[   71.875431][ T1418] ieee802154 phy0 wpan0: encryption failed: -22
[   71.878184][ T1418] ieee802154 phy1 wpan1: encryption failed: -22
Warning: Permanently added '[localhost]:21418' (ED25519) to the list of known hosts.
2025/02/15 01:20:45 ignoring optional flag "sandboxArg"="0"
2025/02/15 01:20:46 parsed 1 programs
[   76.976069][   T39] kauditd_printk_skb: 28 callbacks suppressed
[   76.976082][   T39] audit: type=1400 audit(1739582448.264:143): avc:  denied  { unlink } for  pid=6243 comm="syz-executor" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   77.828458][ T6243] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   79.639647][ T6026] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   79.643992][ T6026] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   79.647402][ T6026] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   79.651381][ T6026] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   79.654842][ T6026] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   79.657279][ T6026] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   79.837510][   T77] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   79.839921][   T77] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   79.852015][   T77] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   79.856010][   T77] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   80.935393][ T6320] chnl_net:caif_netlink_parms(): no params data found
[   80.995673][ T6320] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.997812][ T6320] bridge0: port 1(bridge_slave_0) entered disabled state
[   80.999915][ T6320] bridge_slave_0: entered allmulticast mode
[   81.003125][ T6320] bridge_slave_0: entered promiscuous mode
[   81.006096][ T6320] bridge0: port 2(bridge_slave_1) entered blocking state
[   81.008165][ T6320] bridge0: port 2(bridge_slave_1) entered disabled state
[   81.010277][ T6320] bridge_slave_1: entered allmulticast mode
[   81.012806][ T6320] bridge_slave_1: entered promiscuous mode
[   81.043560][ T6320] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   81.049100][ T6320] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   81.083515][ T6320] team0: Port device team_slave_0 added
[   81.087833][ T6320] team0: Port device team_slave_1 added
[   81.135686][ T6320] batman_adv: batadv0: Adding interface: batadv_slave_0
[   81.137684][ T6320] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   81.146145][ T6320] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   81.150117][ T6320] batman_adv: batadv0: Adding interface: batadv_slave_1
[   81.152636][ T6320] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   81.159978][ T6320] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   81.193403][ T6320] hsr_slave_0: entered promiscuous mode
[   81.196522][ T6320] hsr_slave_1: entered promiscuous mode
[   81.743198][ T6320] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   81.748409][ T6320] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   81.753363][ T6320] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   81.764070][ T6320] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   81.776255][ T6320] bridge0: port 2(bridge_slave_1) entered blocking state
[   81.778296][ T6320] bridge0: port 2(bridge_slave_1) entered forwarding state
[   81.780986][ T6320] bridge0: port 1(bridge_slave_0) entered blocking state
[   81.783739][ T6320] bridge0: port 1(bridge_slave_0) entered forwarding state
[   81.809245][ T6320] 8021q: adding VLAN 0 to HW filter on device bond0
[   81.817659][   T99] bridge0: port 1(bridge_slave_0) entered disabled state
