Warning: Permanently added '10.128.0.121' (ED25519) to the list of known hosts.
2024/03/04 13:31:43 ignoring optional flag "sandboxArg"="0"
2024/03/04 13:31:43 parsed 1 programs
2024/03/04 13:31:45 executed programs: 0
[   88.432402][ T5415] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   88.485955][   T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   88.494335][   T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   88.503679][   T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   88.512597][   T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   88.520521][   T51] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   88.528561][   T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   88.649463][ T5421] chnl_net:caif_netlink_parms(): no params data found
[   88.703660][ T5421] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.710931][ T5421] bridge0: port 1(bridge_slave_0) entered disabled state
[   88.719092][ T5421] bridge_slave_0: entered allmulticast mode
[   88.725953][ T5421] bridge_slave_0: entered promiscuous mode
[   88.735005][ T5421] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.742942][ T5421] bridge0: port 2(bridge_slave_1) entered disabled state
[   88.750525][ T5421] bridge_slave_1: entered allmulticast mode
[   88.757215][ T5421] bridge_slave_1: entered promiscuous mode
[   88.783435][ T5421] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   88.795266][ T5421] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   88.823982][ T5421] team0: Port device team_slave_0 added
[   88.831849][ T5421] team0: Port device team_slave_1 added
[   88.855468][ T5421] batman_adv: batadv0: Adding interface: batadv_slave_0
[   88.863098][ T5421] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.890499][ T5421] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   88.904298][ T5421] batman_adv: batadv0: Adding interface: batadv_slave_1
[   88.911570][ T5421] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.938569][ T5421] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   88.976624][ T5421] hsr_slave_0: entered promiscuous mode
[   88.983769][ T5421] hsr_slave_1: entered promiscuous mode
[   89.607632][ T5421] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   89.620680][ T5421] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   89.633529][ T5421] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   89.652721][ T5421] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   89.771405][ T5421] 8021q: adding VLAN 0 to HW filter on device bond0
[   89.801332][ T5421] 8021q: adding VLAN 0 to HW filter on device team0
[   89.822382][ T4483] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.829855][ T4483] bridge0: port 1(bridge_slave_0) entered forwarding state
[   89.850280][   T23] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.857712][   T23] bridge0: port 2(bridge_slave_1) entered forwarding state
[   90.080838][ T5421] 8021q: adding VLAN 0 to HW filter on device batadv0
[   90.141510][ T5421] veth0_vlan: entered promiscuous mode
[   90.157584][ T5421] veth1_vlan: entered promiscuous mode
[   90.203636][ T5421] veth0_macvtap: entered promiscuous mode
[   90.215192][ T5421] veth1_macvtap: entered promiscuous mode
[   90.245032][ T5421] batman_adv: batadv0: Interface activated: batadv_slave_0
[   90.262536][ T5421] batman_adv: batadv0: Interface activated: batadv_slave_1
[   90.280599][ T5421] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   90.292531][ T5421] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   90.303039][ T5421] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   90.314712][ T5421] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   90.388902][  T235] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   90.396825][  T235] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   90.435869][  T235] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   90.444998][  T235] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   90.505852][ T5491] ==================================================================
[   90.514219][ T5491] BUG: KASAN: slab-use-after-free in __se_sys_io_cancel+0x3a2/0x3b0
[   90.522234][ T5491] Read of size 4 at addr ffff88801fe56020 by task syz-executor.0/5491
[   90.530490][ T5491] 
[   90.532838][ T5491] CPU: 0 PID: 5491 Comm: syz-executor.0 Not tainted 6.8.0-rc7-syzkaller-g90d35da658da-dirty #0
