Warning: Permanently added '10.128.1.189' (ED25519) to the list of known hosts.
2023/10/20 18:21:28 ignoring optional flag "sandboxArg"="0"
2023/10/20 18:21:28 parsed 1 programs
2023/10/20 18:21:28 executed programs: 0
[ 90.987745][ T3430] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 93.687029][ T3435] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 93.704265][ T3435] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 93.717470][ T3435] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 93.732194][ T3435] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 103.100269][ T3435] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 103.109304][ T3435] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 103.122431][ T3435] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 103.131639][ T3435] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 103.898603][ T37] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 103.920170][ T37] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 103.962186][ T37] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 103.971028][ T37] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2023/10/20 18:21:42 executed programs: 1
2023/10/20 18:21:47 executed programs: 21
[ 114.643943][ C0] ==================================================================
[ 114.652151][ C0] BUG: KASAN: slab-use-after-free in reweight_entity+0x8e3/0xa60
[ 114.659931][ C0] Read of size 8 at addr ffff888012a91e30 by task syz-executor.0/4251
[ 114.668176][ C0]
[ 114.670549][ C0] CPU: 0 PID: 4251 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller #0
[ 114.679219][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 114.689571][ C0] Call Trace:
[ 114.692977][ C0]
[ 114.695827][ C0] dump_stack_lvl+0xd9/0x1b0
[ 114.700519][ C0] print_report+0xc4/0x620
[ 114.704937][ C0] ? __virt_addr_valid+0x5e/0x580
[ 114.709959][ C0] ? __phys_addr+0xc6/0x140
[ 114.714560][ C0] kasan_report+0xda/0x110
[ 114.719156][ C0] ? reweight_entity+0x8e3/0xa60
[ 114.724271][ C0] ? reweight_entity+0x8e3/0xa60
[ 114.729215][ C0] reweight_entity+0x8e3/0xa60
[ 114.734155][ C0] task_tick_fair+0xee/0xcd0
[ 114.738925][ C0] ? __sched_group_set_shares+0x4c0/0x4c0
[ 114.744659][ C0] scheduler_tick+0x210/0x650
[ 114.749345][ C0] ? tick_sched_do_timer+0x2e0/0x2e0
[ 114.754805][ C0] update_process_times+0x19f/0x220
[ 114.760012][ C0] ? timer_clear_idle+0xa0/0xa0
[ 114.764954][ C0] ? tick_sched_do_timer+0x2e0/0x2e0
[ 114.770276][ C0] ? read_tsc+0x9/0x20
[ 114.774515][ C0] tick_sched_handle+0x8e/0x170
[ 114.779628][ C0] tick_sched_timer+0xe9/0x110
[ 114.784565][ C0] __hrtimer_run_queues+0x647/0xc10
[ 114.789776][ C0] ? enqueue_hrtimer+0x310/0x310
[ 114.794894][ C0] ? ktime_get_update_offsets_now+0x3bc/0x610
[ 114.801048][ C0] hrtimer_interrupt+0x31b/0x800
[ 114.806020][ C0] __sysvec_apic_timer_interrupt+0x105/0x3f0
[ 114.812004][ C0] sysvec_apic_timer_interrupt+0x89/0xb0
[ 114.817753][ C0]
[ 114.820677][ C0]
[ 114.823600][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 114.829587][ C0] RIP: 0010:write_comp_data+0x21/0x90
