Warning: Permanently added '10.128.0.88' (ED25519) to the list of known hosts. 2025/01/20 10:28:51 ignoring optional flag "sandboxArg"="0" 2025/01/20 10:28:52 parsed 1 programs [ 59.922141][ T5816] cgroup: Unknown subsys name 'net' [ 60.039088][ T5816] cgroup: Unknown subsys name 'cpuset' [ 60.046055][ T5816] cgroup: Unknown subsys name 'rlimit' [ 61.081881][ T5816] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 62.907664][ T5825] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 63.102720][ T5836] chnl_net:caif_netlink_parms(): no params data found [ 63.143793][ T5836] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.151155][ T5836] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.158365][ T5836] bridge_slave_0: entered allmulticast mode [ 63.164785][ T5836] bridge_slave_0: entered promiscuous mode [ 63.172047][ T5836] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.179253][ T5836] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.186344][ T5836] bridge_slave_1: entered allmulticast mode [ 63.193054][ T5836] bridge_slave_1: entered promiscuous mode [ 63.211318][ T5836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.222242][ T5836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.241178][ T5836] team0: Port device team_slave_0 added [ 63.248158][ T5836] team0: Port device team_slave_1 added [ 63.262668][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 63.270084][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.296043][ T5836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 63.307898][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 63.314853][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.341024][ T5836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 63.375594][ T5836] hsr_slave_0: entered promiscuous mode [ 63.381833][ T5836] hsr_slave_1: entered promiscuous mode [ 63.442381][ T5836] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 63.450757][ T5836] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 63.459613][ T5836] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 63.468770][ T5836] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 63.483411][ T5836] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.490555][ T5836] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.497935][ T5836] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.505457][ T5836] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.544071][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.556947][ T63] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.564754][ T63] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.575569][ T5836] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.585782][ T53] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.592910][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.603840][ T53] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.610963][ T53] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.693058][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 63.714580][ T5836] veth0_vlan: entered promiscuous mode [ 63.723555][ T5836] veth1_vlan: entered promiscuous mode [ 63.739822][ T5836] veth0_macvtap: entered promiscuous mode [ 63.747110][ T5836] veth1_macvtap: entered promiscuous mode [ 63.759924][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 63.771482][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 63.780901][ T5836] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.790227][ T5836] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.799111][ T5836] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.807892][ T5836] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.868468][ T63] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 63.903047][ T63] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 63.951958][ T63] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 64.006510][ T63] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 64.253276][ T5862] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 64.262456][ T5862] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 64.270378][ T5862] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 64.279090][ T5862] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 64.286486][ T5862] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 64.294652][ T5862] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 65.099447][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.107471][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.122162][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.130244][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 2025/01/20 10:28:59 executed programs: 0 [ 65.431083][ T5131] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 65.438606][ T5131] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 65.445833][ T5131] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 65.453906][ T5131] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 65.462362][ T5131] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 65.470155][ T5131] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 65.540272][ T5910] chnl_net:caif_netlink_parms(): no params data found [ 65.581626][ T5910] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.588962][ T5910] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.596082][ T5910] bridge_slave_0: entered allmulticast mode [ 65.603339][ T5910] bridge_slave_0: entered promiscuous mode [ 65.610715][ T5910] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.617852][ T5910] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.625025][ T5910] bridge_slave_1: entered allmulticast mode [ 65.632209][ T5910] bridge_slave_1: entered promiscuous mode [ 65.650624][ T5910] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 65.661141][ T5910] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 65.679981][ T5910] team0: Port device team_slave_0 added [ 65.687058][ T5910] team0: Port device team_slave_1 added [ 65.702322][ T5910] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 65.709566][ T5910] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 65.735817][ T5910] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 65.748607][ T5910] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 65.755549][ T5910] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 65.782876][ T5910] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 65.810716][ T5910] hsr_slave_0: entered promiscuous mode [ 65.816693][ T5910] hsr_slave_1: entered promiscuous mode [ 65.823104][ T5910] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 65.830769][ T5910] Cannot create hsr debugfs directory [ 67.190678][ T63] bridge_slave_1: left allmulticast mode [ 67.196371][ T63] bridge_slave_1: left promiscuous mode [ 67.203196][ T63] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.211642][ T63] bridge_slave_0: left allmulticast mode [ 67.218196][ T63] bridge_slave_0: left promiscuous mode [ 67.223888][ T63] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.277953][ T63] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 67.288106][ T63] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 67.297448][ T63] bond0 (unregistering): Released all slaves [ 67.352911][ T63] hsr_slave_0: left promiscuous mode [ 67.359887][ T63] hsr_slave_1: left promiscuous mode [ 67.365726][ T63] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 67.374430][ T63] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 67.382346][ T63] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 67.391474][ T63] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 67.401009][ T63] veth1_macvtap: left promiscuous mode [ 67.406540][ T63] veth0_macvtap: left promiscuous mode [ 67.413025][ T63] veth1_vlan: left promiscuous mode [ 67.418374][ T63] veth0_vlan: left promiscuous mode [ 67.531145][ T63] team0 (unregistering): Port device team_slave_1 removed [ 67.537395][ T5131] Bluetooth: hci0: command tx timeout [ 67.549787][ T63] team0 (unregistering): Port device team_slave_0 removed [ 67.820773][ T5910] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 67.841843][ T5910] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 67.851397][ T5910] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 67.860590][ T5910] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 67.935721][ T5910] 8021q: adding VLAN 0 to HW filter on device bond0 [ 67.952788][ T5910] 8021q: adding VLAN 0 to HW filter on device team0 [ 67.970007][ T53] bridge0: port 1(bridge_slave_0) entered blocking state [ 67.977102][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state [ 67.991743][ T53] bridge0: port 2(bridge_slave_1) entered blocking state [ 67.998903][ T53] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.181098][ T5910] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 68.348367][ T5910] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 68.385682][ T5910] veth0_vlan: entered promiscuous mode [ 68.413418][ T5910] veth1_vlan: entered promiscuous mode [ 68.430555][ T5910] veth0_macvtap: entered promiscuous mode [ 68.441354][ T5910] veth1_macvtap: entered promiscuous mode [ 68.455991][ T5910] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 68.466654][ T5910] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 68.484117][ T5910] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.498032][ T5910] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.506783][ T5910] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.516298][ T5910] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.558409][ T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.566276][ T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.594949][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.606473][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.645525][ T5980] loop0: detected capacity change from 0 to 64 [ 68.681799][ T5982] loop0: detected capacity change from 0 to 64 [ 68.713986][ T5984] loop0: detected capacity change from 0 to 64 [ 68.745611][ T5986] loop0: detected capacity change from 0 to 64 [ 68.793155][ T5989] loop0: detected capacity change from 0 to 164 [ 68.833066][ T5991] loop0: detected capacity change from 0 to 64 [ 68.864099][ T5993] loop0: detected capacity change from 0 to 64 [ 68.901722][ T5995] loop0: detected capacity change from 0 to 64 [ 68.942095][ T5998] loop0: detected capacity change from 0 to 64 [ 68.974703][ T6000] loop0: detected capacity change from 0 to 64 [ 69.020927][ T6003] loop0: detected capacity change from 0 to 64 [ 69.051710][ T6005] loop0: detected capacity change from 0 to 64 [ 69.093313][ T6007] loop0: detected capacity change from 0 to 64 [ 69.144028][ T6009] loop0: detected capacity change from 0 to 64 [ 69.190371][ T6012] loop0: detected capacity change from 0 to 64 [ 69.220654][ T6015] loop0: detected capacity change from 0 to 64 [ 69.251964][ T6017] loop0: detected capacity change from 0 to 64 [ 69.288300][ T6019] loop0: detected capacity change from 0 to 64 [ 69.336288][ T6022] loop0: detected capacity change from 0 to 64 [ 69.391517][ T6027] loop0: detected capacity change from 0 to 64 [ 69.421322][ T6029] loop0: detected capacity change from 0 to 64 [ 69.462499][ T6031] loop0: detected capacity change from 0 to 164 [ 69.499767][ T6033] loop0: detected capacity change from 0 to 64 [ 69.539672][ T6036] loop0: detected capacity change from 0 to 64 [ 69.553521][ T6036] ================================================================== [ 69.561635][ T6036] BUG: KASAN: slab-out-of-bounds in hfs_bnode_read_key+0x314/0x450 [ 69.569571][ T6036] Write of size 94 at addr ffff888029bdc300 by task syz.0.40/6036 [ 69.577395][ T6036] [ 69.579751][ T6036] CPU: 1 UID: 0 PID: 6036 Comm: syz.0.40 Not tainted 6.13.0-syzkaller #0 [ 69.588188][ T6036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 69.598255][ T6036] Call Trace: [ 69.601525][ T6036] <TASK> [ 69.604447][ T6036] dump_stack_lvl+0x241/0x360 [ 69.609123][ T6036] ? __pfx_dump_stack_lvl+0x10/0x10 [ 69.614310][ T6036] ? __pfx__printk+0x10/0x10 [ 69.617345][ T5131] Bluetooth: hci0: command tx timeout [ 69.618876][ T6036] ? _printk+0xd5/0x120 [ 69.628728][ T6036] ? __virt_addr_valid+0x183/0x530 [ 69.633832][ T6036] ? __virt_addr_valid+0x183/0x530 [ 69.638934][ T6036] print_report+0x169/0x550 [ 69.643457][ T6036] ? __virt_addr_valid+0x183/0x530 [ 69.648552][ T6036] ? __virt_addr_valid+0x183/0x530 [ 69.653759][ T6036] ? __virt_addr_valid+0x45f/0x530 [ 69.658857][ T6036] ? __phys_addr+0xba/0x170 [ 69.663344][ T6036] ? hfs_bnode_read_key+0x314/0x450 [ 69.668525][ T6036] kasan_report+0x143/0x180 [ 69.673022][ T6036] ? hfs_bnode_read_key+0x314/0x450 [ 69.678212][ T6036] kasan_check_range+0x282/0x290 [ 69.683142][ T6036] ? hfs_bnode_read_key+0x314/0x450 [ 69.688326][ T6036] __asan_memcpy+0x40/0x70 [ 69.692731][ T6036] hfs_bnode_read_key+0x314/0x450 [ 69.697754][ T6036] hfs_brec_insert+0x7f3/0xbd0 [ 69.702548][ T6036] ? __pfx_hfs_brec_insert+0x10/0x10 [ 69.707823][ T6036] hfs_cat_create+0x41d/0xa50 [ 69.712487][ T6036] ? __pfx_hfs_cat_create+0x10/0x10 [ 69.717675][ T6036] ? _raw_spin_unlock+0x28/0x50 [ 69.722511][ T6036] ? hfs_new_inode+0x86e/0xaf0 [ 69.727271][ T6036] hfs_mkdir+0x6c/0xe0 [ 69.731332][ T6036] vfs_mkdir+0x2f9/0x4f0 [ 69.735558][ T6036] do_mkdirat+0x264/0x3a0 [ 69.739870][ T6036] ? __check_object_size+0x47a/0x730 [ 69.745146][ T6036] ? __pfx_do_mkdirat+0x10/0x10 [ 69.749988][ T6036] ? getname_flags+0x1e3/0x540 [ 69.754737][ T6036] __x64_sys_mkdirat+0x87/0xa0 [ 69.759489][ T6036] do_syscall_64+0xf3/0x230 [ 69.763981][ T6036] ? clear_bhb_loop+0x35/0x90 [ 69.768645][ T6036] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.774523][ T6036] RIP: 0033:0x7fce86d84597 [ 69.778932][ T6036] Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 02 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 69.798535][ T6036] RSP: 002b:00007fce87b39e68 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 69.806949][ T6036] RAX: ffffffffffffffda RBX: 00007fce87b39ef0 RCX: 00007fce86d84597 [ 69.814907][ T6036] RDX: 00000000000001ff RSI: 0000000020000240 RDI: 00000000ffffff9c [ 69.822865][ T6036] RBP: 0000000020000200 R08: 00000000200000c0 R09: 0000000000000000 [ 69.830823][ T6036] R10: 0000000020000200 R11: 0000000000000246 R12: 0000000020000240 [ 69.838781][ T6036] R13: 00007fce87b39eb0 R14: 0000000000000000 R15: 0000000000000000 [ 69.846740][ T6036] </TASK> [ 69.849741][ T6036] [ 69.852050][ T6036] Allocated by task 6036: [ 69.856355][ T6036] kasan_save_track+0x3f/0x80 [ 69.861027][ T6036] __kasan_kmalloc+0x98/0xb0 [ 69.865623][ T6036] __kmalloc_noprof+0x285/0x4c0 [ 69.870453][ T6036] hfs_find_init+0x90/0x1f0 [ 69.874935][ T6036] hfs_cat_create+0x182/0xa50 [ 69.879596][ T6036] hfs_mkdir+0x6c/0xe0 [ 69.883649][ T6036] vfs_mkdir+0x2f9/0x4f0 [ 69.887874][ T6036] do_mkdirat+0x264/0x3a0 [ 69.892185][ T6036] __x64_sys_mkdirat+0x87/0xa0 [ 69.896950][ T6036] do_syscall_64+0xf3/0x230 [ 69.901438][ T6036] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.907327][ T6036] [ 69.909644][ T6036] The buggy address belongs to the object at ffff888029bdc300 [ 69.909644][ T6036] which belongs to the cache kmalloc-96 of size 96 [ 69.923506][ T6036] The buggy address is located 0 bytes inside of [ 69.923506][ T6036] allocated 78-byte region [ffff888029bdc300, ffff888029bdc34e) [ 69.937376][ T6036] [ 69.939697][ T6036] The buggy address belongs to the physical page: [ 69.946122][ T6036] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x29bdc [ 69.954870][ T6036] ksm flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 69.962310][ T6036] page_type: f5(slab) [ 69.966273][ T6036] raw: 00fff00000000000 ffff88801ac41280 ffffea0000995c80 dead000000000003 [ 69.974858][ T6036] raw: 0000000000000000 0000000080200020 00000001f5000000 0000000000000000 [ 69.983428][ T6036] page dumped because: kasan: bad access detected [ 69.989839][ T6036] page_owner tracks the page as allocated [ 69.995562][ T6036] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid 1 (swapper/0), ts 9178990057, free_ts 9087590544 [ 70.013870][ T6036] post_alloc_hook+0x1f3/0x230 [ 70.018630][ T6036] get_page_from_freelist+0x3651/0x37a0 [ 70.024164][ T6036] __alloc_pages_noprof+0x292/0x710 [ 70.029347][ T6036] alloc_pages_mpol_noprof+0x3e1/0x780 [ 70.034792][ T6036] alloc_slab_page+0x6a/0x110 [ 70.039456][ T6036] allocate_slab+0x5a/0x2b0 [ 70.043947][ T6036] ___slab_alloc+0xc27/0x14a0 [ 70.048605][ T6036] __slab_alloc+0x58/0xa0 [ 70.052916][ T6036] __kmalloc_cache_noprof+0x27b/0x390 [ 70.058297][ T6036] usb_hub_create_port_device+0xc8/0xc10 [ 70.063911][ T6036] hub_probe+0x2503/0x3640 [ 70.068312][ T6036] usb_probe_interface+0x641/0xbb0 [ 70.073406][ T6036] really_probe+0x2b8/0xad0 [ 70.077892][ T6036] __driver_probe_device+0x1a2/0x390 [ 70.083160][ T6036] driver_probe_device+0x50/0x430 [ 70.088167][ T6036] __device_attach_driver+0x2d6/0x530 [ 70.093520][ T6036] page last free pid 8 tgid 8 stack trace: [ 70.099310][ T6036] free_unref_page+0xd2c/0x1000 [ 70.104147][ T6036] vfree+0x1c3/0x360 [ 70.108023][ T6036] delayed_vfree_work+0x56/0x80 [ 70.112861][ T6036] process_scheduled_works+0xa66/0x1840 [ 70.118393][ T6036] worker_thread+0x870/0xd30 [ 70.122965][ T6036] kthread+0x2f0/0x390 [ 70.127019][ T6036] ret_from_fork+0x4b/0x80 [ 70.131422][ T6036] ret_from_fork_asm+0x1a/0x30 [ 70.136173][ T6036] [ 70.138484][ T6036] Memory state around the buggy address: [ 70.144094][ T6036] ffff888029bdc200: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 70.152137][ T6036] ffff888029bdc280: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 70.160537][ T6036] >ffff888029bdc300: 00 00 00 00 00 00 00 00 00 06 fc fc fc fc fc fc [ 70.168577][ T6036] ^ [ 70.174967][ T6036] ffff888029bdc380: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 70.183021][ T6036] ffff888029bdc400: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 70.191064][ T6036] ================================================================== [ 70.203077][ T6036] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 70.210309][ T6036] CPU: 1 UID: 0 PID: 6036 Comm: syz.0.40 Not tainted 6.13.0-syzkaller #0 [ 70.218721][ T6036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 70.228773][ T6036] Call Trace: [ 70.232046][ T6036] <TASK> [ 70.234972][ T6036] dump_stack_lvl+0x241/0x360 [ 70.239653][ T6036] ? __pfx_dump_stack_lvl+0x10/0x10 [ 70.244849][ T6036] ? __pfx__printk+0x10/0x10 [ 70.249431][ T6036] ? rcu_is_watching+0x15/0xb0 [ 70.254191][ T6036] ? preempt_schedule+0xe1/0xf0 [ 70.259041][ T6036] ? vscnprintf+0x5d/0x90 [ 70.263367][ T6036] panic+0x349/0x880 [ 70.267258][ T6036] ? check_panic_on_warn+0x21/0xb0 [ 70.272365][ T6036] ? __pfx_panic+0x10/0x10 [ 70.276774][ T6036] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 70.282751][ T6036] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 70.289073][ T6036] ? print_report+0x502/0x550 [ 70.293747][ T6036] check_panic_on_warn+0x86/0xb0 [ 70.298682][ T6036] ? hfs_bnode_read_key+0x314/0x450 [ 70.303873][ T6036] end_report+0x77/0x160 [ 70.308112][ T6036] kasan_report+0x154/0x180 [ 70.312611][ T6036] ? hfs_bnode_read_key+0x314/0x450 [ 70.317805][ T6036] kasan_check_range+0x282/0x290 [ 70.322740][ T6036] ? hfs_bnode_read_key+0x314/0x450 [ 70.327941][ T6036] __asan_memcpy+0x40/0x70 [ 70.332359][ T6036] hfs_bnode_read_key+0x314/0x450 [ 70.337379][ T6036] hfs_brec_insert+0x7f3/0xbd0 [ 70.342142][ T6036] ? __pfx_hfs_brec_insert+0x10/0x10 [ 70.347429][ T6036] hfs_cat_create+0x41d/0xa50 [ 70.352106][ T6036] ? __pfx_hfs_cat_create+0x10/0x10 [ 70.357302][ T6036] ? _raw_spin_unlock+0x28/0x50 [ 70.362146][ T6036] ? hfs_new_inode+0x86e/0xaf0 [ 70.366932][ T6036] hfs_mkdir+0x6c/0xe0 [ 70.371012][ T6036] vfs_mkdir+0x2f9/0x4f0 [ 70.375263][ T6036] do_mkdirat+0x264/0x3a0 [ 70.379599][ T6036] ? __check_object_size+0x47a/0x730 [ 70.384888][ T6036] ? __pfx_do_mkdirat+0x10/0x10 [ 70.389739][ T6036] ? getname_flags+0x1e3/0x540 [ 70.394494][ T6036] __x64_sys_mkdirat+0x87/0xa0 [ 70.399254][ T6036] do_syscall_64+0xf3/0x230 [ 70.403759][ T6036] ? clear_bhb_loop+0x35/0x90 [ 70.408446][ T6036] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.414364][ T6036] RIP: 0033:0x7fce86d84597 [ 70.418779][ T6036] Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 02 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 70.438384][ T6036] RSP: 002b:00007fce87b39e68 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 70.446791][ T6036] RAX: ffffffffffffffda RBX: 00007fce87b39ef0 RCX: 00007fce86d84597 [ 70.454753][ T6036] RDX: 00000000000001ff RSI: 0000000020000240 RDI: 00000000ffffff9c [ 70.462719][ T6036] RBP: 0000000020000200 R08: 00000000200000c0 R09: 0000000000000000 [ 70.470685][ T6036] R10: 0000000020000200 R11: 0000000000000246 R12: 0000000020000240 [ 70.478656][ T6036] R13: 00007fce87b39eb0 R14: 0000000000000000 R15: 0000000000000000 [ 70.486624][ T6036] </TASK> [ 70.489900][ T6036] Kernel Offset: disabled [ 70.494215][ T6036] Rebooting in 86400 seconds..