Warning: Permanently added '[localhost]:27221' (ED25519) to the list of known hosts.
2023/09/30 05:08:27 ignoring optional flag "sandboxArg"="0"
2023/09/30 05:08:27 parsed 1 programs
[ 73.029076][ T37] kauditd_printk_skb: 75 callbacks suppressed
[ 73.029088][ T37] audit: type=1400 audit(1696050507.539:206): avc: denied { getattr } for pid=5326 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 73.042406][ T37] audit: type=1400 audit(1696050507.539:207): avc: denied { read } for pid=5326 comm="syz-execprog" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 73.051868][ T37] audit: type=1400 audit(1696050507.539:208): avc: denied { open } for pid=5326 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 73.077139][ T37] audit: type=1400 audit(1696050507.589:209): avc: denied { mounton } for pid=5337 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 73.087126][ T37] audit: type=1400 audit(1696050507.589:210): avc: denied { mount } for pid=5337 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[ 73.096085][ T37] audit: type=1400 audit(1696050507.599:211): avc: denied { read write } for pid=5337 comm="syz-executor" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 73.106887][ T37] audit: type=1400 audit(1696050507.599:212): avc: denied { open } for pid=5337 comm="syz-executor" path="/swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 73.139710][ T37] audit: type=1400 audit(1696050507.649:213): avc: denied { unlink } for pid=5337 comm="syz-executor" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 73.768501][ T37] audit: type=1400 audit(1696050508.279:214): avc: denied { relabelto } for pid=5363 comm="mkswap" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 74.805605][ T5337] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
2023/09/30 05:08:29 executed programs: 0
[ 74.856246][ T5162] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 74.860654][ T5162] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 74.864713][ T5162] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 74.869707][ T5162] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 74.873782][ T5162] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 74.877473][ T5162] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 74.887775][ T37] audit: type=1400 audit(1696050509.399:215): avc: denied { mounton } for pid=5377 comm="syz-executor.0" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[ 75.057300][ T5377] chnl_net:caif_netlink_parms(): no params data found
[ 75.200659][ T5377] bridge0: port 1(bridge_slave_0) entered blocking state
[ 75.204130][ T5377] bridge0: port 1(bridge_slave_0) entered disabled state
[ 75.207895][ T5377] bridge_slave_0: entered allmulticast mode
[ 75.212154][ T5377] bridge_slave_0: entered promiscuous mode
[ 75.217891][ T5377] bridge0: port 2(bridge_slave_1) entered blocking state
[ 75.221237][ T5377] bridge0: port 2(bridge_slave_1) entered disabled state
[ 75.224593][ T5377] bridge_slave_1: entered allmulticast mode
[ 75.228939][ T5377] bridge_slave_1: entered promiscuous mode
[ 75.299997][ T5377] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 75.309790][ T5377] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 75.378362][ T5377] team0: Port device team_slave_0 added
[ 75.386382][ T5377] team0: Port device team_slave_1 added
[ 75.445090][ T5377] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 75.448438][ T5377] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 75.460791][ T5377] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 75.467991][ T5377] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 75.471188][ T5377] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 75.483023][ T5377] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 75.562528][ T5377] hsr_slave_0: entered promiscuous mode
[ 75.567685][ T5377] hsr_slave_1: entered promiscuous mode
