Warning: Permanently added '10.128.0.159' (ED25519) to the list of known hosts.
2024/07/03 08:52:30 ignoring optional flag "sandboxArg"="0"
2024/07/03 08:52:30 parsed 1 programs
2024/07/03 08:52:32 executed programs: 0
[ 66.423211][ T2264] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 68.803221][ T2281] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 68.830308][ T2281] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 68.840038][ T2272] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 68.849367][ T2281] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 68.863723][ T2281] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 68.874658][ T2272] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 68.901382][ T2272] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 68.920493][ T2272] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 68.957015][ T2275] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 68.970034][ T2275] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 69.009289][ T2275] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 69.033073][ T2275] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 69.044664][ T2280] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 69.062607][ T2280] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 69.087224][ T2280] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 69.104191][ T2280] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 69.150142][ T2282] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 69.179247][ T2282] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 69.220215][ T2282] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 69.232264][ T2282] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 69.581160][ T1276] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 69.589138][ T1276] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 69.622564][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 69.630557][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 69.710449][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 69.718391][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 69.743158][ T1276] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 69.751342][ T1276] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 69.771897][ T1253] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 69.779909][ T1253] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 69.787449][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 69.795775][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 69.815499][ T1253] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 69.823970][ T1253] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 69.849649][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 69.857591][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 69.869863][ T1343] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 69.877793][ T1343] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 69.986155][ T1343] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 69.994310][ T1343] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 70.159552][ T2533] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 70.249172][ T2533] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 70.269745][ T2539] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 70.281405][ T2533] Zero length message leads to an empty skb
