Warning: Permanently added '10.128.0.33' (ED25519) to the list of known hosts. 2025/08/30 16:43:16 parsed 1 programs [ 82.850653][ T4045] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 84.765834][ T1658] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.773715][ T1658] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.796446][ T14] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.804434][ T14] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.778593][ T4112] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 87.790292][ T4112] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 87.805562][ T4112] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 87.815845][ T4112] netdevsim netdevsim5 netdevsim3: renamed from eth3 2025/08/30 16:43:30 executed programs: 0 [ 101.677026][ T4654] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 101.708665][ T4654] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 101.724691][ T4654] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 101.748048][ T4654] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 102.181349][ T4658] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 102.202843][ T4658] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 102.214471][ T4658] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 102.272066][ T4658] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 102.485105][ T4657] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 102.505307][ T4657] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 102.568544][ T4649] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 102.591334][ T4657] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 102.602916][ T4652] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 102.613990][ T4649] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 102.633821][ T4657] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 102.661980][ T4652] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 102.690563][ T4649] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 102.716205][ T4652] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 102.733311][ T4649] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 102.752050][ T4652] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 123.910038][ T1861] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.917961][ T1861] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.946849][ T38] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.954931][ T38] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 2025/08/30 16:44:00 executed programs: 10 [ 124.157110][ T1861] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.165016][ T1861] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.223814][ T1089] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.231660][ T1089] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.664494][ T896] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.672616][ T896] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.680677][ T38] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.688543][ T38] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.731824][ T14] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.736427][ T6698] loop6: detected capacity change from 0 to 32768 [ 124.739681][ T14] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.772078][ T57] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.779947][ T57] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.804722][ T38] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.812844][ T38] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.821371][ T6698] ================================================================== [ 124.829456][ T6698] BUG: KASAN: slab-use-after-free in diWrite+0xb08/0x1490 [ 124.836583][ T6698] Write of size 32 at addr ffff88815d6da0c0 by task syz.6.19/6698 [ 124.844510][ T6698] [ 124.846857][ T6698] CPU: 0 UID: 0 PID: 6698 Comm: syz.6.19 Not tainted syzkaller #0 PREEMPT(none) [ 124.846881][ T6698] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 124.846900][ T6698] Call Trace: [ 124.846908][ T6698] [ 124.846915][ T6698] dump_stack_lvl+0x18a/0x250 [ 124.846947][ T6698] ? diWrite+0xb08/0x1490 [ 124.846969][ T6698] ? __pfx_dump_stack_lvl+0x10/0x10 [ 124.846989][ T6698] ? rcu_is_watching+0x1f/0xa0 [ 124.847008][ T6698] ? lock_release+0x42/0x2f0 [ 124.847029][ T6698] ? lock_acquire+0x69/0x210 [ 124.847049][ T6698] ? __virt_addr_valid+0x1a8/0x400 [ 124.847070][ T6698] ? __virt_addr_valid+0x301/0x400 [ 124.847092][ T6698] print_report+0xca/0x240 [ 124.847114][ T6698] ? diWrite+0xb08/0x1490 [ 124.847134][ T6698] kasan_report+0x118/0x150 [ 124.847152][ T6698] ? diWrite+0xb08/0x1490 [ 124.847173][ T6698] kasan_check_range+0x2b0/0x2c0 [ 124.847189][ T6698] ? diWrite+0xb08/0x1490 [ 124.847205][ T6698] __asan_memcpy+0x40/0x70 [ 124.847228][ T6698] diWrite+0xb08/0x1490 [ 124.847252][ T6698] txCommit+0x852/0x51b0 [ 124.847276][ T6698] ? txLock+0xae2/0x1c70 [ 124.847297][ T6698] ? __pfx_txCommit+0x10/0x10 [ 124.847319][ T6698] ? __pfx_jfs_dirty_inode+0x10/0x10 [ 124.847345][ T6698] ? rcu_is_watching+0x1f/0xa0 [ 124.847363][ T6698] ? __mark_inode_dirty+0x2f8/0xb90 [ 124.847381][ T6698] add_missing_indices+0x865/0xc30 [ 124.847410][ T6698] ? __pfx_add_missing_indices+0x10/0x10 [ 124.847438][ T6698] ? alloc_pages_noprof+0xbe/0x160 [ 124.847458][ T6698] jfs_readdir+0x1d81/0x3af0 [ 124.847493][ T6698] ? __pfx_jfs_readdir+0x10/0x10 [ 124.847523][ T6698] ? down_write+0x104/0x160 [ 124.847542][ T6698] ? __pfx_down_write+0x10/0x10 [ 124.847560][ T6698] ? wrap_directory_iterator+0x52/0xe0 [ 124.847585][ T6698] ? __pfx_jfs_readdir+0x10/0x10 [ 124.847611][ T6698] wrap_directory_iterator+0x96/0xe0 [ 124.847635][ T6698] iterate_dir+0x383/0x550 [ 124.847659][ T6698] __se_sys_getdents64+0xe4/0x240 [ 124.847682][ T6698] ? __pfx___se_sys_getdents64+0x10/0x10 [ 124.847706][ T6698] ? __pfx_filldir64+0x10/0x10 [ 124.847732][ T6698] ? switch_fpu_return+0x12c/0x1c0 [ 124.847755][ T6698] do_syscall_64+0x8f/0x250 [ 124.847774][ T6698] ? fpregs_assert_state_consistent+0x66/0x90 [ 124.847797][ T6698] ? clear_bhb_loop+0x60/0xb0 [ 124.847816][ T6698] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.847835][ T6698] RIP: 0033:0x7f2e1e58cde9 [ 124.847856][ T6698] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 124.847872][ T6698] RSP: 002b:00007f2e1f350038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 124.847894][ T6698] RAX: ffffffffffffffda RBX: 00007f2e1e7a5fa0 RCX: 00007f2e1e58cde9 [ 124.847907][ T6698] RDX: 0000000000001000 RSI: 0000400000000f80 RDI: 0000000000000005 [ 124.847919][ T6698] RBP: 00007f2e1e60e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 124.847931][ T6698] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 124.847948][ T6698] R13: 0000000000000000 R14: 00007f2e1e7a5fa0 R15: 00007ffc7fa16d48 [ 124.847964][ T6698] [ 124.847971][ T6698] [ 124.867090][ T6711] loop1: detected capacity change from 0 to 32768 [ 124.919886][ T6711] ERROR: (device loop1): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 0 [ 124.919886][ T6711] [ 124.920640][ T6698] Allocated by task 6510: [ 124.925631][ T6711] ERROR: (device loop1): remounting filesystem as read-only [ 124.929429][ T6698] kasan_save_track+0x3e/0x80 [ 125.182844][ T6698] __kasan_kmalloc+0x93/0xb0 [ 125.187518][ T6698] __kmalloc_cache_noprof+0x220/0x410 [ 125.192889][ T6698] kmem_cache_free+0x14c/0x460 [ 125.197642][ T6698] vms_complete_munmap_vmas+0x4ec/0x730 [ 125.203179][ T6698] mmap_region+0x114d/0x2080 [ 125.207755][ T6698] do_mmap+0xc59/0x10d0 [ 125.211898][ T6698] vm_mmap_pgoff+0x2ae/0x4a0 [ 125.216504][ T6698] ksys_mmap_pgoff+0x343/0x490 [ 125.221340][ T6698] do_syscall_64+0x8f/0x250 [ 125.225881][ T6698] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 125.231757][ T6698] [ 125.234160][ T6698] Freed by task 15: [ 125.237953][ T6698] kasan_save_track+0x3e/0x80 [ 125.242619][ T6698] kasan_save_free_info+0x46/0x50 [ 125.248064][ T6698] __kasan_slab_free+0x5b/0x80 [ 125.252816][ T6698] kfree+0x174/0x3e0 [ 125.256696][ T6698] slab_free_after_rcu_debug+0x60/0x290 [ 125.262228][ T6698] rcu_core+0xbe2/0x1570 [ 125.266456][ T6698] handle_softirqs+0x1a8/0x520 [ 125.271224][ T6698] run_ksoftirqd+0x28/0x40 [ 