[   77.239090][ T1360] ieee802154 phy0 wpan0: encryption failed: -22
[   77.242126][ T1360] ieee802154 phy1 wpan1: encryption failed: -22
Warning: Permanently added '[localhost]:63738' (ED25519) to the list of known hosts.
2024/07/14 11:19:32 ignoring optional flag "sandboxArg"="0"
2024/07/14 11:19:32 parsed 1 programs
[   81.152185][   T39] audit: type=1400 audit(1720955972.543:134): avc:  denied  { getattr } for  pid=5312 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   81.247396][   T39] audit: type=1400 audit(1720955972.643:135): avc:  denied  { unlink } for  pid=5318 comm="syz-executor" name="swap-file" dev="sda1" ino=1931 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   82.905244][ T5318] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
2024/07/14 11:19:34 executed programs: 0
[   82.972766][ T4633] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   82.977902][ T4633] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   82.981852][ T4633] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   82.986610][ T4633] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   82.994517][ T4633] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   82.997956][ T4633] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   83.007963][   T39] audit: type=1400 audit(1720955974.403:136): avc:  denied  { mounton } for  pid=5324 comm="syz-executor.0" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[   83.165696][ T5324] chnl_net:caif_netlink_parms(): no params data found
[   83.308993][ T5324] bridge0: port 1(bridge_slave_0) entered blocking state
[   83.312275][ T5324] bridge0: port 1(bridge_slave_0) entered disabled state
[   83.318445][ T5324] bridge_slave_0: entered allmulticast mode
[   83.322411][ T5324] bridge_slave_0: entered promiscuous mode
[   83.329791][ T5324] bridge0: port 2(bridge_slave_1) entered blocking state
[   83.333069][ T5324] bridge0: port 2(bridge_slave_1) entered disabled state
[   83.336468][ T5324] bridge_slave_1: entered allmulticast mode
[   83.340319][ T5324] bridge_slave_1: entered promiscuous mode
[   83.397841][ T5324] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   83.406455][ T5324] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   83.483239][ T5324] team0: Port device team_slave_0 added
[   83.498561][ T5324] team0: Port device team_slave_1 added
[   83.554939][ T5324] batman_adv: batadv0: Adding interface: batadv_slave_0
[   83.558322][ T5324] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   83.575275][ T5324] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   83.582154][ T5324] batman_adv: batadv0: Adding interface: batadv_slave_1
[   83.598428][ T5324] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   83.621422][ T5324] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   83.710377][ T5324] hsr_slave_0: entered promiscuous mode
[   83.747607][ T5324] hsr_slave_1: entered promiscuous mode
[   84.755469][ T5324] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   84.763615][ T5324] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   84.770683][ T5324] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   84.796699][ T5324] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   84.927880][ T5324] 8021q: adding VLAN 0 to HW filter on device bond0
[   84.945933][ T5324] 8021q: adding VLAN 0 to HW filter on device team0
[   84.956326][   T35] bridge0: port 1(bridge_slave_0) entered blocking state
[   84.959662][   T35] bridge0: port 1(bridge_slave_0) entered forwarding state
[   84.975750][   T35] bridge0: port 2(bridge_slave_1) entered blocking state
[   84.978929][   T35] bridge0: port 2(bridge_slave_1) entered forwarding state
[   85.097160][   T65] Bluetooth: hci0: command tx timeout
[   85.171576][ T5324] 8021q: adding VLAN 0 to HW filter on device batadv0
[   85.229427][ T5324] veth0_vlan: entered promiscuous mode
[   85.238079][ T5324] veth1_vlan: entered promiscuous mode
[   85.272968][ T5324] veth0_macvtap: entered promiscuous mode
[   85.280488][ T5324] veth1_macvtap: entered promiscuous mode
[   85.300508][ T5324] batman_adv: batadv0: Interface activated: batadv_slave_0
[   85.327515][ T5324] batman_adv: batadv0: Interface activated: batadv_slave_1
