[ 87.297614][ T9] cfg80211: failed to load regulatory.db
Warning: Permanently added '[localhost]:31781' (ED25519) to the list of known hosts.
2023/09/30 03:47:10 ignoring optional flag "sandboxArg"="0"
2023/09/30 03:47:10 parsed 1 programs
[ 88.835577][ T38] kauditd_printk_skb: 5 callbacks suppressed
[ 88.835591][ T38] audit: type=1400 audit(1696045630.566:206): avc: denied { getattr } for pid=5359 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 88.851624][ T38] audit: type=1400 audit(1696045630.566:207): avc: denied { read } for pid=5359 comm="syz-execprog" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 88.862768][ T38] audit: type=1400 audit(1696045630.566:208): avc: denied { open } for pid=5359 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 88.911483][ T38] audit: type=1400 audit(1696045630.646:209): avc: denied { mounton } for pid=5378 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 88.923671][ T38] audit: type=1400 audit(1696045630.646:210): avc: denied { mount } for pid=5378 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[ 88.935613][ T38] audit: type=1400 audit(1696045630.666:211): avc: denied { read write } for pid=5378 comm="syz-executor" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 88.953683][ T38] audit: type=1400 audit(1696045630.666:212): avc: denied { open } for pid=5378 comm="syz-executor" path="/swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 88.994897][ T38] audit: type=1400 audit(1696045630.726:213): avc: denied { unlink } for pid=5378 comm="syz-executor" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 89.597587][ T38] audit: type=1400 audit(1696045631.336:214): avc: denied { relabelto } for pid=5383 comm="mkswap" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 90.861205][ T5378] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
2023/09/30 03:47:12 executed programs: 0
[ 90.937520][ T61] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 90.941737][ T61] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 90.945293][ T61] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 90.952765][ T61] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 90.957385][ T61] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 90.961414][ T61] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 90.971937][ T38] audit: type=1400 audit(1696045632.706:215): avc: denied { mounton } for pid=5390 comm="syz-executor.0" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[ 91.133990][ T5390] chnl_net:caif_netlink_parms(): no params data found
[ 91.262022][ T5390] bridge0: port 1(bridge_slave_0) entered blocking state
[ 91.265183][ T5390] bridge0: port 1(bridge_slave_0) entered disabled state
[ 91.268186][ T5390] bridge_slave_0: entered allmulticast mode
[ 91.272310][ T5390] bridge_slave_0: entered promiscuous mode
[ 91.277825][ T5390] bridge0: port 2(bridge_slave_1) entered blocking state
[ 91.280801][ T5390] bridge0: port 2(bridge_slave_1) entered disabled state
[ 91.283864][ T5390] bridge_slave_1: entered allmulticast mode
[ 91.287455][ T5390] bridge_slave_1: entered promiscuous mode
[ 91.372822][ T5390] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 91.382460][ T5390] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 91.459733][ T5390] team0: Port device team_slave_0 added
[ 91.467251][ T5390] team0: Port device team_slave_1 added
[ 91.541836][ T5390] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 91.545923][ T5390] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 91.558153][ T5390] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 91.565173][ T5390] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 91.568402][ T5390] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 91.580136][ T5390] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 91.666453][ T5390] hsr_slave_0: entered promiscuous mode
[ 91.669847][ T5390] hsr_slave_1: entered promiscuous mode
