Warning: Permanently added '10.128.1.108' (ED25519) to the list of known hosts.
2024/01/16 04:45:19 ignoring optional flag "sandboxArg"="0"
2024/01/16 04:45:19 parsed 1 programs
2024/01/16 04:45:20 executed programs: 0
[ 96.295864][ T5402] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 96.354657][ T4455] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 96.362496][ T4455] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 96.370734][ T4455] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 96.380145][ T4455] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 96.389121][ T4455] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 96.396969][ T4455] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 96.536632][ T5409] chnl_net:caif_netlink_parms(): no params data found
[ 96.605621][ T5409] bridge0: port 1(bridge_slave_0) entered blocking state
[ 96.614806][ T5409] bridge0: port 1(bridge_slave_0) entered disabled state
[ 96.622315][ T5409] bridge_slave_0: entered allmulticast mode
[ 96.630526][ T5409] bridge_slave_0: entered promiscuous mode
[ 96.639202][ T5409] bridge0: port 2(bridge_slave_1) entered blocking state
[ 96.646997][ T5409] bridge0: port 2(bridge_slave_1) entered disabled state
[ 96.654593][ T5409] bridge_slave_1: entered allmulticast mode
[ 96.662333][ T5409] bridge_slave_1: entered promiscuous mode
[ 96.691965][ T5409] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 96.704148][ T5409] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 96.736952][ T5409] team0: Port device team_slave_0 added
[ 96.745143][ T5409] team0: Port device team_slave_1 added
[ 96.773452][ T5409] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 96.780607][ T5409] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 96.808917][ T5409] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 96.821604][ T5409] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 96.829449][ T5409] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 96.856088][ T5409] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 96.899711][ T5409] hsr_slave_0: entered promiscuous mode
[ 96.906169][ T5409] hsr_slave_1: entered promiscuous mode
[ 97.650887][ T5409] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 97.666575][ T5409] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 97.678712][ T5409] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 97.692950][ T5409] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 97.818188][ T5409] 8021q: adding VLAN 0 to HW filter on device bond0
[ 97.845316][ T5409] 8021q: adding VLAN 0 to HW filter on device team0
[ 97.861337][ T5070] bridge0: port 1(bridge_slave_0) entered blocking state
[ 97.868549][ T5070] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 97.893892][ T5070] bridge0: port 2(bridge_slave_1) entered blocking state
[ 97.901432][ T5070] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 98.132586][ T5409] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 98.196029][ T5409] veth0_vlan: entered promiscuous mode
[ 98.213289][ T5409] veth1_vlan: entered promiscuous mode
[ 98.254035][ T5409] veth0_macvtap: entered promiscuous mode
[ 98.266251][ T5409] veth1_macvtap: entered promiscuous mode