[ 114.835131][ C0] Code: 2e 0f 1f 84 00 00 00 00 00 65 8b 05 71 44 96 7e 49 89 f1 89 c6 49 89 d2 81 e6 00 01 00 00 49 89 f8 65 48 8b 14 25 c0 98 03 00 00 01 ff 00 74 0e 85 f6 74 59 8b 82 cc 15 00 00 85 c0 74 4f 8b
[ 114.854932][ C0] RSP: 0018:ffffc90002e1f778 EFLAGS: 00000246
[ 114.860995][ C0] RAX: 0000000080000001 RBX: ffffc90002e1f908 RCX: ffffffff8182e301
[ 114.869223][ C0] RDX: ffff888016d68000 RSI: 0000000000000000 RDI: 0000000000000005
[ 114.877376][ C0] RBP: 0000000000000001 R08: 0000000000000005 R09: 0000000000000000
[ 114.885784][ C0] R10: 0000000000000001 R11: dffffc0000000000 R12: ffffea0001b11c80
[ 114.894011][ C0] R13: 000000000000091f R14: ffff8880706498c0 R15: dffffc0000000000
[ 114.902294][ C0] ? xas_next_entry+0x2c1/0x3c0
[ 114.907344][ C0] xas_next_entry+0x2c1/0x3c0
[ 114.912128][ C0] next_uptodate_folio+0x29/0x550
[ 114.917175][ C0] filemap_map_pages+0x534/0x1330
[ 114.922305][ C0] ? filemap_get_read_batch+0x9b0/0x9b0
[ 114.927853][ C0] ? __handle_mm_fault+0xd6e/0x3f60
[ 114.933054][ C0] ? find_held_lock+0x2d/0x110
[ 114.938122][ C0] __handle_mm_fault+0x33db/0x3f60
[ 114.943275][ C0] ? vm_iomap_memory+0x170/0x170
[ 114.948317][ C0] handle_mm_fault+0x478/0xa00
[ 114.953092][ C0] __get_user_pages+0x478/0x1440
[ 114.958119][ C0] ? follow_page_mask+0xda0/0xda0
[ 114.963405][ C0] populate_vma_page_range+0x2d4/0x410
[ 114.969033][ C0] ? follow_page+0x3e0/0x3e0
[ 114.973910][ C0] ? find_vma+0x1b0/0x1b0
[ 114.978331][ C0] ? vm_mmap_pgoff+0x295/0x3b0
[ 114.983108][ C0] __mm_populate+0x1d7/0x380
[ 114.987781][ C0] ? faultin_vma_page_range+0x2d0/0x2d0
[ 114.993588][ C0] ? up_write+0x1b3/0x510
[ 114.998008][ C0] vm_mmap_pgoff+0x2c2/0x3b0
[ 115.002808][ C0] ? randomize_page+0xb0/0xb0
[ 115.007484][ C0] ? xfd_validate_state+0x5d/0x180
[ 115.012596][ C0] ? restore_fpregs_from_fpstate+0xc1/0x1d0
[ 115.018534][ C0] ksys_mmap_pgoff+0x7d/0x5b0
[ 115.023222][ C0] __x64_sys_mmap+0x125/0x190
[ 115.027990][ C0] do_syscall_64+0x38/0xb0
[ 115.032604][ C0] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 115.038602][ C0] RIP: 0033:0x7f7e6f47cae9
[ 115.043172][ C0] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 115.063220][ C0] RSP: 002b:00007f7e702680c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 115.072598][ C0] RAX: ffffffffffffffda RBX: 00007f7e6f59bf80 RCX: 00007f7e6f47cae9
[ 115.080685][ C0] RDX: b635773f07ebbeef RSI: 0000000000b36000 RDI: 0000000020000000
[ 115.088997][ C0] RBP: 00007f7e6f4c847a R08: ffffffffffffffff R09: 0000000000000000
[ 115.097186][ C0] R10: 0000000000008031 R11: 0000000000000246 R12: 0000000000000000
[ 115.105265][ C0] R13: 0000000000000006 R14: 00007f7e6f59bf80 R15: 00007ffea290cc18
[ 115.113416][ C0]
[ 115.116434][ C0]
[ 115.118794][ C0] Allocated by task 2447:
[ 115.123202][ C0] kasan_save_stack+0x33/0x50
[ 115.127881][ C0] kasan_set_track+0x25/0x30
[ 115.132642][ C0] __kasan_slab_alloc+0x81/0x90
[ 115.137498][ C0] kmem_cache_alloc_node+0x180/0x3f0
[ 115.142788][ C0] copy_process+0x41c/0x71c0