125.275712][ T6698] smpboot_thread_fn+0x4c8/0x980 [ 125.280641][ T6698] kthread+0x66a/0x760 [ 125.284702][ T6698] ret_from_fork+0x1b7/0x380 [ 125.289285][ T6698] ret_from_fork_asm+0x1a/0x30 [ 125.294047][ T6698] [ 125.296375][ T6698] Last potentially related work creation: [ 125.302076][ T6698] kasan_save_stack+0x3e/0x60 [ 125.306783][ T6698] kasan_record_aux_stack+0xbd/0xd0 [ 125.312237][ T6698] call_rcu+0x14a/0x790 [ 125.316382][ T6698] kmem_cache_free+0x2c8/0x460 [ 125.321135][ T6698] vms_complete_munmap_vmas+0x4ec/0x730 [ 125.326668][ T6698] mmap_region+0x114d/0x2080 [ 125.331249][ T6698] do_mmap+0xc59/0x10d0 [ 125.335391][ T6698] vm_mmap_pgoff+0x2ae/0x4a0 [ 125.339962][ T6698] ksys_mmap_pgoff+0x343/0x490 [ 125.344714][ T6698] do_syscall_64+0x8f/0x250 [ 125.349210][ T6698] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 125.355086][ T6698] [ 125.357390][ T6698] The buggy address belongs to the object at ffff88815d6da0c0 [ 125.357390][ T6698] which belongs to the cache kmalloc-32 of size 32 [ 125.371250][ T6698] The buggy address is located 0 bytes inside of [ 125.371250][ T6698] freed 32-byte region [ffff88815d6da0c0, ffff88815d6da0e0) [ 125.384772][ T6698] [ 125.387085][ T6698] The buggy address belongs to the physical page: [ 125.393496][ T6698] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x15d6da [ 125.402325][ T6698] flags: 0x100000000000000(node=0|zone=2) [ 125.408021][ T6698] page_type: f5(slab) [ 125.411987][ T6698] raw: 0100000000000000 ffff888100041780 ffffea0005ce2b00 dead000000000002 [ 125.420567][ T6698] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000 [ 125.429137][ T6698] page dumped because: kasan: bad access detected [ 125.435545][ T6698] page_owner tracks the page as allocated [ 125.441250][ T6698] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP), pid 4536, tgid 4536 (modprobe), ts 92147084229, free_ts 92146266262 [ 125.459295][ T6698] post_alloc_hook+0x168/0x1a0 [ 125.464056][ T6698] get_page_from_freelist+0x3777/0x38d0 [ 125.469590][ T6698] __alloc_frozen_pages_noprof+0x26b/0x460 [ 125.475391][ T6698] alloc_pages_mpol+0x232/0x460 [ 125.480313][ T6698] allocate_slab+0x8a/0x320 [ 125.484801][ T6698] ___slab_alloc+0x9c6/0x10a0 [ 125.489472][ T6698] __kmalloc_cache_noprof+0x27c/0x410 [ 125.494842][ T6698] kmem_cache_free+0x14c/0x460 [ 125.499592][ T6698] exit_mmap+0x4f0/0xa10 [ 125.503825][ T6698] __mmput+0x118/0x420 [ 125.507963][ T6698] exit_mm+0x12f/0x200 [ 125.512015][ T6698] do_exit+0x62f/0x2380 [ 125.516165][ T6698] do_group_exit+0x21c/0x2d0 [ 125.520739][ T6698] __x64_sys_exit_group+0x3f/0x40 [ 125.525940][ T6698] x64_sys_call+0x21f7/0x2200 [ 125.530619][ T6698] do_syscall_64+0x8f/0x250 [ 125.535112][ T6698] page last free pid 4536 tgid 4536 stack trace: [ 125.541438][ T6698] __free_frozen_pages+0xb91/0xcf0 [ 125.546555][ T6698] tlb_finish_mmu+0x112/0x1d0 [ 125.551225][ T6698] exit_mmap+0x428/0xa10 [ 125.555548][ T6698] __mmput+0x118/0x420 [ 125.559604][ T6698] exit_mm+0x12f/0x200 [ 125.563659][ T6698] do_exit+0x62f/0x2380 [ 125.567798][ T6698] do_group_exit+0x21c/0x2d0 [ 125.572378][ T6698] __x64_sys_exit_group+0x3f/0x40 [ 125.577389][ T6698] x64_sys_call+0x21f7/0x2200 [ 125.582055][ T6698] do_syscall_64+0x8f/0x250 [ 125.586552][ T6698] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 125.592431][ T6698] [ 125.594759][ T6698] Memory state around the buggy address: [ 125.600375][ T6698] ffff88815d6d9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 125.608420][ T6698] ffff88815d6da000: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 125.616465][ T6698] >ffff88815d6da080: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 125.624520][ T6698] ^ [ 125.630652][ T6698] ffff88815d6da100: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 125.638699][ T6698] ffff88815d6da180: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 125.646763][ T6698] ================================================================== [ 125.655946][ T6698] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 125.663414][ T6698] Kernel Offset: disabled [ 125.667754][ T6698] Rebooting in 86400 seconds..