[ 92.358246][ T5390] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 92.365055][ T5390] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 92.374197][ T5390] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 92.387758][ T5390] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 92.474065][ T5390] 8021q: adding VLAN 0 to HW filter on device bond0
[ 92.489007][ T5390] 8021q: adding VLAN 0 to HW filter on device team0
[ 92.496696][ T46] bridge0: port 1(bridge_slave_0) entered blocking state
[ 92.499679][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 92.518639][ T825] bridge0: port 2(bridge_slave_1) entered blocking state
[ 92.522048][ T825] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 92.544426][ T5390] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 92.548724][ T5390] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 92.684653][ T5390] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 92.725262][ T5390] veth0_vlan: entered promiscuous mode
[ 92.733236][ T5390] veth1_vlan: entered promiscuous mode
[ 92.759070][ T5390] veth0_macvtap: entered promiscuous mode
[ 92.764076][ T5390] veth1_macvtap: entered promiscuous mode
[ 92.777898][ T5390] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 92.791189][ T5390] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 92.798189][ T5390] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 92.802090][ T5390] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 92.806552][ T5390] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 92.810677][ T5390] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 92.866399][ T32] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 92.870223][ T32] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 92.902098][ T822] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 92.905977][ T822] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 92.995786][ T61] Bluetooth: hci0: command 0x0409 tx timeout
[ 95.055700][ T61] Bluetooth: hci0: command 0x041b tx timeout
[ 95.792644][ T46] ==================================================================
[ 95.796554][ T46] BUG: KASAN: slab-use-after-free in do_raw_spin_unlock+0x1f7/0x230
[ 95.800503][ T46] Read of size 4 at addr ffff888021a7253c by task kworker/1:1/46
[ 95.819206][ T46]
[ 95.821963][ T46] CPU: 1 PID: 46 Comm: kworker/1:1 Not tainted 6.6.0-rc3-syzkaller-dirty #0
[ 95.825801][ T46] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 95.830005][ T46] Workqueue: pencrypt_serial padata_serial_worker
[ 95.832639][ T46] Call Trace:
[ 95.834037][ T46]
[ 95.835260][ T46] dump_stack_lvl+0xd9/0x1b0
[ 95.837172][ T46] print_report+0xc4/0x620
[ 95.839003][ T46] ? __virt_addr_valid+0x5e/0x2d0
[ 95.841082][ T46] ? __phys_addr+0xc6/0x140
[ 95.842961][ T46] kasan_report+0xda/0x110
[ 95.844820][ T46] ? do_raw_spin_unlock+0x1f7/0x230
[ 95.846967][ T46] ? do_raw_spin_unlock+0x1f7/0x230
[ 95.849127][ T46] do_raw_spin_unlock+0x1f7/0x230
[ 95.851181][ T46] _raw_spin_unlock_bh+0x1e/0x30
[ 95.853156][ T46] tls_encrypt_done+0x281/0x560
[ 95.855054][ T46] padata_serial_worker+0x246/0x490
[ 95.857072][ T46] ? padata_find_next+0x430/0x430
[ 95.858897][ T46] process_one_work+0x884/0x15c0
[ 95.860922][ T46] ? init_worker_pool+0x770/0x770
[ 95.862995][ T46] ? assign_work+0x1a0/0x240
[ 95.865061][ T46] worker_thread+0x8b9/0x1290
[ 95.867021][ T46] ? process_one_work+0x15c0/0x15c0
[ 95.869189][ T46] kthread+0x33c/0x440
[ 95.870952][ T46] ? _raw_spin_unlock_irq+0x23/0x50
[ 95.873276][ T46] ? kthread_complete_and_exit+0x40/0x40
[ 95.875589][ T46] ret_from_fork+0x45/0x80
[ 95.877449][ T46] ? kthread_complete_and_exit+0x40/0x40
[ 95.879728][ T46] ret_from_fork_asm+0x11/0x20
[ 95.881709][ T46]
[ 95.882968][ T46]
[ 95.883954][ T46] Allocated by task 5717:
[ 95.885693][ T46] kasan_save_stack+0x33/0x50
[ 95.887603][ T46] kasan_set_track+0x25/0x30
[ 95.889506][ T46] __kasan_kmalloc+0xa3/0xb0
[ 95.891392][ T46] tls_set_sw_offload+0x12e0/0x1700
