Warning: Permanently added '10.128.10.38' (ED25519) to the list of known hosts. 2024/04/26 05:11:39 ignoring optional flag "sandboxArg"="0" 2024/04/26 05:11:39 parsed 1 programs 2024/04/26 05:11:39 executed programs: 0 [ 54.544349][ T2073] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 55.487377][ T2079] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 55.496313][ T2079] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 55.505335][ T2079] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 55.515626][ T2079] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 58.323257][ T1737] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 58.331202][ T1737] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 58.339985][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 58.352072][ T1737] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 58.359964][ T1737] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 58.367426][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 58.409109][ T2792] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 58.427034][ T2794] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 58.445774][ T2796] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 58.463207][ T2798] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 58.480480][ T2800] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 58.497544][ T2802] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 58.515398][ T2804] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 58.532758][ T2806] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 58.549526][ T2808] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 58.566180][ T2810] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. 2024/04/26 05:11:44 executed programs: 108 [ 63.422447][ T3794] __nla_validate_parse: 491 callbacks suppressed [ 63.422458][ T3794] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 63.450777][ T3796] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 63.471537][ T3798] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 63.493485][ T3800] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 63.512070][ T3802] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 63.532948][ T3804] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 63.551262][ T3806] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 63.572620][ T3808] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 63.595266][ T3810] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 63.616507][ T3812] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. 2024/04/26 05:11:49 executed programs: 606 [ 68.435208][ T4800] __nla_validate_parse: 493 callbacks suppressed [ 68.435223][ T4800] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 68.458292][ T4802] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 68.480246][ T4804] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 68.501966][ T4806] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 68.523477][ T4808] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 68.540817][ T4810] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 68.558443][ T4812] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 68.576050][ T4814] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 68.595165][ T4816] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 68.616586][ T4818] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. 2024/04/26 05:11:54 executed programs: 1108 [ 73.441253][ T5785] __nla_validate_parse: 481 callbacks suppressed [ 73.441266][ T5785] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 73.465937][ T5787] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 73.483336][ T5789] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 73.500242][ T5791] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 73.516886][ T5793] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 73.533564][ T5795] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 73.549504][ T5797] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 73.566579][ T5799] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 73.583344][ T5801] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 73.600314][ T5803] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. 