Warning: Permanently added '[localhost]:19257' (ED25519) to the list of known hosts.
2024/10/16 19:48:42 ignoring optional flag "sandboxArg"="0"
2024/10/16 19:48:42 ignoring optional flag "type"="qemu"
2024/10/16 19:48:42 parsed 1 programs
[   59.514254][   T39] audit: type=1400 audit(1729108122.433:132): avc:  denied  { getattr } for  pid=5453 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   59.521589][   T39] audit: type=1400 audit(1729108122.433:133): avc:  denied  { read } for  pid=5453 comm="syz-execprog" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   59.527207][   T39] audit: type=1400 audit(1729108122.433:134): avc:  denied  { open } for  pid=5453 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   59.580190][   T39] audit: type=1400 audit(1729108122.503:135): avc:  denied  { unlink } for  pid=5459 comm="syz-executor" name="swap-file" dev="sda1" ino=1931 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   60.485441][ T5459] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
2024/10/16 19:48:43 executed programs: 0
[   60.535842][ T5348] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   60.539345][ T5348] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   60.542813][ T5348] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   60.546449][ T5348] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   60.549861][ T5348] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   60.552432][ T5348] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   60.558135][   T39] audit: type=1400 audit(1729108123.483:136): avc:  denied  { mounton } for  pid=5464 comm="syz-executor.0" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[   60.648287][ T5464] chnl_net:caif_netlink_parms(): no params data found
[   60.707238][ T5464] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.709996][ T5464] bridge0: port 1(bridge_slave_0) entered disabled state
[   60.712576][ T5464] bridge_slave_0: entered allmulticast mode
[   60.715502][ T5464] bridge_slave_0: entered promiscuous mode
[   60.721741][ T5464] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.724694][ T5464] bridge0: port 2(bridge_slave_1) entered disabled state
[   60.727171][ T5464] bridge_slave_1: entered allmulticast mode
[   60.730331][ T5464] bridge_slave_1: entered promiscuous mode
[   60.763469][ T5464] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   60.769956][ T5464] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   60.801714][ T5464] team0: Port device team_slave_0 added
[   60.804970][ T5464] team0: Port device team_slave_1 added
[   60.835525][ T5464] batman_adv: batadv0: Adding interface: batadv_slave_0
[   60.837536][ T5464] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   60.844652][ T5464] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   60.849746][ T5464] batman_adv: batadv0: Adding interface: batadv_slave_1
[   60.852310][ T5464] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   60.859904][ T5464] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   60.894197][ T5464] hsr_slave_0: entered promiscuous mode
[   60.896582][ T5464] hsr_slave_1: entered promiscuous mode
[   61.395434][ T5464] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   61.400005][ T5464] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   61.404441][ T5464] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   61.409991][ T5464] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   61.420684][ T5464] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.422815][ T5464] bridge0: port 2(bridge_slave_1) entered forwarding state
[   61.425481][ T5464] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.427754][ T5464] bridge0: port 1(bridge_slave_0) entered forwarding state
[   61.464650][ T5464] 8021q: adding VLAN 0 to HW filter on device bond0
[   61.473622][ T1101] bridge0: port 1(bridge_slave_0) entered disabled state
[   61.477707][ T1101] bridge0: port 2(bridge_slave_1) entered disabled state
