff) [ 81.069922][ T4301] raw: 05ffc00000000200 0000000000000000 0000000400000001 ffff0000c0002300 [ 81.072133][ T4301] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 81.074406][ T4301] page dumped because: kasan: bad access detected [ 81.076069][ T4301] [ 81.076660][ T4301] Memory state around the buggy address: [ 81.078094][ T4301] ffff0000da5e0a00: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 81.080239][ T4301] ffff0000da5e0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 81.082344][ T4301] >ffff0000da5e0b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 81.084477][ T4301] ^ [ 81.085540][ T4301] ffff0000da5e0b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 81.087675][ T4301] ffff0000da5e0c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 81.089875][ T4301] ================================================================== [ 81.103486][ T4301] ================================================================== [ 81.105659][ T4301] BUG: KASAN: double-free or invalid-free in kfree+0x178/0x410 [ 81.107669][ T4301] [ 81.108210][ T4301] CPU: 0 PID: 4301 Comm: syz-executor.3 Tainted: G B 5.15.167-syzkaller #0 [ 81.110837][ T4301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 81.113535][ T4301] Call trace: [ 81.114346][ T4301] dump_backtrace+0x0/0x530 [ 81.115547][ T4301] show_stack+0x2c/0x3c [ 81.116679][ T4301] dump_stack_lvl+0x108/0x170 [ 81.117912][ T4301] print_address_description+0x7c/0x3f0 [ 81.119335][ T4301] kasan_report_invalid_free+0x64/0x94 [ 81.120814][ T4301] ____kasan_slab_free+0x134/0x164 [ 81.122112][ T4301] __kasan_slab_free+0x18/0x28 [ 81.123308][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 81.124722][ T4301] kfree+0x178/0x410 [ 81.125717][ T4301] ext4_release_dir+0x88/0xfc [ 81.126865][ T4301] __fput+0x1c4/0x800 [ 81.127902][ T4301] ____fput+0x20/0x30 [ 81.128918][ T4301] task_work_run+0x130/0x1e4 [ 81.130093][ T4301] do_exit+0x670/0x20bc [ 81.131199][ T4301] do_group_exit+0x110/0x268 [ 81.132386][ T4301] __wake_up_parent+0x0/0x60 [ 81.133625][ T4301] invoke_syscall+0x98/0x2b8 [ 81.134785][ T4301] el0_svc_common+0x138/0x258 [ 81.136007][ T4301] do_el0_svc+0x58/0x14c [ 81.137076][ T4301] el0_svc+0x7c/0x1f0 [ 81.138143][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 81.139424][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 81.140592][ T4301] [ 81.141188][ T4301] Allocated by task 4301: [ 81.142315][ T4301] ____kasan_kmalloc+0xbc/0xfc [ 81.143612][ T4301] __kasan_kmalloc+0x10/0x1c [ 81.144764][ T4301] __kmalloc+0x29c/0x4c8 [ 81.145900][ T4301] ext4_htree_store_dirent+0x84/0x494 [ 81.147291][ T4301] htree_dirblock_to_tree+0x760/0xdd4 [ 81.148710][ T4301] ext4_htree_fill_tree+0x570/0xf54 [ 81.150081][ T4301] ext4_readdir+0x26c4/0x3224 [ 81.151266][ T4301] iterate_dir+0x1f4/0x4ec [ 81.152447][ T4301] __arm64_sys_getdents64+0x1c4/0x4c4 [ 81.153835][ T4301] invoke_syscall+0x98/0x2b8 [ 81.154968][ T4301] el0_svc_common+0x138/0x258 [ 81.156231][ T4301] do_el0_svc+0x58/0x14c [ 81.157334][ T4301] el0_svc+0x7c/0x1f0 [ 81.158451][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 81.159791][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 81.160935][ T4301] [ 81.161562][ T4301] Freed by task 4301: [ 81.162553][ T4301] kasan_set_track+0x4c/0x84 [ 81.163723][ T4301] kasan_set_free_info+0x28/0x4c [ 81.164951][ T4301] ____kasan_slab_free+0x118/0x164 [ 81.166215][ T4301] __kasan_slab_free+0x18/0x28 [ 81.167415][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 81.168881][ T4301] kfree+0x178/0x410 [ 81.169893][ T4301] ext4_release_dir+0x88/0xfc [ 81.171159][ T4301] __fput+0x1c4/0x800 [ 81.172207][ T4301] ____fput+0x20/0x30 [ 81.173224][ T4301] task_work_run+0x130/0x1e4 [ 81.174377][ T4301] do_exit+0x670/0x20bc [ 81.175400][ T4301] do_group_exit+0x110/0x268 [ 81.176640][ T4301] __wake_up_parent+0x0/0x60 [ 81.177782][ T4301] invoke_syscall+0x98/0x2b8 [ 81.178952][ T4301] el0_svc_common+0x138/0x258 [ 81.180238][ T4301] do_el0_svc+0x58/0x14c [ 81.181359][ T4301] el0_svc+0x7c/0x1f0 [ 81.182373][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 81.183732][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 81.184855][ T4301] [ 81.185521][ T4301] Last potentially related work creation: [ 81.187060][ T4301] kasan_save_stack+0x38/0x68 [ 81.188262][ T4301] kasan_record_aux_stack+0xd4/0x11c [ 81.189637][ T4301] call_rcu+0x118/0xb40 [ 81.190733][ T4301] advance_sched+0x4e4/0x858 [ 81.191969][ T4301] __hrtimer_run_queues+0x484/0xca4 [ 81.193323][ T4301] hrtimer_interrupt+0x2c0/0xb64 [ 81.194601][ T4301] arch_timer_handler_virt+0x74/0x88 [ 81.195948][ T4301] handle_percpu_devid_irq+0x29c/0x7fc [ 81.197260][ T4301] handle_domain_irq+0xec/0x178 [ 81.198544][ T4301] gic_handle_irq+0x78/0x1c8 [ 81.199792][ T4301] [ 81.200384][ T4301] The buggy address belongs to the object at ffff0000da5e0b00 [ 81.200384][ T4301] which belongs to the cache kmalloc-128 of size 128 [ 81.204083][ T4301] The buggy address is located 0 bytes inside of [ 81.204083][ T4301] 128-byte region [ffff0000da5e0b00, ffff0000da5e0b80) [ 81.207483][ T4301] The buggy address belongs to the page: [ 81.208899][ T4301] page:00000000b514051b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11a5e0 [ 81.211564][ T4301] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff) [ 81.213583][ T4301] raw: 05ffc00000000200 0000000000000000 0000000400000001 ffff0000c0002300 [ 81.215908][ T4301] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 81.218196][ T4301] page dumped because: kasan: bad access detected [ 81.219999][ T4301] [ 81.220621][ T4301] Memory state around the buggy address: [ 81.222081][ T4301] ffff0000da5e0a00: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 81.224199][ T4301] ffff0000da5e0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 81.226370][ T4301] >ffff0000da5e0b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 81.228423][ T4301] ^ [ 81.229532][ T4301] ffff0000da5e0b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 81.231790][ T4301] ffff0000da5e0c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 81.233961][ T4301] ================================================================== [ 81.245632][ T4301] ================================================================== [ 81.247800][ T4301] BUG: KASAN: double-free or invalid-free in kfree+0x178/0x410 [ 81.249753][ T4301] [ 81.250318][ T4301] CPU: 0 PID: 4301 Comm: syz-executor.3 Tainted: G B 5.15.167-syzkaller #0 [ 81.252984][ T4301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 81.255756][ T4301] Call trace: [ 81.256604][ T4301] dump_backtrace+0x0/0x530 [ 81.257765][ T4301] show_stack+0x2c/0x3c [ 81.258919][ T4301] dump_stack_lvl+0x108/0x170 [ 81.260156][ T4301] print_address_description+0x7c/0x3f0 [ 81.261673][ T4301] kasan_report_invalid_free+0x64/0x94 [ 81.263148][ T4301] ____kasan_slab_free+0x134/0x164 [ 81.264562][ T4301] __kasan_slab_free+0x18/0x28 [ 81.265900][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 81.267395][ T4301] kfree+0x178/0x410 [ 81.268475][ T4301] ext4_release_dir+0x88/0xfc [ 81.269728][ T4301] __fput+0x1c4/0x800 [ 81.270778][ T4301] ____fput+0x20/0x30 [ 81.271869][ T4301] task_work_run+0x130/0x1e4 [ 81.273191][ T4301] do_exit+0x670/0x20bc [ 81.274294][ T4301] do_group_exit+0x110/0x268 [ 81.275535][ T4301] __wake_up_parent+0x0/0x60 [ 81.276726][ T4301] invoke_syscall+0x98/0x2b8 [ 81.277904][ T4301] el0_svc_common+0x138/0x258 [ 81.279109][ T4301] do_el0_svc+0x58/0x14c [ 81.280244][ T4301] el0_svc+0x7c/0x1f0 [ 81.281296][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 81.282680][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 81.283905][ T4301] [ 81.284557][ T4301] Allocated by task 4301: [ 81.285676][ T4301] ____kasan_kmalloc+0xbc/0xfc [ 81.286964][ T4301] __kasan_kmalloc+0x10/0x1c [ 81.288208][ T4301] __kmalloc+0x29c/0x4c8 [ 81.289357][ T4301] ext4_htree_store_dirent+0x84/0x494 [ 81.290806][ T4301] htree_dirblock_to_tree+0x760/0xdd4 [ 81.292225][ T4301] ext4_htree_fill_tree+0x570/0xf54 [ 81.293533][ T4301] ext4_readdir+0x26c4/0x3224 [ 81.294745][ T4301] iterate_dir+0x1f4/0x4ec [ 81.295908][ T4301] __arm64_sys_getdents64+0x1c4/0x4c4 [ 81.297325][ T4301] invoke_syscall+0x98/0x2b8 [ 81.298531][ T4301] el0_svc_common+0x138/0x258 [ 81.299749][ T4301] do_el0_svc+0x58/0x14c [ 81.300949][ T4301] el0_svc+0x7c/0x1f0 [ 81.302024][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 81.303363][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 81.304558][ T4301] [ 81.305157][ T4301] Freed by task 4301: [ 81.306209][ T4301] kasan_set_track+0x4c/0x84 [ 81.307440][ T4301] kasan_set_free_info+0x28/0x4c [ 81.308759][ T4301] ____kasan_slab_free+0x118/0x164 [ 81.310174][ T4301] __kasan_slab_free+0x18/0x28 [ 81.311545][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 81.312980][ T4301] kfree+0x178/0x410 [ 81.314047][ T4301] ext4_release_dir+0x88/0xfc [ 81.315283][ T4301] __fput+0x1c4/0x800 [ 81.316379][ T4301] ____fput+0x20/0x30 [ 81.317498][ T4301] task_work_run+0x130/0x1e4 [ 81.318746][ T4301] do_exit+0x670/0x20bc [ 81.319918][ T4301] do_group_exit+0x110/0x268 [ 81.321155][ T4301] __wake_up_parent+0x0/0x60 [ 81.322359][ T4301] invoke_syscall+0x98/0x2b8 [ 81.323588][ T4301] el0_svc_common+0x138/0x258 [ 81.324823][ T4301] do_el0_svc+0x58/0x14c [ 81.325877][ T4301] el0_svc+0x7c/0x1f0 [ 81.326960][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 81.328371][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 81.329692][ T4301] [ 81.330318][ T4301] Last potentially related work creation: [ 81.331838][ T4301] kasan_save_stack+0x38/0x68 [ 81.333020][ T4301] kasan_record_aux_stack+0xd4/0x11c [ 81.334469][ T4301] call_rcu+0x118/0xb40 [ 81.335541][ T4301] advance_sched+0x4e4/0x858 [ 81.336754][ T4301] __hrtimer_run_queues+0x484/0xca4 [ 81.338146][ T4301] hrtimer_interrupt+0x2c0/0xb64 [ 81.339425][ T4301] arch_timer_handler_virt+0x74/0x88 [ 81.340767][ T4301] handle_percpu_devid_irq+0x29c/0x7fc [ 81.342301][ T4301] handle_domain_irq+0xec/0x178 [ 81.343594][ T4301] gic_handle_irq+0x78/0x1c8 [ 81.344770][ T4301] [ 81.345423][ T4301] The buggy address belongs to the object at ffff0000da5e0b00 [ 81.345423][ T4301] which belongs to the cache kmalloc-128 of size 128 [ 81.349201][ T4301] The buggy address is located 0 bytes inside of [ 81.349201][ T4301] 128-byte region [ffff0000da5e0b00, ffff0000da5e0b80) [ 81.352808][ T4301] The buggy address belongs to the page: [ 81.354285][ T4301] page:00000000b514051b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11a5e0 [ 81.356865][ T4301] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff) [ 81.358924][ T4301] raw: 05ffc00000000200 0000000000000000 0000000400000001 ffff0000c0002300 [ 81.361199][ T4301] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 81.363472][ T4301] page dumped because: kasan: bad access detected [ 81.365222][ T4301] [ 81.365832][ T4301] Memory state around the buggy address: [ 81.367328][ T4301] ffff0000da5e0a00: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 81.369500][ T4301] ffff0000da5e0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 81.371615][ T4301] >ffff0000da5e0b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 81.373815][ T4301] ^ [ 81.374876][ T4301] ffff0000da5e0b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 81.376975][ T4301] ffff0000da5e0c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 81.379183][ T4301] ================================================================== [ 81.384551][ T4301] ================================================================== [ 81.386693][ T4301] BUG: KASAN: double-free or invalid-free in kfree+0x178/0x410 [ 81.388698][ T4301] [ 81.389319][ T4301] CPU: 0 PID: 4301 Comm: syz-executor.3 Tainted: G B 5.15.167-syzkaller #0 [ 81.391934][ T4301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 81.394576][ T4301] Call trace: [ 81.395427][ T4301] dump_backtrace+0x0/0x530 [ 81.396585][ T4301] show_stack+0x2c/0x3c [ 81.397698][ T4301] dump_stack_lvl+0x108/0x170 [ 81.398910][ T4301] print_address_description+0x7c/0x3f0 [ 81.400338][ T4301] kasan_report_invalid_free+0x64/0x94 [ 81.401805][ T4301] ____kasan_slab_free+0x134/0x164 [ 81.403160][ T4301] __kasan_slab_free+0x18/0x28 [ 81.404392][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 81.405800][ T4301] kfree+0x178/0x410 [ 81.406866][ T4301] ext4_release_dir+0x88/0xfc [ 81.408172][ T4301] __fput+0x1c4/0x800 [ 81.409187][ T4301] ____fput+0x20/0x30 [ 81.410240][ T4301] task_work_run+0x130/0x1e4 [ 81.411456][ T4301] do_exit+0x670/0x20bc [ 81.412527][ T4301] do_group_exit+0x110/0x268 [ 81.413704][ T4301] __wake_up_parent+0x0/0x60 [ 81.414844][ T4301] invoke_syscall+0x98/0x2b8 [ 81.416019][ T4301] el0_svc_common+0x138/0x258 [ 81.417238][ T4301] do_el0_svc+0x58/0x14c [ 81.418338][ T4301] el0_svc+0x7c/0x1f0 [ 81.419411][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 81.420723][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 81.421940][ T4301] [ 81.422534][ T4301] Allocated by task 4301: [ 81.423671][ T4301] ____kasan_kmalloc+0xbc/0xfc [ 81.424866][ T4301] __kasan_kmalloc+0x10/0x1c [ 81.426036][ T4301] __kmalloc+0x29c/0x4c8 [ 81.427216][ T4301] ext4_htree_store_dirent+0x84/0x494 [ 81.428574][ T4301] htree_dirblock_to_tree+0x760/0xdd4 [ 81.429998][ T4301] ext4_htree_fill_tree+0x570/0xf54 [ 81.431377][ T4301] ext4_readdir+0x26c4/0x3224 [ 81.432605][ T4301] iterate_dir+0x1f4/0x4ec [ 81.433752][ T4301] __arm64_sys_getdents64+0x1c4/0x4c4 [ 81.435194][ T4301] invoke_syscall+0x98/0x2b8 [ 81.436413][ T4301] el0_svc_common+0x138/0x258 [ 81.437688][ T4301] do_el0_svc+0x58/0x14c [ 81.438813][ T4301] el0_svc+0x7c/0x1f0 [ 81.439834][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 81.441184][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 81.442376][ T4301] [ 81.443004][ T4301] Freed by task 4301: [ 81.444061][ T4301] kasan_set_track+0x4c/0x84 [ 81.445257][ T4301] kasan_set_free_info+0x28/0x4c [ 81.446533][ T4301] ____kasan_slab_free+0x118/0x164 [ 81.447878][ T4301] __kasan_slab_free+0x18/0x28 [ 81.449100][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 81.450519][ T4301] kfree+0x178/0x410 [ 81.451579][ T4301] ext4_release_dir+0x88/0xfc [ 81.452814][ T4301] __fput+0x1c4/0x800 [ 81.453830][ T4301] ____fput+0x20/0x30 [ 81.454878][ T4301] task_work_run+0x130/0x1e4 [ 81.456074][ T4301] do_exit+0x670/0x20bc [ 81.457109][ T4301] do_group_exit+0x110/0x268 [ 81.458322][ T4301] __wake_up_parent+0x0/0x60 [ 81.459509][ T4301] invoke_syscall+0x98/0x2b8 [ 81.460665][ T4301] el0_svc_common+0x138/0x258 [ 81.461910][ T4301] do_el0_svc+0x58/0x14c [ 81.463030][ T4301] el0_svc+0x7c/0x1f0 [ 81.464049][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 81.465374][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 81.466610][ T4301] [ 81.467209][ T4301] Last potentially related work creation: [ 81.468723][ T4301] kasan_save_stack+0x38/0x68 [ 81.469931][ T4301] kasan_record_aux_stack+0xd4/0x11c [ 81.471304][ T4301] call_rcu+0x118/0xb40 [ 81.472370][ T4301] advance_sched+0x4e4/0x858 [ 81.473589][ T4301] __hrtimer_run_queues+0x484/0xca4 [ 81.474892][ T4301] hrtimer_interrupt+0x2c0/0xb64 [ 81.476244][ T4301] arch_timer_handler_virt+0x74/0x88 [ 81.477639][ T4301] handle_percpu_devid_irq+0x29c/0x7fc [ 81.479082][ T4301] handle_domain_irq+0xec/0x178 [ 81.480362][ T4301] gic_handle_irq+0x78/0x1c8 [ 81.481544][ T4301] [ 81.482169][ T4301] The buggy address belongs to the object at ffff0000da5e0b00 [ 81.482169][ T4301] which belongs to the cache kmalloc-128 of size 128 [ 81.485852][ T4301] The buggy address is located 0 bytes inside of [ 81.485852][ T4301] 128-byte region [ffff0000da5e0b00, ffff0000da5e0b80) [ 81.489251][ T4301] The buggy address belongs to the page: [ 81.490724][ T4301] page:00000000b514051b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11a5e0 [ 81.493421][ T4301] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff) [ 81.495396][ T4301] raw: 05ffc00000000200 0000000000000000 0000000400000001 ffff0000c0002300 [ 81.497571][ T4301] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 81.499732][ T4301] page dumped because: kasan: bad access detected [ 81.501420][ T4301] [ 81.501988][ T4301] Memory state around the buggy address: [ 81.503490][ T4301] ffff0000da5e0a00: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 81.505607][ T4301] ffff0000da5e0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 81.507807][ T4301] >ffff0000da5e0b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 81.509962][ T4301] ^ [ 81.511002][ T4301] ffff0000da5e0b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 81.513152][ T4301] ffff0000da5e0c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 81.515288][ T4301] ================================================================== [ 81.520820][ T4301] ================================================================== [ 81.522994][ T4301] BUG: KASAN: double-free or invalid-free in kfree+0x178/0x410 [ 81.524998][ T4301] [ 81.525580][ T4301] CPU: 0 PID: 4301 Comm: syz-executor.3 Tainted: G B 5.15.167-syzkaller #0 [ 81.528249][ T4301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 81.530954][ T4301] Call trace: [ 81.531844][ T4301] dump_backtrace+0x0/0x530 [ 81.533015][ T4301] show_stack+0x2c/0x3c [ 81.534078][ T4301] dump_stack_lvl+0x108/0x170 [ 81.535407][ T4301] print_address_description+0x7c/0x3f0 [ 81.537100][ T4301] kasan_report_invalid_free+0x64/0x94 [ 81.538660][ T4301] ____kasan_slab_free+0x134/0x164 [ 81.539995][ T4301] __kasan_slab_free+0x18/0x28 [ 81.541268][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 81.542719][ T4301] kfree+0x178/0x410 [ 81.543730][ T4301] ext4_release_dir+0x88/0xfc [ 81.544943][ T4301] __fput+0x1c4/0x800 [ 81.545949][ T4301] ____fput+0x20/0x30 [ 81.547003][ T4301] task_work_run+0x130/0x1e4 [ 81.548201][ T4301] do_exit+0x670/0x20bc [ 81.549325][ T4301] do_group_exit+0x110/0x268 [ 81.550568][ T4301] __wake_up_parent+0x0/0x60 [ 81.551746][ T4301] invoke_syscall+0x98/0x2b8 [ 81.552931][ T4301] el0_svc_common+0x138/0x258 [ 81.554142][ T4301] do_el0_svc+0x58/0x14c [ 81.555265][ T4301] el0_svc+0x7c/0x1f0 [ 81.556319][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 81.557703][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 81.558937][ T4301] [ 81.559535][ T4301] Allocated by task 4301: [ 81.560719][ T4301] ____kasan_kmalloc+0xbc/0xfc [ 81.561993][ T4301] __kasan_kmalloc+0x10/0x1c [ 81.563222][ T4301] __kmalloc+0x29c/0x4c8 [ 81.564359][ T4301] ext4_htree_store_dirent+0x84/0x494 [ 81.565808][ T4301] htree_dirblock_to_tree+0x760/0xdd4 [ 81.567219][ T4301] ext4_htree_fill_tree+0x570/0xf54 [ 81.568596][ T4301] ext4_readdir+0x26c4/0x3224 [ 81.569800][ T4301] iterate_dir+0x1f4/0x4ec [ 81.570954][ T4301] __arm64_sys_getdents64+0x1c4/0x4c4 [ 81.572336][ T4301] invoke_syscall+0x98/0x2b8 [ 81.573639][ T4301] el0_svc_common+0x138/0x258 [ 81.574928][ T4301] do_el0_svc+0x58/0x14c [ 81.576100][ T4301] el0_svc+0x7c/0x1f0 [ 81.577189][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 81.578579][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 81.579770][ T4301] [ 81.580337][ T4301] Freed by task 4301: [ 81.581375][ T4301] kasan_set_track+0x4c/0x84 [ 81.582649][ T4301] kasan_set_free_info+0x28/0x4c [ 81.583960][ T4301] ____kasan_slab_free+0x118/0x164 [ 81.585340][ T4301] __kasan_slab_free+0x18/0x28 [ 81.586612][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 81.588052][ T4301] kfree+0x178/0x410 [ 81.589095][ T4301] ext4_release_dir+0x88/0xfc [ 81.590365][ T4301] __fput+0x1c4/0x800 [ 81.591443][ T4301] ____fput+0x20/0x30 [ 81.592522][ T4301] task_work_run+0x130/0x1e4 [ 81.593658][ T4301] do_exit+0x670/0x20bc [ 81.594806][ T4301] do_group_exit+0x110/0x268 [ 81.596001][ T4301] __wake_up_parent+0x0/0x60 [ 81.597218][ T4301] invoke_syscall+0x98/0x2b8 [ 81.598482][ T4301] el0_svc_common+0x138/0x258 [ 81.599698][ T4301] do_el0_svc+0x58/0x14c [ 81.600842][ T4301] el0_svc+0x7c/0x1f0 [ 81.601972][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 81.603324][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 81.604481][ T4301] [ 81.605144][ T4301] Last potentially related work creation: [ 81.606573][ T4301] kasan_save_stack+0x38/0x68 [ 81.607788][ T4301] kasan_record_aux_stack+0xd4/0x11c [ 81.609204][ T4301] call_rcu+0x118/0xb40 [ 81.610400][ T4301] advance_sched+0x4e4/0x858 [ 81.611712][ T4301] __hrtimer_run_queues+0x484/0xca4 [ 81.613092][ T4301] hrtimer_interrupt+0x2c0/0xb64 [ 81.614465][ T4301] arch_timer_handler_virt+0x74/0x88 [ 81.615859][ T4301] handle_percpu_devid_irq+0x29c/0x7fc [ 81.617310][ T4301] handle_domain_irq+0xec/0x178 [ 81.618532][ T4301] gic_handle_irq+0x78/0x1c8 [ 81.619763][ T4301] [ 81.620358][ T4301] The buggy address belongs to the object at ffff0000da5e0b00 [ 81.620358][ T4301] which belongs to the cache kmalloc-128 of size 128 [ 81.624111][ T4301] The buggy address is located 0 bytes inside of [ 81.624111][ T4301] 128-byte region [ffff0000da5e0b00, ffff0000da5e0b80) [ 81.627633][ T4301] The buggy address belongs to the page: [ 81.629136][ T4301] page:00000000b514051b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11a5e0 [ 81.632065][ T4301] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff) [ 81.634242][ T4301] raw: 05ffc00000000200 0000000000000000 0000000400000001 ffff0000c0002300 [ 81.636598][ T4301] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 81.638981][ T4301] page dumped because: kasan: bad access detected [ 81.640708][ T4301] [ 81.641324][ T4301] Memory state around the buggy address: [ 81.642811][ T4301] ffff0000da5e0a00: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 81.644997][ T4301] ffff0000da5e0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 81.647140][ T4301] >ffff0000da5e0b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 81.649359][ T4301] ^ [ 81.650396][ T4301] ffff0000da5e0b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 81.652559][ T4301] ffff0000da5e0c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 81.654709][ T4301] ================================================================== [ 81.660726][ T4301] ================================================================== [ 81.662940][ T4301] BUG: KASAN: double-free or invalid-free in kfree+0x178/0x410 [ 81.664925][ T4301] [ 81.665532][ T4301] CPU: 0 PID: 4301 Comm: syz-executor.3 Tainted: G B 5.15.167-syzkaller #0 [ 81.668102][ T4301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 81.670751][ T4301] Call trace: [ 81.671671][ T4301] dump_backtrace+0x0/0x530 [ 81.672843][ T4301] show_stack+0x2c/0x3c [ 81.673952][ T4301] dump_stack_lvl+0x108/0x170 [ 81.675211][ T4301] print_address_description+0x7c/0x3f0 [ 81.676716][ T4301] kasan_report_invalid_free+0x64/0x94 [ 81.678273][ T4301] ____kasan_slab_free+0x134/0x164 [ 81.679606][ T4301] __kasan_slab_free+0x18/0x28 [ 81.680937][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 81.682423][ T4301] kfree+0x178/0x410 [ 81.683465][ T4301] ext4_release_dir+0x88/0xfc [ 81.684671][ T4301] __fput+0x1c4/0x800 [ 81.685658][ T4301] ____fput+0x20/0x30 [ 81.686730][ T4301] task_work_run+0x130/0x1e4 [ 81.687919][ T4301] do_exit+0x670/0x20bc [ 81.689092][ T4301] do_group_exit+0x110/0x268 [ 81.690386][ T4301] __wake_up_parent+0x0/0x60 [ 81.691636][ T4301] invoke_syscall+0x98/0x2b8 [ 81.692873][ T4301] el0_svc_common+0x138/0x258 [ 81.694157][ T4301] do_el0_svc+0x58/0x14c [ 81.695276][ T4301] el0_svc+0x7c/0x1f0 [ 81.696315][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 81.697646][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 81.698868][ T4301] [ 81.699441][ T4301] Allocated by task 4301: [ 81.700597][ T4301] ____kasan_kmalloc+0xbc/0xfc [ 81.701838][ T4301] __kasan_kmalloc+0x10/0x1c [ 81.703111][ T4301] __kmalloc+0x29c/0x4c8 [ 81.704265][ T4301] ext4_htree_store_dirent+0x84/0x494 [ 81.705695][ T4301] htree_dirblock_to_tree+0x760/0xdd4 [ 81.707074][ T4301] ext4_htree_fill_tree+0x570/0xf54 [ 81.708426][ T4301] ext4_readdir+0x26c4/0x3224 [ 81.709649][ T4301] iterate_dir+0x1f4/0x4ec [ 81.710866][ T4301] __arm64_sys_getdents64+0x1c4/0x4c4 [ 81.712205][ T4301] invoke_syscall+0x98/0x2b8 [ 81.713387][ T4301] el0_svc_common+0x138/0x258 [ 81.714587][ T4301] do_el0_svc+0x58/0x14c [ 81.715759][ T4301] el0_svc+0x7c/0x1f0 [ 81.716817][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 81.718136][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 81.719345][ T4301] [ 81.719988][ T4301] Freed by task 4301: [ 81.720996][ T4301] kasan_set_track+0x4c/0x84 [ 81.722188][ T4301] kasan_set_free_info+0x28/0x4c [ 81.723493][ T4301] ____kasan_slab_free+0x118/0x164 [ 81.724923][ T4301] __kasan_slab_free+0x18/0x28 [ 81.726217][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 81.727678][ T4301] kfree+0x178/0x410 [ 81.728748][ T4301] ext4_release_dir+0x88/0xfc [ 81.730007][ T4301] __fput+0x1c4/0x800 [ 81.730998][ T4301] ____fput+0x20/0x30 [ 81.732052][ T4301] task_work_run+0x130/0x1e4 [ 81.733320][ T4301] do_exit+0x670/0x20bc [ 81.734443][ T4301] do_group_exit+0x110/0x268 [ 81.735657][ T4301] __wake_up_parent+0x0/0x60 [ 81.736924][ T4301] invoke_syscall+0x98/0x2b8 [ 81.738206][ T4301] el0_svc_common+0x138/0x258 [ 81.739487][ T4301] do_el0_svc+0x58/0x14c [ 81.740632][ T4301] el0_svc+0x7c/0x1f0 [ 81.741641][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 81.742961][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 81.744186][ T4301] [ 81.744779][ T4301] Last potentially related work creation: [ 81.746255][ T4301] kasan_save_stack+0x38/0x68 [ 81.747531][ T4301] kasan_record_aux_stack+0xd4/0x11c [ 81.748991][ T4301] call_rcu+0x118/0xb40 [ 81.750152][ T4301] advance_sched+0x4e4/0x858 [ 81.751364][ T4301] __hrtimer_run_queues+0x484/0xca4 [ 81.752891][ T4301] hrtimer_interrupt+0x2c0/0xb64 [ 81.754216][ T4301] arch_timer_handler_virt+0x74/0x88 [ 81.755628][ T4301] handle_percpu_devid_irq+0x29c/0x7fc [ 81.757169][ T4301] handle_domain_irq+0xec/0x178 [ 81.758522][ T4301] gic_handle_irq+0x78/0x1c8 [ 81.759744][ T4301] [ 81.760323][ T4301] The buggy address belongs to the object at ffff0000da5e0b00 [ 81.760323][ T4301] which belongs to the cache kmalloc-128 of size 128 [ 81.764023][ T4301] The buggy address is located 0 bytes inside of [ 81.764023][ T4301] 128-byte region [ffff0000da5e0b00, ffff0000da5e0b80) [ 81.767466][ T4301] The buggy address belongs to the page: [ 81.768904][ T4301] page:00000000b514051b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11a5e0 [ 81.771552][ T4301] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff) [ 81.773540][ T4301] raw: 05ffc00000000200 0000000000000000 0000000400000001 ffff0000c0002300 [ 81.775790][ T4301] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 81.778062][ T4301] page dumped because: kasan: bad access detected [ 81.779651][ T4301] [ 81.780186][ T4301] Memory state around the buggy address: [ 81.781622][ T4301] ffff0000da5e0a00: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 81.783793][ T4301] ffff0000da5e0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 81.785918][ T4301] >ffff0000da5e0b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 81.788006][ T4301] ^ [ 81.789014][ T4301] ffff0000da5e0b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 81.791167][ T4301] ffff0000da5e0c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 81.793252][ T4301] ================================================================== [ 81.800308][ T4301] ================================================================== [ 81.802453][ T4301] BUG: KASAN: double-free or invalid-free in kfree+0x178/0x410 [ 81.804339][ T4301] [ 81.804956][ T4301] CPU: 0 PID: 4301 Comm: syz-executor.3 Tainted: G B 5.15.167-syzkaller #0 [ 81.807504][ T4301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 81.810271][ T4301] Call trace: [ 81.811134][ T4301] dump_backtrace+0x0/0x530 [ 81.812279][ T4301] show_stack+0x2c/0x3c [ 81.813341][ T4301] dump_stack_lvl+0x108/0x170 [ 81.814592][ T4301] print_address_description+0x7c/0x3f0 [ 81.816028][ T4301] kasan_report_invalid_free+0x64/0x94 [ 81.817543][ T4301] ____kasan_slab_free+0x134/0x164 [ 81.818868][ T4301] __kasan_slab_free+0x18/0x28 [ 81.820070][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 81.821563][ T4301] kfree+0x178/0x410 [ 81.822546][ T4301] ext4_release_dir+0x88/0xfc [ 81.823748][ T4301] __fput+0x1c4/0x800 [ 81.824791][ T4301] ____fput+0x20/0x30 [ 81.825810][ T4301] task_work_run+0x130/0x1e4 [ 81.826999][ T4301] do_exit+0x670/0x20bc [ 81.828164][ T4301] do_group_exit+0x110/0x268 [ 81.829329][ T4301] __wake_up_parent+0x0/0x60 [ 81.830632][ T4301] invoke_syscall+0x98/0x2b8 [ 81.831873][ T4301] el0_svc_common+0x138/0x258 [ 81.833082][ T4301] do_el0_svc+0x58/0x14c [ 81.834186][ T4301] el0_svc+0x7c/0x1f0 [ 81.835240][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 81.836523][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 81.837677][ T4301] [ 81.838321][ T4301] Allocated by task 4301: [ 81.839450][ T4301] ____kasan_kmalloc+0xbc/0xfc [ 81.840708][ T4301] __kasan_kmalloc+0x10/0x1c [ 81.841890][ T4301] __kmalloc+0x29c/0x4c8 [ 81.843007][ T4301] ext4_htree_store_dirent+0x84/0x494 [ 81.844458][ T4301] htree_dirblock_to_tree+0x760/0xdd4 [ 81.845933][ T4301] ext4_htree_fill_tree+0x570/0xf54 [ 81.847187][ T4301] ext4_readdir+0x26c4/0x3224 [ 81.848482][ T4301] iterate_dir+0x1f4/0x4ec [ 81.849590][ T4301] __arm64_sys_getdents64+0x1c4/0x4c4 [ 81.850945][ T4301] invoke_syscall+0x98/0x2b8 [ 81.852167][ T4301] el0_svc_common+0x138/0x258 [ 81.853409][ T4301] do_el0_svc+0x58/0x14c [ 81.854538][ T4301] el0_svc+0x7c/0x1f0 [ 81.855548][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 81.856923][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 81.858080][ T4301] [ 81.858693][ T4301] Freed by task 4301: [ 81.859751][ T4301] kasan_set_track+0x4c/0x84 [ 81.860907][ T4301] kasan_set_free_info+0x28/0x4c [ 81.862168][ T4301] ____kasan_slab_free+0x118/0x164 [ 81.863516][ T4301] __kasan_slab_free+0x18/0x28 [ 81.864786][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 81.866213][ T4301] kfree+0x178/0x410 [ 81.867182][ T4301] ext4_release_dir+0x88/0xfc [ 81.868313][ T4301] __fput+0x1c4/0x800 [ 81.869356][ T4301] ____fput+0x20/0x30 [ 81.870292][ T4301] task_work_run+0x130/0x1e4 [ 81.871495][ T4301] do_exit+0x670/0x20bc [ 81.872668][ T4301] do_group_exit+0x110/0x268 [ 81.873839][ T4301] __wake_up_parent+0x0/0x60 [ 81.875072][ T4301] invoke_syscall+0x98/0x2b8 [ 81.876228][ T4301] el0_svc_common+0x138/0x258 [ 81.877427][ T4301] do_el0_svc+0x58/0x14c [ 81.878482][ T4301] el0_svc+0x7c/0x1f0 [ 81.879518][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 81.880875][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 81.882082][ T4301] [ 81.882655][ T4301] Last potentially related work creation: [ 81.884105][ T4301] kasan_save_stack+0x38/0x68 [ 81.885280][ T4301] kasan_record_aux_stack+0xd4/0x11c [ 81.886716][ T4301] call_rcu+0x118/0xb40 [ 81.887794][ T4301] advance_sched+0x4e4/0x858 [ 81.889012][ T4301] __hrtimer_run_queues+0x484/0xca4 [ 81.890290][ T4301] hrtimer_interrupt+0x2c0/0xb64 [ 81.891559][ T4301] arch_timer_handler_virt+0x74/0x88 [ 81.892914][ T4301] handle_percpu_devid_irq+0x29c/0x7fc [ 81.894267][ T4301] handle_domain_irq+0xec/0x178 [ 81.895625][ T4301] gic_handle_irq+0x78/0x1c8 [ 81.896795][ T4301] [ 81.897392][ T4301] The buggy address belongs to the object at ffff0000da5e0b00 [ 81.897392][ T4301] which belongs to the cache kmalloc-128 of size 128 [ 81.901005][ T4301] The buggy address is located 0 bytes inside of [ 81.901005][ T4301] 128-byte region [ffff0000da5e0b00, ffff0000da5e0b80) [ 81.904329][ T4301] The buggy address belongs to the page: [ 81.905808][ T4301] page:00000000b514051b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11a5e0 [ 81.908486][ T4301] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff) [ 81.910558][ T4301] raw: 05ffc00000000200 0000000000000000 0000000400000001 ffff0000c0002300 [ 81.912860][ T4301] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 81.914984][ T4301] page dumped because: kasan: bad access detected [ 81.916588][ T4301] [ 81.917188][ T4301] Memory state around the buggy address: [ 81.918653][ T4301] ffff0000da5e0a00: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 81.920793][ T4301] ffff0000da5e0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 81.922980][ T4301] >ffff0000da5e0b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 81.925053][ T4301] ^ [ 81.926035][ T4301] ffff0000da5e0b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 81.928215][ T4301] ffff0000da5e0c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 81.930291][ T4301] ================================================================== [ 81.935518][ T4301] ================================================================== [ 81.937654][ T4301] BUG: KASAN: double-free or invalid-free in kfree+0x178/0x410 [ 81.939674][ T4301] [ 81.940314][ T4301] CPU: 0 PID: 4301 Comm: syz-executor.3 Tainted: G B 5.15.167-syzkaller #0 [ 81.943072][ T4301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 81.945681][ T4301] Call trace: [ 81.946566][ T4301] dump_backtrace+0x0/0x530 [ 81.947711][ T4301] show_stack+0x2c/0x3c [ 81.948819][ T4301] dump_stack_lvl+0x108/0x170 [ 81.949968][ T4301] print_address_description+0x7c/0x3f0 [ 81.951437][ T4301] kasan_report_invalid_free+0x64/0x94 [ 81.952878][ T4301] ____kasan_slab_free+0x134/0x164 [ 81.954235][ T4301] __kasan_slab_free+0x18/0x28 [ 81.955474][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 81.956978][ T4301] kfree+0x178/0x410 [ 81.957924][ T4301] ext4_release_dir+0x88/0xfc [ 81.959178][ T4301] __fput+0x1c4/0x800 [ 81.960247][ T4301] ____fput+0x20/0x30 [ 81.961283][ T4301] task_work_run+0x130/0x1e4 [ 81.962640][ T4301] do_exit+0x670/0x20bc [ 81.963750][ T4301] do_group_exit+0x110/0x268 [ 81.964950][ T4301] __wake_up_parent+0x0/0x60 [ 81.966190][ T4301] invoke_syscall+0x98/0x2b8 [ 81.967489][ T4301] el0_svc_common+0x138/0x258 [ 81.968777][ T4301] do_el0_svc+0x58/0x14c [ 81.969919][ T4301] el0_svc+0x7c/0x1f0 [ 81.970948][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 81.972341][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 81.973551][ T4301] [ 81.974169][ T4301] Allocated by task 4301: [ 81.975327][ T4301] ____kasan_kmalloc+0xbc/0xfc [ 81.976654][ T4301] __kasan_kmalloc+0x10/0x1c [ 81.977860][ T4301] __kmalloc+0x29c/0x4c8 [ 81.978966][ T4301] ext4_htree_store_dirent+0x84/0x494 [ 81.980386][ T4301] htree_dirblock_to_tree+0x760/0xdd4 [ 81.981763][ T4301] ext4_htree_fill_tree+0x570/0xf54 [ 81.983198][ T4301] ext4_readdir+0x26c4/0x3224 [ 81.984505][ T4301] iterate_dir+0x1f4/0x4ec [ 81.985678][ T4301] __arm64_sys_getdents64+0x1c4/0x4c4 [ 81.987107][ T4301] invoke_syscall+0x98/0x2b8 [ 81.988314][ T4301] el0_svc_common+0x138/0x258 [ 81.989629][ T4301] do_el0_svc+0x58/0x14c [ 81.990794][ T4301] el0_svc+0x7c/0x1f0 [ 81.991859][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 81.993163][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 81.994340][ T4301] [ 81.994979][ T4301] Freed by task 4301: [ 81.996031][ T4301] kasan_set_track+0x4c/0x84 [ 81.997314][ T4301] kasan_set_free_info+0x28/0x4c [ 81.998628][ T4301] ____kasan_slab_free+0x118/0x164 [ 82.000060][ T4301] __kasan_slab_free+0x18/0x28 [ 82.001396][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 82.002899][ T4301] kfree+0x178/0x410 [ 82.003874][ T4301] ext4_release_dir+0x88/0xfc [ 82.005189][ T4301] __fput+0x1c4/0x800 [ 82.006160][ T4301] ____fput+0x20/0x30 [ 82.007230][ T4301] task_work_run+0x130/0x1e4 [ 82.008485][ T4301] do_exit+0x670/0x20bc [ 82.009647][ T4301] do_group_exit+0x110/0x268 [ 82.010860][ T4301] __wake_up_parent+0x0/0x60 [ 82.012137][ T4301] invoke_syscall+0x98/0x2b8 [ 82.013308][ T4301] el0_svc_common+0x138/0x258 [ 82.014550][ T4301] do_el0_svc+0x58/0x14c [ 82.015619][ T4301] el0_svc+0x7c/0x1f0 [ 82.016706][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 82.018029][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 82.019221][ T4301] [ 82.019833][ T4301] Last potentially related work creation: [ 82.021342][ T4301] kasan_save_stack+0x38/0x68 [ 82.022675][ T4301] kasan_record_aux_stack+0xd4/0x11c [ 82.024118][ T4301] call_rcu+0x118/0xb40 [ 82.025266][ T4301] advance_sched+0x4e4/0x858 [ 82.026458][ T4301] __hrtimer_run_queues+0x484/0xca4 [ 82.027874][ T4301] hrtimer_interrupt+0x2c0/0xb64 [ 82.029227][ T4301] arch_timer_handler_virt+0x74/0x88 [ 82.030533][ T4301] handle_percpu_devid_irq+0x29c/0x7fc [ 82.032002][ T4301] handle_domain_irq+0xec/0x178 [ 82.033393][ T4301] gic_handle_irq+0x78/0x1c8 [ 82.034552][ T4301] [ 82.035129][ T4301] The buggy address belongs to the object at ffff0000da5e0b00 [ 82.035129][ T4301] which belongs to the cache kmalloc-128 of size 128 [ 82.038873][ T4301] The buggy address is located 0 bytes inside of [ 82.038873][ T4301] 128-byte region [ffff0000da5e0b00, ffff0000da5e0b80) [ 82.042336][ T4301] The buggy address belongs to the page: [ 82.043855][ T4301] page:00000000b514051b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11a5e0 [ 82.046618][ T4301] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff) [ 82.048616][ T4301] raw: 05ffc00000000200 0000000000000000 0000000400000001 ffff0000c0002300 [ 82.050830][ T4301] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 82.053040][ T4301] page dumped because: kasan: bad access detected [ 82.054817][ T4301] [ 82.055455][ T4301] Memory state around the buggy address: [ 82.056910][ T4301] ffff0000da5e0a00: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 82.059035][ T4301] ffff0000da5e0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 82.061287][ T4301] >ffff0000da5e0b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 82.063474][ T4301] ^ [ 82.064562][ T4301] ffff0000da5e0b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 82.066586][ T4301] ffff0000da5e0c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 82.068689][ T4301] ================================================================== [ 82.074101][ T4301] ================================================================== [ 82.076075][ T4301] BUG: KASAN: double-free or invalid-free in kfree+0x178/0x410 [ 82.078028][ T4301] [ 82.078672][ T4301] CPU: 0 PID: 4301 Comm: syz-executor.3 Tainted: G B 5.15.167-syzkaller #0 [ 82.081272][ T4301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 82.083830][ T4301] Call trace: [ 82.084651][ T4301] dump_backtrace+0x0/0x530 [ 82.085838][ T4301] show_stack+0x2c/0x3c [ 82.086874][ T4301] dump_stack_lvl+0x108/0x170 [ 82.088096][ T4301] print_address_description+0x7c/0x3f0 [ 82.089513][ T4301] kasan_report_invalid_free+0x64/0x94 [ 82.090879][ T4301] ____kasan_slab_free+0x134/0x164 [ 82.092284][ T4301] __kasan_slab_free+0x18/0x28 [ 82.093584][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 82.095034][ T4301] kfree+0x178/0x410 [ 82.096029][ T4301] ext4_release_dir+0x88/0xfc [ 82.097255][ T4301] __fput+0x1c4/0x800 [ 82.098321][ T4301] ____fput+0x20/0x30 [ 82.099311][ T4301] task_work_run+0x130/0x1e4 [ 82.100539][ T4301] do_exit+0x670/0x20bc [ 82.101611][ T4301] do_group_exit+0x110/0x268 [ 82.102749][ T4301] __wake_up_parent+0x0/0x60 [ 82.103957][ T4301] invoke_syscall+0x98/0x2b8 [ 82.105134][ T4301] el0_svc_common+0x138/0x258 [ 82.106287][ T4301] do_el0_svc+0x58/0x14c [ 82.107405][ T4301] el0_svc+0x7c/0x1f0 [ 82.108537][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 82.109814][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 82.110972][ T4301] [ 82.111539][ T4301] Allocated by task 4301: [ 82.112591][ T4301] ____kasan_kmalloc+0xbc/0xfc [ 82.113788][ T4301] __kasan_kmalloc+0x10/0x1c [ 82.114932][ T4301] __kmalloc+0x29c/0x4c8 [ 82.116010][ T4301] ext4_htree_store_dirent+0x84/0x494 [ 82.117473][ T4301] htree_dirblock_to_tree+0x760/0xdd4 [ 82.118906][ T4301] ext4_htree_fill_tree+0x570/0xf54 [ 82.120290][ T4301] ext4_readdir+0x26c4/0x3224 [ 82.121492][ T4301] iterate_dir+0x1f4/0x4ec [ 82.122666][ T4301] __arm64_sys_getdents64+0x1c4/0x4c4 [ 82.123994][ T4301] invoke_syscall+0x98/0x2b8 [ 82.125204][ T4301] el0_svc_common+0x138/0x258 [ 82.126399][ T4301] do_el0_svc+0x58/0x14c [ 82.127494][ T4301] el0_svc+0x7c/0x1f0 [ 82.128517][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 82.129823][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 82.130988][ T4301] [ 82.131585][ T4301] Freed by task 4301: [ 82.132582][ T4301] kasan_set_track+0x4c/0x84 [ 82.133797][ T4301] kasan_set_free_info+0x28/0x4c [ 82.135020][ T4301] ____kasan_slab_free+0x118/0x164 [ 82.136419][ T4301] __kasan_slab_free+0x18/0x28 [ 82.137675][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 82.139062][ T4301] kfree+0x178/0x410 [ 82.140041][ T4301] ext4_release_dir+0x88/0xfc [ 82.141253][ T4301] __fput+0x1c4/0x800 [ 82.142319][ T4301] ____fput+0x20/0x30 [ 82.143370][ T4301] task_work_run+0x130/0x1e4 [ 82.144559][ T4301] do_exit+0x670/0x20bc [ 82.145680][ T4301] do_group_exit+0x110/0x268 [ 82.146867][ T4301] __wake_up_parent+0x0/0x60 [ 82.148029][ T4301] invoke_syscall+0x98/0x2b8 [ 82.149195][ T4301] el0_svc_common+0x138/0x258 [ 82.150427][ T4301] do_el0_svc+0x58/0x14c [ 82.151596][ T4301] el0_svc+0x7c/0x1f0 [ 82.152608][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 82.153908][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 82.155083][ T4301] [ 82.155665][ T4301] Last potentially related work creation: [ 82.157139][ T4301] kasan_save_stack+0x38/0x68 [ 82.158407][ T4301] kasan_record_aux_stack+0xd4/0x11c [ 82.159786][ T4301] call_rcu+0x118/0xb40 [ 82.160824][ T4301] advance_sched+0x4e4/0x858 [ 82.162019][ T4301] __hrtimer_run_queues+0x484/0xca4 [ 82.163399][ T4301] hrtimer_interrupt+0x2c0/0xb64 [ 82.164658][ T4301] arch_timer_handler_virt+0x74/0x88 [ 82.166048][ T4301] handle_percpu_devid_irq+0x29c/0x7fc [ 82.167504][ T4301] handle_domain_irq+0xec/0x178 [ 82.168721][ T4301] gic_handle_irq+0x78/0x1c8 [ 82.169877][ T4301] [ 82.170441][ T4301] The buggy address belongs to the object at ffff0000da5e0b00 [ 82.170441][ T4301] which belongs to the cache kmalloc-128 of size 128 [ 82.174197][ T4301] The buggy address is located 0 bytes inside of [ 82.174197][ T4301] 128-byte region [ffff0000da5e0b00, ffff0000da5e0b80) [ 82.177552][ T4301] The buggy address belongs to the page: [ 82.178968][ T4301] page:00000000b514051b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11a5e0 [ 82.181717][ T4301] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff) [ 82.183772][ T4301] raw: 05ffc00000000200 0000000000000000 0000000400000001 ffff0000c0002300 [ 82.186043][ T4301] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 82.188219][ T4301] page dumped because: kasan: bad access detected [ 82.189918][ T4301] [ 82.190555][ T4301] Memory state around the buggy address: [ 82.191979][ T4301] ffff0000da5e0a00: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 82.194174][ T4301] ffff0000da5e0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 82.196250][ T4301] >ffff0000da5e0b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 82.198419][ T4301] ^ [ 82.199471][ T4301] ffff0000da5e0b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 82.201620][ T4301] ffff0000da5e0c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 82.203684][ T4301] ================================================================== [ 82.209314][ T4301] ================================================================== [ 82.211312][ T4301] BUG: KASAN: double-free or invalid-free in kfree+0x178/0x410 [ 82.213260][ T4301] [ 82.213849][ T4301] CPU: 0 PID: 4301 Comm: syz-executor.3 Tainted: G B 5.15.167-syzkaller #0 [ 82.216397][ T4301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 82.218974][ T4301] Call trace: [ 82.219796][ T4301] dump_backtrace+0x0/0x530 [ 82.220975][ T4301] show_stack+0x2c/0x3c [ 82.222051][ T4301] dump_stack_lvl+0x108/0x170 [ 82.223279][ T4301] print_address_description+0x7c/0x3f0 [ 82.224727][ T4301] kasan_report_invalid_free+0x64/0x94 [ 82.226169][ T4301] ____kasan_slab_free+0x134/0x164 [ 82.227499][ T4301] __kasan_slab_free+0x18/0x28 [ 82.228635][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 82.230056][ T4301] kfree+0x178/0x410 [ 82.231047][ T4301] ext4_release_dir+0x88/0xfc [ 82.232194][ T4301] __fput+0x1c4/0x800 [ 82.233234][ T4301] ____fput+0x20/0x30 [ 82.234309][ T4301] task_work_run+0x130/0x1e4 [ 82.235498][ T4301] do_exit+0x670/0x20bc [ 82.236547][ T4301] do_group_exit+0x110/0x268 [ 82.237713][ T4301] __wake_up_parent+0x0/0x60 [ 82.238887][ T4301] invoke_syscall+0x98/0x2b8 [ 82.240097][ T4301] el0_svc_common+0x138/0x258 [ 82.241363][ T4301] do_el0_svc+0x58/0x14c [ 82.242475][ T4301] el0_svc+0x7c/0x1f0 [ 82.243519][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 82.244882][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 82.246103][ T4301] [ 82.246676][ T4301] Allocated by task 4301: [ 82.247770][ T4301] ____kasan_kmalloc+0xbc/0xfc [ 82.249048][ T4301] __kasan_kmalloc+0x10/0x1c [ 82.250252][ T4301] __kmalloc+0x29c/0x4c8 [ 82.251313][ T4301] ext4_htree_store_dirent+0x84/0x494 [ 82.252665][ T4301] htree_dirblock_to_tree+0x760/0xdd4 [ 82.254046][ T4301] ext4_htree_fill_tree+0x570/0xf54 [ 82.255483][ T4301] ext4_readdir+0x26c4/0x3224 [ 82.256717][ T4301] iterate_dir+0x1f4/0x4ec [ 82.257877][ T4301] __arm64_sys_getdents64+0x1c4/0x4c4 [ 82.259377][ T4301] invoke_syscall+0x98/0x2b8 [ 82.260620][ T4301] el0_svc_common+0x138/0x258 [ 82.261841][ T4301] do_el0_svc+0x58/0x14c [ 82.262939][ T4301] el0_svc+0x7c/0x1f0 [ 82.263982][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 82.265296][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 82.266455][ T4301] [ 82.267011][ T4301] Freed by task 4301: [ 82.268055][ T4301] kasan_set_track+0x4c/0x84 [ 82.269164][ T4301] kasan_set_free_info+0x28/0x4c [ 82.270481][ T4301] ____kasan_slab_free+0x118/0x164 [ 82.271882][ T4301] __kasan_slab_free+0x18/0x28 [ 82.273205][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 82.274657][ T4301] kfree+0x178/0x410 [ 82.275708][ T4301] ext4_release_dir+0x88/0xfc [ 82.276960][ T4301] __fput+0x1c4/0x800 [ 82.278003][ T4301] ____fput+0x20/0x30 [ 82.279041][ T4301] task_work_run+0x130/0x1e4 [ 82.280223][ T4301] do_exit+0x670/0x20bc [ 82.281328][ T4301] do_group_exit+0x110/0x268 [ 82.282528][ T4301] __wake_up_parent+0x0/0x60 [ 82.283725][ T4301] invoke_syscall+0x98/0x2b8 [ 82.284937][ T4301] el0_svc_common+0x138/0x258 [ 82.286193][ T4301] do_el0_svc+0x58/0x14c [ 82.287242][ T4301] el0_svc+0x7c/0x1f0 [ 82.288201][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 82.289475][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 82.290631][ T4301] [ 82.291225][ T4301] Last potentially related work creation: [ 82.292750][ T4301] kasan_save_stack+0x38/0x68 [ 82.293933][ T4301] kasan_record_aux_stack+0xd4/0x11c [ 82.295404][ T4301] call_rcu+0x118/0xb40 [ 82.296499][ T4301] advance_sched+0x4e4/0x858 [ 82.297767][ T4301] __hrtimer_run_queues+0x484/0xca4 [ 82.299153][ T4301] hrtimer_interrupt+0x2c0/0xb64 [ 82.300417][ T4301] arch_timer_handler_virt+0x74/0x88 [ 82.301773][ T4301] handle_percpu_devid_irq+0x29c/0x7fc [ 82.303210][ T4301] handle_domain_irq+0xec/0x178 [ 82.304510][ T4301] gic_handle_irq+0x78/0x1c8 [ 82.305708][ T4301] [ 82.306308][ T4301] The buggy address belongs to the object at ffff0000da5e0b00 [ 82.306308][ T4301] which belongs to the cache kmalloc-128 of size 128 [ 82.310086][ T4301] The buggy address is located 0 bytes inside of [ 82.310086][ T4301] 128-byte region [ffff0000da5e0b00, ffff0000da5e0b80) [ 82.313464][ T4301] The buggy address belongs to the page: [ 82.314919][ T4301] page:00000000b514051b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11a5e0 [ 82.317651][ T4301] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff) [ 82.319657][ T4301] raw: 05ffc00000000200 0000000000000000 0000000400000001 ffff0000c0002300 [ 82.321877][ T4301] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 82.324022][ T4301] page dumped because: kasan: bad access detected [ 82.325708][ T4301] [ 82.326263][ T4301] Memory state around the buggy address: [ 82.327734][ T4301] ffff0000da5e0a00: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 82.329804][ T4301] ffff0000da5e0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 82.331888][ T4301] >ffff0000da5e0b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 82.334017][ T4301] ^ [ 82.335122][ T4301] ffff0000da5e0b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 82.337212][ T4301] ffff0000da5e0c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 82.339210][ T4301] ================================================================== [ 82.344833][ T4301] ================================================================== [ 82.347030][ T4301] BUG: KASAN: double-free or invalid-free in kfree+0x178/0x410 [ 82.348967][ T4301] [ 82.349603][ T4301] CPU: 0 PID: 4301 Comm: syz-executor.3 Tainted: G B 5.15.167-syzkaller #0 [ 82.352218][ T4301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 82.354920][ T4301] Call trace: [ 82.355729][ T4301] dump_backtrace+0x0/0x530 [ 82.356869][ T4301] show_stack+0x2c/0x3c [ 82.357928][ T4301] dump_stack_lvl+0x108/0x170 [ 82.359152][ T4301] print_address_description+0x7c/0x3f0 [ 82.360573][ T4301] kasan_report_invalid_free+0x64/0x94 [ 82.362022][ T4301] ____kasan_slab_free+0x134/0x164 [ 82.363397][ T4301] __kasan_slab_free+0x18/0x28 [ 82.364709][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 82.366164][ T4301] kfree+0x178/0x410 [ 82.367099][ T4301] ext4_release_dir+0x88/0xfc [ 82.368298][ T4301] __fput+0x1c4/0x800 [ 82.369286][ T4301] ____fput+0x20/0x30 [ 82.370279][ T4301] task_work_run+0x130/0x1e4 [ 82.371470][ T4301] do_exit+0x670/0x20bc [ 82.372479][ T4301] do_group_exit+0x110/0x268 [ 82.373627][ T4301] __wake_up_parent+0x0/0x60 [ 82.374836][ T4301] invoke_syscall+0x98/0x2b8 [ 82.376043][ T4301] el0_svc_common+0x138/0x258 [ 82.377226][ T4301] do_el0_svc+0x58/0x14c [ 82.378340][ T4301] el0_svc+0x7c/0x1f0 [ 82.379437][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 82.380690][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 82.381925][ T4301] [ 82.382479][ T4301] Allocated by task 4301: [ 82.383626][ T4301] ____kasan_kmalloc+0xbc/0xfc [ 82.384920][ T4301] __kasan_kmalloc+0x10/0x1c [ 82.386177][ T4301] __kmalloc+0x29c/0x4c8 [ 82.387258][ T4301] ext4_htree_store_dirent+0x84/0x494 [ 82.388676][ T4301] htree_dirblock_to_tree+0x760/0xdd4 [ 82.390043][ T4301] ext4_htree_fill_tree+0x570/0xf54 [ 82.391418][ T4301] ext4_readdir+0x26c4/0x3224 [ 82.392606][ T4301] iterate_dir+0x1f4/0x4ec [ 82.393743][ T4301] __arm64_sys_getdents64+0x1c4/0x4c4 [ 82.395157][ T4301] invoke_syscall+0x98/0x2b8 [ 82.396305][ T4301] el0_svc_common+0x138/0x258 [ 82.397558][ T4301] do_el0_svc+0x58/0x14c [ 82.398696][ T4301] el0_svc+0x7c/0x1f0 [ 82.399686][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 82.400926][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 82.402109][ T4301] [ 82.402715][ T4301] Freed by task 4301: [ 82.403686][ T4301] kasan_set_track+0x4c/0x84 [ 82.404843][ T4301] kasan_set_free_info+0x28/0x4c [ 82.406285][ T4301] ____kasan_slab_free+0x118/0x164 [ 82.407621][ T4301] __kasan_slab_free+0x18/0x28 [ 82.408923][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 82.410299][ T4301] kfree+0x178/0x410 [ 82.411380][ T4301] ext4_release_dir+0x88/0xfc [ 82.412564][ T4301] __fput+0x1c4/0x800 [ 82.413546][ T4301] ____fput+0x20/0x30 [ 82.414602][ T4301] task_work_run+0x130/0x1e4 [ 82.415850][ T4301] do_exit+0x670/0x20bc [ 82.416983][ T4301] do_group_exit+0x110/0x268 [ 82.418212][ T4301] __wake_up_parent+0x0/0x60 [ 82.419423][ T4301] invoke_syscall+0x98/0x2b8 [ 82.420576][ T4301] el0_svc_common+0x138/0x258 [ 82.421820][ T4301] do_el0_svc+0x58/0x14c [ 82.422926][ T4301] el0_svc+0x7c/0x1f0 [ 82.423998][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 82.425212][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 82.426427][ T4301] [ 82.427013][ T4301] Last potentially related work creation: [ 82.428528][ T4301] kasan_save_stack+0x38/0x68 [ 82.429711][ T4301] kasan_record_aux_stack+0xd4/0x11c [ 82.431086][ T4301] call_rcu+0x118/0xb40 [ 82.432125][ T4301] advance_sched+0x4e4/0x858 [ 82.433259][ T4301] __hrtimer_run_queues+0x484/0xca4 [ 82.434750][ T4301] hrtimer_interrupt+0x2c0/0xb64 [ 82.436016][ T4301] arch_timer_handler_virt+0x74/0x88 [ 82.437400][ T4301] handle_percpu_devid_irq+0x29c/0x7fc [ 82.438786][ T4301] handle_domain_irq+0xec/0x178 [ 82.440053][ T4301] gic_handle_irq+0x78/0x1c8 [ 82.441176][ T4301] [ 82.441818][ T4301] The buggy address belongs to the object at ffff0000da5e0b00 [ 82.441818][ T4301] which belongs to the cache kmalloc-128 of size 128 [ 82.445536][ T4301] The buggy address is located 0 bytes inside of [ 82.445536][ T4301] 128-byte region [ffff0000da5e0b00, ffff0000da5e0b80) [ 82.449021][ T4301] The buggy address belongs to the page: [ 82.450534][ T4301] page:00000000b514051b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11a5e0 [ 82.453206][ T4301] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff) [ 82.455291][ T4301] raw: 05ffc00000000200 0000000000000000 0000000400000001 ffff0000c0002300 [ 82.457563][ T4301] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 82.459763][ T4301] page dumped because: kasan: bad access detected [ 82.461499][ T4301] [ 82.462098][ T4301] Memory state around the buggy address: [ 82.463579][ T4301] ffff0000da5e0a00: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 82.465743][ T4301] ffff0000da5e0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 82.467895][ T4301] >ffff0000da5e0b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 82.469960][ T4301] ^ [ 82.471027][ T4301] ffff0000da5e0b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 82.473134][ T4301] ffff0000da5e0c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 82.475210][ T4301] ================================================================== [ 82.482087][ T4301] ================================================================== [ 82.484189][ T4301] BUG: KASAN: double-free or invalid-free in kfree+0x178/0x410 [ 82.486084][ T4301] [ 82.486646][ T4301] CPU: 0 PID: 4301 Comm: syz-executor.3 Tainted: G B 5.15.167-syzkaller #0 [ 82.489295][ T4301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 82.491990][ T4301] Call trace: [ 82.492883][ T4301] dump_backtrace+0x0/0x530 [ 82.494032][ T4301] show_stack+0x2c/0x3c [ 82.495109][ T4301] dump_stack_lvl+0x108/0x170 [ 82.496335][ T4301] print_address_description+0x7c/0x3f0 [ 82.497755][ T4301] kasan_report_invalid_free+0x64/0x94 [ 82.499286][ T4301] ____kasan_slab_free+0x134/0x164 [ 82.500581][ T4301] __kasan_slab_free+0x18/0x28 [ 82.501846][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 82.503311][ T4301] kfree+0x178/0x410 [ 82.504333][ T4301] ext4_release_dir+0x88/0xfc [ 82.505634][ T4301] __fput+0x1c4/0x800 [ 82.506711][ T4301] ____fput+0x20/0x30 [ 82.507709][ T4301] task_work_run+0x130/0x1e4 [ 82.508937][ T4301] do_exit+0x670/0x20bc [ 82.510076][ T4301] do_group_exit+0x110/0x268 [ 82.511304][ T4301] __wake_up_parent+0x0/0x60 [ 82.512517][ T4301] invoke_syscall+0x98/0x2b8 [ 82.513777][ T4301] el0_svc_common+0x138/0x258 [ 82.515020][ T4301] do_el0_svc+0x58/0x14c [ 82.516075][ T4301] el0_svc+0x7c/0x1f0 [ 82.517076][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 82.518478][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 82.519620][ T4301] [ 82.520174][ T4301] Allocated by task 4301: [ 82.521318][ T4301] ____kasan_kmalloc+0xbc/0xfc [ 82.522590][ T4301] __kasan_kmalloc+0x10/0x1c [ 82.523799][ T4301] __kmalloc+0x29c/0x4c8 [ 82.524955][ T4301] ext4_htree_store_dirent+0x84/0x494 [ 82.526391][ T4301] htree_dirblock_to_tree+0x760/0xdd4 [ 82.527784][ T4301] ext4_htree_fill_tree+0x570/0xf54 [ 82.529096][ T4301] ext4_readdir+0x26c4/0x3224 [ 82.530347][ T4301] iterate_dir+0x1f4/0x4ec [ 82.531566][ T4301] __arm64_sys_getdents64+0x1c4/0x4c4 [ 82.533039][ T4301] invoke_syscall+0x98/0x2b8 [ 82.534243][ T4301] el0_svc_common+0x138/0x258 [ 82.535514][ T4301] do_el0_svc+0x58/0x14c [ 82.536638][ T4301] el0_svc+0x7c/0x1f0 [ 82.537664][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 82.538913][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 82.540055][ T4301] [ 82.540634][ T4301] Freed by task 4301: [ 82.541649][ T4301] kasan_set_track+0x4c/0x84 [ 82.542831][ T4301] kasan_set_free_info+0x28/0x4c [ 82.544163][ T4301] ____kasan_slab_free+0x118/0x164 [ 82.545491][ T4301] __kasan_slab_free+0x18/0x28 [ 82.546740][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 82.548140][ T4301] kfree+0x178/0x410 [ 82.549114][ T4301] ext4_release_dir+0x88/0xfc [ 82.550355][ T4301] __fput+0x1c4/0x800 [ 82.551369][ T4301] ____fput+0x20/0x30 [ 82.552462][ T4301] task_work_run+0x130/0x1e4 [ 82.553716][ T4301] do_exit+0x670/0x20bc [ 82.554797][ T4301] do_group_exit+0x110/0x268 [ 82.555977][ T4301] __wake_up_parent+0x0/0x60 [ 82.557205][ T4301] invoke_syscall+0x98/0x2b8 [ 82.558383][ T4301] el0_svc_common+0x138/0x258 [ 82.559562][ T4301] do_el0_svc+0x58/0x14c [ 82.560642][ T4301] el0_svc+0x7c/0x1f0 [ 82.561723][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 82.563000][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 82.564143][ T4301] [ 82.564709][ T4301] Last potentially related work creation: [ 82.566197][ T4301] kasan_save_stack+0x38/0x68 [ 82.567393][ T4301] kasan_record_aux_stack+0xd4/0x11c [ 82.568730][ T4301] call_rcu+0x118/0xb40 [ 82.569817][ T4301] advance_sched+0x4e4/0x858 [ 82.571015][ T4301] __hrtimer_run_queues+0x484/0xca4 [ 82.572377][ T4301] hrtimer_interrupt+0x2c0/0xb64 [ 82.573671][ T4301] arch_timer_handler_virt+0x74/0x88 [ 82.575033][ T4301] handle_percpu_devid_irq+0x29c/0x7fc [ 82.576487][ T4301] handle_domain_irq+0xec/0x178 [ 82.577775][ T4301] gic_handle_irq+0x78/0x1c8 [ 82.578947][ T4301] [ 82.579533][ T4301] The buggy address belongs to the object at ffff0000da5e0b00 [ 82.579533][ T4301] which belongs to the cache kmalloc-128 of size 128 [ 82.583090][ T4301] The buggy address is located 0 bytes inside of [ 82.583090][ T4301] 128-byte region [ffff0000da5e0b00, ffff0000da5e0b80) [ 82.586396][ T4301] The buggy address belongs to the page: [ 82.587859][ T4301] page:00000000b514051b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11a5e0 [ 82.590510][ T4301] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff) [ 82.592506][ T4301] raw: 05ffc00000000200 0000000000000000 0000000400000001 ffff0000c0002300 [ 82.594743][ T4301] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 82.596911][ T4301] page dumped because: kasan: bad access detected [ 82.598542][ T4301] [ 82.599052][ T4301] Memory state around the buggy address: [ 82.600579][ T4301] ffff0000da5e0a00: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 82.602728][ T4301] ffff0000da5e0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 82.604717][ T4301] >ffff0000da5e0b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 82.606779][ T4301] ^ [ 82.607729][ T4301] ffff0000da5e0b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 82.609850][ T4301] ffff0000da5e0c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 82.611966][ T4301] ================================================================== [ 82.617243][ T4301] ================================================================== [ 82.619297][ T4301] BUG: KASAN: double-free or invalid-free in kfree+0x178/0x410 [ 82.621282][ T4301] [ 82.621921][ T4301] CPU: 0 PID: 4301 Comm: syz-executor.3 Tainted: G B 5.15.167-syzkaller #0 [ 82.624526][ T4301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 82.626954][ T4301] Call trace: [ 82.627907][ T4301] dump_backtrace+0x0/0x530 [ 82.629076][ T4301] show_stack+0x2c/0x3c [ 82.630175][ T4301] dump_stack_lvl+0x108/0x170 [ 82.631342][ T4301] print_address_description+0x7c/0x3f0 [ 82.632756][ T4301] kasan_report_invalid_free+0x64/0x94 [ 82.634192][ T4301] ____kasan_slab_free+0x134/0x164 [ 82.635528][ T4301] __kasan_slab_free+0x18/0x28 [ 82.636750][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 82.638162][ T4301] kfree+0x178/0x410 [ 82.639229][ T4301] ext4_release_dir+0x88/0xfc [ 82.640522][ T4301] __fput+0x1c4/0x800 [ 82.641567][ T4301] ____fput+0x20/0x30 [ 82.642648][ T4301] task_work_run+0x130/0x1e4 [ 82.643880][ T4301] do_exit+0x670/0x20bc [ 82.644991][ T4301] do_group_exit+0x110/0x268 [ 82.646227][ T4301] __wake_up_parent+0x0/0x60 [ 82.647457][ T4301] invoke_syscall+0x98/0x2b8 [ 82.648643][ T4301] el0_svc_common+0x138/0x258 [ 82.649871][ T4301] do_el0_svc+0x58/0x14c [ 82.650996][ T4301] el0_svc+0x7c/0x1f0 [ 82.652069][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 82.653375][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 82.654816][ T4301] [ 82.655420][ T4301] Allocated by task 4301: [ 82.656544][ T4301] ____kasan_kmalloc+0xbc/0xfc [ 82.657824][ T4301] __kasan_kmalloc+0x10/0x1c [ 82.659011][ T4301] __kmalloc+0x29c/0x4c8 [ 82.660101][ T4301] ext4_htree_store_dirent+0x84/0x494 [ 82.661450][ T4301] htree_dirblock_to_tree+0x760/0xdd4 [ 82.662844][ T4301] ext4_htree_fill_tree+0x570/0xf54 [ 82.664190][ T4301] ext4_readdir+0x26c4/0x3224 [ 82.665364][ T4301] iterate_dir+0x1f4/0x4ec [ 82.666495][ T4301] __arm64_sys_getdents64+0x1c4/0x4c4 [ 82.667889][ T4301] invoke_syscall+0x98/0x2b8 [ 82.669096][ T4301] el0_svc_common+0x138/0x258 [ 82.670329][ T4301] do_el0_svc+0x58/0x14c [ 82.671494][ T4301] el0_svc+0x7c/0x1f0 [ 82.672561][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 82.673853][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 82.674973][ T4301] [ 82.675580][ T4301] Freed by task 4301: [ 82.676618][ T4301] kasan_set_track+0x4c/0x84 [ 82.677862][ T4301] kasan_set_free_info+0x28/0x4c [ 82.679145][ T4301] ____kasan_slab_free+0x118/0x164 [ 82.680503][ T4301] __kasan_slab_free+0x18/0x28 [ 82.681757][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 82.683252][ T4301] kfree+0x178/0x410 [ 82.684234][ T4301] ext4_release_dir+0x88/0xfc [ 82.685480][ T4301] __fput+0x1c4/0x800 [ 82.686520][ T4301] ____fput+0x20/0x30 [ 82.687564][ T4301] task_work_run+0x130/0x1e4 [ 82.688755][ T4301] do_exit+0x670/0x20bc [ 82.689842][ T4301] do_group_exit+0x110/0x268 [ 82.691022][ T4301] __wake_up_parent+0x0/0x60 [ 82.692156][ T4301] invoke_syscall+0x98/0x2b8 [ 82.693327][ T4301] el0_svc_common+0x138/0x258 [ 82.694556][ T4301] do_el0_svc+0x58/0x14c [ 82.695659][ T4301] el0_svc+0x7c/0x1f0 [ 82.696682][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 82.698031][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 82.699174][ T4301] [ 82.699769][ T4301] Last potentially related work creation: [ 82.701295][ T4301] kasan_save_stack+0x38/0x68 [ 82.702516][ T4301] kasan_record_aux_stack+0xd4/0x11c [ 82.703851][ T4301] call_rcu+0x118/0xb40 [ 82.704943][ T4301] advance_sched+0x4e4/0x858 [ 82.706137][ T4301] __hrtimer_run_queues+0x484/0xca4 [ 82.707480][ T4301] hrtimer_interrupt+0x2c0/0xb64 [ 82.708804][ T4301] arch_timer_handler_virt+0x74/0x88 [ 82.710201][ T4301] handle_percpu_devid_irq+0x29c/0x7fc [ 82.711606][ T4301] handle_domain_irq+0xec/0x178 [ 82.712836][ T4301] gic_handle_irq+0x78/0x1c8 [ 82.714191][ T4301] [ 82.714753][ T4301] The buggy address belongs to the object at ffff0000da5e0b00 [ 82.714753][ T4301] which belongs to the cache kmalloc-128 of size 128 [ 82.718489][ T4301] The buggy address is located 0 bytes inside of [ 82.718489][ T4301] 128-byte region [ffff0000da5e0b00, ffff0000da5e0b80) [ 82.721979][ T4301] The buggy address belongs to the page: [ 82.723436][ T4301] page:00000000b514051b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11a5e0 [ 82.726060][ T4301] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff) [ 82.728020][ T4301] raw: 05ffc00000000200 0000000000000000 0000000400000001 ffff0000c0002300 [ 82.730127][ T4301] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 82.732373][ T4301] page dumped because: kasan: bad access detected [ 82.734019][ T4301] [ 82.734592][ T4301] Memory state around the buggy address: [ 82.736057][ T4301] ffff0000da5e0a00: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 82.738064][ T4301] ffff0000da5e0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 82.740178][ T4301] >ffff0000da5e0b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 82.742241][ T4301] ^ [ 82.743268][ T4301] ffff0000da5e0b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 82.745309][ T4301] ffff0000da5e0c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 82.747470][ T4301] ================================================================== [ 82.753902][ T4301] ================================================================== [ 82.755929][ T4301] BUG: KASAN: double-free or invalid-free in kfree+0x178/0x410 [ 82.757891][ T4301] [ 82.758494][ T4301] CPU: 0 PID: 4301 Comm: syz-executor.3 Tainted: G B 5.15.167-syzkaller #0 [ 82.759963][ T148] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 82.761070][ T4301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 82.766177][ T4301] Call trace: [ 82.767010][ T4301] dump_backtrace+0x0/0x530 [ 82.768130][ T4301] show_stack+0x2c/0x3c [ 82.769248][ T4301] dump_stack_lvl+0x108/0x170 [ 82.770513][ T4301] print_address_description+0x7c/0x3f0 [ 82.771940][ T4301] kasan_report_invalid_free+0x64/0x94 [ 82.773341][ T4301] ____kasan_slab_free+0x134/0x164 [ 82.774769][ T4301] __kasan_slab_free+0x18/0x28 [ 82.776010][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 82.777393][ T4301] kfree+0x178/0x410 [ 82.778419][ T4301] ext4_release_dir+0x88/0xfc [ 82.779645][ T4301] __fput+0x1c4/0x800 [ 82.780608][ T4301] ____fput+0x20/0x30 [ 82.781578][ T4301] task_work_run+0x130/0x1e4 [ 82.782768][ T4301] do_exit+0x670/0x20bc [ 82.783862][ T4301] do_group_exit+0x110/0x268 [ 82.785074][ T4301] __wake_up_parent+0x0/0x60 [ 82.786256][ T4301] invoke_syscall+0x98/0x2b8 [ 82.787484][ T4301] el0_svc_common+0x138/0x258 [ 82.788715][ T4301] do_el0_svc+0x58/0x14c [ 82.789738][ T4301] el0_svc+0x7c/0x1f0 [ 82.790752][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 82.791985][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 82.793196][ T4301] [ 82.793788][ T4301] Allocated by task 4301: [ 82.794919][ T4301] ____kasan_kmalloc+0xbc/0xfc [ 82.796173][ T4301] __kasan_kmalloc+0x10/0x1c [ 82.797406][ T4301] __kmalloc+0x29c/0x4c8 [ 82.798497][ T4301] ext4_htree_store_dirent+0x84/0x494 [ 82.799894][ T4301] htree_dirblock_to_tree+0x760/0xdd4 [ 82.801276][ T4301] ext4_htree_fill_tree+0x570/0xf54 [ 82.802633][ T4301] ext4_readdir+0x26c4/0x3224 [ 82.803833][ T4301] iterate_dir+0x1f4/0x4ec [ 82.804962][ T4301] __arm64_sys_getdents64+0x1c4/0x4c4 [ 82.806424][ T4301] invoke_syscall+0x98/0x2b8 [ 82.807574][ T4301] el0_svc_common+0x138/0x258 [ 82.808824][ T4301] do_el0_svc+0x58/0x14c [ 82.809946][ T4301] el0_svc+0x7c/0x1f0 [ 82.810984][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 82.812306][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 82.813493][ T4301] [ 82.814071][ T4301] Freed by task 4301: [ 82.815070][ T4301] kasan_set_track+0x4c/0x84 [ 82.816212][ T4301] kasan_set_free_info+0x28/0x4c [ 82.817467][ T4301] ____kasan_slab_free+0x118/0x164 [ 82.818728][ T4301] __kasan_slab_free+0x18/0x28 [ 82.819983][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 82.821404][ T4301] kfree+0x178/0x410 [ 82.822461][ T4301] ext4_release_dir+0x88/0xfc [ 82.823637][ T4301] __fput+0x1c4/0x800 [ 82.824678][ T4301] ____fput+0x20/0x30 [ 82.825692][ T4301] task_work_run+0x130/0x1e4 [ 82.826902][ T4301] do_exit+0x670/0x20bc [ 82.827938][ T4301] do_group_exit+0x110/0x268 [ 82.829091][ T4301] __wake_up_parent+0x0/0x60 [ 82.830269][ T4301] invoke_syscall+0x98/0x2b8 [ 82.831423][ T4301] el0_svc_common+0x138/0x258 [ 82.832623][ T4301] do_el0_svc+0x58/0x14c [ 82.833797][ T4301] el0_svc+0x7c/0x1f0 [ 82.834790][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 82.835985][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 82.837148][ T4301] [ 82.837704][ T4301] Last potentially related work creation: [ 82.839132][ T4301] kasan_save_stack+0x38/0x68 [ 82.840317][ T4301] kasan_record_aux_stack+0xd4/0x11c [ 82.841730][ T4301] call_rcu+0x118/0xb40 [ 82.842878][ T4301] advance_sched+0x4e4/0x858 [ 82.844088][ T4301] __hrtimer_run_queues+0x484/0xca4 [ 82.845408][ T4301] hrtimer_interrupt+0x2c0/0xb64 [ 82.846745][ T4301] arch_timer_handler_virt+0x74/0x88 [ 82.848131][ T4301] handle_percpu_devid_irq+0x29c/0x7fc [ 82.849570][ T4301] handle_domain_irq+0xec/0x178 [ 82.850806][ T4301] gic_handle_irq+0x78/0x1c8 [ 82.852031][ T4301] [ 82.852699][ T4301] The buggy address belongs to the object at ffff0000da5e0b00 [ 82.852699][ T4301] which belongs to the cache kmalloc-128 of size 128 [ 82.856366][ T4301] The buggy address is located 0 bytes inside of [ 82.856366][ T4301] 128-byte region [ffff0000da5e0b00, ffff0000da5e0b80) [ 82.859932][ T4301] The buggy address belongs to the page: [ 82.861368][ T4301] page:00000000b514051b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11a5e0 [ 82.864110][ T4301] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff) [ 82.866119][ T4301] raw: 05ffc00000000200 0000000000000000 0000000400000001 ffff0000c0002300 [ 82.868413][ T4301] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 82.870610][ T4301] page dumped because: kasan: bad access detected [ 82.872170][ T4301] [ 82.872757][ T4301] Memory state around the buggy address: [ 82.874228][ T4301] ffff0000da5e0a00: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 82.876268][ T4301] ffff0000da5e0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 82.878411][ T4301] >ffff0000da5e0b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 82.880469][ T4301] ^ [ 82.881526][ T4301] ffff0000da5e0b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 82.883509][ T4301] ffff0000da5e0c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 82.885582][ T4301] ================================================================== [ 82.890510][ T4301] ================================================================== [ 82.892551][ T4301] BUG: KASAN: double-free or invalid-free in kfree+0x178/0x410 [ 82.894503][ T4301] [ 82.895130][ T4301] CPU: 0 PID: 4301 Comm: syz-executor.3 Tainted: G B 5.15.167-syzkaller #0 [ 82.897759][ T4301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 82.900486][ T4301] Call trace: [ 82.901305][ T4301] dump_backtrace+0x0/0x530 [ 82.902390][ T4301] show_stack+0x2c/0x3c [ 82.903517][ T4301] dump_stack_lvl+0x108/0x170 [ 82.904714][ T4301] print_address_description+0x7c/0x3f0 [ 82.906179][ T4301] kasan_report_invalid_free+0x64/0x94 [ 82.907491][ T4301] ____kasan_slab_free+0x134/0x164 [ 82.908859][ T4301] __kasan_slab_free+0x18/0x28 [ 82.910056][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 82.911460][ T4301] kfree+0x178/0x410 [ 82.912453][ T4301] ext4_release_dir+0x88/0xfc [ 82.913676][ T4301] __fput+0x1c4/0x800 [ 82.914635][ T4301] ____fput+0x20/0x30 [ 82.915641][ T4301] task_work_run+0x130/0x1e4 [ 82.916814][ T4301] do_exit+0x670/0x20bc [ 82.917946][ T4301] do_group_exit+0x110/0x268 [ 82.919139][ T4301] __wake_up_parent+0x0/0x60 [ 82.920285][ T4301] invoke_syscall+0x98/0x2b8 [ 82.921492][ T4301] el0_svc_common+0x138/0x258 [ 82.922660][ T4301] do_el0_svc+0x58/0x14c [ 82.923786][ T4301] el0_svc+0x7c/0x1f0 [ 82.924790][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 82.925923][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 82.927123][ T4301] [ 82.927715][ T4301] Allocated by task 4301: [ 82.928839][ T4301] ____kasan_kmalloc+0xbc/0xfc [ 82.930031][ T4301] __kasan_kmalloc+0x10/0x1c [ 82.931225][ T4301] __kmalloc+0x29c/0x4c8 [ 82.932292][ T4301] ext4_htree_store_dirent+0x84/0x494 [ 82.933749][ T4301] htree_dirblock_to_tree+0x760/0xdd4 [ 82.935162][ T4301] ext4_htree_fill_tree+0x570/0xf54 [ 82.936457][ T4301] ext4_readdir+0x26c4/0x3224 [ 82.937652][ T4301] iterate_dir+0x1f4/0x4ec [ 82.938798][ T4301] __arm64_sys_getdents64+0x1c4/0x4c4 [ 82.940123][ T4301] invoke_syscall+0x98/0x2b8 [ 82.941282][ T4301] el0_svc_common+0x138/0x258 [ 82.942521][ T4301] do_el0_svc+0x58/0x14c [ 82.943621][ T4301] el0_svc+0x7c/0x1f0 [ 82.944576][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 82.945958][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 82.947139][ T4301] [ 82.947727][ T4301] Freed by task 4301: [ 82.948787][ T4301] kasan_set_track+0x4c/0x84 [ 82.949918][ T4301] kasan_set_free_info+0x28/0x4c [ 82.951186][ T4301] ____kasan_slab_free+0x118/0x164 [ 82.952477][ T4301] __kasan_slab_free+0x18/0x28 [ 82.953715][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 82.955202][ T4301] kfree+0x178/0x410 [ 82.956212][ T4301] ext4_release_dir+0x88/0xfc [ 82.957392][ T4301] __fput+0x1c4/0x800 [ 82.958415][ T4301] ____fput+0x20/0x30 [ 82.959476][ T4301] task_work_run+0x130/0x1e4 [ 82.960702][ T4301] do_exit+0x670/0x20bc [ 82.961713][ T4301] do_group_exit+0x110/0x268 [ 82.962863][ T4301] __wake_up_parent+0x0/0x60 [ 82.964088][ T4301] invoke_syscall+0x98/0x2b8 [ 82.965311][ T4301] el0_svc_common+0x138/0x258 [ 82.966663][ T4301] do_el0_svc+0x58/0x14c [ 82.967795][ T4301] el0_svc+0x7c/0x1f0 [ 82.968834][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 82.970120][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 82.971386][ T4301] [ 82.971964][ T4301] Last potentially related work creation: [ 82.973468][ T4301] kasan_save_stack+0x38/0x68 [ 82.974703][ T4301] kasan_record_aux_stack+0xd4/0x11c [ 82.976077][ T4301] call_rcu+0x118/0xb40 [ 82.977188][ T4301] advance_sched+0x4e4/0x858 [ 82.978445][ T4301] __hrtimer_run_queues+0x484/0xca4 [ 82.979798][ T4301] hrtimer_interrupt+0x2c0/0xb64 [ 82.981104][ T4301] arch_timer_handler_virt+0x74/0x88 [ 82.982472][ T4301] handle_percpu_devid_irq+0x29c/0x7fc [ 82.983895][ T4301] handle_domain_irq+0xec/0x178 [ 82.985177][ T4301] gic_handle_irq+0x78/0x1c8 [ 82.986337][ T4301] [ 82.986951][ T4301] The buggy address belongs to the object at ffff0000da5e0b00 [ 82.986951][ T4301] which belongs to the cache kmalloc-128 of size 128 [ 82.990609][ T4301] The buggy address is located 0 bytes inside of [ 82.990609][ T4301] 128-byte region [ffff0000da5e0b00, ffff0000da5e0b80) [ 82.994034][ T4301] The buggy address belongs to the page: [ 82.995570][ T4301] page:00000000b514051b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11a5e0 [ 82.998295][ T4301] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff) [ 83.000306][ T4301] raw: 05ffc00000000200 0000000000000000 0000000400000001 ffff0000c0002300 [ 83.002535][ T4301] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 83.004837][ T4301] page dumped because: kasan: bad access detected [ 83.006478][ T4301] [ 83.007083][ T4301] Memory state around the buggy address: [ 83.008567][ T4301] ffff0000da5e0a00: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 83.010755][ T4301] ffff0000da5e0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 83.012817][ T4301] >ffff0000da5e0b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 83.014941][ T4301] ^ [ 83.015934][ T4301] ffff0000da5e0b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 83.018085][ T4301] ffff0000da5e0c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 83.020252][ T4301] ================================================================== [ 83.025470][ T4301] ================================================================== [ 83.027643][ T4301] BUG: KASAN: double-free or invalid-free in kfree+0x178/0x410 [ 83.029587][ T4301] [ 83.030318][ T4301] CPU: 0 PID: 4301 Comm: syz-executor.3 Tainted: G B 5.15.167-syzkaller #0 [ 83.032807][ T4301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 83.035443][ T4301] Call trace: [ 83.036220][ T4301] dump_backtrace+0x0/0x530 [ 83.037369][ T4301] show_stack+0x2c/0x3c [ 83.038455][ T4301] dump_stack_lvl+0x108/0x170 [ 83.039690][ T4301] print_address_description+0x7c/0x3f0 [ 83.041203][ T4301] kasan_report_invalid_free+0x64/0x94 [ 83.042654][ T4301] ____kasan_slab_free+0x134/0x164 [ 83.044002][ T4301] __kasan_slab_free+0x18/0x28 [ 83.045265][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 83.046675][ T4301] kfree+0x178/0x410 [ 83.047705][ T4301] ext4_release_dir+0x88/0xfc [ 83.048954][ T4301] __fput+0x1c4/0x800 [ 83.050043][ T4301] ____fput+0x20/0x30 [ 83.051094][ T4301] task_work_run+0x130/0x1e4 [ 83.052324][ T4301] do_exit+0x670/0x20bc [ 83.053459][ T4301] do_group_exit+0x110/0x268 [ 83.054664][ T4301] __wake_up_parent+0x0/0x60 [ 83.055828][ T4301] invoke_syscall+0x98/0x2b8 [ 83.057095][ T4301] el0_svc_common+0x138/0x258 [ 83.058379][ T4301] do_el0_svc+0x58/0x14c [ 83.059587][ T4301] el0_svc+0x7c/0x1f0 [ 83.060687][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 83.062107][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 83.063272][ T4301] [ 83.063844][ T4301] Allocated by task 4301: [ 83.065020][ T4301] ____kasan_kmalloc+0xbc/0xfc [ 83.066252][ T4301] __kasan_kmalloc+0x10/0x1c [ 83.067400][ T4301] __kmalloc+0x29c/0x4c8 [ 83.068495][ T4301] ext4_htree_store_dirent+0x84/0x494 [ 83.069979][ T4301] htree_dirblock_to_tree+0x760/0xdd4 [ 83.071326][ T4301] ext4_htree_fill_tree+0x570/0xf54 [ 83.072673][ T4301] ext4_readdir+0x26c4/0x3224 [ 83.073908][ T4301] iterate_dir+0x1f4/0x4ec [ 83.075056][ T4301] __arm64_sys_getdents64+0x1c4/0x4c4 [ 83.076463][ T4301] invoke_syscall+0x98/0x2b8 [ 83.077725][ T4301] el0_svc_common+0x138/0x258 [ 83.078978][ T4301] do_el0_svc+0x58/0x14c [ 83.080074][ T4301] el0_svc+0x7c/0x1f0 [ 83.081095][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 83.082378][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 83.083575][ T4301] [ 83.084134][ T4301] Freed by task 4301: [ 83.085169][ T4301] kasan_set_track+0x4c/0x84 [ 83.086376][ T4301] kasan_set_free_info+0x28/0x4c [ 83.087670][ T4301] ____kasan_slab_free+0x118/0x164 [ 83.089033][ T4301] __kasan_slab_free+0x18/0x28 [ 83.090290][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 83.091690][ T4301] kfree+0x178/0x410 [ 83.092751][ T4301] ext4_release_dir+0x88/0xfc [ 83.093931][ T4301] __fput+0x1c4/0x800 [ 83.094968][ T4301] ____fput+0x20/0x30 [ 83.096013][ T4301] task_work_run+0x130/0x1e4 [ 83.097192][ T4301] do_exit+0x670/0x20bc [ 83.098275][ T4301] do_group_exit+0x110/0x268 [ 83.099533][ T4301] __wake_up_parent+0x0/0x60 [ 83.100791][ T4301] invoke_syscall+0x98/0x2b8 [ 83.102026][ T4301] el0_svc_common+0x138/0x258 [ 83.103255][ T4301] do_el0_svc+0x58/0x14c [ 83.104394][ T4301] el0_svc+0x7c/0x1f0 [ 83.105432][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 83.106763][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 83.107951][ T4301] [ 83.108559][ T4301] Last potentially related work creation: [ 83.110110][ T4301] kasan_save_stack+0x38/0x68 [ 83.111393][ T4301] kasan_record_aux_stack+0xd4/0x11c [ 83.112812][ T4301] call_rcu+0x118/0xb40 [ 83.113838][ T4301] advance_sched+0x4e4/0x858 [ 83.115064][ T4301] __hrtimer_run_queues+0x484/0xca4 [ 83.116442][ T4301] hrtimer_interrupt+0x2c0/0xb64 [ 83.117679][ T4301] arch_timer_handler_virt+0x74/0x88 [ 83.119109][ T4301] handle_percpu_devid_irq+0x29c/0x7fc [ 83.120482][ T4301] handle_domain_irq+0xec/0x178 [ 83.121724][ T4301] gic_handle_irq+0x78/0x1c8 [ 83.122966][ T4301] [ 83.123552][ T4301] The buggy address belongs to the object at ffff0000da5e0b00 [ 83.123552][ T4301] which belongs to the cache kmalloc-128 of size 128 [ 83.127297][ T4301] The buggy address is located 0 bytes inside of [ 83.127297][ T4301] 128-byte region [ffff0000da5e0b00, ffff0000da5e0b80) [ 83.130781][ T4301] The buggy address belongs to the page: [ 83.132239][ T4301] page:00000000b514051b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11a5e0 [ 83.134953][ T4301] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff) [ 83.137019][ T4301] raw: 05ffc00000000200 0000000000000000 0000000400000001 ffff0000c0002300 [ 83.139326][ T4301] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 83.141549][ T4301] page dumped because: kasan: bad access detected [ 83.143255][ T4301] [ 83.143847][ T4301] Memory state around the buggy address: [ 83.145262][ T4301] ffff0000da5e0a00: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 83.147499][ T4301] ffff0000da5e0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 83.149585][ T4301] >ffff0000da5e0b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 83.151685][ T4301] ^ [ 83.152723][ T4301] ffff0000da5e0b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 83.154900][ T4301] ffff0000da5e0c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 83.156967][ T4301] ================================================================== [ 83.162141][ T4301] ================================================================== [ 83.164389][ T4301] BUG: KASAN: double-free or invalid-free in kfree+0x178/0x410 [ 83.166475][ T4301] [ 83.167029][ T4301] CPU: 0 PID: 4301 Comm: syz-executor.3 Tainted: G B 5.15.167-syzkaller #0 [ 83.169574][ T4301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 83.172214][ T4301] Call trace: [ 83.173037][ T4301] dump_backtrace+0x0/0x530 [ 83.174155][ T4301] show_stack+0x2c/0x3c [ 83.175217][ T4301] dump_stack_lvl+0x108/0x170 [ 83.176508][ T4301] print_address_description+0x7c/0x3f0 [ 83.177931][ T4301] kasan_report_invalid_free+0x64/0x94 [ 83.179400][ T4301] ____kasan_slab_free+0x134/0x164 [ 83.180744][ T4301] __kasan_slab_free+0x18/0x28 [ 83.182001][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 83.183358][ T4301] kfree+0x178/0x410 [ 83.184409][ T4301] ext4_release_dir+0x88/0xfc [ 83.185693][ T4301] __fput+0x1c4/0x800 [ 83.186766][ T4301] ____fput+0x20/0x30 [ 83.187818][ T4301] task_work_run+0x130/0x1e4 [ 83.188985][ T4301] do_exit+0x670/0x20bc [ 83.190090][ T4301] do_group_exit+0x110/0x268 [ 83.191314][ T4301] __wake_up_parent+0x0/0x60 [ 83.192566][ T4301] invoke_syscall+0x98/0x2b8 [ 83.193785][ T4301] el0_svc_common+0x138/0x258 [ 83.195120][ T4301] do_el0_svc+0x58/0x14c [ 83.196202][ T4301] el0_svc+0x7c/0x1f0 [ 83.197226][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 83.198573][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 83.199771][ T4301] [ 83.200377][ T4301] Allocated by task 4301: [ 83.201502][ T4301] ____kasan_kmalloc+0xbc/0xfc [ 83.202739][ T4301] __kasan_kmalloc+0x10/0x1c [ 83.203968][ T4301] __kmalloc+0x29c/0x4c8 [ 83.205012][ T4301] ext4_htree_store_dirent+0x84/0x494 [ 83.206459][ T4301] htree_dirblock_to_tree+0x760/0xdd4 [ 83.207856][ T4301] ext4_htree_fill_tree+0x570/0xf54 [ 83.209156][ T4301] ext4_readdir+0x26c4/0x3224 [ 83.210428][ T4301] iterate_dir+0x1f4/0x4ec [ 83.211566][ T4301] __arm64_sys_getdents64+0x1c4/0x4c4 [ 83.212921][ T4301] invoke_syscall+0x98/0x2b8 [ 83.214124][ T4301] el0_svc_common+0x138/0x258 [ 83.215362][ T4301] do_el0_svc+0x58/0x14c [ 83.216511][ T4301] el0_svc+0x7c/0x1f0 [ 83.217549][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 83.218930][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 83.220122][ T4301] [ 83.220733][ T4301] Freed by task 4301: [ 83.221810][ T4301] kasan_set_track+0x4c/0x84 [ 83.223023][ T4301] kasan_set_free_info+0x28/0x4c [ 83.224308][ T4301] ____kasan_slab_free+0x118/0x164 [ 83.225746][ T4301] __kasan_slab_free+0x18/0x28 [ 83.227054][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 83.228538][ T4301] kfree+0x178/0x410 [ 83.229522][ T4301] ext4_release_dir+0x88/0xfc [ 83.230757][ T4301] __fput+0x1c4/0x800 [ 83.231781][ T4301] ____fput+0x20/0x30 [ 83.232777][ T4301] task_work_run+0x130/0x1e4 [ 83.233992][ T4301] do_exit+0x670/0x20bc [ 83.235109][ T4301] do_group_exit+0x110/0x268 [ 83.236248][ T4301] __wake_up_parent+0x0/0x60 [ 83.237451][ T4301] invoke_syscall+0x98/0x2b8 [ 83.238623][ T4301] el0_svc_common+0x138/0x258 [ 83.239836][ T4301] do_el0_svc+0x58/0x14c [ 83.240962][ T4301] el0_svc+0x7c/0x1f0 [ 83.242009][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 83.243386][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 83.244599][ T4301] [ 83.245207][ T4301] Last potentially related work creation: [ 83.246719][ T4301] kasan_save_stack+0x38/0x68 [ 83.247901][ T4301] kasan_record_aux_stack+0xd4/0x11c [ 83.249241][ T4301] call_rcu+0x118/0xb40 [ 83.250305][ T4301] advance_sched+0x4e4/0x858 [ 83.251453][ T4301] __hrtimer_run_queues+0x484/0xca4 [ 83.252787][ T4301] hrtimer_interrupt+0x2c0/0xb64 [ 83.254053][ T4301] arch_timer_handler_virt+0x74/0x88 [ 83.255462][ T4301] handle_percpu_devid_irq+0x29c/0x7fc [ 83.256896][ T4301] handle_domain_irq+0xec/0x178 [ 83.258221][ T4301] gic_handle_irq+0x78/0x1c8 [ 83.259496][ T4301] [ 83.260132][ T4301] The buggy address belongs to the object at ffff0000da5e0b00 [ 83.260132][ T4301] which belongs to the cache kmalloc-128 of size 128 [ 83.263838][ T4301] The buggy address is located 0 bytes inside of [ 83.263838][ T4301] 128-byte region [ffff0000da5e0b00, ffff0000da5e0b80) [ 83.267248][ T4301] The buggy address belongs to the page: [ 83.268700][ T4301] page:00000000b514051b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11a5e0 [ 83.271403][ T4301] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff) [ 83.273485][ T4301] raw: 05ffc00000000200 0000000000000000 0000000400000001 ffff0000c0002300 [ 83.275636][ T4301] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 83.277910][ T4301] page dumped because: kasan: bad access detected [ 83.279565][ T4301] [ 83.280127][ T4301] Memory state around the buggy address: [ 83.281568][ T4301] ffff0000da5e0a00: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 83.283657][ T4301] ffff0000da5e0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 83.285782][ T4301] >ffff0000da5e0b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 