Warning: Permanently added '10.128.1.211' (ED25519) to the list of known hosts. 2025/10/26 14:31:38 parsed 1 programs [ 80.330411][ T3559] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 82.893732][ T3591] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 82.902409][ T3591] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 82.911020][ T3591] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 82.919560][ T3591] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 87.334573][ T1448] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.342463][ T1448] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.358396][ T33] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.366498][ T33] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 2025/10/26 14:31:49 executed programs: 0 [ 92.972984][ T4157] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 92.982931][ T4157] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 92.993049][ T4157] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 93.003301][ T4157] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 100.500190][ T1385] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.508260][ T1385] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.533162][ T1142] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.541135][ T1142] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 2025/10/26 14:31:59 executed programs: 2 [ 100.634708][ T4923] syz.2.17[4923]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 100.824162][ T4923] loop2: detected capacity change from 0 to 32768 [ 100.846550][ T4923] ================================================================== [ 100.854652][ T4923] BUG: KASAN: slab-out-of-bounds in dtSearch+0x163a/0x2040 [ 100.861881][ T4923] Read of size 1 at addr ffff888123a43fe0 by task syz.2.17/4923 [ 100.869516][ T4923] [ 100.871855][ T4923] CPU: 1 PID: 4923 Comm: syz.2.17 Not tainted syzkaller #0 [ 100.879053][ T4923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 100.889129][ T4923] Call Trace: [ 100.892417][ T4923] [ 100.895350][ T4923] dump_stack_lvl+0x168/0x230 [ 100.900042][ T4923] ? read_lock_is_recursive+0x20/0x20 [ 100.905427][ T4923] ? show_regs_print_info+0x20/0x20 [ 100.910633][ T4923] ? load_image+0x630/0x630 [ 100.915146][ T4923] ? _raw_spin_lock_irqsave+0xa6/0xe0 [ 100.920528][ T4923] ? __virt_addr_valid+0x16c/0x380 [ 100.925646][ T4923] ? __virt_addr_valid+0x2c5/0x380 [ 100.930763][ T4923] print_report+0xac/0x220 [ 100.935183][ T4923] ? dtSearch+0x163a/0x2040 [ 100.939697][ T4923] kasan_report+0x117/0x150 [ 100.944213][ T4923] ? dtSearch+0x163a/0x2040 [ 100.948724][ T4923] dtSearch+0x163a/0x2040 [ 100.953067][ T4923] jfs_lookup+0x156/0x380 [ 100.957407][ T4923] ? jfs_get_parent+0xb0/0xb0 [ 100.962094][ T4923] ? apparmor_path_rmdir+0x2f0/0x2f0 [ 100.967395][ T4923] ? make_vfsuid+0x51/0xb0 [ 100.971822][ T4923] ? inode_permission+0xf3/0x480 [ 100.976767][ T4923] ? security_inode_create+0xb7/0x100 [ 100.982146][ T4923] ? jfs_get_parent+0xb0/0xb0 [ 100.986828][ T4923] path_openat+0x1669/0x3450 [ 100.991426][ T4923] ? do_filp_open+0x3d0/0x3d0 [ 100.996115][ T4923] do_filp_open+0x1c5/0x3d0 [ 101.000632][ T4923] ? vfs_tmpfile+0x440/0x440 [ 101.005228][ T4923] ? _raw_spin_unlock+0x28/0x40 [ 101.010082][ T4923] ? alloc_fd+0x4b2/0x560 [ 101.014439][ T4923] do_sys_openat2+0x12c/0x1c0 [ 101.019107][ T4923] ? __se_sys_futex+0x36f/0x3f0 [ 101.023946][ T4923] ? do_sys_open+0xe0/0xe0 [ 101.028434][ T4923] __x64_sys_creat+0x90/0xb0 [ 101.033008][ T4923] do_syscall_64+0x55/0xb0 [ 101.037407][ T4923] ? clear_bhb_loop+0x40/0x90 [ 101.042085][ T4923] ? clear_bhb_loop+0x40/0x90 [ 101.046754][ T4923] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 101.052633][ T4923] RIP: 0033:0x7fa6cfc8eba9 [ 101.057055][ T4923] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 101.076662][ T4923] RSP: 002b:00007fa6cfaff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 101.085056][ T4923] RAX: ffffffffffffffda RBX: 00007fa6cfed5fa0 RCX: 00007fa6cfc8eba9 [ 101.093006][ T4923] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000200000000100 [ 101.100981][ T4923] RBP: 00007fa6cfd11e19 R08: 0000000000000000 R09: 0000000000000000 [ 101.108931][ T4923] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 101.116877][ T4923] R13: 00007fa6cfed6038 R14: 00007fa6cfed5fa0 R15: 00007fffd496f838 [ 101.124831][ T4923] [ 101.127831][ T4923] [ 101.130138][ T4923] Allocated by task 4923: [ 101.134437][ T4923] kasan_set_track+0x4e/0x70 [ 101.139011][ T4923] __kasan_slab_alloc+0x6c/0x80 [ 101.143845][ T4923] slab_post_alloc_hook+0x66/0x430 [ 101.148934][ T4923] kmem_cache_alloc_lru+0x115/0x290 [ 101.154104][ T4923] jfs_alloc_inode+0x28/0x60 [ 101.158669][ T4923] new_inode_pseudo+0x63/0x1d0 [ 101.163411][ T4923] new_inode+0x22/0x1b0 [ 101.167545][ T4923] ialloc+0x4c/0x950 [ 101.171421][ T4923] jfs_create+0x18b/0xa40 [ 101.175726][ T4923] path_openat+0x1884/0x3450 [ 101.180293][ T4923] do_filp_open+0x1c5/0x3d0 [ 101.184790][ T4923] do_sys_openat2+0x12c/0x1c0 [ 101.189448][ T4923] __x64_sys_openat+0x139/0x160 [ 101.194277][ T4923] do_syscall_64+0x55/0xb0 [ 101.198675][ T4923] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 101.204542][ T4923] [ 101.206842][ T4923] The buggy address belongs to the object at ffff888123a436f0 [ 101.206842][ T4923] which belongs to the cache jfs_ip of size 2216 [ 101.220524][ T4923] The buggy address is located 72 bytes to the right of [ 101.220524][ T4923] allocated 2216-byte region [ffff888123a436f0, ffff888123a43f98) [ 101.235166][ T4923] [ 101.237469][ T4923] The buggy address belongs to the physical page: [ 101.243862][ T4923] page:ffffea00048e9000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x123a40 [ 101.254075][ T4923] head:ffffea00048e9000 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 101.263504][ T4923] memcg:ffff888114cf3801 [ 101.267727][ T4923] flags: 0x200000000000840(slab|head|node=0|zone=2) [ 101.274293][ T4923] page_type: 0xffffffff() [ 101.278622][ T4923] raw: 0200000000000840 ffff888105e82a00 dead000000000122 0000000000000000 [ 101.287177][ T4923] raw: 0000000000000000 00000000800d000d 00000001ffffffff ffff888114cf3801 [ 101.295728][ T4923] page dumped because: kasan: bad access detected [ 101.302115][ T4923] page_owner tracks the page as allocated [ 101.307812][ T4923] page last allocated via order 3, migratetype Reclaimable, gfp_mask 0x1d2050(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 4923, tgid 4922 (syz.2.17), ts 100836561745, free_ts 98778014370 [ 101.331232][ T4923] post_alloc_hook+0x26b/0x290 [ 101.335978][ T4923] get_page_from_freelist+0x23ff/0x2530 [ 101.341502][ T4923] __alloc_pages+0x1e3/0x430 [ 101.346075][ T4923] alloc_slab_page+0x5d/0x170 [ 101.350731][ T4923] new_slab+0x70/0x260 [ 101.354769][ T4923] ___slab_alloc+0xa3e/0xee0 [ 101.359332][ T4923] kmem_cache_alloc_lru+0x193/0x290 [ 101.364502][ T4923] jfs_alloc_inode+0x28/0x60 [ 101.369078][ T4923] new_inode_pseudo+0x63/0x1d0 [ 101.373818][ T4923] new_inode+0x22/0x1b0 [ 101.377953][ T4923] jfs_fill_super+0x396/0xac0 [ 101.382605][ T4923] mount_bdev+0x22b/0x2d0 [ 101.386909][ T4923] legacy_get_tree+0xea/0x180 [ 101.391562][ T4923] vfs_get_tree+0x8d/0x1d0 [ 101.395951][ T4923] do_new_mount+0x244/0x940 [ 101.400435][ T4923] __se_sys_mount+0x324/0x390 [ 101.405088][ T4923] page last free stack trace: [ 101.409732][ T4923] free_unref_page_prepare+0x7ed/0x910 [ 101.415176][ T4923] free_unref_page+0x32/0x290 [ 101.419829][ T4923] __unfreeze_partials+0x1a4/0x1e0 [ 101.424915][ T4923] put_cpu_partial+0x14c/0x1b0 [ 101.429653][ T4923] __slab_free+0x297/0x380 [ 101.434060][ T4923] qlist_free_all+0x75/0xe0 [ 101.438543][ T4923] kasan_quarantine_reduce+0x143/0x160 [ 101.443972][ T4923] __kasan_slab_alloc+0x22/0x80 [ 101.448798][ T4923] slab_post_alloc_hook+0x66/0x430 [ 101.453883][ T4923] __kmem_cache_alloc_node+0x13e/0x250 [ 101.459315][ T4923] kmalloc_trace+0x2a/0xc0 [ 101.463709][ T4923] __request_module+0x278/0x530 [ 101.468584][ T4923] dev_ioctl+0x5ea/0x1060 [ 101.472889][ T4923] sock_do_ioctl+0x226/0x2f0 [ 101.477459][ T4923] sock_ioctl+0x566/0x720 [ 101.481803][ T4923] __se_sys_ioctl+0xfd/0x170 [ 101.486381][ T4923] [ 101.488680][ T4923] Memory state around the buggy address: [ 101.494288][ T4923] ffff888123a43e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 101.502327][ T4923] ffff888123a43f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 101.510481][ T4923] >ffff888123a43f80: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 101.518530][ T4923] ^ [ 101.525706][ T4923] ffff888123a44000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 101.533755][ T4923] ffff888123a44080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 101.541799][ T4923] ================================================================== [ 101.550113][ T4923] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 101.557583][ T4923] Kernel Offset: disabled [ 101.561892][ T4923] Rebooting in 86400 seconds..