[ 95.893513][ T46] tls_setsockopt+0x108c/0x1340
[ 95.895523][ T46] __sys_setsockopt+0x2cd/0x5b0
[ 95.897499][ T46] __x64_sys_setsockopt+0xbd/0x150
[ 95.899595][ T46] do_syscall_64+0x38/0xb0
[ 95.901213][ T46] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 95.903362][ T46]
[ 95.904248][ T46] Freed by task 5716:
[ 95.905691][ T46] kasan_save_stack+0x33/0x50
[ 95.907396][ T46] kasan_set_track+0x25/0x30
[ 95.909085][ T46] kasan_save_free_info+0x28/0x40
[ 95.910979][ T46] ____kasan_slab_free+0x138/0x190
[ 95.912928][ T46] __kmem_cache_free+0xcc/0x2d0
[ 95.914686][ T46] tls_sk_proto_close+0x4c3/0xb00
[ 95.916787][ T46] inet_release+0x132/0x270
[ 95.918659][ T46] inet6_release+0x4f/0x70
[ 95.920500][ T46] __sock_release+0xae/0x260
[ 95.922307][ T46] sock_close+0x1c/0x20
[ 95.924052][ T46] __fput+0x3f7/0xa70
[ 95.925698][ T46] __fput_sync+0x47/0x50
[ 95.927450][ T46] __x64_sys_close+0x87/0xf0
[ 95.929611][ T46] do_syscall_64+0x38/0xb0
[ 95.931540][ T46] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 95.933963][ T46]
[ 95.934951][ T46] Last potentially related work creation:
[ 95.937324][ T46] kasan_save_stack+0x33/0x50
[ 95.939211][ T46] __kasan_record_aux_stack+0x78/0x80
[ 95.941431][ T46] kvfree_call_rcu+0x70/0xbe0
[ 95.943335][ T46] mld_clear_delrec+0x134/0x660
[ 95.945346][ T46] ipv6_mc_destroy_dev+0x49/0x680
[ 95.947420][ T46] addrconf_ifdown.isra.0+0x1597/0x1c50
[ 95.949675][ T46] addrconf_notify+0x22d/0x1920
[ 95.951736][ T46] notifier_call_chain+0xb6/0x3b0
[ 95.953850][ T46] call_netdevice_notifiers_info+0xb9/0x130
[ 95.956291][ T46] unregister_netdevice_many_notify+0x85f/0x1a20
[ 95.958841][ T46] default_device_exit_batch+0x584/0x740
[ 95.961208][ T46] ops_exit_list+0x125/0x170
[ 95.963183][ T46] cleanup_net+0x505/0xb20
[ 95.965017][ T46] process_one_work+0x884/0x15c0
[ 95.967077][ T46] worker_thread+0x8b9/0x1290
[ 95.968986][ T46] kthread+0x33c/0x440
[ 95.970462][ T46] ret_from_fork+0x45/0x80
[ 95.972096][ T46] ret_from_fork_asm+0x11/0x20
[ 95.973833][ T46]
[ 95.974707][ T46] Second to last potentially related work creation:
[ 95.977060][ T46] kasan_save_stack+0x33/0x50
[ 95.978760][ T46] __kasan_record_aux_stack+0x78/0x80
[ 95.981029][ T46] __call_rcu_common.constprop.0+0x9a/0x790
[ 95.983503][ T46] addrconf_notify+0x149e/0x1920
[ 95.985553][ T46] notifier_call_chain+0xb6/0x3b0
[ 95.987560][ T46] call_netdevice_notifiers_info+0xb9/0x130
[ 95.989688][ T46] __dev_notify_flags+0x12d/0x2e0
[ 95.991623][ T46] dev_change_flags+0x122/0x170
[ 95.993620][ T46] do_setlink+0x1a2a/0x3fa0
[ 95.995489][ T46] __rtnl_newlink+0xc1d/0x1940
[ 95.997459][ T46] rtnl_newlink+0x67/0xa0
[ 95.999221][ T46] rtnetlink_rcv_msg+0x3c4/0xdf0
[ 96.001241][ T46] netlink_rcv_skb+0x16b/0x440
[ 96.003605][ T46] netlink_unicast+0x536/0x810
[ 96.005579][ T46] netlink_sendmsg+0x93c/0xe40
[ 96.007610][ T46] sock_sendmsg+0xd9/0x180
[ 96.009739][ T46] __sys_sendto+0x255/0x340
[ 96.011641][ T46] __x64_sys_sendto+0xe0/0x1b0
[ 96.013604][ T46] do_syscall_64+0x38/0xb0
[ 96.015465][ T46] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 96.017980][ T46]
[ 96.019015][ T46] The buggy address belongs to the object at ffff888021a72400
[ 96.019015][ T46] which belongs to the cache kmalloc-512 of size 512
[ 96.024044][ T46] The buggy address is located 316 bytes inside of
[ 96.024044][ T46] freed 512-byte region [ffff888021a72400, ffff888021a72600)
[ 96.028910][ T46]
[ 96.029782][ T46] The buggy address belongs to the physical page:
[ 96.032495][ T46] page:ffffea0000869c80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x21a72
[ 96.036809][ T46] flags: 0xfff00000000800(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 96.040154][ T46] page_type: 0x4()
[ 96.041643][ T46] raw: 00fff00000000800 ffff888012c40600 ffffea00006c3ed0 ffffea0000f39050
[ 96.045425][ T46] raw: 0000000000000000 ffff888021a72000 0000000100000004 0000000000000000
[ 96.048931][ T46] page dumped because: kasan: bad access detected