[ 70.352293][ T2539] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 70.362721][ T2542] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 70.390846][ T2542] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 70.402551][ T2541] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 70.432840][ T2547] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 70.447186][ T2549] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'.
[ 70.467711][ T2551] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'.
2024/07/03 08:52:37 executed programs: 86
[ 72.504995][ C1] ==================================================================
[ 72.513192][ C1] BUG: KASAN: slab-use-after-free in advance_sched+0xbea/0xc80
[ 72.520769][ C1] Read of size 8 at addr ffff88811bb04510 by task syz-executor.0/2894
[ 72.529843][ C1]
[ 72.532400][ C1] CPU: 1 PID: 2894 Comm: syz-executor.0 Not tainted 6.10.0-rc6-syzkaller #0
[ 72.541371][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 72.551545][ C1] Call Trace:
[ 72.554835][ C1]
[ 72.557822][ C1] dump_stack_lvl+0x231/0x330
[ 72.562602][ C1] ? __pfx_dump_stack_lvl+0x10/0x10
[ 72.567794][ C1] ? __pfx__printk+0x10/0x10
[ 72.572646][ C1] ? _printk+0xd5/0x120
[ 72.576787][ C1] ? __virt_addr_valid+0x169/0x370
[ 72.582049][ C1] print_report+0x169/0x550
[ 72.586550][ C1] ? __virt_addr_valid+0x169/0x370
[ 72.592278][ C1] ? __virt_addr_valid+0x2b4/0x370
[ 72.597562][ C1] ? __phys_addr+0x90/0x130
[ 72.602135][ C1] ? advance_sched+0xbea/0xc80
[ 72.606925][ C1] kasan_report+0x143/0x180
[ 72.611500][ C1] ? advance_sched+0xbea/0xc80
[ 72.616353][ C1] advance_sched+0xbea/0xc80
[ 72.621095][ C1] ? _raw_spin_unlock_irqrestore+0xcf/0x130
[ 72.626983][ C1] ? __pfx_advance_sched+0x10/0x10
[ 72.632079][ C1] ? __pfx_advance_sched+0x10/0x10
[ 72.637338][ C1] __hrtimer_run_queues+0x45b/0x9d0
[ 72.642608][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10
[ 72.648492][ C1] ? lapic_next_event+0x11/0x20
[ 72.653323][ C1] hrtimer_interrupt+0x393/0xe80
[ 72.658237][ C1] ? tasklet_action_common+0x370/0x600
[ 72.663695][ C1] __sysvec_apic_timer_interrupt+0xed/0x320
[ 72.669611][ C1] sysvec_apic_timer_interrupt+0x8d/0xb0
[ 72.675265][ C1]
[ 72.678370][ C1]
[ 72.681298][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 72.687284][ C1] RIP: 0010:unwind_next_frame+0x1d8e/0x2a00
[ 72.693198][ C1] Code: 00 00 44 8b 75 00 44 89 f7 8b 9c 24 8c 00 00 00 89 de e8 25 bb 39 00 41 39 de 0f 85 c4 00 00 00 48 8b 44 24 58 42 80 3c 28 00 <74> 0a 48 8b 7c 24 50 e8 16 8a 7a 00 4c 8b 65 38 48 8d 7d 08 48 89
[ 72.712875][ C1] RSP: 0018:ffffc90002137788 EFLAGS: 00000246
[ 72.718932][ C1] RAX: 1ffff92000426f13 RBX: 0000000000000001 RCX: ffff88811fdf1c40
[ 72.727055][ C1] RDX: ffff88811fdf1c40 RSI: 0000000000000001 RDI: 0000000000000001
[ 72.735003][ C1] RBP: ffffc90002137860 R08: ffffffff81359eab R09: ffffffff81359a9f
[ 72.742951][ C1] R10: 0000000000000003 R11: ffff88811fdf1c40 R12: ffffc90002137f50
[ 72.750915][ C1] R13: dffffc0000000000 R14: 0000000000000001 R15: 1ffff92000426f0c
[ 72.759245][ C1] ? unwind_next_frame+0x196f/0x2a00
[ 72.764610][ C1] ? unwind_next_frame+0x1d7b/0x2a00
[ 72.769874][ C1] ? unwind_next_frame+0x1d7b/0x2a00
[ 72.775240][ C1] ? do_syscall_64+0x8d/0x1a0
[ 72.779911][ C1] ? do_syscall_64+0x8d/0x1a0
[ 72.784663][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 72.790919][ C1] arch_stack_walk+0x151/0x1b0
[ 72.795835][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 72.802160][ C1] stack_trace_save+0x118/0x1d0
[ 72.806989][ C1] ? __pfx_stack_trace_save+0x10/0x10
[ 72.812336][ C1] kasan_save_track+0x3f/0x80
[ 72.817014][ C1] ? kasan_save_track+0x3f/0x80
[ 72.821970][ C1] ? __kasan_kmalloc+0x98/0xb0
[ 72.827072][ C1] ? kmalloc_node_track_caller_noprof+0x1fb/0x460