2024/04/26 05:11:59 executed programs: 1609 [ 78.456712][ T6818] __nla_validate_parse: 506 callbacks suppressed [ 78.456736][ T6818] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 78.481414][ T6820] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 78.497382][ T6822] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 78.514505][ T6824] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 78.531354][ T6826] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 78.547610][ T6828] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 78.565070][ T6830] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 78.585070][ T6832] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 78.606234][ T6834] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 78.622769][ T6836] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. 2024/04/26 05:12:04 executed programs: 2114 [ 83.462870][ T7818] __nla_validate_parse: 490 callbacks suppressed [ 83.462885][ T7818] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 83.486173][ T7820] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 83.504373][ T7822] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 83.521407][ T7824] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 83.538608][ T7826] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 83.555691][ T7828] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 83.573103][ T7830] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 83.589976][ T7832] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 83.606334][ T7834] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 83.628809][ T7836] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 84.317684][ T7976] ================================================================== [ 84.325782][ T7976] BUG: KASAN: use-after-free in dump_schedule+0x735/0x7a0 [ 84.332880][ T7976] Read of size 8 at addr ffff88810cbbd7c0 by task syz-executor.0/7976 [ 84.341010][ T7976] [ 84.343315][ T7976] CPU: 0 PID: 7976 Comm: syz-executor.0 Not tainted 5.15.156-syzkaller #0 [ 84.351791][ T7976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 84.361822][ T7976] Call Trace: [ 84.365108][ T7976] [ 84.368034][ T7976] dump_stack_lvl+0x8e/0xdd [ 84.372542][ T7976] print_address_description.constprop.0.cold+0x6c/0x309 [ 84.379561][ T7976] ? dump_schedule+0x735/0x7a0 [ 84.384307][ T7976] ? dump_schedule+0x735/0x7a0 [ 84.389054][ T7976] kasan_report.cold+0x83/0xdf [ 84.393801][ T7976] ? dump_schedule+0x735/0x7a0 [ 84.398733][ T7976] dump_schedule+0x735/0x7a0 [ 84.403304][ T7976] ? __lock_acquire.constprop.0+0x478/0xb30 [ 84.409175][ T7976] ? taprio_offload_get+0xb0/0xb0 [ 84.414179][ T7976] ? memcpy+0x39/0x60 [ 84.418188][ T7976] taprio_dump+0x563/0xb40 [ 84.422597][ T7976] ? taprio_dequeue_soft+0x8c0/0x8c0 [ 84.427972][ T7976] ? kasan_save_stack+0x32/0x40 [ 84.432845][ T7976] ? kasan_save_stack+0x1b/0x40 [ 84.437674][ T7976] ? __kasan_kmalloc+0x7c/0x90 [ 84.442502][ T7976] ? qdisc_notify.isra.0+0x7f/0x310 [ 84.447697][ T7976] ? __kprobes_text_end+0xa9300/0xa9300 [ 84.453231][ T7976] ? memcpy+0x39/0x60 [ 84.457207][ T7976] ? taprio_dequeue_soft+0x8c0/0x8c0 [ 84.462492][ T7976] tc_fill_qdisc+0x5cc/0x1110 [ 84.467163][ T7976] ? lock_downgrade+0x4f0/0x4f0 [ 84.472020][ T7976] ? tc_dump_tclass_root+0x310/0x310 [ 84.477295][ T7976] ? kasan_unpoison+0x40/0x60 [ 84.481963][ T7976] ? __phys_addr+0x9a/0x110 [ 84.486445][ T7976] ? memset+0x20/0x40 [ 84.490404][ T7976] ? __build_skb_around+0x23e/0x2f0 [ 84.495579][ T7976] ? __alloc_skb+0x17c/0x340 [ 84.500146][ T7976] qdisc_notify.isra.0+0x2b3/0x310 [ 84.505237][ T7976] tc_modify_qdisc+0xb1e/0x1ba0 [ 84.510150][ T7976] ? tc_get_qdisc+0xbf0/0xbf0 [ 84.514889][ T7976] ? lock_acquire+0x11a/0x230 [ 84.519540][ T7976] ? rtnetlink_rcv_msg+0x1d6/0xac0 [ 84.524627][ T7976] ? tc_get_qdisc+0xbf0/0xbf0 [ 84.529300][ T7976] rtnetlink_rcv_msg+0x468/0xac0 [ 84.534231][ T7976] ? rtnl_bridge_getlink+0x780/0x780 [ 84.539579][ T7976] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 84.544844][ T7976] ? __lock_acquire.constprop.0+0x478/0xb30 [ 84.550995][ T7976] netlink_rcv_skb+0x153/0x400 [ 84.555750][ T7976] ? rtnl_bridge_getlink+0x780/0x780 [ 84.561107][ T7976] ? netlink_ack+0xa00/0xa00 [ 84.565876][ T7976] ? netlink_deliver_tap+0x108/0x970 [ 84.571152][ T7976] netlink_unicast+0x64a/0x8f0 [ 84.575927][ T7976] ? netlink_attachskb+0x810/0x810 [ 84.581018][ T7976] ? __phys_addr+0x9a/0x110 [ 84.585689][ T7976] ? __phys_addr_symbol+0x2c/0x70 [ 84.590699][ T7976] ? __check_object_size+0x16e/0x3f0 [ 84.595983][ T7976] netlink_sendmsg+0x8ea/0xe00 [ 84.600762][ T7976] ? netlink_unicast+0x8f0/0x8f0 [ 84.605685][ T7976] ? netlink_unicast+0x8f0/0x8f0 [ 84.610786][ T7976] __sock_sendmsg+0xcf/0x120 [ 84.615378][ T7976] ____sys_sendmsg+0x6e8/0x810 [ 84.620208][ T7976] ? kernel_sendmsg+0x50/0x50 [ 84.624863][ T7976] ? do_recvmmsg+0x6b0/0x6b0 [ 84.629537][ T7976] ? kmem_cache_alloc+0x43/0x310 [ 84.634462][ T7976] ? lock_downgrade+0x4f0/0x4f0 [ 84.639301][ T7976] ? fs_reclaim_acquire+0xb2/0x160 [ 84.644484][ T7976] ___sys_sendmsg+0xf3/0x170 [ 84.649061][ T7976] ? sendmsg_copy_msghdr+0x160/0x160 [ 84.654514][ T7976] ? __fget_files+0x22e/0x360 [ 84.659188][ T7976] ? lock_downgrade+0x4f0/0x4f0 [ 84.664014][ T7976] ? lock_acquire+0x11a/0x230 [ 84.668666][ T7976] ? fd_install+0x310/0x310 [ 84.673145][ T7976] ? finish_task_switch.isra.0+0x2f2/0x680 [ 84.678937][ T7976] ? __fget_files+0x250/0x360 [ 84.683592][ T7976] ? __fget_light+0xea/0x280 [ 84.688161][ T7976] __sys_sendmsg+0xe5/0x1b0 [ 84.692657][ T7976] ? __sys_sendmsg_sock+0x30/0x30 [ 84.697661][ T7976] ? vtime_user_exit+0xde/0x180 [ 84.702489][ T7976] ? trace_user_exit.constprop.0+0xe5/0x100 [ 84.708363][ T7976] do_syscall_64+0x33/0xb0 [ 84.712778][ T7976] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 84.718656][ T7976] RIP: 0033:0x7fdf85b16da9 [ 84.723045][ T7976] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 84.742628][ T7976] RSP: 002b:00007fdf856980c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 84.751016][ T7976] RAX: ffffffffffffffda RBX: 00007fdf85c44f80 RCX: 00007fdf85b16da9 [ 84.758965][ T7976] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004 [ 84.766910][ T7976] RBP: 00007fdf85b6347a R08: 0000000000000000 R09: 0000000000000000 [ 84.774857][ T7976] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 84.782802][ T7976] R13: 0000000000000006 R14: 00007fdf85c44f80 R15: 00007ffdbe9d0ce8 [ 84.790767][ T7976] [ 84.793764][ T7976] [ 84.796061][ T7976] Allocated by task 7964: [ 84.800359][ T7976] kasan_save_stack+0x1b/0x40 [ 84.805015][ T7976] __kasan_kmalloc+0x7c/0x90 [ 84.809577][ T7976] taprio_change+0x5b2/0x3af0 [ 84.814234][ T7976] tc_modify_qdisc+0x96a/0x1ba0 [ 84.819062][ T7976] rtnetlink_rcv_msg+0x468/0xac0 [ 84.823973][ T7976] netlink_rcv_skb+0x153/0x400 [ 84.828715][ T7976] netlink_unicast+0x64a/0x8f0 [ 84.833454][ T7976] netlink_sendmsg+0x8ea/0xe00 [ 84.838194][ T7976] __sock_sendmsg+0xcf/0x120 [ 84.842865][ T7976] ____sys_sendmsg+0x6e8/0x810 [ 84.847603][ T7976] ___sys_sendmsg+0xf3/0x170 [ 84.852171][ T7976] __sys_sendmsg+0xe5/0x1b0 [ 84.856651][ T7976] do_syscall_64+0x33/0xb0 [ 84.861054][ T7976] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 84.866941][ T7976] [ 84.869247][ T7976] Freed by task 11: [ 84.873034][ T7976] kasan_save_stack+0x1b/0x40 [ 84.877690][ T7976] kasan_set_track+0x1c/0x30 [ 84.882275][ T7976] kasan_set_free_info+0x20/0x30 [ 84.887206][ T7976] __kasan_slab_free+0xe0/0x110 [ 84.892033][ T7976] kfree+0xd0/0x4c0 [ 84.895921][ T7976] rcu_core+0x58c/0x1190 [ 84.900139][ T7976] __do_softirq+0x14a/0x59a [ 84.904709][ T7976] [ 84.907020][ T7976] Last potentially related work creation: [ 84.912808][ T7976] kasan_save_stack+0x1b/0x40 [ 84.917467][ T7976] kasan_record_aux_stack+0xc5/0xf0 [ 84.922641][ T7976] call_rcu+0x98/0x6d0 [ 84.926685][ T7976] taprio_change+0x2b77/0x3af0 [ 84.931511][ T7976] tc_modify_qdisc+0x96a/0x1ba0 [ 84.936361][ T7976] rtnetlink_rcv_msg+0x468/0xac0 [ 84.941369][ T7976] netlink_rcv_skb+0x153/0x400 [ 84.946307][ T7976] netlink_unicast+0x64a/0x8f0 [ 84.951072][ T7976] netlink_sendmsg+0x8ea/0xe00 [ 84.955822][ T7976] __sock_sendmsg+0xcf/0x120 [ 84.960403][ T7976] ____sys_sendmsg+0x6e8/0x810 [ 84.965146][ T7976] ___sys_sendmsg+0xf3/0x170 [ 84.969719][ T7976] __sys_sendmsg+0xe5/0x1b0 [ 84.974199][ T7976] do_syscall_64+0x33/0xb0 [ 84.978596][ T7976] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 84.984639][ T7976] [ 84.986965][ T7976] The buggy address belongs to the object at ffff88810cbbd780 [ 84.986965][ T7976] which belongs to the cache kmalloc-96 of size 96 [ 85.001164][ T7976] The buggy address is located 64 bytes inside of [ 85.001164][ T7976] 96-byte region [ffff88810cbbd780, ffff88810cbbd7e0) [ 85.014247][ T7976] The buggy address belongs to the page: [ 85.020433][ T7976] page:ffffea000432ef40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10cbbd [ 85.030652][ T7976] flags: 0x200000000000200(slab|node=0|zone=2) [ 85.036808][ T7976] raw: 0200000000000200 dead000000000100 dead000000000122 ffff888100041780 [ 85.045453][ T7976] raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000 [ 85.054125][ T7976] page dumped because: kasan: bad access detected [ 85.060520][ T7976] page_owner tracks the page as allocated [ 85.066206][ T7976] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, ts 7260673761, free_ts 7194227360 [ 85.081982][ T7976] get_page_from_freelist+0x165a/0x2900 [ 85.087622][ T7976] __alloc_pages+0x2b3/0x590 [ 85.092192][ T7976] alloc_page_interleave+0x1e/0x1a0 [ 85.097386][ T7976] alloc_pages+0x270/0x3d0 [ 85.101780][ T7976] allocate_slab+0x2eb/0x430 [ 85.106346][ T7976] ___slab_alloc+0xb1c/0xf80 [ 85.110931][ T7976] kmem_cache_alloc_trace+0x2db/0x310 [ 85.116282][ T7976] blk_mq_init_allocated_queue+0xfd/0x1250 [ 85.122071][ T7976] blk_mq_init_queue+0x75/0xd0 [ 85.126827][ T7976] scsi_alloc_sdev+0x852/0xca0 [ 85.131586][ T7976] scsi_probe_and_add_lun+0x1bc3/0x2db0 [ 85.137139][ T7976] __scsi_scan_target+0x21d/0xb20 [ 85.142150][ T7976] scsi_scan_channel+0x148/0x1e0 [ 85.147153][ T7976] scsi_scan_host_selected+0x28f/0x350 [ 85.152588][ T7976] do_scsi_scan_host+0x1e8/0x260 [ 85.157506][ T7976] scsi_scan_host+0x377/0x430 [ 85.162163][ T7976] page last free stack trace: [ 85.166806][ T7976] free_pcp_prepare+0x34e/0x730 [ 85.171652][ T7976] free_unref_page+0x19/0x4b0 [ 85.176326][ T7976] __vunmap+0x75a/0xb00 [ 85.180469][ T7976] free_work+0x58/0x70 [ 85.184530][ T7976] process_one_work+0x8d5/0x1260 [ 85.189455][ T7976] worker_thread+0x552/0xf40 [ 85.194022][ T7976] kthread+0x327/0x3e0 [ 85.198074][ T7976] ret_from_fork+0x1f/0x30 [ 85.202470][ T7976] [ 85.204801][ T7976] Memory state around the buggy address: [ 85.210403][ T7976] ffff88810cbbd680: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 85.218798][ T7976] ffff88810cbbd700: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 85.226840][ T7976] >ffff88810cbbd780: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 85.234967][ T7976] ^ [ 85.241180][ T7976] ffff88810cbbd800: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 85.249305][ T7976] ffff88810cbbd880: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 85.257335][ T7976] ================================================================== [ 85.265481][ T7976] Disabling lock debugging due to kernel taint [ 85.272404][ T7976] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 85.280020][ T7976] Kernel Offset: disabled [ 85.284339][ T7976] Rebooting in 86400 seconds..