[ 115.147378][ C0] kernel_clone+0xfd/0x920
[ 115.151878][ C0] __do_sys_clone+0xba/0x100
[ 115.156463][ C0] do_syscall_64+0x38/0xb0
[ 115.160925][ C0] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 115.167203][ C0]
[ 115.169609][ C0] Freed by task 21:
[ 115.173407][ C0] kasan_save_stack+0x33/0x50
[ 115.178271][ C0] kasan_set_track+0x25/0x30
[ 115.183030][ C0] kasan_save_free_info+0x2b/0x40
[ 115.188059][ C0] ____kasan_slab_free+0x15b/0x1b0
[ 115.193255][ C0] slab_free_freelist_hook+0x114/0x1e0
[ 115.198896][ C0] kmem_cache_free+0xf0/0x480
[ 115.203841][ C0] delayed_put_task_struct+0x21b/0x2b0
[ 115.209302][ C0] rcu_core+0x7ff/0x1a70
[ 115.213551][ C0] __do_softirq+0x20b/0x94e
[ 115.218051][ C0]
[ 115.220368][ C0] Last potentially related work creation:
[ 115.226072][ C0] kasan_save_stack+0x33/0x50
[ 115.232226][ C0] __kasan_record_aux_stack+0xbc/0xd0
[ 115.237598][ C0] __call_rcu_common.constprop.0+0x9a/0x790
[ 115.243755][ C0] put_task_struct_rcu_user+0x87/0xc0
[ 115.249137][ C0] __schedule+0xee9/0x5a10
[ 115.253814][ C0] schedule_idle+0x5b/0x80
[ 115.258233][ C0] do_idle+0x288/0x3f0
[ 115.262396][ C0] cpu_startup_entry+0x50/0x60
[ 115.267240][ C0] start_secondary+0x20e/0x2a0
[ 115.272178][ C0] secondary_startup_64_no_verify+0x166/0x16b
[ 115.278458][ C0]
[ 115.280771][ C0] Second to last potentially related work creation:
[ 115.287517][ C0] kasan_save_stack+0x33/0x50
[ 115.292457][ C0] __kasan_record_aux_stack+0xbc/0xd0
[ 115.298181][ C0] task_work_add+0x88/0x2a0
[ 115.302775][ C0] scheduler_tick+0x228/0x650
[ 115.307455][ C0] update_process_times+0x19f/0x220
[ 115.312659][ C0] tick_sched_handle+0x8e/0x170
[ 115.317769][ C0] tick_sched_timer+0xe9/0x110
[ 115.322619][ C0] __hrtimer_run_queues+0x647/0xc10
[ 115.327823][ C0] hrtimer_interrupt+0x31b/0x800
[ 115.332860][ C0] __sysvec_apic_timer_interrupt+0x105/0x3f0
[ 115.339106][ C0] sysvec_apic_timer_interrupt+0x89/0xb0
[ 115.344740][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 115.350724][ C0]
[ 115.353039][ C0] The buggy address belongs to the object at ffff888012a91d80
[ 115.353039][ C0] which belongs to the cache task_struct of size 7296
[ 115.367199][ C0] The buggy address is located 176 bytes inside of
[ 115.367199][ C0] freed 7296-byte region [ffff888012a91d80, ffff888012a93a00)
[ 115.381421][ C0]
[ 115.383824][ C0] The buggy address belongs to the physical page:
[ 115.390242][ C0] page:ffffea00004aa400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12a90
[ 115.400482][ C0] head:ffffea00004aa400 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 115.409941][ C0] anon flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 115.418365][ C0] page_type: 0xffffffff()
[ 115.423037][ C0] raw: 00fff00000000840 ffff88800e670500 0000000000000000 dead000000000001
[ 115.431879][ C0] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000
[ 115.440542][ C0] page dumped because: kasan: bad access detected
[ 115.447031][ C0] page_owner tracks the page as allocated