[ 96.051283][ T46] page_owner tracks the page as allocated
[ 96.053312][ T46] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2420c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_COMP|__GFP_THISNODE), pid 1, tgid 1 (swapper/0), ts 18600299140, free_ts 18486327960
[ 96.060063][ T46] post_alloc_hook+0x2cf/0x340
[ 96.061800][ T46] get_page_from_freelist+0xee0/0x2f20
[ 96.063952][ T46] __alloc_pages+0x1d0/0x4a0
[ 96.065865][ T46] cache_grow_begin+0x99/0x3a0
[ 96.067866][ T46] cache_alloc_refill+0x294/0x3a0
[ 96.069889][ T46] __kmem_cache_alloc_node+0x3c5/0x470
[ 96.072119][ T46] kmalloc_trace+0x25/0xe0
[ 96.073967][ T46] dev_pm_qos_constraints_allocate+0x87/0x4b0
[ 96.076454][ T46] __dev_pm_qos_add_request+0x47b/0x570
[ 96.078722][ T46] dev_pm_qos_add_request+0x3a/0x60
[ 96.080875][ T46] usb_hub_create_port_device+0x474/0xe30
[ 96.083254][ T46] hub_probe+0x1e62/0x3070
[ 96.085099][ T46] usb_probe_interface+0x307/0x930
[ 96.086956][ T46] really_probe+0x234/0xc90
[ 96.088617][ T46] __driver_probe_device+0x1de/0x4b0
[ 96.090523][ T46] driver_probe_device+0x4c/0x1a0
[ 96.092697][ T46] page last free stack trace:
[ 96.094717][ T46] free_unref_page_prepare+0x476/0xa40
[ 96.096918][ T46] free_unref_page+0x33/0x3b0
[ 96.098799][ T46] vfree+0x181/0x7a0
[ 96.100435][ T46] delayed_vfree_work+0x56/0x70
[ 96.102486][ T46] process_one_work+0x884/0x15c0
[ 96.104576][ T46] worker_thread+0x8b9/0x1290
[ 96.106639][ T46] kthread+0x33c/0x440
[ 96.108413][ T46] ret_from_fork+0x45/0x80
[ 96.110183][ T46] ret_from_fork_asm+0x11/0x20
[ 96.111921][ T46]
[ 96.112826][ T46] Memory state around the buggy address:
[ 96.114881][ T46] ffff888021a72400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 96.117823][ T46] ffff888021a72480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 96.120691][ T46] >ffff888021a72500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 96.123708][ T46] ^
[ 96.126133][ T46] ffff888021a72580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 96.129388][ T46] ffff888021a72600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 96.132610][ T46] ==================================================================
[ 96.135986][ T46] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 96.139110][ T46] CPU: 1 PID: 46 Comm: kworker/1:1 Not tainted 6.6.0-rc3-syzkaller-dirty #0
[ 96.142627][ T46] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 96.146564][ T46] Workqueue: pencrypt_serial padata_serial_worker
[ 96.148881][ T46] Call Trace:
[ 96.150106][ T46]
[ 96.151190][ T46] dump_stack_lvl+0xd9/0x1b0
[ 96.153043][ T46] panic+0x6a6/0x750
[ 96.154653][ T46] ? panic_smp_self_stop+0xa0/0xa0
[ 96.156788][ T46] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 96.159318][ T46] check_panic_on_warn+0xab/0xb0
[ 96.161150][ T46] end_report+0x108/0x150
2023/09/30 03:47:17 executed programs: 91
[ 96.162990][ T46] kasan_report+0xea/0x110
[ 96.164845][ T46] ? do_raw_spin_unlock+0x1f7/0x230
[ 96.167052][ T46] ? do_raw_spin_unlock+0x1f7/0x230
[ 96.169268][ T46] do_raw_spin_unlock+0x1f7/0x230
[ 96.171442][ T46] _raw_spin_unlock_bh+0x1e/0x30
[ 96.173483][ T46] tls_encrypt_done+0x281/0x560
[ 96.175539][ T46] padata_serial_worker+0x246/0x490
[ 96.177723][ T46] ? padata_find_next+0x430/0x430
[ 96.179804][ T46] process_one_work+0x884/0x15c0
[ 96.181860][ T46] ? init_worker_pool+0x770/0x770
[ 96.183969][ T46] ? assign_work+0x1a0/0x240
[ 96.185882][ T46] worker_thread+0x8b9/0x1290
[ 96.187890][ T46] ? process_one_work+0x15c0/0x15c0
[ 96.190022][ T46] kthread+0x33c/0x440
[ 96.191709][ T46] ? _raw_spin_unlock_irq+0x23/0x50
[ 96.193873][ T46] ? kthread_complete_and_exit+0x40/0x40
[ 96.196192][ T46] ret_from_fork+0x45/0x80
[ 96.198047][ T46] ? kthread_complete_and_exit+0x40/0x40
[ 96.200385][ T46] ret_from_fork_asm+0x11/0x20
[ 96.202378][ T46]
[ 96.204644][ T46] Kernel Offset: disabled
[ 96.206244][ T46] Rebooting in 86400 seconds..