[   81.820490][   T99] bridge0: port 2(bridge_slave_1) entered disabled state
[   81.832050][ T6320] 8021q: adding VLAN 0 to HW filter on device team0
[   81.840109][ T1140] bridge0: port 1(bridge_slave_0) entered blocking state
[   81.843079][ T1140] bridge0: port 1(bridge_slave_0) entered forwarding state
[   81.849472][   T99] bridge0: port 2(bridge_slave_1) entered blocking state
[   81.851834][   T99] bridge0: port 2(bridge_slave_1) entered forwarding state
[   81.948931][ T6320] 8021q: adding VLAN 0 to HW filter on device batadv0
[   81.966889][ T6320] veth0_vlan: entered promiscuous mode
[   81.971520][ T6320] veth1_vlan: entered promiscuous mode
[   81.984269][ T6320] veth0_macvtap: entered promiscuous mode
[   81.987939][ T6320] veth1_macvtap: entered promiscuous mode
[   81.996428][ T6320] batman_adv: batadv0: Interface activated: batadv_slave_0
[   82.002423][ T6320] batman_adv: batadv0: Interface activated: batadv_slave_1
[   82.007763][ T6320] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   82.011290][ T6320] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   82.014974][ T6320] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   82.018401][ T6320] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   82.118539][   T30] cfg80211: failed to load regulatory.db
[   82.118681][   T99] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   82.191663][   T99] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   82.273120][   T99] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   82.327245][   T99] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   82.659311][   T39] audit: type=1401 audit(1739582453.944:144): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
2025/02/15 01:20:54 executed programs: 0
[   82.975812][ T6026] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   82.980319][ T6026] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   82.984542][ T6026] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   82.988278][ T6026] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   82.991417][ T6026] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   82.996375][ T6026] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   83.088484][ T6451] chnl_net:caif_netlink_parms(): no params data found
[   83.158030][ T6451] bridge0: port 1(bridge_slave_0) entered blocking state
[   83.160638][ T6451] bridge0: port 1(bridge_slave_0) entered disabled state
[   83.164029][ T6451] bridge_slave_0: entered allmulticast mode
[   83.166751][ T6451] bridge_slave_0: entered promiscuous mode
[   83.170146][ T6451] bridge0: port 2(bridge_slave_1) entered blocking state
[   83.172199][ T6451] bridge0: port 2(bridge_slave_1) entered disabled state
[   83.174289][ T6451] bridge_slave_1: entered allmulticast mode
[   83.176463][ T6451] bridge_slave_1: entered promiscuous mode
[   83.199895][ T6451] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   83.205204][ T6451] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   83.231626][ T6451] team0: Port device team_slave_0 added
[   83.236638][ T6451] team0: Port device team_slave_1 added
[   83.263393][ T6451] batman_adv: batadv0: Adding interface: batadv_slave_0
[   83.265401][ T6451] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   83.273751][ T6451] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   83.277745][ T6451] batman_adv: batadv0: Adding interface: batadv_slave_1
[   83.279710][ T6451] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   83.287048][ T6451] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   83.312213][ T6451] hsr_slave_0: entered promiscuous mode
[   83.314300][ T6451] hsr_slave_1: entered promiscuous mode