[   61.488625][ T5464] 8021q: adding VLAN 0 to HW filter on device team0
[   61.493460][ T1101] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.495338][ T1101] bridge0: port 1(bridge_slave_0) entered forwarding state
[   61.501579][  T158] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.504181][  T158] bridge0: port 2(bridge_slave_1) entered forwarding state
[   61.593884][ T5464] 8021q: adding VLAN 0 to HW filter on device batadv0
[   61.610770][ T5464] veth0_vlan: entered promiscuous mode
[   61.616130][ T5464] veth1_vlan: entered promiscuous mode
[   61.636102][ T5464] veth0_macvtap: entered promiscuous mode
[   61.640493][ T5464] veth1_macvtap: entered promiscuous mode
[   61.649891][ T5464] batman_adv: batadv0: Interface activated: batadv_slave_0
[   61.656167][ T5464] batman_adv: batadv0: Interface activated: batadv_slave_1
[   61.662337][ T5464] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   61.665591][ T5464] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   61.670166][ T5464] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   61.673251][ T5464] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   61.718671][ T1101] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   61.721209][ T1101] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   61.724089][ T1101] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   61.726924][ T1101] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   61.753604][   T39] audit: type=1400 audit(1729108124.673:137): avc:  denied  { connect } for  pid=5519 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   62.638362][ T4774] Bluetooth: hci0: command tx timeout
[   64.718267][ T4774] Bluetooth: hci0: command 0x041b tx timeout
2024/10/16 19:48:48 executed programs: 5
[   66.797707][ T4774] Bluetooth: hci0: command 0x041b tx timeout
[   68.878409][ T5348] Bluetooth: hci0: command 0x041b tx timeout
[   70.957698][ T5348] Bluetooth: hci0: command 0x041b tx timeout
2024/10/16 19:48:53 executed programs: 11
[   71.529418][ T1380] ieee802154 phy0 wpan0: encryption failed: -22
[   71.531940][ T1380] ieee802154 phy1 wpan1: encryption failed: -22
[   73.037565][ T4774] Bluetooth: hci0: command 0x041b tx timeout
2024/10/16 19:48:59 executed programs: 17
2024/10/16 19:49:04 executed programs: 25
[   81.759716][   T30] cfg80211: failed to load regulatory.db
2024/10/16 19:49:09 executed programs: 31
2024/10/16 19:49:14 executed programs: 37
2024/10/16 19:49:19 executed programs: 43
2024/10/16 19:49:24 executed programs: 49
[  104.798793][  T827] ==================================================================
[  104.801547][  T827] BUG: KASAN: slab-use-after-free in sco_sock_timeout+0x97/0x2c0
[  104.804203][  T827] Write of size 4 at addr ffff88802e4aa080 by task kworker/0:2/827
[  104.808323][  T827] 
[  104.809572][  T827] CPU: 0 UID: 0 PID: 827 Comm: kworker/0:2 Not tainted 6.12.0-rc3-syzkaller-g2f87d0916ce0 #0
[  104.813219][  T827] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  104.816892][  T827] Workqueue: events sco_sock_timeout
[  104.818724][  T827] Call Trace:
[  104.819855][  T827]  <TASK>
[  104.820872][  T827]  dump_stack_lvl+0x116/0x1f0
[  104.822487][  T827]  print_report+0xc3/0x620
[  104.824003][  T827]  ? __virt_addr_valid+0x5e/0x590
[  104.825756][  T827]  ? __phys_addr+0xc6/0x150
[  104.827304][  T827]  kasan_report+0xd9/0x110
[  104.828823][  T827]  ? sco_sock_timeout+0x97/0x2c0
[  104.830502][  T827]  ? sco_sock_timeout+0x97/0x2c0
[  104.832175][  T827]  kasan_check_range+0xef/0x1a0
[  104.833828][  T827]  sco_sock_timeout+0x97/0x2c0
[  104.835443][  T827]  process_one_work+0x9c5/0x1ba0
[  104.837110][  T827]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  104.839031][  T827]  ? __pfx_process_one_work+0x10/0x10
[  104.840838][  T827]  ? assign_work+0x1a0/0x250
[  104.842387][  T827]  worker_thread+0x6c8/0xf00
[  104.843967][  T827]  ? __kthread_parkme+0x148/0x220
[  104.845723][  T827]  ? __pfx_worker_thread+0x10/0x10
[  104.847461][  T827]  kthread+0x2c1/0x3a0
