Warning: Permanently added '10.128.0.159' (ED25519) to the list of known hosts.
2024/07/03 08:52:30 ignoring optional flag "sandboxArg"="0"
2024/07/03 08:52:30 parsed 1 programs
2024/07/03 08:52:32 executed programs: 0
[   66.423211][ T2264] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   68.803221][ T2281] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   68.830308][ T2281] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   68.840038][ T2272] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   68.849367][ T2281] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   68.863723][ T2281] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   68.874658][ T2272] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   68.901382][ T2272] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   68.920493][ T2272] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   68.957015][ T2275] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   68.970034][ T2275] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   69.009289][ T2275] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   69.033073][ T2275] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   69.044664][ T2280] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   69.062607][ T2280] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   69.087224][ T2280] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   69.104191][ T2280] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   69.150142][ T2282] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   69.179247][ T2282] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   69.220215][ T2282] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   69.232264][ T2282] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   69.581160][ T1276] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   69.589138][ T1276] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   69.622564][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   69.630557][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   69.710449][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   69.718391][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   69.743158][ T1276] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   69.751342][ T1276] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   69.771897][ T1253] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   69.779909][ T1253] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   69.787449][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   69.795775][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   69.815499][ T1253] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   69.823970][ T1253] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   69.849649][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   69.857591][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   69.869863][ T1343] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   69.877793][ T1343] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   69.986155][ T1343] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   69.994310][ T1343] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   70.159552][ T2533] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'.
[   70.249172][ T2533] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'.
[   70.269745][ T2539] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'.
[   70.281405][ T2533] Zero length message leads to an empty skb
[   70.352293][ T2539] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'.
[   70.362721][ T2542] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   70.390846][ T2542] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   70.402551][ T2541] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'.
[   70.432840][ T2547] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'.