[   90.543186][ T5491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[   90.553286][ T5491] Call Trace:
[   90.556945][ T5491]  <TASK>
[   90.559894][ T5491]  dump_stack_lvl+0x1e7/0x2e0
[   90.564705][ T5491]  ? __pfx_dump_stack_lvl+0x10/0x10
[   90.569984][ T5491]  ? __pfx__printk+0x10/0x10
[   90.574781][ T5491]  ? _printk+0xd5/0x120
[   90.579058][ T5491]  ? __virt_addr_valid+0x183/0x520
[   90.584457][ T5491]  ? __virt_addr_valid+0x183/0x520
[   90.589612][ T5491]  print_report+0x167/0x540
[   90.594236][ T5491]  ? __virt_addr_valid+0x183/0x520
[   90.599442][ T4465] Bluetooth: hci0: command 0x0409 tx timeout
[   90.605415][ T5491]  ? __virt_addr_valid+0x183/0x520
[   90.605442][ T5491]  ? __virt_addr_valid+0x44e/0x520
[   90.615808][ T5491]  ? __phys_addr+0xba/0x170
[   90.620344][ T5491]  ? __se_sys_io_cancel+0x3a2/0x3b0
[   90.625836][ T5491]  kasan_report+0x142/0x180
[   90.630653][ T5491]  ? __se_sys_io_cancel+0x3a2/0x3b0
[   90.635881][ T5491]  __se_sys_io_cancel+0x3a2/0x3b0
[   90.640991][ T5491]  do_syscall_64+0xf9/0x240
[   90.645859][ T5491]  entry_SYSCALL_64_after_hwframe+0x6f/0x77
[   90.651969][ T5491] RIP: 0033:0x7f963407dda9
[   90.656490][ T5491] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   90.676825][ T5491] RSP: 002b:00007f9634ed70c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d2
[   90.685444][ T5491] RAX: ffffffffffffffda RBX: 00007f96341abf80 RCX: 00007f963407dda9
[   90.693434][ T5491] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00007f9634eb6000
[   90.701427][ T5491] RBP: 00007f96340ca47a R08: 0000000000000000 R09: 0000000000000000
[   90.710212][ T5491] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   90.718213][ T5491] R13: 000000000000000b R14: 00007f96341abf80 R15: 00007ffc37361bc8
[   90.726485][ T5491]  </TASK>
[   90.729609][ T5491] 
[   90.731935][ T5491] Allocated by task 5491:
[   90.736271][ T5491]  kasan_save_track+0x3f/0x80
[   90.741063][ T5491]  __kasan_slab_alloc+0x66/0x80
[   90.745955][ T5491]  kmem_cache_alloc+0x16f/0x340
[   90.750921][ T5491]  io_submit_one+0x154/0x18b0
[   90.755620][ T5491]  __se_sys_io_submit+0x17f/0x300
[   90.760837][ T5491]  do_syscall_64+0xf9/0x240
[   90.765377][ T5491]  entry_SYSCALL_64_after_hwframe+0x6f/0x77
[   90.771845][ T5491] 
[   90.774175][ T5491] Freed by task 5082:
[   90.778343][ T5491]  kasan_save_track+0x3f/0x80
[   90.783043][ T5491]  kasan_save_free_info+0x40/0x50
[   90.788443][ T5491]  poison_slab_object+0xa6/0xe0
[   90.793496][ T5491]  __kasan_slab_free+0x37/0x60
[   90.798289][ T5491]  kmem_cache_free+0x102/0x2a0
[   90.803073][ T5491]  aio_poll_complete_work+0x467/0x670
[   90.808724][ T5491]  process_scheduled_works+0x913/0x1420
[   90.814725][ T5491]  worker_thread+0xa5f/0x1000
[   90.819434][ T5491]  kthread+0x2ef/0x390
[   90.823613][ T5491]  ret_from_fork+0x4b/0x80
[   90.828061][ T5491]  ret_from_fork_asm+0x1b/0x30
[   90.832847][ T5491] 
[   90.835181][ T5491] Last potentially related work creation:
[   90.840988][ T5491]  kasan_save_stack+0x3f/0x60
[   90.845689][ T5491]  __kasan_record_aux_stack+0xac/0xc0
[   90.851339][ T5491]  insert_work+0x3e/0x330
[   90.855757][ T5491]  __queue_work+0xbf4/0x1000
[   90.860463][ T5491]  queue_work_on+0x14f/0x250
[   90.865155][ T5491]  aio_poll_cancel+0xbb/0x130
[   90.869857][ T5491]  __se_sys_io_cancel+0x122/0x3b0
[   90.874995][ T5491]  do_syscall_64+0xf9/0x240
[   90.879609][ T5491]  entry_SYSCALL_64_after_hwframe+0x6f/0x77
[   90.885524][ T5491] 
[   90.887853][ T5491] The buggy address belongs to the object at ffff88801fe56000
[   90.887853][ T5491]  which belongs to the cache aio_kiocb of size 216
[   90.901836][ T5491] The buggy address is located 32 bytes inside of
[   90.901836][ T5491]  freed 216-byte region [ffff88801fe56000, ffff88801fe560d8)
[   90.915574][ T5491] 
[   90.917910][ T5491] The buggy address belongs to the physical page:
[   90.924417][ T5491] page:ffffea00007f9580 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1fe56
[   90.934851][ T5491] flags: 0xfff00000000800(slab|node=0|zone=1|lastcpupid=0x7ff)
[   90.942851][ T5491] page_type: 0xffffffff()
[   90.947597][ T5491] raw: 00fff00000000800 ffff88801772adc0 dead000000000122 0000000000000000
[   90.956231][ T5491] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[   90.964847][ T5491] page dumped because: kasan: bad access detected
