Warning: Permanently added '10.128.0.102' (ED25519) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
[   55.829231][ T5097] mmap: syz-executor149 (5097) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
executing program
executing program
executing program
executing program
executing program
[   56.021927][ T5117] ==================================================================
[   56.030027][ T5117] BUG: KASAN: use-after-free in finish_fault+0xf87/0x1460
[   56.037170][ T5117] Read of size 8 at addr ffff88807bfb7000 by task syz-executor149/5117
[   56.045413][ T5117] 
[   56.047752][ T5117] CPU: 0 PID: 5117 Comm: syz-executor149 Not tainted 6.10.0-rc2-next-20240607-syzkaller #0
[   56.057729][ T5117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[   56.067797][ T5117] Call Trace:
[   56.071080][ T5117]  <TASK>
[   56.074022][ T5117]  dump_stack_lvl+0x241/0x360
[   56.078723][ T5117]  ? __pfx_dump_stack_lvl+0x10/0x10
[   56.083932][ T5117]  ? __pfx__printk+0x10/0x10
[   56.088537][ T5117]  ? _printk+0xd5/0x120
[   56.092702][ T5117]  ? __virt_addr_valid+0x183/0x520
[   56.097822][ T5117]  ? __virt_addr_valid+0x183/0x520
[   56.102947][ T5117]  print_report+0x169/0x550
[   56.107456][ T5117]  ? __virt_addr_valid+0x183/0x520
[   56.112574][ T5117]  ? __virt_addr_valid+0x183/0x520
[   56.117695][ T5117]  ? __virt_addr_valid+0x44e/0x520
[   56.122816][ T5117]  ? __phys_addr+0xba/0x170
[   56.127324][ T5117]  ? finish_fault+0xf87/0x1460
[   56.132080][ T5117]  kasan_report+0x143/0x180
[   56.136574][ T5117]  ? finish_fault+0xf87/0x1460
[   56.141323][ T5117]  finish_fault+0xf87/0x1460
[   56.145904][ T5117]  ? __pfx_finish_fault+0x10/0x10
[   56.150913][ T5117]  ? __pfx_lock_release+0x10/0x10
[   56.155919][ T5117]  ? pte_offset_map_nolock+0x137/0x1f0
[   56.161366][ T5117]  ? __lock_acquire+0x1359/0x2000
[   56.166376][ T5117]  ? __do_fault+0x258/0x460
[   56.170866][ T5117]  ? handle_pte_fault+0x2bf5/0x7130
[   56.176049][ T5117]  handle_pte_fault+0x3db5/0x7130
[   56.181061][ T5117]  ? __pfx_cgroup_rstat_updated+0x10/0x10
[   56.186768][ T5117]  ? __pfx_lock_acquire+0x10/0x10
[   56.191776][ T5117]  ? __pfx_handle_pte_fault+0x10/0x10
[   56.197133][ T5117]  ? do_raw_spin_lock+0x14f/0x370
[   56.202149][ T5117]  ? follow_page_pte+0x292/0x1d90
[   56.207158][ T5117]  ? follow_page_pte+0x859/0x1d90
[   56.212167][ T5117]  ? __pfx_lock_release+0x10/0x10
[   56.217177][ T5117]  ? do_raw_spin_unlock+0x13c/0x8b0
[   56.222369][ T5117]  handle_mm_fault+0x10df/0x1ba0
[   56.227302][ T5117]  ? __pfx_handle_mm_fault+0x10/0x10
[   56.232577][ T5117]  ? __pfx_find_vma+0x10/0x10
[   56.237240][ T5117]  ? vma_is_secretmem+0xd/0x50
[   56.241990][ T5117]  ? check_vma_flags+0x500/0x5a0
[   56.246929][ T5117]  __get_user_pages+0x6ef/0x1590
[   56.251865][ T5117]  ? mt_find+0x62d/0x850
[   56.256103][ T5117]  ? __pfx___get_user_pages+0x10/0x10
[   56.261466][ T5117]  populate_vma_page_range+0x264/0x330
[   56.266911][ T5117]  ? __pfx_populate_vma_page_range+0x10/0x10
[   56.272881][ T5117]  __mm_populate+0x27a/0x460
[   56.277481][ T5117]  ? __pfx___mm_populate+0x10/0x10
[   56.282587][ T5117]  __se_sys_remap_file_pages+0x7a1/0x9a0
[   56.288213][ T5117]  ? __pfx___se_sys_remap_file_pages+0x10/0x10
[   56.294356][ T5117]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   56.300323][ T5117]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   56.306634][ T5117]  ? do_syscall_64+0x100/0x230
[   56.311383][ T5117]  ? __x64_sys_remap_file_pages+0x20/0xc0
[   56.317091][ T5117]  do_syscall_64+0xf3/0x230
[   56.321576][ T5117]  ? clear_bhb_loop+0x35/0x90
[   56.326238][ T5117]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   56.332114][ T5117] RIP: 0033:0x7ff1cbb3e399
[   56.336526][ T5117] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   56.356117][ T5117] RSP: 002b:00007ff1cbad8238 EFLAGS: 00000246 ORIG_RAX: 00000000000000d8