83.287949][ T4301] ^ [ 83.288976][ T4301] ffff0000da5e0b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 83.291031][ T4301] ffff0000da5e0c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 83.293157][ T4301] ================================================================== [ 83.298059][ T4301] ================================================================== [ 83.300266][ T4301] BUG: KASAN: double-free or invalid-free in kfree+0x178/0x410 [ 83.302148][ T4301] [ 83.302768][ T4301] CPU: 0 PID: 4301 Comm: syz-executor.3 Tainted: G B 5.15.167-syzkaller #0 [ 83.305172][ T4301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 83.307669][ T4301] Call trace: [ 83.308488][ T4301] dump_backtrace+0x0/0x530 [ 83.309620][ T4301] show_stack+0x2c/0x3c [ 83.310664][ T4301] dump_stack_lvl+0x108/0x170 [ 83.311870][ T4301] print_address_description+0x7c/0x3f0 [ 83.313311][ T4301] kasan_report_invalid_free+0x64/0x94 [ 83.314799][ T4301] ____kasan_slab_free+0x134/0x164 [ 83.316228][ T4301] __kasan_slab_free+0x18/0x28 [ 83.317491][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 83.318891][ T4301] kfree+0x178/0x410 [ 83.319938][ T4301] ext4_release_dir+0x88/0xfc [ 83.321165][ T4301] __fput+0x1c4/0x800 [ 83.322140][ T4301] ____fput+0x20/0x30 [ 83.323168][ T4301] task_work_run+0x130/0x1e4 [ 83.324395][ T4301] do_exit+0x670/0x20bc [ 83.325511][ T4301] do_group_exit+0x110/0x268 [ 83.326739][ T4301] __wake_up_parent+0x0/0x60 [ 83.327859][ T4301] invoke_syscall+0x98/0x2b8 [ 83.329076][ T4301] el0_svc_common+0x138/0x258 [ 83.330324][ T4301] do_el0_svc+0x58/0x14c [ 83.331461][ T4301] el0_svc+0x7c/0x1f0 [ 83.332518][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 83.333746][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 83.334893][ T4301] [ 83.335469][ T4301] Allocated by task 4301: [ 83.336593][ T4301] ____kasan_kmalloc+0xbc/0xfc [ 83.337779][ T4301] __kasan_kmalloc+0x10/0x1c [ 83.339040][ T4301] __kmalloc+0x29c/0x4c8 [ 83.340105][ T4301] ext4_htree_store_dirent+0x84/0x494 [ 83.341551][ T4301] htree_dirblock_to_tree+0x760/0xdd4 [ 83.342968][ T4301] ext4_htree_fill_tree+0x570/0xf54 [ 83.344383][ T4301] ext4_readdir+0x26c4/0x3224 [ 83.345551][ T4301] iterate_dir+0x1f4/0x4ec [ 83.346629][ T4301] __arm64_sys_getdents64+0x1c4/0x4c4 [ 83.348052][ T4301] invoke_syscall+0x98/0x2b8 [ 83.349242][ T4301] el0_svc_common+0x138/0x258 [ 83.350445][ T4301] do_el0_svc+0x58/0x14c [ 83.351560][ T4301] el0_svc+0x7c/0x1f0 [ 83.352602][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 83.353873][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 83.355088][ T4301] [ 83.355713][ T4301] Freed by task 4301: [ 83.356767][ T4301] kasan_set_track+0x4c/0x84 [ 83.357962][ T4301] kasan_set_free_info+0x28/0x4c [ 83.359235][ T4301] ____kasan_slab_free+0x118/0x164 [ 83.360533][ T4301] __kasan_slab_free+0x18/0x28 [ 83.361800][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 83.363250][ T4301] kfree+0x178/0x410 [ 83.364241][ T4301] ext4_release_dir+0x88/0xfc [ 83.365523][ T4301] __fput+0x1c4/0x800 [ 83.366562][ T4301] ____fput+0x20/0x30 [ 83.367568][ T4301] task_work_run+0x130/0x1e4 [ 83.368731][ T4301] do_exit+0x670/0x20bc [ 83.369826][ T4301] do_group_exit+0x110/0x268 [ 83.371054][ T4301] __wake_up_parent+0x0/0x60 [ 83.372247][ T4301] invoke_syscall+0x98/0x2b8 [ 83.373490][ T4301] el0_svc_common+0x138/0x258 [ 83.374662][ T4301] do_el0_svc+0x58/0x14c [ 83.375773][ T4301] el0_svc+0x7c/0x1f0 [ 83.376800][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 83.378024][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 83.379170][ T4301] [ 83.379783][ T4301] Last potentially related work creation: [ 83.381276][ T4301] kasan_save_stack+0x38/0x68 [ 83.382566][ T4301] kasan_record_aux_stack+0xd4/0x11c [ 83.383915][ T4301] call_rcu+0x118/0xb40 [ 83.384946][ T4301] advance_sched+0x4e4/0x858 [ 83.386060][ T4301] __hrtimer_run_queues+0x484/0xca4 [ 83.387370][ T4301] hrtimer_interrupt+0x2c0/0xb64 [ 83.388616][ T4301] arch_timer_handler_virt+0x74/0x88 [ 83.390040][ T4301] handle_percpu_devid_irq+0x29c/0x7fc [ 83.391500][ T4301] handle_domain_irq+0xec/0x178 [ 83.392833][ T4301] gic_handle_irq+0x78/0x1c8 [ 83.394042][ T4301] [ 83.394665][ T4301] The buggy address belongs to the object at ffff0000da5e0b00 [ 83.394665][ T4301] which belongs to the cache kmalloc-128 of size 128 [ 83.398280][ T4301] The buggy address is located 0 bytes inside of [ 83.398280][ T4301] 128-byte region [ffff0000da5e0b00, ffff0000da5e0b80) [ 83.401761][ T4301] The buggy address belongs to the page: [ 83.403264][ T4301] page:00000000b514051b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11a5e0 [ 83.405976][ T4301] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff) [ 83.407990][ T4301] raw: 05ffc00000000200 0000000000000000 0000000400000001 ffff0000c0002300 [ 83.410257][ T4301] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 83.412508][ T4301] page dumped because: kasan: bad access detected [ 83.414228][ T4301] [ 83.414810][ T4301] Memory state around the buggy address: [ 83.416199][ T4301] ffff0000da5e0a00: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 83.418238][ T4301] ffff0000da5e0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 83.420449][ T4301] >ffff0000da5e0b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 83.422504][ T4301] ^ [ 83.423608][ T4301] ffff0000da5e0b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 83.425673][ T4301] ffff0000da5e0c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 83.427832][ T4301] ================================================================== [ 83.432670][ T4301] ================================================================== [ 83.434774][ T4301] BUG: KASAN: double-free or invalid-free in kfree+0x178/0x410 [ 83.436770][ T4301] [ 83.437431][ T4301] CPU: 0 PID: 4301 Comm: syz-executor.3 Tainted: G B 5.15.167-syzkaller #0 [ 83.440170][ T4301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 83.442896][ T4301] Call trace: [ 83.443820][ T4301] dump_backtrace+0x0/0x530 [ 83.445038][ T4301] show_stack+0x2c/0x3c [ 83.446166][ T4301] dump_stack_lvl+0x108/0x170 [ 83.447422][ T4301] print_address_description+0x7c/0x3f0 [ 83.448928][ T4301] kasan_report_invalid_free+0x64/0x94 [ 83.450342][ T4301] ____kasan_slab_free+0x134/0x164 [ 83.451650][ T4301] __kasan_slab_free+0x18/0x28 [ 83.452895][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 83.454341][ T4301] kfree+0x178/0x410 [ 83.455333][ T4301] ext4_release_dir+0x88/0xfc [ 83.456537][ T4301] __fput+0x1c4/0x800 [ 83.457544][ T4301] ____fput+0x20/0x30 [ 83.458660][ T4301] task_work_run+0x130/0x1e4 [ 83.459872][ T4301] do_exit+0x670/0x20bc [ 83.460896][ T4301] do_group_exit+0x110/0x268 [ 83.462079][ T4301] __wake_up_parent+0x0/0x60 [ 83.463276][ T4301] invoke_syscall+0x98/0x2b8 [ 83.464532][ T4301] el0_svc_common+0x138/0x258 [ 83.465729][ T4301] do_el0_svc+0x58/0x14c [ 83.466866][ T4301] el0_svc+0x7c/0x1f0 [ 83.467935][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 83.469248][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 83.470538][ T4301] [ 83.471191][ T4301] Allocated by task 4301: [ 83.472377][ T4301] ____kasan_kmalloc+0xbc/0xfc [ 83.473713][ T4301] __kasan_kmalloc+0x10/0x1c [ 83.474916][ T4301] __kmalloc+0x29c/0x4c8 [ 83.476031][ T4301] ext4_htree_store_dirent+0x84/0x494 [ 83.477376][ T4301] htree_dirblock_to_tree+0x760/0xdd4 [ 83.478866][ T4301] ext4_htree_fill_tree+0x570/0xf54 [ 83.480294][ T4301] ext4_readdir+0x26c4/0x3224 [ 83.481590][ T4301] iterate_dir+0x1f4/0x4ec [ 83.482782][ T4301] __arm64_sys_getdents64+0x1c4/0x4c4 [ 83.484183][ T4301] invoke_syscall+0x98/0x2b8 [ 83.485264][ T4301] el0_svc_common+0x138/0x258 [ 83.486592][ T4301] do_el0_svc+0x58/0x14c [ 83.487725][ T4301] el0_svc+0x7c/0x1f0 [ 83.488815][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 83.490109][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 83.491278][ T4301] [ 83.491938][ T4301] Freed by task 4301: [ 83.492968][ T4301] kasan_set_track+0x4c/0x84 [ 83.494176][ T4301] kasan_set_free_info+0x28/0x4c [ 83.495488][ T4301] ____kasan_slab_free+0x118/0x164 [ 83.496852][ T4301] __kasan_slab_free+0x18/0x28 [ 83.498068][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 83.499575][ T4301] kfree+0x178/0x410 [ 83.500561][ T4301] ext4_release_dir+0x88/0xfc [ 83.501794][ T4301] __fput+0x1c4/0x800 [ 83.502810][ T4301] ____fput+0x20/0x30 [ 83.503843][ T4301] task_work_run+0x130/0x1e4 [ 83.505076][ T4301] do_exit+0x670/0x20bc [ 83.506172][ T4301] do_group_exit+0x110/0x268 [ 83.507347][ T4301] __wake_up_parent+0x0/0x60 [ 83.508632][ T4301] invoke_syscall+0x98/0x2b8 [ 83.509863][ T4301] el0_svc_common+0x138/0x258 [ 83.511092][ T4301] do_el0_svc+0x58/0x14c [ 83.512196][ T4301] el0_svc+0x7c/0x1f0 [ 83.513260][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 83.514623][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 83.515808][ T4301] [ 83.516398][ T4301] Last potentially related work creation: [ 83.517782][ T4301] kasan_save_stack+0x38/0x68 [ 83.519021][ T4301] kasan_record_aux_stack+0xd4/0x11c [ 83.520463][ T4301] call_rcu+0x118/0xb40 [ 83.521540][ T4301] advance_sched+0x4e4/0x858 [ 83.522806][ T4301] __hrtimer_run_queues+0x484/0xca4 [ 83.524117][ T4301] hrtimer_interrupt+0x2c0/0xb64 [ 83.525456][ T4301] arch_timer_handler_virt+0x74/0x88 [ 83.526854][ T4301] handle_percpu_devid_irq+0x29c/0x7fc [ 83.528229][ T4301] handle_domain_irq+0xec/0x178 [ 83.529630][ T4301] gic_handle_irq+0x78/0x1c8 [ 83.530863][ T4301] [ 83.531431][ T4301] The buggy address belongs to the object at ffff0000da5e0b00 [ 83.531431][ T4301] which belongs to the cache kmalloc-128 of size 128 [ 83.535134][ T4301] The buggy address is located 0 bytes inside of [ 83.535134][ T4301] 128-byte region [ffff0000da5e0b00, ffff0000da5e0b80) [ 83.538557][ T4301] The buggy address belongs to the page: [ 83.540026][ T4301] page:00000000b514051b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11a5e0 [ 83.542720][ T4301] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff) [ 83.544671][ T4301] raw: 05ffc00000000200 0000000000000000 0000000400000001 ffff0000c0002300 [ 83.546847][ T4301] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 83.549182][ T4301] page dumped because: kasan: bad access detected [ 83.550896][ T4301] [ 83.551541][ T4301] Memory state around the buggy address: [ 83.553057][ T4301] ffff0000da5e0a00: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 83.555054][ T4301] ffff0000da5e0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 83.557245][ T4301] >ffff0000da5e0b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 83.559481][ T4301] ^ [ 83.560524][ T4301] ffff0000da5e0b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 83.562791][ T4301] ffff0000da5e0c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 83.564917][ T4301] ================================================================== [ 83.569786][ T148] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.569891][ T4301] ================================================================== [ 83.574691][ T4301] BUG: KASAN: double-free or invalid-free in kfree+0x178/0x410 [ 83.576623][ T4301] [ 83.577219][ T4301] CPU: 0 PID: 4301 Comm: syz-executor.3 Tainted: G B 5.15.167-syzkaller #0 [ 83.579809][ T4301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 83.582502][ T4301] Call trace: [ 83.583424][ T4301] dump_backtrace+0x0/0x530 [ 83.584729][ T4301] show_stack+0x2c/0x3c [ 83.585797][ T4301] dump_stack_lvl+0x108/0x170 [ 83.587071][ T4301] print_address_description+0x7c/0x3f0 [ 83.588603][ T4301] kasan_report_invalid_free+0x64/0x94 [ 83.590123][ T4301] ____kasan_slab_free+0x134/0x164 [ 83.591449][ T4301] __kasan_slab_free+0x18/0x28 [ 83.592774][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 83.594227][ T4301] kfree+0x178/0x410 [ 83.595199][ T4301] ext4_release_dir+0x88/0xfc [ 83.596411][ T4301] __fput+0x1c4/0x800 [ 83.597425][ T4301] ____fput+0x20/0x30 [ 83.598514][ T4301] task_work_run+0x130/0x1e4 [ 83.599739][ T4301] do_exit+0x670/0x20bc [ 83.600813][ T4301] do_group_exit+0x110/0x268 [ 83.602054][ T4301] __wake_up_parent+0x0/0x60 [ 83.603312][ T4301] invoke_syscall+0x98/0x2b8 [ 83.604538][ T4301] el0_svc_common+0x138/0x258 [ 83.605757][ T4301] do_el0_svc+0x58/0x14c [ 83.606837][ T4301] el0_svc+0x7c/0x1f0 [ 83.607955][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 83.609308][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 83.610538][ T4301] [ 83.611163][ T4301] Allocated by task 4301: [ 83.612255][ T4301] ____kasan_kmalloc+0xbc/0xfc [ 83.613563][ T4301] __kasan_kmalloc+0x10/0x1c [ 83.614742][ T4301] __kmalloc+0x29c/0x4c8 [ 83.615907][ T4301] ext4_htree_store_dirent+0x84/0x494 [ 83.617344][ T4301] htree_dirblock_to_tree+0x760/0xdd4 [ 83.618746][ T4301] ext4_htree_fill_tree+0x570/0xf54 [ 83.620142][ T4301] ext4_readdir+0x26c4/0x3224 [ 83.621339][ T4301] iterate_dir+0x1f4/0x4ec [ 83.622479][ T4301] __arm64_sys_getdents64+0x1c4/0x4c4 [ 83.623933][ T4301] invoke_syscall+0x98/0x2b8 [ 83.625149][ T4301] el0_svc_common+0x138/0x258 [ 83.626424][ T4301] do_el0_svc+0x58/0x14c [ 83.627535][ T4301] el0_svc+0x7c/0x1f0 [ 83.628624][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 83.629944][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 83.631063][ T4301] [ 83.631683][ T4301] Freed by task 4301: [ 83.632826][ T4301] kasan_set_track+0x4c/0x84 [ 83.634082][ T4301] kasan_set_free_info+0x28/0x4c [ 83.635373][ T4301] ____kasan_slab_free+0x118/0x164 [ 83.636637][ T4301] __kasan_slab_free+0x18/0x28 [ 83.637893][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 83.639339][ T4301] kfree+0x178/0x410 [ 83.640386][ T4301] ext4_release_dir+0x88/0xfc [ 83.641579][ T4301] __fput+0x1c4/0x800 [ 83.642665][ T4301] ____fput+0x20/0x30 [ 83.643775][ T4301] task_work_run+0x130/0x1e4 [ 83.645076][ T4301] do_exit+0x670/0x20bc [ 83.646259][ T4301] do_group_exit+0x110/0x268 [ 83.647495][ T4301] __wake_up_parent+0x0/0x60 [ 83.648621][ T4301] invoke_syscall+0x98/0x2b8 [ 83.649877][ T4301] el0_svc_common+0x138/0x258 [ 83.651144][ T4301] do_el0_svc+0x58/0x14c [ 83.652310][ T4301] el0_svc+0x7c/0x1f0 [ 83.653497][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 83.654798][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 83.656023][ T4301] [ 83.656602][ T4301] Last potentially related work creation: [ 83.658124][ T4301] kasan_save_stack+0x38/0x68 [ 83.659394][ T4301] kasan_record_aux_stack+0xd4/0x11c [ 83.660785][ T4301] call_rcu+0x118/0xb40 [ 83.661810][ T4301] advance_sched+0x4e4/0x858 [ 83.663134][ T4301] __hrtimer_run_queues+0x484/0xca4 [ 83.664564][ T4301] hrtimer_interrupt+0x2c0/0xb64 [ 83.665855][ T4301] arch_timer_handler_virt+0x74/0x88 [ 83.667257][ T4301] handle_percpu_devid_irq+0x29c/0x7fc [ 83.668710][ T4301] handle_domain_irq+0xec/0x178 [ 83.670005][ T4301] gic_handle_irq+0x78/0x1c8 [ 83.671195][ T4301] [ 83.671820][ T4301] The buggy address belongs to the object at ffff0000da5e0b00 [ 83.671820][ T4301] which belongs to the cache kmalloc-128 of size 128 [ 83.675608][ T4301] The buggy address is located 0 bytes inside of [ 83.675608][ T4301] 128-byte region [ffff0000da5e0b00, ffff0000da5e0b80) [ 83.679055][ T4301] The buggy address belongs to the page: [ 83.680595][ T4301] page:00000000b514051b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11a5e0 [ 83.683198][ T4301] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff) [ 83.685215][ T4301] raw: 05ffc00000000200 0000000000000000 0000000400000001 ffff0000c0002300 [ 83.687516][ T4301] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 83.689774][ T4301] page dumped because: kasan: bad access detected [ 83.691461][ T4301] [ 83.692069][ T4301] Memory state around the buggy address: [ 83.693588][ T4301] ffff0000da5e0a00: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 83.695758][ T4301] ffff0000da5e0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 83.697970][ T4301] >ffff0000da5e0b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 83.700131][ T4301] ^ [ 83.701141][ T4301] ffff0000da5e0b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 83.703255][ T4301] ffff0000da5e0c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 83.705484][ T4301] ================================================================== [ 83.710430][ T4301] ================================================================== [ 83.712632][ T4301] BUG: KASAN: double-free or invalid-free in kfree+0x178/0x410 [ 83.714533][ T4301] [ 83.715080][ T4301] CPU: 0 PID: 4301 Comm: syz-executor.3 Tainted: G B 5.15.167-syzkaller #0 [ 83.717687][ T4301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 83.720252][ T4301] Call trace: [ 83.721119][ T4301] dump_backtrace+0x0/0x530 [ 83.722334][ T4301] show_stack+0x2c/0x3c [ 83.723462][ T4301] dump_stack_lvl+0x108/0x170 [ 83.724730][ T4301] print_address_description+0x7c/0x3f0 [ 83.726159][ T4301] kasan_report_invalid_free+0x64/0x94 [ 83.727723][ T4301] ____kasan_slab_free+0x134/0x164 [ 83.729096][ T4301] __kasan_slab_free+0x18/0x28 [ 83.730434][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 