[ 76.211153][ T5377] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 76.218780][ T5377] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 76.225419][ T5377] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 76.235199][ T5377] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 76.316703][ T5377] 8021q: adding VLAN 0 to HW filter on device bond0
[ 76.334162][ T5377] 8021q: adding VLAN 0 to HW filter on device team0
[ 76.345388][ T823] bridge0: port 1(bridge_slave_0) entered blocking state
[ 76.348861][ T823] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 76.368051][ T813] bridge0: port 2(bridge_slave_1) entered blocking state
[ 76.371539][ T813] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 76.395805][ T5377] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 76.520723][ T5377] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 76.567382][ T5377] veth0_vlan: entered promiscuous mode
[ 76.577854][ T5377] veth1_vlan: entered promiscuous mode
[ 76.612019][ T5377] veth0_macvtap: entered promiscuous mode
[ 76.620423][ T5377] veth1_macvtap: entered promiscuous mode
[ 76.641456][ T5377] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 76.652346][ T5377] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 76.661031][ T5377] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 76.665103][ T5377] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 76.670370][ T5377] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 76.674449][ T5377] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 76.731269][ T1354] ieee802154 phy0 wpan0: encryption failed: -22
[ 76.734702][ T1354] ieee802154 phy1 wpan1: encryption failed: -22
[ 76.735494][ T813] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 76.743210][ T813] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 76.771394][ T22] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 76.775193][ T22] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 76.887370][ T4591] Bluetooth: hci0: command 0x0409 tx timeout
[ 78.966465][ T4591] Bluetooth: hci0: command 0x041b tx timeout
2023/09/30 05:08:34 executed programs: 117
[ 81.046457][ T4591] Bluetooth: hci0: command 0x040f tx timeout
[ 83.127004][ T4591] Bluetooth: hci0: command 0x0419 tx timeout
2023/09/30 05:08:39 executed programs: 358
[ 86.967567][ T973] cfg80211: failed to load regulatory.db
2023/09/30 05:08:44 executed programs: 603
2023/09/30 05:08:49 executed programs: 845
[ 98.384475][ T813] ==================================================================
[ 98.388808][ T813] BUG: KASAN: slab-use-after-free in do_raw_spin_unlock+0x1f7/0x230
[ 98.393310][ T813] Read of size 4 at addr ffff88801ed8493c by task kworker/3:2/813
[ 98.398861][ T813]
[ 98.400018][ T813] CPU: 3 PID: 813 Comm: kworker/3:2 Not tainted 6.6.0-rc3-syzkaller-dirty #0
[ 98.404113][ T813] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 98.409357][ T813] Workqueue: pencrypt_serial padata_serial_worker
[ 98.412361][ T813] Call Trace:
[ 98.413827][ T813]
[ 98.415248][ T813] dump_stack_lvl+0xd9/0x1b0
[ 98.417436][ T813] print_report+0xc4/0x620
[ 98.419284][ T813] ? __virt_addr_valid+0x5e/0x2d0
[ 98.421652][ T813] ? __phys_addr+0xc6/0x140
[ 98.423830][ T813] kasan_report+0xda/0x110
[ 98.425938][ T813] ? do_raw_spin_unlock+0x1f7/0x230
[ 98.428410][ T813] ? do_raw_spin_unlock+0x1f7/0x230
[ 98.430853][ T813] do_raw_spin_unlock+0x1f7/0x230
[ 98.433154][ T813] _raw_spin_unlock_bh+0x1e/0x30
[ 98.435475][ T813] tls_encrypt_done+0x281/0x560
[ 98.437770][ T813] padata_serial_worker+0x246/0x490
[ 98.440209][ T813] ? padata_find_next+0x430/0x430
[ 98.442567][ T813] process_one_work+0x884/0x15c0
[ 98.444917][ T813] ? init_worker_pool+0x770/0x770
[ 98.447273][ T813] ? assign_work+0x1a0/0x240
[ 98.449461][ T813] worker_thread+0x8b9/0x1290
[ 98.451698][ T813] ? __kthread_parkme+0x14b/0x220
[ 98.454056][ T813] ? process_one_work+0x15c0/0x15c0
[ 98.456525][ T813] kthread+0x33c/0x440
[ 98.458457][ T813] ? _raw_spin_unlock_irq+0x23/0x50
[ 98.460911][ T813] ? kthread_complete_and_exit+0x40/0x40
[ 98.463545][ T813] ret_from_fork+0x45/0x80
[ 98.465636][ T813] ? kthread_complete_and_exit+0x40/0x40
