Warning: Permanently added '10.128.1.142' (ED25519) to the list of known hosts.
2023/08/29 04:16:32 ignoring optional flag "sandboxArg"="0"
2023/08/29 04:16:32 parsed 1 programs
2023/08/29 04:16:32 executed programs: 0
[   48.631896][ T1795] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k FS
[   49.381648][   T72] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   49.389386][   T72] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   49.434426][   T72] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   49.443938][   T72] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   49.453013][   T72] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   49.461486][   T72] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   49.751806][ T1801] device veth0_vlan entered promiscuous mode
[   49.758351][   T72] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   49.766801][   T72] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   49.775186][   T72] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   49.782627][   T72] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   49.935546][   T72] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   49.944979][   T72] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   50.020861][   T72] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   50.029879][   T72] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   50.038373][   T72] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   50.047055][   T72] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   50.166010][ T2028] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'.
[   50.228749][ T2031] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'.
[   50.334545][ T2031] ==================================================================
[   50.343675][ T2031] BUG: KASAN: use-after-free in xsk_diag_dump+0x1477/0x1540
[   50.351055][ T2031] Read of size 4 at addr ffff88810d7f80d8 by task syz-executor.0/2031
[   50.359676][ T2031] 
[   50.361979][ T2031] CPU: 1 PID: 2031 Comm: syz-executor.0 Not tainted 5.17.0-rc5-syzkaller #0
[   50.370715][ T2031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[   50.381211][ T2031] Call Trace:
[   50.384477][ T2031]  <TASK>
[   50.387386][ T2031]  dump_stack_lvl+0x40/0x5c
[   50.392764][ T2031]  print_address_description.constprop.0.cold+0x8d/0x328
[   50.400130][ T2031]  ? xsk_diag_dump+0x1477/0x1540
[   50.405045][ T2031]  ? xsk_diag_dump+0x1477/0x1540
[   50.410309][ T2031]  kasan_report.cold+0x83/0xdf
[   50.415044][ T2031]  ? xsk_diag_dump+0x1477/0x1540
[   50.420132][ T2031]  xsk_diag_dump+0x1477/0x1540
[   50.425887][ T2031]  ? __kmalloc_node_track_caller+0x6a/0x470
[   50.432724][ T2031]  ? xsk_diag_handler_dump+0x210/0x210
[   50.438327][ T2031]  ? fs_reclaim_acquire+0xb2/0x160
[   50.443607][ T2031]  ? kasan_unpoison+0x40/0x60
[   50.448273][ T2031]  ? memset+0x1f/0x40
[   50.452327][ T2031]  ? __build_skb_around+0x1f4/0x2a0
[   50.457594][ T2031]  netlink_dump+0x41e/0xab0
[   50.462337][ T2031]  ? __netlink_kernel_create+0x780/0x780
[   50.468205][ T2031]  __netlink_dump_start+0x56f/0x810
[   50.473488][ T2031]  xsk_diag_handler_dump+0x163/0x210
[   50.478767][ T2031]  ? kasan_save_stack+0x3f/0x50
[   50.483705][ T2031]  ? xp_put_pool+0x190/0x190
[   50.488367][ T2031]  ? xsk_diag_handler_dump+0x210/0x210
[   50.494073][ T2031]  sock_diag_rcv_msg+0x295/0x370
[   50.499175][ T2031]  netlink_rcv_skb+0x125/0x380
[   50.504282][ T2031]  ? sock_diag_bind+0x50/0x50
[   50.509125][ T2031]  ? netlink_ack+0x9a0/0x9a0
[   50.513988][ T2031]  ? netlink_deliver_tap+0xf4/0x880
[   50.519456][ T2031]  sock_diag_rcv+0x21/0x30
[   50.523858][ T2031]  netlink_unicast+0x418/0x720
[   50.528956][ T2031]  ? memset+0x1f/0x40
[   50.533324][ T2031]  ? netlink_attachskb+0x690/0x690