[   83.317057][ T6451] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   83.319193][ T6451] Cannot create hsr debugfs directory
[   85.072592][ T6026] Bluetooth: hci0: command tx timeout
[   85.709798][   T99] bridge_slave_1: left allmulticast mode
[   85.712070][   T99] bridge_slave_1: left promiscuous mode
[   85.715004][   T99] bridge0: port 2(bridge_slave_1) entered disabled state
[   85.718969][   T99] bridge_slave_0: left allmulticast mode
[   85.720578][   T99] bridge_slave_0: left promiscuous mode
[   85.722362][   T99] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.960459][   T99] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   85.968216][   T99] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   85.976908][   T99] bond0 (unregistering): Released all slaves
[   86.097694][   T99] hsr_slave_0: left promiscuous mode
[   86.100368][   T99] hsr_slave_1: left promiscuous mode
[   86.103196][   T99] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   86.106041][   T99] batman_adv: batadv0: Removing interface: batadv_slave_0
[   86.109649][   T99] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   86.112963][   T99] batman_adv: batadv0: Removing interface: batadv_slave_1
[   86.140968][   T99] veth1_macvtap: left promiscuous mode
[   86.143311][   T99] veth0_macvtap: left promiscuous mode
[   86.145449][   T99] veth1_vlan: left promiscuous mode
[   86.147483][   T99] veth0_vlan: left promiscuous mode
[   86.729208][   T99] team0 (unregistering): Port device team_slave_1 removed
[   86.796309][   T99] team0 (unregistering): Port device team_slave_0 removed
[   87.155650][ T6026] Bluetooth: hci0: command tx timeout
[   87.725091][ T6451] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   87.729892][ T6451] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   87.734691][ T6451] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   87.738285][ T6451] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   87.790737][ T6451] 8021q: adding VLAN 0 to HW filter on device bond0
[   87.801864][ T6451] 8021q: adding VLAN 0 to HW filter on device team0
[   87.808537][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.810951][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[   87.819460][   T77] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.822268][   T77] bridge0: port 2(bridge_slave_1) entered forwarding state
[   87.979361][ T6451] 8021q: adding VLAN 0 to HW filter on device batadv0
[   88.001475][ T6451] veth0_vlan: entered promiscuous mode
[   88.009355][ T6451] veth1_vlan: entered promiscuous mode
[   88.024315][ T6451] veth0_macvtap: entered promiscuous mode
[   88.027596][ T6451] veth1_macvtap: entered promiscuous mode
[   88.046121][ T6451] batman_adv: batadv0: Interface activated: batadv_slave_0
[   88.055654][ T6451] batman_adv: batadv0: Interface activated: batadv_slave_1
[   88.062101][ T6451] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   88.065491][ T6451] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   88.068637][ T6451] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   88.071832][ T6451] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   88.149425][   T77] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   88.152101][   T77] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   88.163313][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   88.166203][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/02/15 01:20:59 executed programs: 2