[ 98.295080][ T5409] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 98.314194][ T5409] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 98.329220][ T5409] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 98.338481][ T5409] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 98.349490][ T5409] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 98.359715][ T5409] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 98.420736][ T4455] Bluetooth: hci0: command 0x0409 tx timeout
[ 98.446339][ T1087] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 98.464264][ T1087] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 98.498489][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 98.508989][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 98.569253][ T5477] process 'syz-executor.0' launched '/dev/fd/4' with NULL argv: empty string added
[ 98.580546][ T5476] process 'memfd:ndR�i5�ም[@8� 9I��=\'LҎ)JtTDqρ1 �>\�LϑM�^T*' started with executable stack
[ 100.092759][ T5646] ==================================================================
[ 100.101129][ T5646] BUG: KASAN: slab-use-after-free in kill_orphaned_pgrp+0x2e1/0x340
[ 100.109376][ T5646] Read of size 8 at addr ffff88802cf9a6b0 by task vhost-5644/5646
[ 100.117170][ T5646]
[ 100.119491][ T5646] CPU: 1 PID: 5646 Comm: vhost-5644 Not tainted 6.7.0-syzkaller-09928-g052d534373b7 #0
[ 100.129375][ T5646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 100.139508][ T5646] Call Trace:
[ 100.142894][ T5646]
[ 100.145907][ T5646] dump_stack_lvl+0xd9/0x1b0
[ 100.150520][ T5646] print_report+0xc4/0x620
[ 100.154936][ T5646] ? __virt_addr_valid+0x5e/0x580
[ 100.160220][ T5646] ? __phys_addr+0xc6/0x140
[ 100.164811][ T5646] kasan_report+0xda/0x110
[ 100.169315][ T5646] ? kill_orphaned_pgrp+0x2e1/0x340
[ 100.174631][ T5646] ? kill_orphaned_pgrp+0x2e1/0x340
[ 100.179851][ T5646] kill_orphaned_pgrp+0x2e1/0x340
[ 100.184875][ T5646] do_exit+0x1d13/0x2ad0
[ 100.189124][ T5646] ? mm_update_next_owner+0x840/0x840
[ 100.194490][ T5646] ? vhost_task_fn+0x284/0x370
[ 100.199349][ T5646] ? rcu_is_watching+0x12/0xb0
[ 100.204301][ T5646] ? vhost_task_fn+0x284/0x370
[ 100.209324][ T5646] vhost_task_fn+0x2e4/0x370
[ 100.214021][ T5646] ? vhost_task_create+0x260/0x260
[ 100.219301][ T5646] ? lock_release+0x4bf/0x690
[ 100.224162][ T5646] ? finish_task_switch.isra.0+0x219/0xca0
[ 100.230058][ T5646] ? vhost_task_create+0x260/0x260
[ 100.235168][ T5646] ? rcu_is_watching+0x12/0xb0
[ 100.240171][ T5646] ? vhost_task_create+0x260/0x260
[ 100.245394][ T5646] ret_from_fork+0x45/0x80
[ 100.249825][ T5646] ? vhost_task_create+0x260/0x260
[ 100.255109][ T5646] ret_from_fork_asm+0x11/0x20
[ 100.260033][ T5646]
[ 100.263332][ T5646]
[ 100.265818][ T5646] Allocated by task 5409:
[ 100.270152][ T5646] kasan_save_stack+0x33/0x50
[ 100.274861][ T5646] kasan_save_track+0x14/0x30
[ 100.279875][ T5646] __kasan_slab_alloc+0x81/0x90
[ 100.285021][ T5646] kmem_cache_alloc_node+0x177/0x340
[ 100.290589][ T5646] copy_process+0x44f/0x97b0
[ 100.295198][ T5646] kernel_clone+0xfd/0x930
[ 100.299649][ T5646] __do_sys_clone+0xba/0x100
[ 100.304430][ T5646] do_syscall_64+0xd3/0x250
[ 100.309535][ T5646] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 100.315623][ T5646]
[ 100.318236][ T5646] Freed by task 22:
[ 100.322320][ T5646] kasan_save_stack+0x33/0x50