[   70.447186][ T2549] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'.
[   70.467711][ T2551] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'.
2024/07/03 08:52:37 executed programs: 86
[   72.504995][    C1] ==================================================================
[   72.513192][    C1] BUG: KASAN: slab-use-after-free in advance_sched+0xbea/0xc80
[   72.520769][    C1] Read of size 8 at addr ffff88811bb04510 by task syz-executor.0/2894
[   72.529843][    C1] 
[   72.532400][    C1] CPU: 1 PID: 2894 Comm: syz-executor.0 Not tainted 6.10.0-rc6-syzkaller #0
[   72.541371][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   72.551545][    C1] Call Trace:
[   72.554835][    C1]  <IRQ>
[   72.557822][    C1]  dump_stack_lvl+0x231/0x330
[   72.562602][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[   72.567794][    C1]  ? __pfx__printk+0x10/0x10
[   72.572646][    C1]  ? _printk+0xd5/0x120
[   72.576787][    C1]  ? __virt_addr_valid+0x169/0x370
[   72.582049][    C1]  print_report+0x169/0x550
[   72.586550][    C1]  ? __virt_addr_valid+0x169/0x370
[   72.592278][    C1]  ? __virt_addr_valid+0x2b4/0x370
[   72.597562][    C1]  ? __phys_addr+0x90/0x130
[   72.602135][    C1]  ? advance_sched+0xbea/0xc80
[   72.606925][    C1]  kasan_report+0x143/0x180
[   72.611500][    C1]  ? advance_sched+0xbea/0xc80
[   72.616353][    C1]  advance_sched+0xbea/0xc80
[   72.621095][    C1]  ? _raw_spin_unlock_irqrestore+0xcf/0x130
[   72.626983][    C1]  ? __pfx_advance_sched+0x10/0x10
[   72.632079][    C1]  ? __pfx_advance_sched+0x10/0x10
[   72.637338][    C1]  __hrtimer_run_queues+0x45b/0x9d0
[   72.642608][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[   72.648492][    C1]  ? lapic_next_event+0x11/0x20
[   72.653323][    C1]  hrtimer_interrupt+0x393/0xe80
[   72.658237][    C1]  ? tasklet_action_common+0x370/0x600
[   72.663695][    C1]  __sysvec_apic_timer_interrupt+0xed/0x320
[   72.669611][    C1]  sysvec_apic_timer_interrupt+0x8d/0xb0
[   72.675265][    C1]  </IRQ>
[   72.678370][    C1]  <TASK>
[   72.681298][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   72.687284][    C1] RIP: 0010:unwind_next_frame+0x1d8e/0x2a00
[   72.693198][    C1] Code: 00 00 44 8b 75 00 44 89 f7 8b 9c 24 8c 00 00 00 89 de e8 25 bb 39 00 41 39 de 0f 85 c4 00 00 00 48 8b 44 24 58 42 80 3c 28 00 <74> 0a 48 8b 7c 24 50 e8 16 8a 7a 00 4c 8b 65 38 48 8d 7d 08 48 89
[   72.712875][    C1] RSP: 0018:ffffc90002137788 EFLAGS: 00000246
[   72.718932][    C1] RAX: 1ffff92000426f13 RBX: 0000000000000001 RCX: ffff88811fdf1c40
[   72.727055][    C1] RDX: ffff88811fdf1c40 RSI: 0000000000000001 RDI: 0000000000000001
[   72.735003][    C1] RBP: ffffc90002137860 R08: ffffffff81359eab R09: ffffffff81359a9f
[   72.742951][    C1] R10: 0000000000000003 R11: ffff88811fdf1c40 R12: ffffc90002137f50
[   72.750915][    C1] R13: dffffc0000000000 R14: 0000000000000001 R15: 1ffff92000426f0c
[   72.759245][    C1]  ? unwind_next_frame+0x196f/0x2a00
[   72.764610][    C1]  ? unwind_next_frame+0x1d7b/0x2a00
[   72.769874][    C1]  ? unwind_next_frame+0x1d7b/0x2a00
[   72.775240][    C1]  ? do_syscall_64+0x8d/0x1a0
[   72.779911][    C1]  ? do_syscall_64+0x8d/0x1a0
[   72.784663][    C1]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[   72.790919][    C1]  arch_stack_walk+0x151/0x1b0
[   72.795835][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.802160][    C1]  stack_trace_save+0x118/0x1d0
[   72.806989][    C1]  ? __pfx_stack_trace_save+0x10/0x10
[   72.812336][    C1]  kasan_save_track+0x3f/0x80
[   72.817014][    C1]  ? kasan_save_track+0x3f/0x80
[   72.821970][    C1]  ? __kasan_kmalloc+0x98/0xb0
[   72.827072][    C1]  ? kmalloc_node_track_caller_noprof+0x1fb/0x460
[   72.834002][    C1]  ? kmemdup_noprof+0x2a/0x60
[   72.838842][    C1]  ? shmem_symlink+0x22c/0x6a0