[  104.848874][  T827]  ? _raw_spin_unlock_irq+0x23/0x50
[  104.850690][  T827]  ? __pfx_kthread+0x10/0x10
[  104.852313][  T827]  ret_from_fork+0x45/0x80
[  104.853940][  T827]  ? __pfx_kthread+0x10/0x10
[  104.855588][  T827]  ret_from_fork_asm+0x1a/0x30
[  104.857330][  T827]  </TASK>
[  104.858481][  T827] 
[  104.859460][  T827] Allocated by task 5580:
[  104.861049][  T827]  kasan_save_stack+0x33/0x60
[  104.862766][  T827]  kasan_save_track+0x14/0x30
[  104.864403][  T827]  __kasan_kmalloc+0xaa/0xb0
[  104.866007][  T827]  __kmalloc_noprof+0x1e8/0x400
[  104.867690][  T827]  sk_prot_alloc+0x1a8/0x2a0
[  104.869403][  T827]  sk_alloc+0x36/0xb90
[  104.870856][  T827]  bt_sock_alloc+0x3b/0x3a0
[  104.872429][  T827]  sco_sock_create+0xe3/0x3c0
[  104.874068][  T827]  bt_sock_create+0x182/0x350
[  104.875711][  T827]  __sock_create+0x32e/0x840
[  104.877477][  T827]  __sys_socket+0x14f/0x260
[  104.879204][  T827]  __x64_sys_socket+0x72/0xb0
[  104.880990][  T827]  do_syscall_64+0xcd/0x250
[  104.882619][  T827]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.884731][  T827] 
[  104.885494][  T827] Freed by task 5581:
[  104.886864][  T827]  kasan_save_stack+0x33/0x60
[  104.888464][  T827]  kasan_save_track+0x14/0x30
[  104.890038][  T827]  kasan_save_free_info+0x3b/0x60
[  104.891757][  T827]  __kasan_slab_free+0x51/0x70
[  104.893385][  T827]  kfree+0x14f/0x4b0
[  104.894757][  T827]  __sk_destruct+0x5eb/0x720
[  104.896352][  T827]  sk_destruct+0xc2/0xf0
[  104.897826][  T827]  __sk_free+0xf4/0x3e0
[  104.899249][  T827]  sk_free+0x6a/0x90
[  104.900587][  T827]  sco_sock_kill+0x11a/0x1c0
[  104.902171][  T827]  sco_sock_release+0x154/0x2d0
[  104.903893][  T827]  __sock_release+0xb0/0x270
[  104.905541][  T827]  sock_close+0x1c/0x30
[  104.907097][  T827]  __fput+0x3f6/0xb60
[  104.908576][  T827]  task_work_run+0x14e/0x250
[  104.910201][  T827]  get_signal+0x1ca/0x2770
[  104.911736][  T827]  arch_do_signal_or_restart+0x90/0x7e0
[  104.913579][  T827]  syscall_exit_to_user_mode+0x150/0x2a0
[  104.915490][  T827]  do_syscall_64+0xda/0x250
[  104.917037][  T827]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.919057][  T827] 
[  104.919864][  T827] The buggy address belongs to the object at ffff88802e4aa000
[  104.919864][  T827]  which belongs to the cache kmalloc-2k of size 2048
[  104.924648][  T827] The buggy address is located 128 bytes inside of
[  104.924648][  T827]  freed 2048-byte region [ffff88802e4aa000, ffff88802e4aa800)
[  104.929304][  T827] 
[  104.930125][  T827] The buggy address belongs to the physical page:
[  104.932305][  T827] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88802e4aa000 pfn:0x2e4a8
[  104.935874][  T827] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  104.938923][  T827] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff)
[  104.942122][  T827] page_type: f5(slab)
[  104.943661][  T827] raw: 00fff00000000240 ffff88801b042f00 ffffea00009ccc10 ffffea000098da10
[  104.946619][  T827] raw: ffff88802e4aa000 0000000000080001 00000001f5000000 0000000000000000
[  104.949288][  T827] head: 00fff00000000240 ffff88801b042f00 ffffea00009ccc10 ffffea000098da10
[  104.952171][  T827] head: ffff88802e4aa000 0000000000080001 00000001f5000000 0000000000000000
[  104.954887][  T827] head: 00fff00000000003 ffffea0000b92a01 ffffffffffffffff 0000000000000000
[  104.957800][  T827] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  104.960627][  T827] page dumped because: kasan: bad access detected
[  104.963096][  T827] page_owner tracks the page as allocated
[  104.965293][  T827] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5346, tgid 5346 (syz-executor.0), ts 44800547331, free_ts 44758528567
[  104.972554][  T827]  post_alloc_hook+0x2d1/0x350
[  104.973902][  T827]  get_page_from_freelist+0x101e/0x3070
[  104.975559][  T827]  __alloc_pages_noprof+0x223/0x25a0
[  104.977290][  T827]  alloc_pages_mpol_noprof+0x2c9/0x610
[  104.979131][  T827]  new_slab+0x2ba/0x3f0