[ 72.834002][ C1] ? kmemdup_noprof+0x2a/0x60
[ 72.838842][ C1] ? shmem_symlink+0x22c/0x6a0
[ 72.843586][ C1] ? vfs_symlink+0x137/0x2e0
[ 72.848150][ C1] ? do_symlinkat+0x222/0x3a0
[ 72.852808][ C1] ? __x64_sys_symlinkat+0x99/0xb0
[ 72.857912][ C1] ? do_syscall_64+0x8d/0x1a0
[ 72.862572][ C1] __kasan_kmalloc+0x98/0xb0
[ 72.867157][ C1] kmalloc_node_track_caller_noprof+0x1fb/0x460
[ 72.873479][ C1] ? shmem_symlink+0x22c/0x6a0
[ 72.878334][ C1] kmemdup_noprof+0x2a/0x60
[ 72.882931][ C1] shmem_symlink+0x22c/0x6a0
[ 72.887848][ C1] ? __pfx_shmem_symlink+0x10/0x10
[ 72.893153][ C1] ? inode_permission+0xff/0x460
[ 72.898163][ C1] ? security_inode_symlink+0xb9/0x100
[ 72.903690][ C1] vfs_symlink+0x137/0x2e0
[ 72.908172][ C1] do_symlinkat+0x222/0x3a0
[ 72.913084][ C1] ? __phys_addr_symbol+0x2f/0x70
[ 72.918081][ C1] ? __check_object_size+0x47c/0x8c0
[ 72.923346][ C1] ? __pfx_do_symlinkat+0x10/0x10
[ 72.928356][ C1] ? getname_flags+0x1fe/0x4f0
[ 72.933112][ C1] __x64_sys_symlinkat+0x99/0xb0
[ 72.938202][ C1] do_syscall_64+0x8d/0x1a0
[ 72.942700][ C1] ? clear_bhb_loop+0x35/0x90
[ 72.947383][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 72.953440][ C1] RIP: 0033:0x7f179146d527
[ 72.957847][ C1] Code: 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 0a 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 72.977814][ C1] RSP: 002b:00007f17916bfd58 EFLAGS: 00000202 ORIG_RAX: 000000000000010a
[ 72.986241][ C1] RAX: ffffffffffffffda RBX: 00007f17916bfe20 RCX: 00007f179146d527
[ 72.994527][ C1] RDX: 00007f17914ba526 RSI: 00000000ffffff9c RDI: 00007f17916bfe20
[ 73.002510][ C1] RBP: 0000000000000001 R08: 0000000000000017 R09: 00007f17916bfaa7
[ 73.010555][ C1] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[ 73.018678][ C1] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000
[ 73.027072][ C1]
[ 73.030067][ C1]
[ 73.032402][ C1] Allocated by task 2867:
[ 73.036788][ C1] kasan_save_track+0x3f/0x80
[ 73.041618][ C1] __kasan_kmalloc+0x98/0xb0
[ 73.046186][ C1] kmalloc_trace_noprof+0x19e/0x360
[ 73.051361][ C1] taprio_change+0xf31/0x3df0
[ 73.056036][ C1] tc_modify_qdisc+0x16b2/0x1a40
[ 73.060966][ C1] rtnetlink_rcv_msg+0xaa4/0xf70
[ 73.065908][ C1] netlink_rcv_skb+0x1e3/0x430
[ 73.071080][ C1] netlink_unicast+0x7ba/0x950
[ 73.075825][ C1] netlink_sendmsg+0x88c/0xc40
[ 73.080751][ C1] __sock_sendmsg+0x221/0x270
[ 73.085489][ C1] ____sys_sendmsg+0x525/0x7d0
[ 73.090229][ C1] ___sys_sendmsg+0x27a/0x310
[ 73.094974][ C1] __sys_sendmmsg+0x2a9/0x500
[ 73.099717][ C1] __x64_sys_sendmmsg+0xa0/0xb0
[ 73.104718][ C1] do_syscall_64+0x8d/0x1a0
[ 73.109198][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 73.115242][ C1]
[ 73.117898][ C1] Freed by task 23:
[ 73.121681][ C1] kasan_save_track+0x3f/0x80
[ 73.126335][ C1] kasan_save_free_info+0x40/0x50
[ 73.131578][ C1] poison_slab_object+0xe0/0x150
[ 73.136681][ C1] __kasan_slab_free+0x37/0x60
[ 73.141433][ C1] kfree+0x12f/0x310
[ 73.145305][ C1] rcu_core+0xc3c/0x1470
[ 73.149551][ C1] handle_softirqs+0x1b7/0x570
[ 73.154387][ C1] run_ksoftirqd+0x28/0x40
[ 73.158784][ C1] smpboot_thread_fn+0x460/0x8e0
[ 73.163696][ C1] kthread+0x290/0x300
[ 73.167749][ C1] ret_from_fork+0x4b/0x80
[ 73.172160][ C1] ret_from_fork_asm+0x1a/0x30
[ 73.177090][ C1]
[ 73.179409][ C1] Last potentially related work creation:
[ 73.185532][ C1] kasan_save_stack+0x3f/0x60
[ 73.190295][ C1] __kasan_record_aux_stack+0xac/0xc0
[ 73.195664][ C1] call_rcu+0x159/0x8e0
[ 73.199812][ C1] taprio_change+0x229f/0x3df0
[ 73.204750][ C1] tc_modify_qdisc+0x16b2/0x1a40