[ 115.452734][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 12, tgid 12 (kworker/u4:1), ts 5188416830, free_ts 0
[ 115.473257][ C0] post_alloc_hook+0x2cf/0x340
[ 115.478745][ C0] get_page_from_freelist+0xee0/0x2f20
[ 115.485098][ C0] __alloc_pages+0x1d0/0x4a0
[ 115.489774][ C0] alloc_pages+0x1a9/0x270
[ 115.494293][ C0] allocate_slab+0x251/0x380
[ 115.498927][ C0] ___slab_alloc+0x8c7/0x1580
[ 115.508662][ C0] __slab_alloc.constprop.0+0x56/0xa0
[ 115.514220][ C0] kmem_cache_alloc_node+0x132/0x3f0
[ 115.519531][ C0] copy_process+0x41c/0x71c0
[ 115.524394][ C0] kernel_clone+0xfd/0x920
[ 115.528992][ C0] user_mode_thread+0xb4/0xf0
[ 115.533662][ C0] call_usermodehelper_exec_work+0xcb/0x170
[ 115.539650][ C0] process_one_work+0x884/0x15c0
[ 115.544684][ C0] worker_thread+0x8b9/0x1290
[ 115.549488][ C0] kthread+0x33c/0x440
[ 115.553664][ C0] ret_from_fork+0x45/0x80
[ 115.558135][ C0] page_owner free stack trace missing
[ 115.563488][ C0]
[ 115.565807][ C0] Memory state around the buggy address:
[ 115.571603][ C0] ffff888012a91d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 115.579747][ C0] ffff888012a91d80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 115.587890][ C0] >ffff888012a91e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 115.595943][ C0] ^
[ 115.601566][ C0] ffff888012a91e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 115.609798][ C0] ffff888012a91f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 115.618040][ C0] ==================================================================
[ 115.626211][ C0] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 115.633406][ C0] CPU: 0 PID: 4251 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller #0
[ 115.641992][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 115.652049][ C0] Call Trace:
[ 115.655336][ C0]
[ 115.658176][ C0] dump_stack_lvl+0xd9/0x1b0
[ 115.662780][ C0] panic+0x6a6/0x750
[ 115.666671][ C0] ? panic_smp_self_stop+0xa0/0xa0
[ 115.671780][ C0] ? reacquire_held_locks+0x4b0/0x4b0
[ 115.677237][ C0] ? dump_page+0x6ff/0x1340
[ 115.681746][ C0] check_panic_on_warn+0xab/0xb0
[ 115.686683][ C0] end_report+0x108/0x150
[ 115.691010][ C0] kasan_report+0xea/0x110
[ 115.695422][ C0] ? reweight_entity+0x8e3/0xa60
[ 115.700451][ C0] ? reweight_entity+0x8e3/0xa60
[ 115.705395][ C0] reweight_entity+0x8e3/0xa60
[ 115.710176][ C0] task_tick_fair+0xee/0xcd0
[ 115.715119][ C0] ? __sched_group_set_shares+0x4c0/0x4c0
[ 115.720843][ C0] scheduler_tick+0x210/0x650
[ 115.725522][ C0] ? tick_sched_do_timer+0x2e0/0x2e0
[ 115.730898][ C0] update_process_times+0x19f/0x220
[ 115.736100][ C0] ? timer_clear_idle+0xa0/0xa0
[ 115.741015][ C0] ? tick_sched_do_timer+0x2e0/0x2e0
[ 115.746301][ C0] ? read_tsc+0x9/0x20
[ 115.750379][ C0] tick_sched_handle+0x8e/0x170
[ 115.755317][ C0] tick_sched_timer+0xe9/0x110
[ 115.760091][ C0] __hrtimer_run_queues+0x647/0xc10
[ 115.765298][ C0] ? enqueue_hrtimer+0x310/0x310
[ 115.770277][ C0] ? ktime_get_update_offsets_now+0x3bc/0x610
[ 115.777129][ C0] hrtimer_interrupt+0x31b/0x800