[   50.538514][ T2031]  ? __build_skb_around+0x1f4/0x2a0
[   50.543836][ T2031]  netlink_sendmsg+0x7ab/0xc40
[   50.550956][ T2031]  ? netlink_unicast+0x720/0x720
[   50.556013][ T2031]  ? netlink_unicast+0x720/0x720
[   50.561021][ T2031]  sock_sendmsg+0xae/0xe0
[   50.565416][ T2031]  sock_write_iter+0x213/0x370
[   50.570425][ T2031]  ? sock_sendmsg+0xe0/0xe0
[   50.574899][ T2031]  ? find_held_lock+0x2d/0x110
[   50.579634][ T2031]  ? aa_path_link+0x2e0/0x2e0
[   50.584629][ T2031]  do_iter_readv_writev+0x390/0x710
[   50.590104][ T2031]  ? new_sync_write+0x650/0x650
[   50.595122][ T2031]  ? trace_sched_wakeup+0x26/0xe0
[   50.600393][ T2031]  ? apparmor_file_permission+0x11c/0x270
[   50.606268][ T2031]  do_iter_write+0x128/0x6a0
[   50.611099][ T2031]  ? import_iovec+0x43/0x80
[   50.615748][ T2031]  vfs_writev+0x1da/0x4e0
[   50.620299][ T2031]  ? vfs_iter_write+0xb0/0xb0
[   50.626174][ T2031]  ? __fget_files+0x1c0/0x2d0
[   50.631006][ T2031]  ? lock_acquire+0x130/0x290
[   50.635958][ T2031]  ? do_writev+0x20f/0x2c0
[   50.640356][ T2031]  do_writev+0x20f/0x2c0
[   50.644830][ T2031]  ? vfs_writev+0x4e0/0x4e0
[   50.650002][ T2031]  ? vtime_user_exit+0xde/0x180
[   50.654934][ T2031]  do_syscall_64+0x34/0x80
[   50.659411][ T2031]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   50.665278][ T2031] RIP: 0033:0x557a7badcae9
[   50.669759][ T2031] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   50.689707][ T2031] RSP: 002b:00007f85d5d7d0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[   50.698625][ T2031] RAX: ffffffffffffffda RBX: 0000557a7bbfbf80 RCX: 0000557a7badcae9
[   50.706821][ T2031] RDX: 0000000000000001 RSI: 00000000200003c0 RDI: 0000000000000006
[   50.715137][ T2031] RBP: 0000557a7bb2847a R08: 0000000000000000 R09: 0000000000000000
[   50.723199][ T2031] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   50.731760][ T2031] R13: 000000000000000b R14: 0000557a7bbfbf80 R15: 00007ffcf5f61fb8
[   50.739886][ T2031]  </TASK>
[   50.742882][ T2031] 
[   50.745189][ T2031] Allocated by task 1801:
[   50.749721][ T2031]  kasan_save_stack+0x2f/0x50
[   50.754396][ T2031]  __kasan_kmalloc+0xa7/0xd0
[   50.758957][ T2031]  alloc_netdev_mqs+0x5a/0xf40
[   50.763927][ T2031]  rtnl_create_link+0x8e1/0xc10
[   50.768934][ T2031]  veth_newlink+0x1f9/0x980
[   50.773750][ T2031]  __rtnl_newlink+0xd28/0x1440
[   50.778585][ T2031]  rtnl_newlink+0x59/0x90
[   50.783072][ T2031]  rtnetlink_rcv_msg+0x394/0x900
[   50.788421][ T2031]  netlink_rcv_skb+0x125/0x380
[   50.793487][ T2031]  netlink_unicast+0x418/0x720
[   50.798492][ T2031]  netlink_sendmsg+0x7ab/0xc40
[   50.803224][ T2031]  sock_sendmsg+0xae/0xe0
[   50.807617][ T2031]  __sys_sendto+0x1c4/0x280
[   50.812241][ T2031]  __x64_sys_sendto+0xd7/0x1b0
[   50.816983][ T2031]  do_syscall_64+0x34/0x80
[   50.821402][ T2031]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   50.827535][ T2031] 
[   50.829936][ T2031] Freed by task 2031:
[   50.833980][ T2031]  kasan_save_stack+0x2f/0x50
[   50.838725][ T2031]  kasan_set_track+0x21/0x30
[   50.843623][ T2031]  kasan_set_free_info+0x20/0x30
[   50.848734][ T2031]  ____kasan_slab_free+0x11c/0x170
[   50.854004][ T2031]  slab_free_freelist_hook+0xae/0x1e0
[   50.859537][ T2031]  kfree+0xc9/0x4f0
[   50.863939][ T2031]  device_release+0x93/0x190
[   50.868522][ T2031]  kobject_put.part.0+0x167/0x3e0
[   50.874313][ T2031]  netdev_run_todo+0x6b3/0xa10
[   50.879063][ T2031]  rtnetlink_rcv_msg+0x39c/0x900
[   50.884463][ T2031]  netlink_rcv_skb+0x125/0x380
[   50.889210][ T2031]  netlink_unicast+0x418/0x720
[   50.894049][ T2031]  netlink_sendmsg+0x7ab/0xc40
[   50.898786][ T2031]  sock_sendmsg+0xae/0xe0
[   50.903082][ T2031]  ____sys_sendmsg+0x601/0x810