[   72.843586][    C1]  ? vfs_symlink+0x137/0x2e0
[   72.848150][    C1]  ? do_symlinkat+0x222/0x3a0
[   72.852808][    C1]  ? __x64_sys_symlinkat+0x99/0xb0
[   72.857912][    C1]  ? do_syscall_64+0x8d/0x1a0
[   72.862572][    C1]  __kasan_kmalloc+0x98/0xb0
[   72.867157][    C1]  kmalloc_node_track_caller_noprof+0x1fb/0x460
[   72.873479][    C1]  ? shmem_symlink+0x22c/0x6a0
[   72.878334][    C1]  kmemdup_noprof+0x2a/0x60
[   72.882931][    C1]  shmem_symlink+0x22c/0x6a0
[   72.887848][    C1]  ? __pfx_shmem_symlink+0x10/0x10
[   72.893153][    C1]  ? inode_permission+0xff/0x460
[   72.898163][    C1]  ? security_inode_symlink+0xb9/0x100
[   72.903690][    C1]  vfs_symlink+0x137/0x2e0
[   72.908172][    C1]  do_symlinkat+0x222/0x3a0
[   72.913084][    C1]  ? __phys_addr_symbol+0x2f/0x70
[   72.918081][    C1]  ? __check_object_size+0x47c/0x8c0
[   72.923346][    C1]  ? __pfx_do_symlinkat+0x10/0x10
[   72.928356][    C1]  ? getname_flags+0x1fe/0x4f0
[   72.933112][    C1]  __x64_sys_symlinkat+0x99/0xb0
[   72.938202][    C1]  do_syscall_64+0x8d/0x1a0
[   72.942700][    C1]  ? clear_bhb_loop+0x35/0x90
[   72.947383][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.953440][    C1] RIP: 0033:0x7f179146d527
[   72.957847][    C1] Code: 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 0a 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   72.977814][    C1] RSP: 002b:00007f17916bfd58 EFLAGS: 00000202 ORIG_RAX: 000000000000010a
[   72.986241][    C1] RAX: ffffffffffffffda RBX: 00007f17916bfe20 RCX: 00007f179146d527
[   72.994527][    C1] RDX: 00007f17914ba526 RSI: 00000000ffffff9c RDI: 00007f17916bfe20
[   73.002510][    C1] RBP: 0000000000000001 R08: 0000000000000017 R09: 00007f17916bfaa7
[   73.010555][    C1] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[   73.018678][    C1] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000
[   73.027072][    C1]  </TASK>
[   73.030067][    C1] 
[   73.032402][    C1] Allocated by task 2867:
[   73.036788][    C1]  kasan_save_track+0x3f/0x80
[   73.041618][    C1]  __kasan_kmalloc+0x98/0xb0
[   73.046186][    C1]  kmalloc_trace_noprof+0x19e/0x360
[   73.051361][    C1]  taprio_change+0xf31/0x3df0
[   73.056036][    C1]  tc_modify_qdisc+0x16b2/0x1a40
[   73.060966][    C1]  rtnetlink_rcv_msg+0xaa4/0xf70
[   73.065908][    C1]  netlink_rcv_skb+0x1e3/0x430
[   73.071080][    C1]  netlink_unicast+0x7ba/0x950
[   73.075825][    C1]  netlink_sendmsg+0x88c/0xc40
[   73.080751][    C1]  __sock_sendmsg+0x221/0x270
[   73.085489][    C1]  ____sys_sendmsg+0x525/0x7d0
[   73.090229][    C1]  ___sys_sendmsg+0x27a/0x310
[   73.094974][    C1]  __sys_sendmmsg+0x2a9/0x500
[   73.099717][    C1]  __x64_sys_sendmmsg+0xa0/0xb0
[   73.104718][    C1]  do_syscall_64+0x8d/0x1a0
[   73.109198][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.115242][    C1] 
[   73.117898][    C1] Freed by task 23:
[   73.121681][    C1]  kasan_save_track+0x3f/0x80
[   73.126335][    C1]  kasan_save_free_info+0x40/0x50
[   73.131578][    C1]  poison_slab_object+0xe0/0x150
[   73.136681][    C1]  __kasan_slab_free+0x37/0x60
[   73.141433][    C1]  kfree+0x12f/0x310
[   73.145305][    C1]  rcu_core+0xc3c/0x1470
[   73.149551][    C1]  handle_softirqs+0x1b7/0x570
[   73.154387][    C1]  run_ksoftirqd+0x28/0x40
[   73.158784][    C1]  smpboot_thread_fn+0x460/0x8e0
[   73.163696][    C1]  kthread+0x290/0x300
[   73.167749][    C1]  ret_from_fork+0x4b/0x80
[   73.172160][    C1]  ret_from_fork_asm+0x1a/0x30
[   73.177090][    C1] 
[   73.179409][    C1] Last potentially related work creation:
[   73.185532][    C1]  kasan_save_stack+0x3f/0x60
[   73.190295][    C1]  __kasan_record_aux_stack+0xac/0xc0
[   73.195664][    C1]  call_rcu+0x159/0x8e0
[   73.199812][    C1]  taprio_change+0x229f/0x3df0
[   73.204750][    C1]  tc_modify_qdisc+0x16b2/0x1a40
[   73.209669][    C1]  rtnetlink_rcv_msg+0xaa4/0xf70