[   90.971277][ T5491] page_owner tracks the page as allocated
[   90.977091][ T5491] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 5491, tgid 5490 (syz-executor.0), ts 90500359314, free_ts 90328660331
[   90.995701][ T5491]  post_alloc_hook+0x1ea/0x210
[   91.000579][ T5491]  get_page_from_freelist+0x33ea/0x3580
[   91.006149][ T5491]  __alloc_pages+0x255/0x680
[   91.010762][ T5491]  alloc_slab_page+0x5f/0x160
[   91.015462][ T5491]  new_slab+0x84/0x2f0
[   91.019738][ T5491]  ___slab_alloc+0xd17/0x13e0
[   91.024526][ T5491]  kmem_cache_alloc+0x24d/0x340
[   91.029403][ T5491]  io_submit_one+0x154/0x18b0
[   91.035151][ T5491]  __se_sys_io_submit+0x17f/0x300
[   91.040366][ T5491]  do_syscall_64+0xf9/0x240
[   91.044910][ T5491]  entry_SYSCALL_64_after_hwframe+0x6f/0x77
[   91.050837][ T5491] page last free pid 5470 tgid 5470 stack trace:
[   91.057265][ T5491]  free_unref_page_prepare+0x968/0xa90
[   91.062923][ T5491]  free_unref_page_list+0x5a3/0x850
[   91.068317][ T5491]  release_pages+0x2744/0x2a80
[   91.073368][ T5491]  tlb_flush_mmu+0x34c/0x4e0
[   91.078032][ T5491]  tlb_finish_mmu+0xd4/0x200
[   91.082734][ T5491]  exit_mmap+0x4b6/0xd40
[   91.087043][ T5491]  __mmput+0x115/0x3c0
[   91.091136][ T5491]  exit_mm+0x21f/0x310
[   91.095401][ T5491]  do_exit+0x9af/0x2740
[   91.099592][ T5491]  do_group_exit+0x206/0x2c0
[   91.104293][ T5491]  __x64_sys_exit_group+0x3f/0x40
[   91.109354][ T5491]  do_syscall_64+0xf9/0x240
[   91.113892][ T5491]  entry_SYSCALL_64_after_hwframe+0x6f/0x77
[   91.119815][ T5491] 
[   91.122158][ T5491] Memory state around the buggy address:
[   91.128144][ T5491]  ffff88801fe55f00: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[   91.136326][ T5491]  ffff88801fe55f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   91.144683][ T5491] >ffff88801fe56000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   91.152757][ T5491]                                ^
[   91.158490][ T5491]  ffff88801fe56080: fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc
[   91.166917][ T5491]  ffff88801fe56100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   91.175096][ T5491] ==================================================================
[   91.208303][ T5491] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   91.216054][ T5491] CPU: 1 PID: 5491 Comm: syz-executor.0 Not tainted 6.8.0-rc7-syzkaller-g90d35da658da-dirty #0
[   91.226570][ T5491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[   91.236829][ T5491] Call Trace:
[   91.240131][ T5491]  <TASK>
[   91.243680][ T5491]  dump_stack_lvl+0x1e7/0x2e0
[   91.248493][ T5491]  ? __pfx_dump_stack_lvl+0x10/0x10
[   91.253805][ T5491]  ? __pfx__printk+0x10/0x10
[   91.258454][ T5491]  ? vscnprintf+0x5d/0x90
[   91.262980][ T5491]  panic+0x349/0x860
[   91.267074][ T5491]  ? check_panic_on_warn+0x21/0xb0
[   91.272207][ T5491]  ? __pfx_panic+0x10/0x10
[   91.276748][ T5491]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   91.283197][ T5491]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   91.289650][ T5491]  ? print_report+0x4ff/0x540
[   91.294792][ T5491]  check_panic_on_warn+0x86/0xb0
[   91.300275][ T5491]  ? __se_sys_io_cancel+0x3a2/0x3b0
[   91.305644][ T5491]  end_report+0x6e/0x140
[   91.310147][ T5491]  kasan_report+0x153/0x180
[   91.314728][ T5491]  ? __se_sys_io_cancel+0x3a2/0x3b0
[   91.320788][ T5491]  __se_sys_io_cancel+0x3a2/0x3b0
[   91.326065][ T5491]  do_syscall_64+0xf9/0x240
[   91.330567][ T5491]  entry_SYSCALL_64_after_hwframe+0x6f/0x77
[   91.336550][ T5491] RIP: 0033:0x7f963407dda9
[   91.340964][ T5491] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   91.360751][ T5491] RSP: 002b:00007f9634ed70c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d2
[   91.369424][ T5491] RAX: ffffffffffffffda RBX: 00007f96341abf80 RCX: 00007f963407dda9
[   91.377996][ T5491] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00007f9634eb6000
[   91.386128][ T5491] RBP: 00007f96340ca47a R08: 0000000000000000 R09: 0000000000000000
[   91.394174][ T5491] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   91.402133][ T5491] R13: 000000000000000b R14: 00007f96341abf80 R15: 00007ffc37361bc8
[   91.410187][ T5491]  </TASK>
[   91.413465][ T5491] Kernel Offset: disabled
[   91.417777][ T5491] Rebooting in 86400 seconds..