[   56.364515][ T5117] RAX: ffffffffffffffda RBX: 00007ff1cbbc8318 RCX: 00007ff1cbb3e399
[   56.372468][ T5117] RDX: 0000000000000000 RSI: 0000000000200000 RDI: 00000000202ec000
[   56.380426][ T5117] RBP: 00007ff1cbbc8310 R08: 0000000000000000 R09: 00007ff1cbad86c0
[   56.388381][ T5117] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff1cbbc831c
[   56.396338][ T5117] R13: 0000000000000000 R14: 00007ffcff8e0350 R15: 00007ffcff8e0438
[   56.404309][ T5117]  </TASK>
[   56.407314][ T5117] 
[   56.409620][ T5117] The buggy address belongs to the physical page:
[   56.416020][ T5117] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7bfb7
[   56.424762][ T5117] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   56.431860][ T5117] raw: 00fff00000000000 ffffea00007ed408 ffff8880b94448a0 0000000000000000
[   56.440423][ T5117] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   56.448979][ T5117] page dumped because: kasan: bad access detected
[   56.455374][ T5117] page_owner tracks the page as freed
[   56.460717][ T5117] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x440dc0(GFP_KERNEL_ACCOUNT|__GFP_COMP|__GFP_ZERO), pid 5097, tgid 5088 (syz-executor149), ts 55842453591, free_ts 55925905863
[   56.479629][ T5117]  post_alloc_hook+0x1f3/0x230
[   56.484380][ T5117]  get_page_from_freelist+0x2cbd/0x2d70
[   56.489909][ T5117]  __alloc_pages_noprof+0x256/0x6c0
[   56.495091][ T5117]  alloc_pages_mpol_noprof+0x3e8/0x680
[   56.500530][ T5117]  pte_alloc_one+0x88/0x5d0
[   56.505018][ T5117]  handle_pte_fault+0x2ba7/0x7130
[   56.510024][ T5117]  handle_mm_fault+0x10df/0x1ba0
[   56.514942][ T5117]  __get_user_pages+0x6ef/0x1590
[   56.519862][ T5117]  populate_vma_page_range+0x264/0x330
[   56.525307][ T5117]  __mm_populate+0x27a/0x460
[   56.529879][ T5117]  __se_sys_remap_file_pages+0x7a1/0x9a0
[   56.535496][ T5117]  do_syscall_64+0xf3/0x230
[   56.539982][ T5117]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   56.545855][ T5117] page last free pid 5097 tgid 5088 stack trace:
[   56.552156][ T5117]  free_unref_folios+0x103a/0x1b00
[   56.557250][ T5117]  folios_put_refs+0x76e/0x860
[   56.562003][ T5117]  free_pages_and_swap_cache+0x5c8/0x690
[   56.567624][ T5117]  tlb_flush_mmu+0x3a3/0x680
[   56.572197][ T5117]  tlb_finish_mmu+0xd4/0x200
[   56.576769][ T5117]  exit_mmap+0x44f/0xc80
[   56.580995][ T5117]  __mmput+0x115/0x390
[   56.585044][ T5117]  exit_mm+0x220/0x310
[   56.589095][ T5117]  do_exit+0x9aa/0x28e0
[   56.593668][ T5117]  do_group_exit+0x207/0x2c0
[   56.598244][ T5117]  get_signal+0x16a1/0x1740
[   56.602730][ T5117]  arch_do_signal_or_restart+0x96/0x830
[   56.608260][ T5117]  syscall_exit_to_user_mode+0xc9/0x370
[   56.613795][ T5117]  do_syscall_64+0x100/0x230
[   56.618366][ T5117]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   56.624244][ T5117] 
[   56.626547][ T5117] Memory state around the buggy address:
[   56.632153][ T5117]  ffff88807bfb6f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   56.640192][ T5117]  ffff88807bfb6f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   56.648231][ T5117] >ffff88807bfb7000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   56.656268][ T5117]                    ^
[   56.660313][ T5117]  ffff88807bfb7080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
executing program
executing program
[   56.668351][ T5117]  ffff88807bfb7100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   56.676387][ T5117] ==================================================================
[   56.684910][ T5117] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   56.692115][ T5117] CPU: 0 PID: 5117 Comm: syz-executor149 Not tainted 6.10.0-rc2-next-20240607-syzkaller #0
[   56.702097][ T5117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[   56.712163][ T5117] Call Trace:
[   56.715447][ T5117]  <TASK>
[   56.718379][ T5117]  dump_stack_lvl+0x241/0x360
[   56.723067][ T5117]  ? __pfx_dump_stack_lvl+0x10/0x10
[   56.728281][ T5117]  ? __pfx__printk+0x10/0x10
[   56.732886][ T5117]  ? vscnprintf+0x5d/0x90
[   56.737222][ T5117]  panic+0x349/0x870
[   56.741128][ T5117]  ? check_panic_on_warn+0x21/0xb0
[   56.746263][ T5117]  ? __pfx_panic+0x10/0x10
[   56.750786][ T5117]  ? mark_lock+0x9a/0x360
[   56.755129][ T5117]  ? _raw_spin_unlock_irqrestore+0xd8/0x140
[   56.761031][ T5117]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   56.766928][ T5117]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   56.773244][ T5117]  ? print_report+0x502/0x550
[   56.777910][ T5117]  check_panic_on_warn+0x86/0xb0
[   56.782840][ T5117]  ? finish_fault+0xf87/0x1460
[   56.787598][ T5117]  end_report+0x77/0x160
[   56.791824][ T5117]  kasan_report+0x154/0x180
[   56.796313][ T5117]  ? finish_fault+0xf87/0x1460
[   56.801069][ T5117]  finish_fault+0xf87/0x1460
[   56.805655][ T5117]  ? __pfx_finish_fault+0x10/0x10
[   56.810749][ T5117]  ? __pfx_lock_release+0x10/0x10
[   56.815756][ T5117]  ? pte_offset_map_nolock+0x137/0x1f0
[   56.821207][ T5117]  ? __lock_acquire+0x1359/0x2000
[   56.826226][ T5117]  ? __do_fault+0x258/0x460
[   56.830720][ T5117]  ? handle_pte_fault+0x2bf5/0x7130
[   56.835906][ T5117]  handle_pte_fault+0x3db5/0x7130
[   56.840923][ T5117]  ? __pfx_cgroup_rstat_updated+0x10/0x10
[   56.846634][ T5117]  ? __pfx_lock_acquire+0x10/0x10
[   56.851643][ T5117]  ? __pfx_handle_pte_fault+0x10/0x10
[   56.857004][ T5117]  ? do_raw_spin_lock+0x14f/0x370
[   56.862031][ T5117]  ? follow_page_pte+0x292/0x1d90
[   56.867039][ T5117]  ? follow_page_pte+0x859/0x1d90
[   56.872047][ T5117]  ? __pfx_lock_release+0x10/0x10
[   56.877061][ T5117]  ? do_raw_spin_unlock+0x13c/0x8b0
[   56.882250][ T5117]  handle_mm_fault+0x10df/0x1ba0
[   56.887181][ T5117]  ? __pfx_handle_mm_fault+0x10/0x10
[   56.892454][ T5117]  ? __pfx_find_vma+0x10/0x10
[   56.897117][ T5117]  ? vma_is_secretmem+0xd/0x50
[   56.901869][ T5117]  ? check_vma_flags+0x500/0x5a0
[   56.906813][ T5117]  __get_user_pages+0x6ef/0x1590
[   56.911742][ T5117]  ? mt_find+0x62d/0x850
[   56.915978][ T5117]  ? __pfx___get_user_pages+0x10/0x10
[   56.921345][ T5117]  populate_vma_page_range+0x264/0x330
[   56.926792][ T5117]  ? __pfx_populate_vma_page_range+0x10/0x10
[   56.932758][ T5117]  __mm_populate+0x27a/0x460
[   56.937335][ T5117]  ? __pfx___mm_populate+0x10/0x10
[   56.942431][ T5117]  __se_sys_remap_file_pages+0x7a1/0x9a0
[   56.948052][ T5117]  ? __pfx___se_sys_remap_file_pages+0x10/0x10
[   56.954193][ T5117]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   56.960159][ T5117]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   56.966469][ T5117]  ? do_syscall_64+0x100/0x230
[   56.971213][ T5117]  ? __x64_sys_remap_file_pages+0x20/0xc0
[   56.976916][ T5117]  do_syscall_64+0xf3/0x230
[   56.981487][ T5117]  ? clear_bhb_loop+0x35/0x90
[   56.986148][ T5117]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   56.992025][ T5117] RIP: 0033:0x7ff1cbb3e399
[   56.996425][ T5117] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   57.016017][ T5117] RSP: 002b:00007ff1cbad8238 EFLAGS: 00000246 ORIG_RAX: 00000000000000d8
[   57.024414][ T5117] RAX: ffffffffffffffda RBX: 00007ff1cbbc8318 RCX: 00007ff1cbb3e399
[   57.032368][ T5117] RDX: 0000000000000000 RSI: 0000000000200000 RDI: 00000000202ec000
[   57.040319][ T5117] RBP: 00007ff1cbbc8310 R08: 0000000000000000 R09: 00007ff1cbad86c0
[   57.048283][ T5117] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff1cbbc831c
[   57.056240][ T5117] R13: 0000000000000000 R14: 00007ffcff8e0350 R15: 00007ffcff8e0438
[   57.064206][ T5117]  </TASK>
[   57.067452][ T5117] Kernel Offset: disabled
[   57.071778][ T5117] Rebooting in 86400 seconds..