83.731836][ T4301] kfree+0x178/0x410 [ 83.732922][ T4301] ext4_release_dir+0x88/0xfc [ 83.734112][ T4301] __fput+0x1c4/0x800 [ 83.735173][ T4301] ____fput+0x20/0x30 [ 83.736256][ T4301] task_work_run+0x130/0x1e4 [ 83.737483][ T4301] do_exit+0x670/0x20bc [ 83.738568][ T4301] do_group_exit+0x110/0x268 [ 83.739795][ T4301] __wake_up_parent+0x0/0x60 [ 83.741030][ T4301] invoke_syscall+0x98/0x2b8 [ 83.742265][ T4301] el0_svc_common+0x138/0x258 [ 83.743522][ T4301] do_el0_svc+0x58/0x14c [ 83.744631][ T4301] el0_svc+0x7c/0x1f0 [ 83.745691][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 83.747058][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 83.748274][ T4301] [ 83.748876][ T4301] Allocated by task 4301: [ 83.749977][ T4301] ____kasan_kmalloc+0xbc/0xfc [ 83.751232][ T4301] __kasan_kmalloc+0x10/0x1c [ 83.752429][ T4301] __kmalloc+0x29c/0x4c8 [ 83.753542][ T4301] ext4_htree_store_dirent+0x84/0x494 [ 83.754925][ T4301] htree_dirblock_to_tree+0x760/0xdd4 [ 83.756386][ T4301] ext4_htree_fill_tree+0x570/0xf54 [ 83.757759][ T4301] ext4_readdir+0x26c4/0x3224 [ 83.759010][ T4301] iterate_dir+0x1f4/0x4ec [ 83.760158][ T4301] __arm64_sys_getdents64+0x1c4/0x4c4 [ 83.761560][ T4301] invoke_syscall+0x98/0x2b8 [ 83.762791][ T4301] el0_svc_common+0x138/0x258 [ 83.764069][ T4301] do_el0_svc+0x58/0x14c [ 83.765186][ T4301] el0_svc+0x7c/0x1f0 [ 83.766224][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 83.767524][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 83.768769][ T4301] [ 83.769404][ T4301] Freed by task 4301: [ 83.770435][ T4301] kasan_set_track+0x4c/0x84 [ 83.771629][ T4301] kasan_set_free_info+0x28/0x4c [ 83.772975][ T4301] ____kasan_slab_free+0x118/0x164 [ 83.774286][ T4301] __kasan_slab_free+0x18/0x28 [ 83.775629][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 83.777082][ T4301] kfree+0x178/0x410 [ 83.778031][ T4301] ext4_release_dir+0x88/0xfc [ 83.779295][ T4301] __fput+0x1c4/0x800 [ 83.780420][ T4301] ____fput+0x20/0x30 [ 83.781490][ T4301] task_work_run+0x130/0x1e4 [ 83.782669][ T4301] do_exit+0x670/0x20bc [ 83.783722][ T4301] do_group_exit+0x110/0x268 [ 83.784927][ T4301] __wake_up_parent+0x0/0x60 [ 83.786155][ T4301] invoke_syscall+0x98/0x2b8 [ 83.787400][ T4301] el0_svc_common+0x138/0x258 [ 83.788623][ T4301] do_el0_svc+0x58/0x14c [ 83.789788][ T4301] el0_svc+0x7c/0x1f0 [ 83.790812][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 83.792101][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 83.793280][ T4301] [ 83.793845][ T4301] Last potentially related work creation: [ 83.795342][ T4301] kasan_save_stack+0x38/0x68 [ 83.796601][ T4301] kasan_record_aux_stack+0xd4/0x11c [ 83.798083][ T4301] call_rcu+0x118/0xb40 [ 83.799169][ T4301] advance_sched+0x4e4/0x858 [ 83.800334][ T4301] __hrtimer_run_queues+0x484/0xca4 [ 83.801673][ T4301] hrtimer_interrupt+0x2c0/0xb64 [ 83.803047][ T4301] arch_timer_handler_virt+0x74/0x88 [ 83.804414][ T4301] handle_percpu_devid_irq+0x29c/0x7fc [ 83.805869][ T4301] handle_domain_irq+0xec/0x178 [ 83.807075][ T4301] gic_handle_irq+0x78/0x1c8 [ 83.808324][ T4301] [ 83.808939][ T4301] The buggy address belongs to the object at ffff0000da5e0b00 [ 83.808939][ T4301] which belongs to the cache kmalloc-128 of size 128 [ 83.812608][ T4301] The buggy address is located 0 bytes inside of [ 83.812608][ T4301] 128-byte region [ffff0000da5e0b00, ffff0000da5e0b80) [ 83.815932][ T4301] The buggy address belongs to the page: [ 83.817416][ T4301] page:00000000b514051b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11a5e0 [ 83.820202][ T4301] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff) [ 83.822268][ T4301] raw: 05ffc00000000200 0000000000000000 0000000400000001 ffff0000c0002300 [ 83.824556][ T4301] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 83.826765][ T4301] page dumped because: kasan: bad access detected [ 83.828464][ T4301] [ 83.829053][ T4301] Memory state around the buggy address: [ 83.830521][ T4301] ffff0000da5e0a00: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 83.832577][ T4301] ffff0000da5e0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 83.834832][ T4301] >ffff0000da5e0b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 83.836938][ T4301] ^ [ 83.838105][ T4301] ffff0000da5e0b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 83.840146][ T4301] ffff0000da5e0c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 83.842204][ T4301] ================================================================== [ 83.847102][ T4301] ================================================================== [ 83.849102][ T4301] BUG: KASAN: double-free or invalid-free in kfree+0x178/0x410 [ 83.851044][ T4301] [ 83.851589][ T4301] CPU: 0 PID: 4301 Comm: syz-executor.3 Tainted: G B 5.15.167-syzkaller #0 [ 83.854142][ T4301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 83.856786][ T4301] Call trace: [ 83.857643][ T4301] dump_backtrace+0x0/0x530 [ 83.858864][ T4301] show_stack+0x2c/0x3c [ 83.859949][ T4301] dump_stack_lvl+0x108/0x170 [ 83.861122][ T4301] print_address_description+0x7c/0x3f0 [ 83.862638][ T4301] kasan_report_invalid_free+0x64/0x94 [ 83.864055][ T4301] ____kasan_slab_free+0x134/0x164 [ 83.865377][ T4301] __kasan_slab_free+0x18/0x28 [ 83.866685][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 83.868143][ T4301] kfree+0x178/0x410 [ 83.869175][ T4301] ext4_release_dir+0x88/0xfc [ 83.870444][ T4301] __fput+0x1c4/0x800 [ 83.871465][ T4301] ____fput+0x20/0x30 [ 83.872487][ T4301] task_work_run+0x130/0x1e4 [ 83.873686][ T4301] do_exit+0x670/0x20bc [ 83.874789][ T4301] do_group_exit+0x110/0x268 [ 83.876003][ T4301] __wake_up_parent+0x0/0x60 [ 83.877141][ T4301] invoke_syscall+0x98/0x2b8 [ 83.878314][ T4301] el0_svc_common+0x138/0x258 [ 83.879480][ T4301] do_el0_svc+0x58/0x14c [ 83.880525][ T4301] el0_svc+0x7c/0x1f0 [ 83.881581][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 83.882911][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 83.884115][ T4301] [ 83.884707][ T4301] Allocated by task 4301: [ 83.885831][ T4301] ____kasan_kmalloc+0xbc/0xfc [ 83.887029][ T4301] __kasan_kmalloc+0x10/0x1c [ 83.888203][ T4301] __kmalloc+0x29c/0x4c8 [ 83.889363][ T4301] ext4_htree_store_dirent+0x84/0x494 [ 83.890794][ T4301] htree_dirblock_to_tree+0x760/0xdd4 [ 83.892144][ T4301] ext4_htree_fill_tree+0x570/0xf54 [ 83.893545][ T4301] ext4_readdir+0x26c4/0x3224 [ 83.894669][ T4301] iterate_dir+0x1f4/0x4ec [ 83.895798][ T4301] __arm64_sys_getdents64+0x1c4/0x4c4 [ 83.897261][ T4301] invoke_syscall+0x98/0x2b8 [ 83.898489][ T4301] el0_svc_common+0x138/0x258 [ 83.899725][ T4301] do_el0_svc+0x58/0x14c [ 83.900908][ T4301] el0_svc+0x7c/0x1f0 [ 83.901918][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 83.903235][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 83.904433][ T4301] [ 83.905056][ T4301] Freed by task 4301: [ 83.906056][ T4301] kasan_set_track+0x4c/0x84 [ 83.907325][ T4301] kasan_set_free_info+0x28/0x4c [ 83.908615][ T4301] ____kasan_slab_free+0x118/0x164 [ 83.909917][ T4301] __kasan_slab_free+0x18/0x28 [ 83.911138][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 83.912536][ T4301] kfree+0x178/0x410 [ 83.913512][ T4301] ext4_release_dir+0x88/0xfc [ 83.914747][ T4301] __fput+0x1c4/0x800 [ 83.915795][ T4301] ____fput+0x20/0x30 [ 83.916826][ T4301] task_work_run+0x130/0x1e4 [ 83.917996][ T4301] do_exit+0x670/0x20bc [ 83.919064][ T4301] do_group_exit+0x110/0x268 [ 83.920245][ T4301] __wake_up_parent+0x0/0x60 [ 83.921410][ T4301] invoke_syscall+0x98/0x2b8 [ 83.922688][ T4301] el0_svc_common+0x138/0x258 [ 83.923850][ T4301] do_el0_svc+0x58/0x14c [ 83.924887][ T4301] el0_svc+0x7c/0x1f0 [ 83.925961][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 83.927317][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 83.928510][ T4301] [ 83.929125][ T4301] Last potentially related work creation: [ 83.930632][ T4301] kasan_save_stack+0x38/0x68 [ 83.931784][ T4301] kasan_record_aux_stack+0xd4/0x11c [ 83.933224][ T4301] call_rcu+0x118/0xb40 [ 83.934237][ T4301] advance_sched+0x4e4/0x858 [ 83.935463][ T4301] __hrtimer_run_queues+0x484/0xca4 [ 83.936820][ T4301] hrtimer_interrupt+0x2c0/0xb64 [ 83.938112][ T4301] arch_timer_handler_virt+0x74/0x88 [ 83.939457][ T4301] handle_percpu_devid_irq+0x29c/0x7fc [ 83.940881][ T4301] handle_domain_irq+0xec/0x178 [ 83.942099][ T4301] gic_handle_irq+0x78/0x1c8 [ 83.943277][ T4301] [ 83.943904][ T4301] The buggy address belongs to the object at ffff0000da5e0b00 [ 83.943904][ T4301] which belongs to the cache kmalloc-128 of size 128 [ 83.947512][ T4301] The buggy address is located 0 bytes inside of [ 83.947512][ T4301] 128-byte region [ffff0000da5e0b00, ffff0000da5e0b80) [ 83.950980][ T4301] The buggy address belongs to the page: [ 83.952480][ T4301] page:00000000b514051b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11a5e0 [ 83.955189][ T4301] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff) [ 83.957229][ T4301] raw: 05ffc00000000200 0000000000000000 0000000400000001 ffff0000c0002300 [ 83.959533][ T4301] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 83.961771][ T4301] page dumped because: kasan: bad access detected [ 83.963374][ T4301] [ 83.963969][ T4301] Memory state around the buggy address: [ 83.965421][ T4301] ffff0000da5e0a00: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 83.967499][ T4301] ffff0000da5e0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 83.969561][ T4301] >ffff0000da5e0b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 83.971641][ T4301] ^ [ 83.972667][ T4301] ffff0000da5e0b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 83.974690][ T4301] ffff0000da5e0c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 83.976831][ T4301] ================================================================== [ 83.981668][ T4301] ================================================================== [ 83.983824][ T4301] BUG: KASAN: double-free or invalid-free in kfree+0x178/0x410 [ 83.985245][ T4301] [ 83.985636][ T4301] CPU: 0 PID: 4301 Comm: syz-executor.3 Tainted: G B 5.15.167-syzkaller #0 [ 83.987229][ T4301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 83.988893][ T4301] Call trace: [ 83.989444][ T4301] dump_backtrace+0x0/0x530 [ 83.990185][ T4301] show_stack+0x2c/0x3c [ 83.990878][ T4301] dump_stack_lvl+0x108/0x170 [ 83.991664][ T4301] print_address_description+0x7c/0x3f0 [ 83.992584][ T4301] kasan_report_invalid_free+0x64/0x94 [ 83.993487][ T4301] ____kasan_slab_free+0x134/0x164 [ 83.994318][ T4301] __kasan_slab_free+0x18/0x28 [ 83.995601][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 83.997042][ T4301] kfree+0x178/0x410 [ 83.998053][ T4301] ext4_release_dir+0x88/0xfc [ 83.999253][ T4301] __fput+0x1c4/0x800 [ 84.000279][ T4301] ____fput+0x20/0x30 [ 84.001310][ T4301] task_work_run+0x130/0x1e4 [ 84.002510][ T4301] do_exit+0x670/0x20bc [ 84.003532][ T4301] do_group_exit+0x110/0x268 [ 84.004694][ T4301] __wake_up_parent+0x0/0x60 [ 84.005865][ T4301] invoke_syscall+0x98/0x2b8 [ 84.007029][ T4301] el0_svc_common+0x138/0x258 [ 84.008309][ T4301] do_el0_svc+0x58/0x14c [ 84.009458][ T4301] el0_svc+0x7c/0x1f0 [ 84.010548][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 84.011775][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 84.012867][ T4301] [ 84.013435][ T4301] Allocated by task 4301: [ 84.014537][ T4301] ____kasan_kmalloc+0xbc/0xfc [ 84.015775][ T4301] __kasan_kmalloc+0x10/0x1c [ 84.016892][ T4301] __kmalloc+0x29c/0x4c8 [ 84.018002][ T4301] ext4_htree_store_dirent+0x84/0x494 [ 84.019456][ T4301] htree_dirblock_to_tree+0x760/0xdd4 [ 84.020812][ T4301] ext4_htree_fill_tree+0x570/0xf54 [ 84.022155][ T4301] ext4_readdir+0x26c4/0x3224 [ 84.023375][ T4301] iterate_dir+0x1f4/0x4ec [ 84.024485][ T4301] __arm64_sys_getdents64+0x1c4/0x4c4 [ 84.025841][ T4301] invoke_syscall+0x98/0x2b8 [ 84.027043][ T4301] el0_svc_common+0x138/0x258 [ 84.028211][ T4301] do_el0_svc+0x58/0x14c [ 84.029312][ T4301] el0_svc+0x7c/0x1f0 [ 84.030297][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 84.031685][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 84.032841][ T4301] [ 84.033424][ T4301] Freed by task 4301: [ 84.034447][ T4301] kasan_set_track+0x4c/0x84 [ 84.035565][ T4301] kasan_set_free_info+0x28/0x4c [ 84.036828][ T4301] ____kasan_slab_free+0x118/0x164 [ 84.038183][ T4301] __kasan_slab_free+0x18/0x28 [ 84.039473][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 84.040914][ T4301] kfree+0x178/0x410 [ 84.041942][ T4301] ext4_release_dir+0x88/0xfc [ 84.043177][ T4301] __fput+0x1c4/0x800 [ 84.044210][ T4301] ____fput+0x20/0x30 [ 84.045228][ T4301] task_work_run+0x130/0x1e4 [ 84.046315][ T4301] do_exit+0x670/0x20bc [ 84.047398][ T4301] do_group_exit+0x110/0x268 [ 84.048564][ T4301] __wake_up_parent+0x0/0x60 [ 84.049759][ T4301] invoke_syscall+0x98/0x2b8 [ 84.050960][ T4301] el0_svc_common+0x138/0x258 [ 84.052106][ T4301] do_el0_svc+0x58/0x14c [ 84.053225][ T4301] el0_svc+0x7c/0x1f0 [ 84.054275][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 84.055580][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 84.056795][ T4301] [ 84.057428][ T4301] Last potentially related work creation: [ 84.058965][ T4301] kasan_save_stack+0x38/0x68 [ 84.060197][ T4301] kasan_record_aux_stack+0xd4/0x11c [ 84.061570][ T4301] call_rcu+0x118/0xb40 [ 84.062616][ T4301] advance_sched+0x4e4/0x858 [ 84.063787][ T4301] __hrtimer_run_queues+0x484/0xca4 [ 84.065072][ T4301] hrtimer_interrupt+0x2c0/0xb64 [ 84.066309][ T4301] arch_timer_handler_virt+0x74/0x88 [ 84.067663][ T4301] handle_percpu_devid_irq+0x29c/0x7fc [ 84.069127][ T4301] handle_domain_irq+0xec/0x178 [ 84.070420][ T4301] gic_handle_irq+0x78/0x1c8 [ 84.071636][ T4301] [ 84.072186][ T4301] The buggy address belongs to the object at ffff0000da5e0b00 [ 84.072186][ T4301] which belongs to the cache kmalloc-128 of size 128 [ 84.075774][ T4301] The buggy address is located 0 bytes inside of [ 84.075774][ T4301] 128-byte region [ffff0000da5e0b00, ffff0000da5e0b80) [ 84.079177][ T4301] The buggy address belongs to the page: [ 84.080730][ T4301] page:00000000b514051b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11a5e0 [ 84.083392][ T4301] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff) [ 84.085316][ T4301] raw: 05ffc00000000200 0000000000000000 0000000400000001 ffff0000c0002300 [ 84.087547][ T4301] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 84.089766][ T4301] page dumped because: kasan: bad access detected [ 84.091410][ T4301] [ 84.092075][ T4301] Memory state around the buggy address: [ 84.093590][ T4301] ffff0000da5e0a00: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 84.095681][ T4301] ffff0000da5e0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 84.097729][ T4301] >ffff0000da5e0b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 84.099874][ T4301] ^ [ 84.100926][ T4301] ffff0000da5e0b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 84.103007][ T4301] ffff0000da5e0c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 84.105088][ T4301] ================================================================== [ 84.109852][ T4301] ================================================================== [ 84.112022][ T4301] BUG: KASAN: double-free or invalid-free in kfree+0x178/0x410 [ 84.114120][ T4301] [ 84.114771][ T4301] CPU: 0 PID: 4301 Comm: syz-executor.3 Tainted: G B 5.15.167-syzkaller #0 [ 84.117394][ T4301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 84.119890][ T4301] Call trace: [ 84.120705][ T4301] dump_backtrace+0x0/0x530 [ 84.121933][ T4301] show_stack+0x2c/0x3c [ 84.122978][ T4301] dump_stack_lvl+0x108/0x170 [ 84.124162][ T4301] print_address_description+0x7c/0x3f0 [ 84.125610][ T4301] kasan_report_invalid_free+0x64/0x94 [ 84.127017][ T4301] ____kasan_slab_free+0x134/0x164 [ 84.128329][ T4301] __kasan_slab_free+0x18/0x28 [ 84.129592][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 84.131016][ T4301] kfree+0x178/0x410 [ 84.132061][ T4301] ext4_release_dir+0x88/0xfc [ 84.133300][ T4301] __fput+0x1c4/0x800 [ 84.134358][ T4301] ____fput+0x20/0x30 [ 84.135405][ T4301] task_work_run+0x130/0x1e4 [ 84.136531][ T4301] do_exit+0x670/0x20bc [ 84.137632][ T4301] do_group_exit+0x110/0x268 [ 84.138924][ T4301] __wake_up_parent+0x0/0x60 [ 84.140123][ T4301] invoke_syscall+0x98/0x2b8 [ 84.141268][ T4301] el0_svc_common+0x138/0x258 [ 84.142485][ T4301] do_el0_svc+0x58/0x14c [ 84.143544][ T4301] el0_svc+0x7c/0x1f0 [ 84.144593][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 84.145879][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 84.147052][ T4301] [ 84.147654][ T4301] Allocated by task 4301: [ 84.148752][ T4301] ____kasan_kmalloc+0xbc/0xfc [ 84.149975][ T4301] __kasan_kmalloc+0x10/0x1c [ 84.151133][ T4301] __kmalloc+0x29c/0x4c8 [ 84.152202][ T4301] ext4_htree_store_dirent+0x84/0x494 [ 84.153590][ T4301] htree_dirblock_to_tree+0x760/0xdd4 [ 84.154955][ T4301] ext4_htree_fill_tree+0x570/0xf54 [ 84.156255][ T4301] ext4_readdir+0x26c4/0x3224 [ 84.157402][ T4301] iterate_dir+0x1f4/0x4ec [ 84.158566][ T4301] __arm64_sys_getdents64+0x1c4/0x4c4 [ 84.159968][ T4301] invoke_syscall+0x98/0x2b8 [ 84.161117][ T4301] el0_svc_common+0x138/0x258 [ 84.162282][ T4301] do_el0_svc+0x58/0x14c [ 84.163428][ T4301] el0_svc+0x7c/0x1f0 [ 84.164461][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 84.165793][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 84.166932][ T4301] [ 84.167518][ T4301] Freed by task 4301: [ 84.168594][ T4301] kasan_set_track+0x4c/0x84 [ 84.169888][ T4301] kasan_set_free_info+0x28/0x4c [ 84.171206][ T4301] ____kasan_slab_free+0x118/0x164 [ 84.172546][ T4301] __kasan_slab_free+0x18/0x28 [ 84.173733][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 84.175176][ T4301] kfree+0x178/0x410 [ 84.176189][ T4301] ext4_release_dir+0x88/0xfc [ 84.177445][ T4301] __fput+0x1c4/0x800 [ 84.178506][ T4301] ____fput+0x20/0x30 [ 84.179559][ T4301] task_work_run+0x130/0x1e4 [ 84.180726][ T4301] do_exit+0x670/0x20bc [ 84.181844][ T4301] do_group_exit+0x110/0x268 [ 84.182989][ T4301] __wake_up_parent+0x0/0x60 [ 84.184135][ T4301] invoke_syscall+0x98/0x2b8 [ 84.185344][ T4301] el0_svc_common+0x138/0x258 [ 84.186548][ T4301] do_el0_svc+0x58/0x14c [ 84.187636][ T4301] el0_svc+0x7c/0x1f0 [ 84.188707][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 84.189941][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 84.191149][ T4301] [ 84.191742][ T4301] Last potentially related work creation: [ 84.193424][ T4301] kasan_save_stack+0x38/0x68 [ 84.194631][ T4301] kasan_record_aux_stack+0xd4/0x11c [ 84.196048][ T4301] call_rcu+0x118/0xb40 [ 84.197124][ T4301] advance_sched+0x4e4/0x858 [ 84.198310][ T4301] __hrtimer_run_queues+0x484/0xca4 [ 84.199715][ T4301] hrtimer_interrupt+0x2c0/0xb64 [ 84.201040][ T4301] arch_timer_handler_virt+0x74/0x88 [ 84.202391][ T4301] handle_percpu_devid_irq+0x29c/0x7fc [ 84.203885][ T4301] handle_domain_irq+0xec/0x178 [ 84.205137][ T4301] gic_handle_irq+0x78/0x1c8 [ 84.206302][ T4301] [ 84.206900][ T4301] The buggy address belongs to the object at ffff0000da5e0b00 [ 84.206900][ T4301] which belongs to the cache kmalloc-128 of size 128 [ 84.210428][ T4301] The buggy address is located 0 bytes inside of [ 84.210428][ T4301] 128-byte region [ffff0000da5e0b00, ffff0000da5e0b80) [ 84.213913][ T4301] The buggy address belongs to the page: [ 84.215377][ T4301] page:00000000b514051b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11a5e0 [ 84.217950][ T4301] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff) [ 84.219892][ T4301] raw: 05ffc00000000200 0000000000000000 0000000400000001 ffff0000c0002300 [ 84.222217][ T4301] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 84.224503][ T4301] page dumped because: kasan: bad access detected [ 84.226132][ T4301] [ 84.226732][ T4301] Memory state around the buggy address: [ 84.228222][ T4301] ffff0000da5e0a00: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 84.230335][ T4301] ffff0000da5e0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 84.232523][ T4301] >ffff0000da5e0b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 84.234566][ T4301] ^ [ 84.235590][ T4301] ffff0000da5e0b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 84.237722][ T4301] ffff0000da5e0c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 84.239912][ T4301] ================================================================== [ 84.244965][ T4301] ================================================================== [ 84.245800][ T148] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 84.246995][ T4301] BUG: KASAN: double-free or invalid-free in kfree+0x178/0x410 [ 84.247011][ T4301] [ 84.247015][ T4301] CPU: 0 PID: 4301 Comm: syz-executor.3 Tainted: G B 5.15.167-syzkaller #0 [ 84.247036][ T4301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 84.247044][ T4301] Call trace: [ 84.247047][ T4301] dump_backtrace+0x0/0x530 [ 84.247057][ T4301] show_stack+0x2c/0x3c [ 84.247065][ T4301] dump_stack_lvl+0x108/0x170 [ 84.247075][ T4301] print_address_description+0x7c/0x3f0 [ 84.247085][ T4301] kasan_report_invalid_free+0x64/0x94 [ 84.247095][ T4301] ____kasan_slab_free+0x134/0x164 [ 84.247106][ T4301] __kasan_slab_free+0x18/0x28 [ 84.267288][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 84.268747][ T4301] kfree+0x178/0x410 [ 84.269620][ T4301] ext4_release_dir+0x88/0xfc [ 84.270911][ T4301] __fput+0x1c4/0x800 [ 84.271987][ T4301] ____fput+0x20/0x30 [ 84.273015][ T4301] task_work_run+0x130/0x1e4 [ 84.274285][ T4301] do_exit+0x670/0x20bc [ 84.275461][ T4301] do_group_exit+0x110/0x268 [ 84.276715][ T4301] __wake_up_parent+0x0/0x60 [ 84.277910][ T4301] invoke_syscall+0x98/0x2b8 [ 84.279214][ T4301] el0_svc_common+0x138/0x258 [ 84.280374][ T4301] do_el0_svc+0x58/0x14c [ 84.281578][ T4301] el0_svc+0x7c/0x1f0 [ 84.282656][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 84.283788][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 84.284946][ T4301] [ 84.285572][ T4301] Allocated by task 4301: [ 84.286735][ T4301] ____kasan_kmalloc+0xbc/0xfc [ 84.288016][ T4301] __kasan_kmalloc+0x10/0x1c [ 84.289249][ T4301] __kmalloc+0x29c/0x4c8 [ 84.290361][ T4301] ext4_htree_store_dirent+0x84/0x494 [ 84.291762][ T4301] htree_dirblock_to_tree+0x760/0xdd4 [ 84.293147][ T4301] ext4_htree_fill_tree+0x570/0xf54 [ 84.294550][ T4301] ext4_readdir+0x26c4/0x3224 [ 84.295807][ T4301] iterate_dir+0x1f4/0x4ec [ 84.296986][ T4301] __arm64_sys_getdents64+0x1c4/0x4c4 [ 84.298432][ T4301] invoke_syscall+0x98/0x2b8 [ 84.299630][ T4301] el0_svc_common+0x138/0x258 [ 84.300951][ T4301] do_el0_svc+0x58/0x14c [ 84.302137][ T4301] el0_svc+0x7c/0x1f0 [ 84.303183][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 84.304446][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 84.305648][ T4301] [ 84.306203][ T4301] Freed by task 4301: [ 84.307217][ T4301] kasan_set_track+0x4c/0x84 [ 84.308438][ T4301] kasan_set_free_info+0x28/0x4c [ 84.309754][ T4301] ____kasan_slab_free+0x118/0x164 [ 84.310969][ T4301] __kasan_slab_free+0x18/0x28 [ 84.312280][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 84.313763][ T4301] kfree+0x178/0x410 [ 84.314756][ T4301] ext4_release_dir+0x88/0xfc [ 84.316007][ T4301] __fput+0x1c4/0x800 [ 84.317010][ T4301] ____fput+0x20/0x30 [ 84.318074][ T4301] task_work_run+0x130/0x1e4 [ 84.319239][ T4301] do_exit+0x670/0x20bc [ 84.320361][ T4301] do_group_exit+0x110/0x268 [ 84.321566][ T4301] __wake_up_parent+0x0/0x60 [ 84.322793][ T4301] invoke_syscall+0x98/0x2b8 [ 84.323969][ T4301] el0_svc_common+0x138/0x258 [ 84.325161][ T4301] do_el0_svc+0x58/0x14c [ 84.326241][ T4301] el0_svc+0x7c/0x1f0 [ 84.327360][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 84.328720][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 84.329930][ T4301] [ 84.330553][ T4301] Last potentially related work creation: [ 84.332057][ T4301] kasan_save_stack+0x38/0x68 [ 84.333304][ T4301] kasan_record_aux_stack+0xd4/0x11c [ 84.334734][ T4301] call_rcu+0x118/0xb40 [ 84.335946][ T4301] advance_sched+0x4e4/0x858 [ 84.337203][ T4301] __hrtimer_run_queues+0x484/0xca4 [ 84.338534][ T4301] hrtimer_interrupt+0x2c0/0xb64 [ 84.339848][ T4301] arch_timer_handler_virt+0x74/0x88 [ 84.341261][ T4301] handle_percpu_devid_irq+0x29c/0x7fc [ 84.342693][ T4301] handle_domain_irq+0xec/0x178 [ 84.344030][ T4301] gic_handle_irq+0x78/0x1c8 [ 84.345234][ T4301] [ 84.345845][ T4301] The buggy address belongs to the object at ffff0000da5e0b00 [ 84.345845][ T4301] which belongs to the cache kmalloc-128 of size 128 [ 84.349682][ T4301] The buggy address is located 0 bytes inside of [ 84.349682][ T4301] 128-byte region [ffff0000da5e0b00, ffff0000da5e0b80) [ 84.353124][ T4301] The buggy address belongs to the page: [ 84.354697][ T4301] page:00000000b514051b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11a5e0 [ 84.357429][ T4301] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff) [ 84.359440][ T4301] raw: 05ffc00000000200 0000000000000000 0000000400000001 ffff0000c0002300 [ 84.361703][ T4301] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 84.364073][ T4301] page dumped because: kasan: bad access detected [ 84.365893][ T4301] [ 84.366556][ T4301] Memory state around the buggy address: [ 84.368037][ T4301] ffff0000da5e0a00: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 84.370267][ T4301] ffff0000da5e0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 84.372348][ T4301] >ffff0000da5e0b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 84.374517][ T4301] ^ [ 84.375551][ T4301] ffff0000da5e0b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 84.377669][ T4301] ffff0000da5e0c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 84.379767][ T4301] ================================================================== [ 84.384794][ T4301] ================================================================== [ 84.386816][ T4301] BUG: KASAN: double-free or invalid-free in kfree+0x178/0x410 [ 84.388740][ T4301] [ 84.389360][ T4301] CPU: 0 PID: 4301 Comm: syz-executor.3 Tainted: G B 5.15.167-syzkaller #0 [ 84.392097][ T4301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 84.394803][ T4301] Call trace: [ 84.395608][ T4301] dump_backtrace+0x0/0x530 [ 84.396691][ T4301] show_stack+0x2c/0x3c [ 84.397721][ T4301] dump_stack_lvl+0x108/0x170 [ 84.398961][ T4301] print_address_description+0x7c/0x3f0 [ 84.400513][ T4301] kasan_report_invalid_free+0x64/0x94 [ 84.401926][ T4301] ____kasan_slab_free+0x134/0x164 [ 84.403263][ T4301] __kasan_slab_free+0x18/0x28 [ 84.404514][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 84.406023][ T4301] kfree+0x178/0x410 [ 84.407054][ T4301] ext4_release_dir+0x88/0xfc [ 84.408201][ T4301] __fput+0x1c4/0x800 [ 84.409230][ T4301] ____fput+0x20/0x30 [ 84.410263][ T4301] task_work_run+0x130/0x1e4 [ 84.411508][ T4301] do_exit+0x670/0x20bc [ 84.412610][ T4301] do_group_exit+0x110/0x268 [ 84.413796][ T4301] __wake_up_parent+0x0/0x60 [ 84.414993][ T4301] invoke_syscall+0x98/0x2b8 [ 84.416241][ T4301] el0_svc_common+0x138/0x258 [ 84.417377][ T4301] do_el0_svc+0x58/0x14c [ 84.418531][ T4301] el0_svc+0x7c/0x1f0 [ 84.419539][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 84.420822][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 84.421958][ T4301] [ 84.422557][ T4301] Allocated by task 4301: [ 84.423681][ T4301] ____kasan_kmalloc+0xbc/0xfc [ 84.424994][ T4301] __kasan_kmalloc+0x10/0x1c [ 84.426189][ T4301] __kmalloc+0x29c/0x4c8 [ 84.427294][ T4301] ext4_htree_store_dirent+0x84/0x494 [ 84.428699][ T4301] htree_dirblock_to_tree+0x760/0xdd4 [ 84.430174][ T4301] ext4_htree_fill_tree+0x570/0xf54 [ 84.431535][ T4301] ext4_readdir+0x26c4/0x3224 [ 84.432823][ T4301] iterate_dir+0x1f4/0x4ec [ 84.434012][ T4301] __arm64_sys_getdents64+0x1c4/0x4c4 [ 84.435417][ T4301] invoke_syscall+0x98/0x2b8 [ 84.436665][ T4301] el0_svc_common+0x138/0x258 [ 84.437798][ T4301] do_el0_svc+0x58/0x14c [ 84.438914][ T4301] el0_svc+0x7c/0x1f0 [ 84.440010][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 84.441244][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 84.442545][ T4301] [ 84.443160][ T4301] Freed by task 4301: [ 84.444275][ T4301] kasan_set_track+0x4c/0x84 [ 84.445472][ T4301] kasan_set_free_info+0x28/0x4c [ 84.446856][ T4301] ____kasan_slab_free+0x118/0x164 [ 84.448226][ T4301] __kasan_slab_free+0x18/0x28 [ 84.449477][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 84.450889][ T4301] kfree+0x178/0x410 [ 84.451930][ T4301] ext4_release_dir+0x88/0xfc [ 84.453134][ T4301] __fput+0x1c4/0x800 [ 84.454177][ T4301] ____fput+0x20/0x30 [ 84.455129][ T4301] task_work_run+0x130/0x1e4 [ 84.456324][ T4301] do_exit+0x670/0x20bc [ 84.457439][ T4301] do_group_exit+0x110/0x268 [ 84.458644][ T4301] __wake_up_parent+0x0/0x60 [ 84.459836][ T4301] invoke_syscall+0x98/0x2b8 [ 84.461041][ T4301] el0_svc_common+0x138/0x258 [ 84.462246][ T4301] do_el0_svc+0x58/0x14c [ 84.463304][ T4301] el0_svc+0x7c/0x1f0 [ 84.464402][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 84.465782][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 84.466963][ T4301] [ 84.467546][ T4301] Last potentially related work creation: [ 84.468932][ T4301] kasan_save_stack+0x38/0x68 [ 84.470081][ T4301] kasan_record_aux_stack+0xd4/0x11c [ 84.471340][ T4301] call_rcu+0x118/0xb40 [ 84.472438][ T4301] advance_sched+0x4e4/0x858 [ 84.473660][ T4301] __hrtimer_run_queues+0x484/0xca4 [ 84.474961][ T4301] hrtimer_interrupt+0x2c0/0xb64 [ 84.476104][ T4301] arch_timer_handler_virt+0x74/0x88 [ 84.477589][ T4301] handle_percpu_devid_irq+0x29c/0x7fc [ 84.479085][ T4301] handle_domain_irq+0xec/0x178 [ 84.480368][ T4301] gic_handle_irq+0x78/0x1c8 [ 84.481599][ T4301] [ 84.482231][ T4301] The buggy address belongs to the object at ffff0000da5e0b00 [ 84.482231][ T4301] which belongs to the cache kmalloc-128 of size 128 [ 84.485907][ T4301] The buggy address is located 0 bytes inside of [ 84.485907][ T4301] 128-byte region [ffff0000da5e0b00, ffff0000da5e0b80) [ 84.489257][ T4301] The buggy address belongs to the page: [ 84.490735][ T4301] page:00000000b514051b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11a5e0 [ 84.493363][ T4301] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff) [ 84.495396][ T4301] raw: 05ffc00000000200 0000000000000000 0000000400000001 ffff0000c0002300 [ 84.497654][ T4301] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 84.499851][ T4301] page dumped because: kasan: bad access detected [ 84.501557][ T4301] [ 84.502170][ T4301] Memory state around the buggy address: [ 84.503650][ T4301] ffff0000da5e0a00: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 84.505764][ T4301] ffff0000da5e0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 84.507824][ T4301] >ffff0000da5e0b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 84.509997][ T4301] ^ [ 84.511072][ T4301] ffff0000da5e0b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 84.513240][ T4301] ffff0000da5e0c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 84.515358][ T4301] ================================================================== [ 84.520151][ T4301] ================================================================== [ 84.522182][ T4301] BUG: KASAN: double-free or invalid-free in kfree+0x178/0x410 [ 84.524141][ T4301] [ 84.524769][ T4301] CPU: 0 PID: 4301 Comm: syz-executor.3 Tainted: G B 5.15.167-syzkaller #0 [ 84.527426][ T4301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 84.529948][ T4301] Call trace: [ 84.530823][ T4301] dump_backtrace+0x0/0x530 [ 84.532020][ T4301] show_stack+0x2c/0x3c [ 84.533057][ T4301] dump_stack_lvl+0x108/0x170 [ 84.534315][ T4301] print_address_description+0x7c/0x3f0 [ 84.535742][ T4301] kasan_report_invalid_free+0x64/0x94 [ 84.537046][ T4301] ____kasan_slab_free+0x134/0x164 [ 84.538365][ T4301] __kasan_slab_free+0x18/0x28 [ 84.539555][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 84.540956][ T4301] kfree+0x178/0x410 [ 84.541933][ T4301] ext4_release_dir+0x88/0xfc [ 84.543161][ T4301] __fput+0x1c4/0x800 [ 84.544191][ T4301] ____fput+0x20/0x30 [ 84.545250][ T4301] task_work_run+0x130/0x1e4 [ 84.546459][ T4301] do_exit+0x670/0x20bc [ 84.547509][ T4301] do_group_exit+0x110/0x268 [ 84.548661][ T4301] __wake_up_parent+0x0/0x60 [ 84.549772][ T4301] invoke_syscall+0x98/0x2b8 [ 84.550959][ T4301] el0_svc_common+0x138/0x258 [ 84.552162][ T4301] do_el0_svc+0x58/0x14c [ 84.553287][ T4301] el0_svc+0x7c/0x1f0 [ 84.554388][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 84.555760][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 84.556886][ T4301] [ 84.557519][ T4301] Allocated by task 4301: [ 84.558578][ T4301] ____kasan_kmalloc+0xbc/0xfc [ 84.559866][ T4301] __kasan_kmalloc+0x10/0x1c [ 84.561067][ T4301] __kmalloc+0x29c/0x4c8 [ 84.562248][ T4301] ext4_htree_store_dirent+0x84/0x494 [ 84.563654][ T4301] htree_dirblock_to_tree+0x760/0xdd4 [ 84.564978][ T4301] ext4_htree_fill_tree+0x570/0xf54 [ 84.566423][ T4301] ext4_readdir+0x26c4/0x3224 [ 84.567624][ T4301] iterate_dir+0x1f4/0x4ec [ 84.568649][ T4301] __arm64_sys_getdents64+0x1c4/0x4c4 [ 84.569996][ T4301] invoke_syscall+0x98/0x2b8 [ 84.571148][ T4301] el0_svc_common+0x138/0x258 [ 84.572335][ T4301] do_el0_svc+0x58/0x14c [ 84.573403][ T4301] el0_svc+0x7c/0x1f0 [ 84.574531][ T4301] el0t_64_sync_handler+0x84/0xe4 [ 84.575851][ T4301] el0t_64_sync+0x1a0/0x1a4 [ 84.577001][ T4301] [ 84.577583][ T4301] Freed by task 4301: [ 84.578613][ T4301] kasan_set_track+0x4c/0x84 [ 84.579834][ T4301] kasan_set_free_info+0x28/0x4c [ 84.581106][ T4301] ____kasan_slab_free+0x118/0x164 [ 84.582516][ T4301] __kasan_slab_free+0x18/0x28 [ 84.583731][ T4301] slab_free_freelist_hook+0x128/0x1ec [ 84.585137][ T4301] kfree+0x178/0x410 [ 84.586252][ T4301] ext4_release_dir+0x88/0xfc [ 84.587462][ T4301] __fput+0x1c4/0x800 [ 84.588545][ T4301] ____fput+0x20/0x30 [ 84.589531][ T4301] task_work_run+0x130/0x1e4 [ 84.590788][ T4301] do_exit+0x670/0x20bc [ 84.591897][ T4301] do_group_exit+0x110/0x268 [ 84.593033][ T4301] __wake_up_parent+0x0/0x60 [ 84.594237][ T4301] invoke_syscall+0x98/0x2b8 [ 84.595486][ T4301] el0_svc_common+0x138/0x258 [ 84.596770][ T4301] do_el0_svc+0x58/0x14c [ 84.597859][ T4301] el0_svc+0x7c/0x1f0