[   73.214705][    C1]  netlink_rcv_skb+0x1e3/0x430
[   73.219871][    C1]  netlink_unicast+0x7ba/0x950
[   73.224834][    C1]  netlink_sendmsg+0x88c/0xc40
[   73.229598][    C1]  __sock_sendmsg+0x221/0x270
[   73.234254][    C1]  ____sys_sendmsg+0x525/0x7d0
[   73.239013][    C1]  ___sys_sendmsg+0x27a/0x310
[   73.243685][    C1]  __sys_sendmmsg+0x2a9/0x500
[   73.248369][    C1]  __x64_sys_sendmmsg+0xa0/0xb0
[   73.253300][    C1]  do_syscall_64+0x8d/0x1a0
[   73.257892][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.263983][    C1] 
[   73.266284][    C1] The buggy address belongs to the object at ffff88811bb04400
[   73.266284][    C1]  which belongs to the cache kmalloc-512 of size 512
[   73.280503][    C1] The buggy address is located 272 bytes inside of
[   73.280503][    C1]  freed 512-byte region [ffff88811bb04400, ffff88811bb04600)
[   73.294497][    C1] 
[   73.296908][    C1] The buggy address belongs to the physical page:
[   73.303923][    C1] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11bb04
[   73.312867][    C1] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   73.321452][    C1] flags: 0x200000000000040(head|node=0|zone=2)
[   73.327765][    C1] page_type: 0xffffefff(slab)
[   73.332420][    C1] raw: 0200000000000040 ffff888100041c80 ffffea000466f600 dead000000000002
[   73.340981][    C1] raw: 0000000000000000 0000000000100010 00000001ffffefff 0000000000000000
[   73.349905][    C1] head: 0200000000000040 ffff888100041c80 ffffea000466f600 dead000000000002
[   73.358563][    C1] head: 0000000000000000 0000000000100010 00000001ffffefff 0000000000000000
[   73.367411][    C1] head: 0200000000000002 ffffea00046ec101 ffffffffffffffff 0000000000000000
[   73.376248][    C1] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   73.385178][    C1] page dumped because: kasan: bad access detected
[   73.391758][    C1] page_owner tracks the page as allocated
[   73.397535][    C1] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1698, tgid 1698 (udevd), ts 9853240588, free_ts 0
[   73.417485][    C1]  post_alloc_hook+0x10f/0x130
[   73.422231][    C1]  get_page_from_freelist+0x37f4/0x3920
[   73.427962][    C1]  __alloc_pages_noprof+0x256/0x670
[   73.433180][    C1]  alloc_slab_page+0x5f/0x120
[   73.437900][    C1]  allocate_slab+0x5d/0x290
[   73.442557][    C1]  ___slab_alloc+0xa7f/0x11d0
[   73.447296][    C1]  kmalloc_trace_noprof+0x1fc/0x360
[   73.452490][    C1]  kernfs_fop_open+0x3b3/0xc30
[   73.457231][    C1]  do_dentry_open+0x978/0x1360
[   73.461975][    C1]  vfs_open+0x3e/0x330
[   73.466025][    C1]  path_openat+0x2b8d/0x3580
[   73.470684][    C1]  do_filp_open+0x235/0x490
[   73.475175][    C1]  do_sys_openat2+0x13e/0x1d0
[   73.479864][    C1]  __x64_sys_openat+0x247/0x2a0
[   73.484714][    C1]  do_syscall_64+0x8d/0x1a0
[   73.489219][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.495201][    C1] page_owner free stack trace missing
[   73.500543][    C1] 
[   73.502842][    C1] Memory state around the buggy address:
[   73.508453][    C1]  ffff88811bb04400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   73.516597][    C1]  ffff88811bb04480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   73.524737][    C1] >ffff88811bb04500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   73.532970][    C1]                          ^
[   73.537534][    C1]  ffff88811bb04580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   73.545799][    C1]  ffff88811bb04600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   73.553870][    C1] ==================================================================
[   73.561913][    C1] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   74.671318][    C1] Shutting down cpus with NMI
[   74.676295][    C1] Kernel Offset: disabled
[   74.680700][    C1] Rebooting in 86400 seconds..