[ 100.327231][ T5646] kasan_save_track+0x14/0x30
[ 100.332038][ T5646] kasan_save_free_info+0x3f/0x60
[ 100.337282][ T5646] __kasan_slab_free+0x121/0x1b0
[ 100.342444][ T5646] kmem_cache_free+0x129/0x350
[ 100.347402][ T5646] delayed_put_task_struct+0x21b/0x2c0
[ 100.353066][ T5646] rcu_core+0x819/0x1680
[ 100.357419][ T5646] __do_softirq+0x21a/0x8de
[ 100.362721][ T5646]
[ 100.365129][ T5646] Last potentially related work creation:
[ 100.370834][ T5646] kasan_save_stack+0x33/0x50
[ 100.375595][ T5646] __kasan_record_aux_stack+0xba/0x100
[ 100.381340][ T5646] __call_rcu_common.constprop.0+0x9a/0x7b0
[ 100.387498][ T5646] put_task_struct_rcu_user+0x87/0xc0
[ 100.393006][ T5646] release_task+0xe7d/0x1b10
[ 100.397791][ T5646] begin_new_exec+0x2217/0x3120
[ 100.402947][ T5646] load_elf_binary+0xa42/0x5b70
[ 100.408430][ T5646] bprm_execve+0x7f9/0x1a90
[ 100.413050][ T5646] do_execveat_common.isra.0+0x5d3/0x740
[ 100.418717][ T5646] __x64_sys_execveat+0xda/0x120
[ 100.424074][ T5646] do_syscall_64+0xd3/0x250
[ 100.428781][ T5646] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 100.434692][ T5646]
[ 100.437120][ T5646] The buggy address belongs to the object at ffff88802cf99dc0
[ 100.437120][ T5646] which belongs to the cache task_struct of size 7360
[ 100.451544][ T5646] The buggy address is located 2288 bytes inside of
[ 100.451544][ T5646] freed 7360-byte region [ffff88802cf99dc0, ffff88802cf9ba80)
[ 100.465969][ T5646]
[ 100.468286][ T5646] The buggy address belongs to the physical page:
[ 100.474698][ T5646] page:ffffea0000b3e600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2cf98
[ 100.485192][ T5646] head:ffffea0000b3e600 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 100.494200][ T5646] memcg:ffff88802c76c281
[ 100.498433][ T5646] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 100.506487][ T5646] page_type: 0xffffffff()
[ 100.511082][ T5646] raw: 00fff00000000840 ffff8880146a1500 dead000000000122 0000000000000000
[ 100.520103][ T5646] raw: 0000000000000000 0000000080040004 00000001ffffffff ffff88802c76c281
[ 100.528934][ T5646] page dumped because: kasan: bad access detected
[ 100.535608][ T5646] page_owner tracks the page as allocated
[ 100.541331][ T5646] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5640, tgid 5639 (syz-executor.0), ts 100060700910, free_ts 99971469191
[ 100.564626][ T5646] post_alloc_hook+0x2d0/0x350
[ 100.569410][ T5646] get_page_from_freelist+0xa28/0x3780
[ 100.574870][ T5646] __alloc_pages+0x22f/0x2440
[ 100.579558][ T5646] new_slab+0xcc/0x3a0
[ 100.583707][ T5646] ___slab_alloc+0x4af/0x19a0
[ 100.588464][ T5646] __slab_alloc.constprop.0+0x56/0xa0
[ 100.593920][ T5646] kmem_cache_alloc_node+0x10a/0x340
[ 100.599371][ T5646] copy_process+0x44f/0x97b0
[ 100.603958][ T5646] vhost_task_create+0x17b/0x260
[ 100.608900][ T5646] vhost_worker_create+0x12a/0x330
[ 100.614099][ T5646] vhost_dev_set_owner+0x5c6/0xa70
[ 100.619506][ T5646] vhost_net_ioctl+0x692/0x16e0
[ 100.624541][ T5646] __x64_sys_ioctl+0x18f/0x210
[ 100.629648][ T5646] do_syscall_64+0xd3/0x250
[ 100.634282][ T5646] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 100.640711][ T5646] page last free pid 5627 tgid 5627 stack trace:
[ 100.647281][ T5646] free_unref_page_prepare+0x51f/0xb10