[ 73.209669][ C1] rtnetlink_rcv_msg+0xaa4/0xf70
[ 73.214705][ C1] netlink_rcv_skb+0x1e3/0x430
[ 73.219871][ C1] netlink_unicast+0x7ba/0x950
[ 73.224834][ C1] netlink_sendmsg+0x88c/0xc40
[ 73.229598][ C1] __sock_sendmsg+0x221/0x270
[ 73.234254][ C1] ____sys_sendmsg+0x525/0x7d0
[ 73.239013][ C1] ___sys_sendmsg+0x27a/0x310
[ 73.243685][ C1] __sys_sendmmsg+0x2a9/0x500
[ 73.248369][ C1] __x64_sys_sendmmsg+0xa0/0xb0
[ 73.253300][ C1] do_syscall_64+0x8d/0x1a0
[ 73.257892][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 73.263983][ C1]
[ 73.266284][ C1] The buggy address belongs to the object at ffff88811bb04400
[ 73.266284][ C1] which belongs to the cache kmalloc-512 of size 512
[ 73.280503][ C1] The buggy address is located 272 bytes inside of
[ 73.280503][ C1] freed 512-byte region [ffff88811bb04400, ffff88811bb04600)
[ 73.294497][ C1]
[ 73.296908][ C1] The buggy address belongs to the physical page:
[ 73.303923][ C1] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11bb04
[ 73.312867][ C1] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 73.321452][ C1] flags: 0x200000000000040(head|node=0|zone=2)
[ 73.327765][ C1] page_type: 0xffffefff(slab)
[ 73.332420][ C1] raw: 0200000000000040 ffff888100041c80 ffffea000466f600 dead000000000002
[ 73.340981][ C1] raw: 0000000000000000 0000000000100010 00000001ffffefff 0000000000000000
[ 73.349905][ C1] head: 0200000000000040 ffff888100041c80 ffffea000466f600 dead000000000002
[ 73.358563][ C1] head: 0000000000000000 0000000000100010 00000001ffffefff 0000000000000000
[ 73.367411][ C1] head: 0200000000000002 ffffea00046ec101 ffffffffffffffff 0000000000000000
[ 73.376248][ C1] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[ 73.385178][ C1] page dumped because: kasan: bad access detected
[ 73.391758][ C1] page_owner tracks the page as allocated
[ 73.397535][ C1] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1698, tgid 1698 (udevd), ts 9853240588, free_ts 0
[ 73.417485][ C1] post_alloc_hook+0x10f/0x130
[ 73.422231][ C1] get_page_from_freelist+0x37f4/0x3920
[ 73.427962][ C1] __alloc_pages_noprof+0x256/0x670
[ 73.433180][ C1] alloc_slab_page+0x5f/0x120
[ 73.437900][ C1] allocate_slab+0x5d/0x290
[ 73.442557][ C1] ___slab_alloc+0xa7f/0x11d0
[ 73.447296][ C1] kmalloc_trace_noprof+0x1fc/0x360
[ 73.452490][ C1] kernfs_fop_open+0x3b3/0xc30
[ 73.457231][ C1] do_dentry_open+0x978/0x1360
[ 73.461975][ C1] vfs_open+0x3e/0x330
[ 73.466025][ C1] path_openat+0x2b8d/0x3580
[ 73.470684][ C1] do_filp_open+0x235/0x490
[ 73.475175][ C1] do_sys_openat2+0x13e/0x1d0
[ 73.479864][ C1] __x64_sys_openat+0x247/0x2a0
[ 73.484714][ C1] do_syscall_64+0x8d/0x1a0
[ 73.489219][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 73.495201][ C1] page_owner free stack trace missing
[ 73.500543][ C1]
[ 73.502842][ C1] Memory state around the buggy address:
[ 73.508453][ C1] ffff88811bb04400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 73.516597][ C1] ffff88811bb04480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 73.524737][ C1] >ffff88811bb04500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 73.532970][ C1] ^
[ 73.537534][ C1] ffff88811bb04580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 73.545799][ C1] ffff88811bb04600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 73.553870][ C1] ==================================================================
[ 73.561913][ C1] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 74.671318][ C1] Shutting down cpus with NMI
[ 74.676295][ C1] Kernel Offset: disabled
[ 74.680700][ C1] Rebooting in 86400 seconds..