[   88.220301][   T39] audit: type=1400 audit(1739582459.504:145): avc:  denied  { mount } for  pid=6546 comm="syz.0.16" name="/" dev="9p" ino=27131930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[   88.231534][   T39] audit: type=1400 audit(1739582459.514:146): avc:  denied  { write } for  pid=6546 comm="syz.0.16" name="/" dev="9p" ino=27131930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   88.235258][ T6547] netfs: Couldn't get user pages (rc=-14)
[   88.239882][   T39] audit: type=1400 audit(1739582459.514:147): avc:  denied  { add_name } for  pid=6546 comm="syz.0.16" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   88.248921][   T39] audit: type=1400 audit(1739582459.514:148): avc:  denied  { create } for  pid=6546 comm="syz.0.16" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   88.256929][   T39] audit: type=1400 audit(1739582459.514:149): avc:  denied  { associate } for  pid=6546 comm="syz.0.16" name="file0" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[   88.266004][   T39] audit: type=1400 audit(1739582459.514:150): avc:  denied  { read write } for  pid=6546 comm="syz.0.16" name="file0" dev="9p" ino=27131933 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   88.274517][   T39] audit: type=1400 audit(1739582459.514:151): avc:  denied  { open } for  pid=6546 comm="syz.0.16" path="/0/bus/file0" dev="9p" ino=27131933 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   88.282745][   T39] audit: type=1400 audit(1739582459.524:152): avc:  denied  { append } for  pid=6546 comm="syz.0.16" name="file0" dev="9p" ino=27131933 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   88.336721][   T39] audit: type=1400 audit(1739582459.624:153): avc:  denied  { unmount } for  pid=6451 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[   88.468187][ T6549] netfs: Couldn't get user pages (rc=-14)
[   88.694571][ T6551] netfs: Couldn't get user pages (rc=-14)
[   89.003723][ T6554] netfs: Couldn't get user pages (rc=-14)
[   89.170767][ T6556] netfs: Couldn't get user pages (rc=-14)
[   89.242444][ T6026] Bluetooth: hci0: command tx timeout
[   89.391017][ T6558] netfs: Couldn't get user pages (rc=-14)
[   89.674477][ T6560] netfs: Couldn't get user pages (rc=-14)
[   89.944215][ T6563] netfs: Couldn't get user pages (rc=-14)
[   90.194546][ T6565] netfs: Couldn't get user pages (rc=-14)
[   90.383680][ T6567] netfs: Couldn't get user pages (rc=-14)
[   90.603833][ T6569] netfs: Couldn't get user pages (rc=-14)
[   90.781713][ T6571] netfs: Couldn't get user pages (rc=-14)
[   90.999638][ T6573] netfs: Couldn't get user pages (rc=-14)
[   91.199046][ T6575] netfs: Couldn't get user pages (rc=-14)
[   91.322359][ T6026] Bluetooth: hci0: command tx timeout
[   91.372633][ T6577] netfs: Couldn't get user pages (rc=-14)
[   91.615628][ T6579] netfs: Couldn't get user pages (rc=-14)
[   91.846180][ T6581] netfs: Couldn't get user pages (rc=-14)
[   92.044028][ T6583] netfs: Couldn't get user pages (rc=-14)
[   92.241631][ T6585] netfs: Couldn't get user pages (rc=-14)
[   92.452339][ T6588] netfs: Couldn't get user pages (rc=-14)
[   92.613850][ T6590] netfs: Couldn't get user pages (rc=-14)
[   92.766308][ T6593] netfs: Couldn't get user pages (rc=-14)
[   92.966219][ T6595] netfs: Couldn't get user pages (rc=-14)
[   93.152060][ T6598] netfs: Couldn't get user pages (rc=-14)
2025/02/15 01:21:04 executed programs: 26
[   93.361930][ T6600] netfs: Couldn't get user pages (rc=-14)
[   93.519140][ T6602] netfs: Couldn't get user pages (rc=-14)
[   93.728732][ T6605] netfs: Couldn't get user pages (rc=-14)
[   93.910518][ T6608] netfs: Couldn't get user pages (rc=-14)
[   94.117011][ T6610] netfs: Couldn't get user pages (rc=-14)
[   94.311878][ T6612] netfs: Couldn't get user pages (rc=-14)