[ 115.782071][ C0] __sysvec_apic_timer_interrupt+0x105/0x3f0
[ 115.788423][ C0] sysvec_apic_timer_interrupt+0x89/0xb0
[ 115.794421][ C0]
[ 115.797805][ C0]
[ 115.800902][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 115.806978][ C0] RIP: 0010:write_comp_data+0x21/0x90
[ 115.812521][ C0] Code: 2e 0f 1f 84 00 00 00 00 00 65 8b 05 71 44 96 7e 49 89 f1 89 c6 49 89 d2 81 e6 00 01 00 00 49 89 f8 65 48 8b 14 25 c0 98 03 00 00 01 ff 00 74 0e 85 f6 74 59 8b 82 cc 15 00 00 85 c0 74 4f 8b
[ 115.832411][ C0] RSP: 0018:ffffc90002e1f778 EFLAGS: 00000246
[ 115.838568][ C0] RAX: 0000000080000001 RBX: ffffc90002e1f908 RCX: ffffffff8182e301
[ 115.846795][ C0] RDX: ffff888016d68000 RSI: 0000000000000000 RDI: 0000000000000005
[ 115.854848][ C0] RBP: 0000000000000001 R08: 0000000000000005 R09: 0000000000000000
[ 115.862812][ C0] R10: 0000000000000001 R11: dffffc0000000000 R12: ffffea0001b11c80
[ 115.871330][ C0] R13: 000000000000091f R14: ffff8880706498c0 R15: dffffc0000000000
[ 115.879923][ C0] ? xas_next_entry+0x2c1/0x3c0
[ 115.884807][ C0] xas_next_entry+0x2c1/0x3c0
[ 115.889668][ C0] next_uptodate_folio+0x29/0x550
[ 115.894807][ C0] filemap_map_pages+0x534/0x1330
[ 115.899951][ C0] ? filemap_get_read_batch+0x9b0/0x9b0
[ 115.905519][ C0] ? __handle_mm_fault+0xd6e/0x3f60
[ 115.910866][ C0] ? find_held_lock+0x2d/0x110
[ 115.915830][ C0] __handle_mm_fault+0x33db/0x3f60
[ 115.920962][ C0] ? vm_iomap_memory+0x170/0x170
[ 115.926285][ C0] handle_mm_fault+0x478/0xa00
[ 115.931340][ C0] __get_user_pages+0x478/0x1440
[ 115.936373][ C0] ? follow_page_mask+0xda0/0xda0
[ 115.941483][ C0] populate_vma_page_range+0x2d4/0x410
[ 115.946947][ C0] ? follow_page+0x3e0/0x3e0
[ 115.951533][ C0] ? find_vma+0x1b0/0x1b0
[ 115.956043][ C0] ? vm_mmap_pgoff+0x295/0x3b0
[ 115.961246][ C0] __mm_populate+0x1d7/0x380
[ 115.965922][ C0] ? faultin_vma_page_range+0x2d0/0x2d0
[ 115.971481][ C0] ? up_write+0x1b3/0x510
[ 115.975816][ C0] vm_mmap_pgoff+0x2c2/0x3b0
[ 115.980582][ C0] ? randomize_page+0xb0/0xb0
[ 115.985432][ C0] ? xfd_validate_state+0x5d/0x180
[ 115.990713][ C0] ? restore_fpregs_from_fpstate+0xc1/0x1d0
[ 115.996713][ C0] ksys_mmap_pgoff+0x7d/0x5b0
[ 116.001481][ C0] __x64_sys_mmap+0x125/0x190
[ 116.006184][ C0] do_syscall_64+0x38/0xb0
[ 116.010602][ C0] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 116.016499][ C0] RIP: 0033:0x7f7e6f47cae9
[ 116.020926][ C0] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 116.040978][ C0] RSP: 002b:00007f7e702680c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 116.049652][ C0] RAX: ffffffffffffffda RBX: 00007f7e6f59bf80 RCX: 00007f7e6f47cae9
[ 116.057706][ C0] RDX: b635773f07ebbeef RSI: 0000000000b36000 RDI: 0000000020000000
[ 116.065697][ C0] RBP: 00007f7e6f4c847a R08: ffffffffffffffff R09: 0000000000000000
[ 116.073709][ C0] R10: 0000000000008031 R11: 0000000000000246 R12: 0000000000000000
[ 116.082153][ C0] R13: 0000000000000006 R14: 00007f7e6f59bf80 R15: 00007ffea290cc18
[ 116.090134][ C0]
[ 116.093501][ C0] Kernel Offset: disabled
[ 116.097823][ C0] Rebooting in 86400 seconds..