[  104.980212][  T827]  ___slab_alloc+0xdac/0x1880
[  104.981435][  T827]  __slab_alloc.constprop.0+0x56/0xb0
[  104.982876][  T827]  __kmalloc_node_track_caller_noprof+0x355/0x430
[  104.984615][  T827]  kmalloc_reserve+0xef/0x2c0
[  104.986340][  T827]  __alloc_skb+0x164/0x380
[  104.987792][  T827]  audit_log_start+0x2e1/0x7e0
[  104.989071][  T827]  common_lsm_audit+0xe5/0x2210
[  104.990428][  T827]  slow_avc_audit+0x17d/0x210
[  104.991616][  T827]  avc_has_perm+0x18d/0x1c0
[  104.992947][  T827]  inode_has_perm+0x168/0x1d0
[  104.994298][  T827]  selinux_file_open+0x314/0x430
[  104.995815][  T827] page last free pid 5346 tgid 5346 stack trace:
[  104.997512][  T827]  free_unref_page+0x5f4/0xdc0
[  104.998828][  T827]  qlist_free_all+0x4e/0x120
[  105.000072][  T827]  kasan_quarantine_reduce+0x192/0x1e0
[  105.001552][  T827]  __kasan_slab_alloc+0x69/0x90
[  105.002881][  T827]  kmem_cache_alloc_node_noprof+0x153/0x310
[  105.004496][  T827]  __alloc_skb+0x2b1/0x380
[  105.006018][  T827]  netlink_ack+0x164/0xb90
[  105.007211][  T827]  netlink_rcv_skb+0x348/0x440
[  105.008484][  T827]  netlink_unicast+0x53c/0x7f0
[  105.009769][  T827]  netlink_sendmsg+0x8b8/0xd70
[  105.011029][  T827]  __sys_sendto+0x479/0x4d0
[  105.012328][  T827]  __x64_sys_sendto+0xe0/0x1c0
[  105.013683][  T827]  do_syscall_64+0xcd/0x250
[  105.015128][  T827]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.017253][  T827] 
[  105.018119][  T827] Memory state around the buggy address:
[  105.019660][  T827]  ffff88802e4a9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  105.021949][  T827]  ffff88802e4aa000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  105.024275][  T827] >ffff88802e4aa080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  105.027119][  T827]                    ^
[  105.028590][  T827]  ffff88802e4aa100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  105.031463][  T827]  ffff88802e4aa180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  105.034263][  T827] ==================================================================
[  105.037345][  T827] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  105.039963][  T827] CPU: 0 UID: 0 PID: 827 Comm: kworker/0:2 Not tainted 6.12.0-rc3-syzkaller-g2f87d0916ce0 #0
[  105.043591][  T827] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  105.047383][  T827] Workqueue: events sco_sock_timeout
[  105.049281][  T827] Call Trace:
[  105.050510][  T827]  <TASK>
[  105.051546][  T827]  dump_stack_lvl+0x3d/0x1f0
[  105.052763][  T827]  panic+0x71d/0x800
[  105.053781][  T827]  ? mark_held_locks+0x9f/0xe0
[  105.055273][  T827]  ? __pfx_panic+0x10/0x10
[  105.056924][  T827]  ? irqentry_exit+0x3b/0x90
[  105.058258][  T827]  ? lockdep_hardirqs_on+0x7c/0x110
[  105.059606][  T827]  ? check_panic_on_warn+0x1f/0xb0
[  105.060922][  T827]  check_panic_on_warn+0xab/0xb0
[  105.062220][  T827]  end_report+0x117/0x180
[  105.063341][  T827]  kasan_report+0xe9/0x110
[  105.064655][  T827]  ? sco_sock_timeout+0x97/0x2c0
[  105.066418][  T827]  ? sco_sock_timeout+0x97/0x2c0
[  105.068131][  T827]  kasan_check_range+0xef/0x1a0
[  105.069901][  T827]  sco_sock_timeout+0x97/0x2c0
[  105.071336][  T827]  process_one_work+0x9c5/0x1ba0
[  105.072628][  T827]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  105.074446][  T827]  ? __pfx_process_one_work+0x10/0x10
[  105.076296][  T827]  ? assign_work+0x1a0/0x250
[  105.077923][  T827]  worker_thread+0x6c8/0xf00
[  105.079506][  T827]  ? __kthread_parkme+0x148/0x220
[  105.081259][  T827]  ? __pfx_worker_thread+0x10/0x10
[  105.083117][  T827]  kthread+0x2c1/0x3a0
[  105.084348][  T827]  ? _raw_spin_unlock_irq+0x23/0x50
[  105.085986][  T827]  ? __pfx_kthread+0x10/0x10
[  105.087345][  T827]  ret_from_fork+0x45/0x80
[  105.088731][  T827]  ? __pfx_kthread+0x10/0x10
[  105.089925][  T827]  ret_from_fork_asm+0x1a/0x30
[  105.091163][  T827]  </TASK>
[  105.092552][  T827] Kernel Offset: disabled
[  105.093749][  T827] Rebooting in 86400 seconds..