[   94.487968][ T6614] netfs: Couldn't get user pages (rc=-14)
[   94.672502][ T6616] netfs: Couldn't get user pages (rc=-14)
[   94.853510][ T6618] netfs: Couldn't get user pages (rc=-14)
[   95.045958][ T6620] netfs: Couldn't get user pages (rc=-14)
[   95.219641][ T6622] netfs: Couldn't get user pages (rc=-14)
[   95.378392][ T6624] netfs: Couldn't get user pages (rc=-14)
[   95.543710][ T6626] netfs: Couldn't get user pages (rc=-14)
[   95.710039][ T6628] netfs: Couldn't get user pages (rc=-14)
[   95.959540][ T6630] netfs: Couldn't get user pages (rc=-14)
[   96.120945][ T6632] netfs: Couldn't get user pages (rc=-14)
[   96.297802][ T6634] netfs: Couldn't get user pages (rc=-14)
[   96.511953][ T6636] netfs: Couldn't get user pages (rc=-14)
[   96.688549][ T6638] netfs: Couldn't get user pages (rc=-14)
[   96.898642][ T6640] netfs: Couldn't get user pages (rc=-14)
[   97.051235][ T6642] netfs: Couldn't get user pages (rc=-14)
[   97.257234][ T6644] netfs: Couldn't get user pages (rc=-14)
[   97.491625][ T6646] netfs: Couldn't get user pages (rc=-14)
[   97.687510][ T6648] netfs: Couldn't get user pages (rc=-14)
[   97.879260][ T6650] netfs: Couldn't get user pages (rc=-14)
[   98.074398][ T6652] netfs: Couldn't get user pages (rc=-14)
[   98.253434][ T6654] netfs: Couldn't get user pages (rc=-14)
2025/02/15 01:21:09 executed programs: 53
[   98.423927][ T6656] netfs: Couldn't get user pages (rc=-14)
[   98.618251][ T6658] netfs: Couldn't get user pages (rc=-14)
[   98.810252][ T6660] netfs: Couldn't get user pages (rc=-14)
[   98.977836][ T6662] netfs: Couldn't get user pages (rc=-14)
[   99.141928][ T6664] netfs: Couldn't get user pages (rc=-14)
[   99.343500][ T6666] netfs: Couldn't get user pages (rc=-14)
[   99.530757][ T6668] netfs: Couldn't get user pages (rc=-14)
[   99.699993][ T6670] netfs: Couldn't get user pages (rc=-14)
[   99.862917][ T6672] netfs: Couldn't get user pages (rc=-14)
[  100.031658][ T6674] netfs: Couldn't get user pages (rc=-14)
[  100.220789][ T6676] netfs: Couldn't get user pages (rc=-14)
[  100.420887][ T6678] netfs: Couldn't get user pages (rc=-14)
[  100.603480][ T6680] netfs: Couldn't get user pages (rc=-14)
[  100.817834][ T6682] netfs: Couldn't get user pages (rc=-14)
[  101.006765][ T6684] netfs: Couldn't get user pages (rc=-14)
[  101.200910][ T6686] netfs: Couldn't get user pages (rc=-14)
[  101.435818][ T6688] netfs: Couldn't get user pages (rc=-14)
[  101.591841][ T6690] netfs: Couldn't get user pages (rc=-14)
[  101.750297][ T6692] netfs: Couldn't get user pages (rc=-14)
[  101.919916][ T6694] netfs: Couldn't get user pages (rc=-14)
[  102.111791][ T6696] netfs: Couldn't get user pages (rc=-14)
[  102.301072][ T6698] netfs: Couldn't get user pages (rc=-14)
[  102.499148][ T6700] netfs: Couldn't get user pages (rc=-14)
[  102.744367][ T6702] netfs: Couldn't get user pages (rc=-14)
[  102.910323][ T6704] netfs: Couldn't get user pages (rc=-14)
[  103.091104][ T6706] netfs: Couldn't get user pages (rc=-14)
[  103.094225][ T6706] ------------[ cut here ]------------
[  103.094246][   T45] ==================================================================
[  103.096293][ T6706] refcount_t: underflow; use-after-free.
[  103.099288][   T45] BUG: KASAN: slab-use-after-free in netfs_read_collection+0x3baa/0x3d10
[  103.101830][ T6706] WARNING: CPU: 3 PID: 6706 at lib/refcount.c:28 refcount_warn_saturate+0x14a/0x210
[  103.104729][   T45] Write of size 8 at addr ffff8880310c6650 by task kworker/u32:2/45
[  103.104749][   T45] 
[  103.104757][   T45] CPU: 0 UID: 0 PID: 45 Comm: kworker/u32:2 Not tainted 6.14.0-rc2-syzkaller-g78a632a2086c-dirty #0