[   50.907994][ T2031]  ___sys_sendmsg+0xf4/0x170
[   50.912558][ T2031]  __sys_sendmsg+0xd0/0x170
[   50.917024][ T2031]  do_syscall_64+0x34/0x80
[   50.921424][ T2031]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   50.927373][ T2031] 
[   50.929853][ T2031] The buggy address belongs to the object at ffff88810d7f8000
[   50.929853][ T2031]  which belongs to the cache kmalloc-cg-4k of size 4096
[   50.944497][ T2031] The buggy address is located 216 bytes inside of
[   50.944497][ T2031]  4096-byte region [ffff88810d7f8000, ffff88810d7f9000)
[   50.958091][ T2031] The buggy address belongs to the page:
[   50.963779][ T2031] page:ffffea000435fe00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10d7f8
[   50.974503][ T2031] head:ffffea000435fe00 order:3 compound_mapcount:0 compound_pincount:0
[   50.983272][ T2031] flags: 0x200000000010200(slab|head|node=0|zone=2)
[   50.989968][ T2031] raw: 0200000000010200 0000000000000000 dead000000000001 ffff88810004c280
[   50.998617][ T2031] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000
[   51.007429][ T2031] page dumped because: kasan: bad access detected
[   51.015297][ T2031] page_owner tracks the page as allocated
[   51.021086][ T2031] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1182, ts 6610792588, free_ts 6608130319
[   51.041541][ T2031]  post_alloc_hook+0x158/0x200
[   51.046286][ T2031]  get_page_from_freelist+0x12a2/0x2fa0
[   51.051898][ T2031]  __alloc_pages+0x1b2/0x480
[   51.056753][ T2031]  allocate_slab+0x27c/0x3a0
[   51.061741][ T2031]  ___slab_alloc+0x8a5/0xe50
[   51.066395][ T2031]  __slab_alloc.constprop.0+0x45/0x80
[   51.072054][ T2031]  __kmalloc_node+0x192/0x4f0
[   51.076821][ T2031]  seq_read_iter+0x68c/0x10e0
[   51.081475][ T2031]  new_sync_read+0x3c6/0x640
[   51.086595][ T2031]  vfs_read+0x204/0x480
[   51.090734][ T2031]  ksys_read+0x101/0x1d0
[   51.094958][ T2031]  do_syscall_64+0x34/0x80
[   51.099385][ T2031]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   51.105357][ T2031] page last free stack trace:
[   51.110013][ T2031]  free_pcp_prepare+0x33c/0x710
[   51.115034][ T2031]  free_unref_page+0x19/0x520
[   51.119769][ T2031]  __unfreeze_partials+0x2ff/0x320
[   51.124856][ T2031]  qlist_free_all+0x6d/0x160
[   51.129557][ T2031]  kasan_quarantine_reduce+0x176/0x1a0
[   51.135524][ T2031]  __kasan_slab_alloc+0xa2/0xc0
[   51.140569][ T2031]  kmem_cache_alloc_trace+0x249/0x3b0
[   51.150199][ T2031]  kernfs_fop_open+0x2a1/0xc30
[   51.155357][ T2031]  do_dentry_open+0x5e1/0xeb0
[   51.160102][ T2031]  path_openat+0x19f0/0x2840
[   51.164763][ T2031]  do_filp_open+0x1b1/0x400
[   51.169655][ T2031]  do_sys_openat2+0x137/0x410
[   51.174448][ T2031]  __x64_sys_openat+0x130/0x1d0
[   51.179582][ T2031]  do_syscall_64+0x34/0x80
[   51.184163][ T2031]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   51.190557][ T2031] 
[   51.192854][ T2031] Memory state around the buggy address:
[   51.198731][ T2031]  ffff88810d7f7f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   51.208086][ T2031]  ffff88810d7f8000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   51.216473][ T2031] >ffff88810d7f8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   51.224681][ T2031]                                                     ^
[   51.232080][ T2031]  ffff88810d7f8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   51.241128][ T2031]  ffff88810d7f8180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   51.249862][ T2031] ==================================================================
[   51.258266][ T2031] Disabling lock debugging due to kernel taint
[   51.264690][ T2031] Kernel panic - not syncing: panic_on_warn set ...
[   51.271620][ T2031] Kernel Offset: disabled
[   51.275925][ T2031] Rebooting in 86400 seconds..