[ 98.468294][ T813] ret_from_fork_asm+0x11/0x20
[ 98.470555][ T813]
[ 98.472024][ T813]
[ 98.473144][ T813] Allocated by task 7577:
[ 98.475095][ T813] kasan_save_stack+0x33/0x50
[ 98.477292][ T813] kasan_set_track+0x25/0x30
[ 98.479298][ T813] __kasan_kmalloc+0xa3/0xb0
[ 98.481484][ T813] tls_set_sw_offload+0x12e0/0x1700
[ 98.483939][ T813] tls_setsockopt+0x108c/0x1340
[ 98.486237][ T813] __sys_setsockopt+0x2cd/0x5b0
[ 98.488536][ T813] __x64_sys_setsockopt+0xbd/0x150
[ 98.491009][ T813] do_syscall_64+0x38/0xb0
[ 98.493105][ T813] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 98.495831][ T813]
[ 98.496966][ T813] Freed by task 7576:
[ 98.498846][ T813] kasan_save_stack+0x33/0x50
[ 98.501098][ T813] kasan_set_track+0x25/0x30
[ 98.503133][ T813] kasan_save_free_info+0x28/0x40
[ 98.505484][ T813] ____kasan_slab_free+0x138/0x190
[ 98.507878][ T813] __kmem_cache_free+0xcc/0x2d0
[ 98.510147][ T813] tls_sk_proto_close+0x5ce/0xac0
[ 98.512458][ T813] inet_release+0x132/0x270
[ 98.514551][ T813] inet6_release+0x4f/0x70
[ 98.516547][ T813] __sock_release+0xae/0x260
[ 98.518700][ T813] sock_close+0x1c/0x20
[ 98.520499][ T813] __fput+0x3f7/0xa70
[ 98.522306][ T813] __fput_sync+0x47/0x50
[ 98.524336][ T813] __x64_sys_close+0x87/0xf0
[ 98.526540][ T813] do_syscall_64+0x38/0xb0
[ 98.528630][ T813] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 98.531393][ T813]
[ 98.532528][ T813] Last potentially related work creation:
[ 98.535208][ T813] kasan_save_stack+0x33/0x50
[ 98.537105][ T813] __kasan_record_aux_stack+0x78/0x80
[ 98.539610][ T813] kvfree_call_rcu+0x70/0xbe0
[ 98.541802][ T813] tls_ctx_free+0x69/0x90
[ 98.543846][ T813] tls_sk_proto_close+0x588/0xac0
[ 98.546205][ T813] inet_release+0x132/0x270
[ 98.548159][ T813] inet6_release+0x4f/0x70
[ 98.550253][ T813] __sock_release+0xae/0x260
[ 98.552132][ T813] sock_close+0x1c/0x20
[ 98.553662][ T813] __fput+0x3f7/0xa70
[ 98.555509][ T813] __fput_sync+0x47/0x50
[ 98.557503][ T813] __x64_sys_close+0x87/0xf0
[ 98.559669][ T813] do_syscall_64+0x38/0xb0
[ 98.561743][ T813] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 98.564523][ T813]
[ 98.565635][ T813] Second to last potentially related work creation:
[ 98.568614][ T813] kasan_save_stack+0x33/0x50
[ 98.570772][ T813] __kasan_record_aux_stack+0x78/0x80
[ 98.573286][ T813] kvfree_call_rcu+0x70/0xbe0
[ 98.575426][ T813] tls_ctx_free+0x69/0x90
[ 98.577441][ T813] tls_sk_proto_close+0x588/0xac0
[ 98.579748][ T813] inet_release+0x132/0x270
[ 98.581874][ T813] inet6_release+0x4f/0x70
[ 98.584002][ T813] __sock_release+0xae/0x260
[ 98.586167][ T813] sock_close+0x1c/0x20
[ 98.588130][ T813] __fput+0x3f7/0xa70
[ 98.589972][ T813] __fput_sync+0x47/0x50
[ 98.591972][ T813] __x64_sys_close+0x87/0xf0
[ 98.594076][ T813] do_syscall_64+0x38/0xb0
[ 98.596196][ T813] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 98.598907][ T813]
[ 98.600021][ T813] The buggy address belongs to the object at ffff88801ed84800
[ 98.600021][ T813] which belongs to the cache kmalloc-512 of size 512
[ 98.606389][ T813] The buggy address is located 316 bytes inside of
[ 98.606389][ T813] freed 512-byte region [ffff88801ed84800, ffff88801ed84a00)
[ 98.612961][ T813]
[ 98.614192][ T813] The buggy address belongs to the physical page:
[ 98.617160][ T813] page:ffffea00007b6100 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1ed84
[ 98.621540][ T813] flags: 0xfff00000000800(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 98.624816][ T813] page_type: 0x4()
[ 98.626512][ T813] raw: 00fff00000000800 ffff888012c40600 ffffea00008cf150 ffffea0000ee6e10
[ 98.630318][ T813] raw: 0000000000000000 ffff88801ed84000 0000000100000004 0000000000000000
[ 98.633981][ T813] page dumped because: kasan: bad access detected
[ 98.636738][ T813] page_owner tracks the page as allocated
[ 98.639256][ T813] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x3420c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_COMP|__GFP_HARDWALL|__GFP_THISNODE), pid 5237, tgid 5237 (udevd), ts 60297213654, free_ts 60296881728