[  103.104775][   T45] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  103.104788][   T45] Workqueue: events_unbound netfs_read_collection_worker
[  103.104820][   T45] Call Trace:
[  103.104828][   T45]  <TASK>
[  103.104835][   T45]  dump_stack_lvl+0x116/0x1f0
[  103.104859][   T45]  print_report+0xc3/0x620
[  103.104878][   T45]  ? __virt_addr_valid+0x5e/0x590
[  103.104897][   T45]  ? __phys_addr+0xc6/0x150
[  103.104914][   T45]  kasan_report+0xd9/0x110
[  103.104931][   T45]  ? netfs_read_collection+0x3baa/0x3d10
[  103.104955][   T45]  ? netfs_read_collection+0x3baa/0x3d10
[  103.104978][   T45]  ? __pfx_aio_complete_rw+0x10/0x10
[  103.105019][   T45]  netfs_read_collection+0x3baa/0x3d10
[  103.105043][   T45]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  103.105067][   T45]  ? rcu_is_watching+0x12/0xc0
[  103.105088][   T45]  netfs_read_collection_worker+0x285/0x350
[  103.105111][   T45]  process_one_work+0x9c5/0x1ba0
[  103.105137][   T45]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  103.105159][   T45]  ? __pfx_process_one_work+0x10/0x10
[  103.105181][   T45]  ? assign_work+0x1a0/0x250
[  103.105201][   T45]  worker_thread+0x6c8/0xf00
[  103.105224][   T45]  ? __pfx_worker_thread+0x10/0x10
[  103.105245][   T45]  kthread+0x3af/0x750
[  103.105264][   T45]  ? __pfx_kthread+0x10/0x10
[  103.105281][   T45]  ? lock_acquire+0x2f/0xb0
[  103.105303][   T45]  ? __pfx_kthread+0x10/0x10
[  103.105321][   T45]  ret_from_fork+0x45/0x80
[  103.105343][   T45]  ? __pfx_kthread+0x10/0x10
[  103.105362][   T45]  ret_from_fork_asm+0x1a/0x30
[  103.105385][   T45]  </TASK>
[  103.105390][   T45] 
[  103.110037][ T6706] Modules linked in:
[  103.112942][   T45] Allocated by task 6706:
[  103.112955][   T45]  kasan_save_stack+0x33/0x60
[  103.112976][   T45]  kasan_save_track+0x14/0x30
[  103.112988][   T45]  __kasan_slab_alloc+0x89/0x90
[  103.113003][   T45]  kmem_cache_alloc_noprof+0x226/0x3d0
[  103.113019][   T45]  io_submit_one+0x123/0x1da0
[  103.113984][ T6706] CPU: 3 UID: 0 PID: 6706 Comm: syz.0.92 Not tainted 6.14.0-rc2-syzkaller-g78a632a2086c-dirty #0
[  103.117797][   T45]  __x64_sys_io_submit+0x1b2/0x340
[  103.121758][ T6706] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  103.124356][   T45]  do_syscall_64+0xcd/0x250
[  103.124386][   T45]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.124410][   T45] 
[  103.124415][   T45] Freed by task 45:
[  103.124423][   T45]  kasan_save_stack+0x33/0x60
[  103.124439][   T45]  kasan_save_track+0x14/0x30
[  103.124453][   T45]  kasan_save_free_info+0x3b/0x60
[  103.124473][   T45]  __kasan_slab_free+0x51/0x70
[  103.124488][   T45]  kmem_cache_free+0x2e2/0x4d0
[  103.124503][   T45]  aio_complete_rw+0x3ec/0x7b0
[  103.124525][   T45]  netfs_read_collection+0x30b3/0x3d10
[  103.125334][   T39] audit: type=1400 audit(1739582474.424:154): avc:  denied  { rename } for  pid=5336 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  103.125375][   T39] audit: type=1400 audit(1739582474.424:155): avc:  denied  { unlink } for  pid=5336 comm="syslogd" name="messages.0" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  103.125829][ T6706] RIP: 0010:refcount_warn_saturate+0x14a/0x210
[  103.126815][   T39] audit: type=1400 audit(1739582474.424:156): avc:  denied  { create } for  pid=5336 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  103.127035][   T45]  netfs_read_collection_worker+0x285/0x350
[  103.128924][ T6706] Code: ff 89 de e8 a8 5a f5 fc 84 db 0f 85 66 ff ff ff e8 fb 5f f5 fc c6 05 b7 5c 86 0b 01 90 48 c7 c7 c0 00 d3 8b e8 57 99 b5 fc 90 <0f> 0b 90 90 e9 43 ff ff ff e8 d8 5f f5 fc 0f b6 1d 92 5c 86 0b 31