[ 100.652852][ T5646] free_unref_page+0x33/0x3c0
[ 100.657575][ T5646] __put_partials+0x14c/0x160
[ 100.662294][ T5646] qlist_free_all+0x58/0x150
[ 100.667076][ T5646] kasan_quarantine_reduce+0x18e/0x1d0
[ 100.673332][ T5646] __kasan_slab_alloc+0x65/0x90
[ 100.678901][ T5646] kmem_cache_alloc_lru+0x142/0x6f0
[ 100.684724][ T5646] ext4_alloc_inode+0x28/0x650
[ 100.689805][ T5646] alloc_inode+0x5d/0x220
[ 100.694336][ T5646] new_inode+0x22/0x260
[ 100.699374][ T5646] __ext4_new_inode+0x333/0x5200
[ 100.704945][ T5646] ext4_symlink+0x5d7/0xa20
[ 100.710252][ T5646] vfs_symlink+0x3e4/0x620
[ 100.715132][ T5646] do_symlinkat+0x25f/0x310
[ 100.719670][ T5646] __x64_sys_symlinkat+0x97/0xc0
[ 100.724786][ T5646] do_syscall_64+0xd3/0x250
[ 100.729460][ T5646]
[ 100.732291][ T5646] Memory state around the buggy address:
[ 100.737993][ T5646] ffff88802cf9a580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 100.746128][ T5646] ffff88802cf9a600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 100.754436][ T5646] >ffff88802cf9a680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 100.762764][ T5646] ^
[ 100.768777][ T5646] ffff88802cf9a700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 100.776861][ T5646] ffff88802cf9a780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 100.785184][ T5646] ==================================================================
[ 100.793235][ T5646] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 100.800587][ T5646] CPU: 1 PID: 5646 Comm: vhost-5644 Not tainted 6.7.0-syzkaller-09928-g052d534373b7 #0
[ 100.810301][ T5646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 100.820625][ T5646] Call Trace:
[ 100.823903][ T5646]
[ 100.826840][ T5646] dump_stack_lvl+0xd9/0x1b0
[ 100.831445][ T5646] panic+0x6dc/0x790
[ 100.835338][ T5646] ? panic_smp_self_stop+0xa0/0xa0
[ 100.840534][ T5646] ? rcu_is_watching+0x12/0xb0
[ 100.845293][ T5646] ? reacquire_held_locks+0x4c0/0x4c0
[ 100.850663][ T5646] ? dump_page+0x700/0x14c0
[ 100.855163][ T5646] ? check_panic_on_warn+0x1f/0xb0
[ 100.860362][ T5646] check_panic_on_warn+0xab/0xb0
[ 100.865392][ T5646] end_report+0x108/0x150
[ 100.870149][ T5646] kasan_report+0xea/0x110
[ 100.874587][ T5646] ? kill_orphaned_pgrp+0x2e1/0x340
[ 100.879882][ T5646] ? kill_orphaned_pgrp+0x2e1/0x340
[ 100.885085][ T5646] kill_orphaned_pgrp+0x2e1/0x340
[ 100.890129][ T5646] do_exit+0x1d13/0x2ad0
[ 100.894379][ T5646] ? mm_update_next_owner+0x840/0x840
[ 100.899745][ T5646] ? vhost_task_fn+0x284/0x370
[ 100.904584][ T5646] ? rcu_is_watching+0x12/0xb0
[ 100.909349][ T5646] ? vhost_task_fn+0x284/0x370
[ 100.914369][ T5646] vhost_task_fn+0x2e4/0x370
[ 100.919077][ T5646] ? vhost_task_create+0x260/0x260
[ 100.924271][ T5646] ? lock_release+0x4bf/0x690
[ 100.929045][ T5646] ? finish_task_switch.isra.0+0x219/0xca0
[ 100.935060][ T5646] ? vhost_task_create+0x260/0x260
[ 100.940451][ T5646] ? rcu_is_watching+0x12/0xb0
[ 100.945387][ T5646] ? vhost_task_create+0x260/0x260
[ 100.950970][ T5646] ret_from_fork+0x45/0x80
[ 100.955421][ T5646] ? vhost_task_create+0x260/0x260
[ 100.961161][ T5646] ret_from_fork_asm+0x11/0x20
[ 100.966038][ T5646]
[ 100.969265][ T5646] Kernel Offset: disabled
[ 100.973753][ T5646] Rebooting in 86400 seconds..