[ 98.648677][ T813] post_alloc_hook+0x2cf/0x340
[ 98.650895][ T813] get_page_from_freelist+0xee0/0x2f20
[ 98.653424][ T813] __alloc_pages+0x1d0/0x4a0
[ 98.655563][ T813] cache_grow_begin+0x99/0x3a0
[ 98.657744][ T813] cache_alloc_refill+0x294/0x3a0
[ 98.660090][ T813] __kmem_cache_alloc_node+0x3c5/0x470
[ 98.662590][ T813] kmalloc_trace+0x25/0xe0
[ 98.664706][ T813] kernfs_fop_open+0x318/0xe00
[ 98.666985][ T813] do_dentry_open+0x88b/0x1730
[ 98.669229][ T813] path_openat+0x19af/0x29c0
[ 98.671429][ T813] do_filp_open+0x1de/0x430
[ 98.673570][ T813] do_sys_openat2+0x176/0x1e0
[ 98.675792][ T813] __x64_sys_openat+0x175/0x210
[ 98.678084][ T813] do_syscall_64+0x38/0xb0
[ 98.680183][ T813] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 98.682888][ T813] page last free stack trace:
[ 98.684846][ T813] free_unref_page_prepare+0x476/0xa40
[ 98.687350][ T813] free_unref_page+0x33/0x3b0
[ 98.689560][ T813] inode_doinit_with_dentry+0xac0/0x12c0
[ 98.692157][ T813] selinux_d_instantiate+0x26/0x30
[ 98.694318][ T813] security_d_instantiate+0x54/0xe0
[ 98.696260][ T813] d_splice_alias+0x94/0xdf0
[ 98.697956][ T813] kernfs_iop_lookup+0x283/0x330
[ 98.700017][ T813] __lookup_slow+0x24d/0x450
[ 98.702195][ T813] walk_component+0x349/0x5a0
[ 98.704346][ T813] path_lookupat+0x17f/0x770
[ 98.706513][ T813] filename_lookup+0x1e7/0x5b0
[ 98.708785][ T813] vfs_statx+0x160/0x430
[ 98.710784][ T813] vfs_fstatat+0xb3/0x140
[ 98.712813][ T813] __do_sys_newfstatat+0x98/0x110
[ 98.715139][ T813] do_syscall_64+0x38/0xb0
[ 98.717279][ T813] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 98.719835][ T813]
[ 98.720895][ T813] Memory state around the buggy address:
[ 98.723383][ T813] ffff88801ed84800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 98.726898][ T813] ffff88801ed84880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 98.730259][ T813] >ffff88801ed84900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 98.733841][ T813] ^
[ 98.736476][ T813] ffff88801ed84980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 98.739617][ T813] ffff88801ed84a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 98.742664][ T813] ==================================================================
[ 98.746586][ T813] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 98.749547][ T813] CPU: 3 PID: 813 Comm: kworker/3:2 Not tainted 6.6.0-rc3-syzkaller-dirty #0
[ 98.753103][ T813] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 98.757211][ T813] Workqueue: pencrypt_serial padata_serial_worker
[ 98.759841][ T813] Call Trace:
[ 98.761213][ T813]
[ 98.762426][ T813] dump_stack_lvl+0xd9/0x1b0
[ 98.764367][ T813] panic+0x6a6/0x750
[ 98.766009][ T813] ? panic_smp_self_stop+0xa0/0xa0
[ 98.768180][ T813] ? asm_sysvec_call_function+0x1a/0x20
[ 98.770439][ T813] check_panic_on_warn+0xab/0xb0
[ 98.772489][ T813] end_report+0x108/0x150
[ 98.774244][ T813] kasan_report+0xea/0x110
[ 98.776077][ T813] ? do_raw_spin_unlock+0x1f7/0x230
[ 98.778214][ T813] ? do_raw_spin_unlock+0x1f7/0x230
[ 98.780354][ T813] do_raw_spin_unlock+0x1f7/0x230
[ 98.782404][ T813] _raw_spin_unlock_bh+0x1e/0x30
[ 98.784436][ T813] tls_encrypt_done+0x281/0x560
[ 98.786422][ T813] padata_serial_worker+0x246/0x490
[ 98.788544][ T813] ? padata_find_next+0x430/0x430
[ 98.790582][ T813] process_one_work+0x884/0x15c0
[ 98.792607][ T813] ? init_worker_pool+0x770/0x770
[ 98.794655][ T813] ? assign_work+0x1a0/0x240
[ 98.796555][ T813] worker_thread+0x8b9/0x1290
[ 98.798279][ T813] ? __kthread_parkme+0x14b/0x220
[ 98.800147][ T813] ? process_one_work+0x15c0/0x15c0
[ 98.802261][ T813] kthread+0x33c/0x440
[ 98.803950][ T813] ? _raw_spin_unlock_irq+0x23/0x50
[ 98.806053][ T813] ? kthread_complete_and_exit+0x40/0x40
[ 98.808303][ T813] ret_from_fork+0x45/0x80
[ 98.810145][ T813] ? kthread_complete_and_exit+0x40/0x40
[ 98.812432][ T813] ret_from_fork_asm+0x11/0x20
[ 98.814394][ T813]
[ 98.816552][ T813] Kernel Offset: disabled
[ 98.818123][ T813] Rebooting in 86400 seconds..