[  103.130625][   T45]  process_one_work+0x9c5/0x1ba0
[  103.132620][ T6706] RSP: 0018:ffffc90003097c68 EFLAGS: 00010286
[  103.134227][   T45]  worker_thread+0x6c8/0xf00
[  103.135927][ T6706] 
[  103.137976][   T45]  kthread+0x3af/0x750
[  103.140079][ T6706] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817a1229
[  103.142038][   T45]  ret_from_fork+0x45/0x80
[  103.144001][ T6706] RDX: ffff888022fba440 RSI: ffffffff817a1236 RDI: 0000000000000001
[  103.145963][   T45]  ret_from_fork_asm+0x1a/0x30
[  103.145989][   T45] 
[  103.145994][   T45] The buggy address belongs to the object at ffff8880310c6640
[  103.145994][   T45]  which belongs to the cache aio_kiocb of size 216
[  103.146007][   T45] The buggy address is located 16 bytes inside of
[  103.146007][   T45]  freed 216-byte region [ffff8880310c6640, ffff8880310c6718)
[  103.146021][   T45] 
[  103.146025][   T45] The buggy address belongs to the physical page:
[  103.146031][   T45] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880310c7e00 pfn:0x310c6
[  103.146046][   T45] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  103.146059][   T45] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  103.146074][   T45] page_type: f5(slab)
[  103.146088][   T45] raw: 00fff00000000040 ffff88801bb3bcc0 0000000000000000 0000000000000001
[  103.146101][   T45] raw: ffff8880310c7e00 0000000080190015 00000000f5000000 0000000000000000
[  103.147877][ T6706] RBP: ffff8880310c6708 R08: 0000000000000001 R09: 0000000000000000
[  103.150039][   T45] head: 00fff00000000040 ffff88801bb3bcc0 0000000000000000 0000000000000001
[  103.151864][ T6706] R10: 0000000000000000 R11: 0000000000000003 R12: 0000000000000000
[  103.154014][   T45] head: ffff8880310c7e00 0000000080190015 00000000f5000000 0000000000000000
[  103.154032][   T45] head: 00fff00000000001 ffffea0000c43181 ffffffffffffffff 0000000000000000
[  103.154047][   T45] head: ffff888000000002 0000000000000000 00000000ffffffff 0000000000000000
[  103.154056][   T45] page dumped because: kasan: bad access detected
[  103.154065][   T45] page_owner tracks the page as allocated
[  103.154071][   T45] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 6549, tgid 6548 (syz.0.17), ts 88470255044, free_ts 87864364394
[  103.154101][   T45]  post_alloc_hook+0x181/0x1b0
[  103.154130][   T45]  get_page_from_freelist+0xfce/0x2f80
[  103.154146][   T45]  __alloc_frozen_pages_noprof+0x221/0x2470
[  103.154162][   T45]  alloc_pages_mpol+0x1fc/0x540
[  103.154180][   T45]  new_slab+0x23d/0x330
[  103.154201][   T45]  ___slab_alloc+0xc5d/0x1720
[  103.154223][   T45]  __slab_alloc.constprop.0+0x56/0xb0
[  103.154246][   T45]  kmem_cache_alloc_noprof+0xfa/0x3d0
[  103.154260][   T45]  io_submit_one+0x123/0x1da0
[  103.156252][ T6706] R13: ffff88804d502ec0 R14: ffff8880310c6640 R15: ffff8880310c66f8
[  103.158007][   T45]  __x64_sys_io_submit+0x1b2/0x340
[  103.159722][ T6706] FS:  00007fcb448c16c0(0000) GS:ffff88806a900000(0000) knlGS:0000000000000000
[  103.161598][   T45]  do_syscall_64+0xcd/0x250
[  103.163239][ T6706] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  103.164860][   T45]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.166582][ T6706] CR2: 00007fcb448a0000 CR3: 000000004caec000 CR4: 0000000000352ef0
[  103.168255][   T45] page last free pid 6535 tgid 6535 stack trace:
[  103.169982][ T6706] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  103.171667][   T45]  free_frozen_pages+0x6db/0xfb0
[  103.173602][ T6706] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  103.174732][   T45]  __mmdrop+0xd5/0x460
[  103.175646][ T6706] Call Trace:
[  103.177212][   T45]  __mmput+0x36c/0x410
[  103.178878][ T6706]  <TASK>
[  103.180584][   T45]  mmput+0x62/0x70
[  103.182468][ T6706]  ? __warn+0xea/0x3c0
[  103.184163][   T45]  begin_new_exec+0x152b/0x3800
[  103.186198][ T6706]  ? __pfx_vprintk_emit+0x10/0x10
[  103.187990][   T45]  load_elf_binary+0x886/0x4fc0
[  103.191845][ T6706]  ? refcount_warn_saturate+0x14a/0x210
[  103.193758][   T45]  bprm_execve+0x8dd/0x16d0
[  103.193784][   T45]  do_execveat_common.isra.0+0x4a2/0x610
[  103.193805][   T45]  __x64_sys_execve+0x8c/0xb0
[  103.193826][   T45]  do_syscall_64+0xcd/0x250
[  103.193842][   T45]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.197799][ T6706]  ? report_bug+0x3c0/0x580
[  103.199441][   T45] 
[  103.199447][   T45] Memory state around the buggy address:
[  103.201670][ T6706]  ? handle_bug+0x54/0xa0
[  103.202561][   T45]  ffff8880310c6500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  103.202573][   T45]  ffff8880310c6580: fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc
[  103.202582][   T45] >ffff8880310c6600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  103.202590][   T45]                                                  ^
[  103.202598][   T45]  ffff8880310c6680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  103.202608][   T45]  ffff8880310c6700: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc
[  103.202615][   T45] ==================================================================
[  103.202779][   T45] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  103.202789][   T45] CPU: 0 UID: 0 PID: 45 Comm: kworker/u32:2 Not tainted 6.14.0-rc2-syzkaller-g78a632a2086c-dirty #0
[  103.202808][   T45] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  103.202818][   T45] Workqueue: events_unbound netfs_read_collection_worker
[  103.202845][   T45] Call Trace:
[  103.202850][   T45]  <TASK>
[  103.202855][   T45]  dump_stack_lvl+0x3d/0x1f0
[  103.202873][   T45]  panic+0x71d/0x800
[  103.202891][   T45]  ? __pfx_panic+0x10/0x10
[  103.202906][   T45]  ? irqentry_exit+0x3b/0x90
[  103.202921][   T45]  ? lockdep_hardirqs_on+0x7c/0x110
[  103.202935][   T45]  ? preempt_schedule_thunk+0x1a/0x30
[  103.202956][   T45]  ? preempt_schedule_common+0x44/0xc0
[  103.202977][   T45]  ? check_panic_on_warn+0x1f/0xb0
[  103.202994][   T45]  check_panic_on_warn+0xab/0xb0
[  103.203011][   T45]  end_report+0x117/0x180
[  103.203027][   T45]  kasan_report+0xe9/0x110
[  103.203042][   T45]  ? netfs_read_collection+0x3baa/0x3d10
[  103.203063][   T45]  ? netfs_read_collection+0x3baa/0x3d10
[  103.203084][   T45]  ? __pfx_aio_complete_rw+0x10/0x10
[  103.203106][   T45]  netfs_read_collection+0x3baa/0x3d10
[  103.203129][   T45]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  103.203150][   T45]  ? rcu_is_watching+0x12/0xc0
[  103.203169][   T45]  netfs_read_collection_worker+0x285/0x350
[  103.203190][   T45]  process_one_work+0x9c5/0x1ba0
[  103.203213][   T45]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  103.203233][   T45]  ? __pfx_process_one_work+0x10/0x10
[  103.203254][   T45]  ? assign_work+0x1a0/0x250
[  103.203271][   T45]  worker_thread+0x6c8/0xf00
[  103.203292][   T45]  ? __pfx_worker_thread+0x10/0x10
[  103.203310][   T45]  kthread+0x3af/0x750
[  103.203329][   T45]  ? __pfx_kthread+0x10/0x10
[  103.203345][   T45]  ? lock_acquire+0x2f/0xb0
[  103.203365][   T45]  ? __pfx_kthread+0x10/0x10
[  103.203382][   T45]  ret_from_fork+0x45/0x80
[  103.203403][   T45]  ? __pfx_kthread+0x10/0x10
[  103.203420][   T45]  ret_from_fork_asm+0x1a/0x30
[  103.203439][   T45]  </TASK>
[  103.204577][   T45] Kernel Offset: disabled