[   85.333673][ T5324] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   85.337430][ T5324] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   85.348446][ T5324] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   85.351688][ T5324] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   85.437861][  T161] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   85.441358][  T161] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   85.468197][   T73] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   85.471703][   T73] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   85.532214][   T39] audit: type=1400 audit(1720955976.923:137): avc:  denied  { connect } for  pid=5386 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   87.164003][ T4633] Bluetooth: hci0: command tx timeout
[   87.485920][  T828] cfg80211: failed to load regulatory.db
2024/07/14 11:19:39 executed programs: 3
[   89.243900][ T4633] Bluetooth: hci0: command 0x040f tx timeout
[   91.314118][ T4633] Bluetooth: hci0: command 0x040f tx timeout
[   93.395707][ T4633] Bluetooth: hci0: command 0x040f tx timeout
2024/07/14 11:19:45 executed programs: 12
[   95.474042][ T4633] Bluetooth: hci0: command 0x040f tx timeout
[   97.554626][ T4633] Bluetooth: hci0: command 0x040f tx timeout
2024/07/14 11:19:50 executed programs: 18
2024/07/14 11:19:55 executed programs: 24
2024/07/14 11:20:00 executed programs: 30
2024/07/14 11:20:06 executed programs: 36
2024/07/14 11:20:11 executed programs: 42
2024/07/14 11:20:16 executed programs: 48
[  129.715263][   T25] ==================================================================
[  129.719186][   T25] BUG: KASAN: slab-use-after-free in sco_sock_timeout+0x97/0x2e0
[  129.722236][   T25] Write of size 4 at addr ffff88801ac60080 by task kworker/2:0/25
[  129.727512][   T25] 
[  129.728589][   T25] CPU: 2 PID: 25 Comm: kworker/2:0 Not tainted 6.10.0-rc7-syzkaller-g4d145e3f830b #0
[  129.732304][   T25] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  129.737354][   T25] Workqueue: events sco_sock_timeout
[  129.739347][   T25] Call Trace:
[  129.740682][   T25]  <TASK>
[  129.741905][   T25]  dump_stack_lvl+0x116/0x1f0
[  129.744165][   T25]  print_report+0xc3/0x620
[  129.746142][   T25]  ? __virt_addr_valid+0x5e/0x590
[  129.748221][   T25]  ? __phys_addr+0xc6/0x150
[  129.749971][   T25]  kasan_report+0xd9/0x110
[  129.751689][   T25]  ? sco_sock_timeout+0x97/0x2e0
[  129.753627][   T25]  ? sco_sock_timeout+0x97/0x2e0
[  129.755681][   T25]  kasan_check_range+0xef/0x1a0
[  129.757584][   T25]  sco_sock_timeout+0x97/0x2e0
[  129.759235][   T25]  process_one_work+0x9c5/0x1b40
[  129.760904][   T25]  ? __pfx_lock_acquire+0x10/0x10
[  129.762610][   T25]  ? __pfx_process_one_work+0x10/0x10
[  129.764437][   T25]  ? assign_work+0x1a0/0x250
[  129.766006][   T25]  worker_thread+0x6c8/0xf30
[  129.767962][   T25]  ? __pfx_worker_thread+0x10/0x10
[  129.770065][   T25]  kthread+0x2c1/0x3a0
[  129.771679][   T25]  ? _raw_spin_unlock_irq+0x23/0x50
[  129.773671][   T25]  ? __pfx_kthread+0x10/0x10
[  129.775498][   T25]  ret_from_fork+0x45/0x80
[  129.777236][   T25]  ? __pfx_kthread+0x10/0x10
[  129.779035][   T25]  ret_from_fork_asm+0x1a/0x30
[  129.781071][   T25]  </TASK>
[  129.782413][   T25] 
[  129.783365][   T25] Allocated by task 5468:
[  129.784944][   T25]  kasan_save_stack+0x33/0x60
[  129.786788][   T25]  kasan_save_track+0x14/0x30
[  129.788575][   T25]  __kasan_kmalloc+0xaa/0xb0
[  129.790377][   T25]  __kmalloc_noprof+0x1ec/0x410
[  129.792296][   T25]  sk_prot_alloc+0x1a8/0x2a0
[  129.794231][   T25]  sk_alloc+0x36/0xb90
[  129.795969][   T25]  bt_sock_alloc+0x3b/0x3a0
[  129.797803][   T25]  sco_sock_create+0xe3/0x3c0
[  129.799614][   T25]  bt_sock_create+0x182/0x350
[  129.801209][   T25]  __sock_create+0x32e/0x800
[  129.802785][   T25]  __sys_socket+0x14f/0x260
[  129.804338][   T25]  __x64_sys_socket+0x72/0xb0
[  129.805927][   T25]  do_syscall_64+0xcd/0x250
[  129.807482][   T25]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  129.809510][   T25] 
[  129.810342][   T25] Freed by task 5469:
[  129.812093][   T25]  kasan_save_stack+0x33/0x60
[  129.813948][   T25]  kasan_save_track+0x14/0x30
[  129.815828][   T25]  kasan_save_free_info+0x3b/0x60
[  129.817780][   T25]  poison_slab_object+0xf7/0x160
[  129.819739][   T25]  __kasan_slab_free+0x32/0x50
[  129.821627][   T25]  kfree+0x12a/0x3b0
[  129.823129][   T25]  __sk_destruct+0x5d8/0x730
[  129.825130][   T25]  sk_destruct+0xc2/0xf0
[  129.826777][   T25]  __sk_free+0xf4/0x3e0
[  129.828396][   T25]  sk_free+0x7c/0xa0
[  129.829780][   T25]  sco_sock_kill+0x19d/0x1c0
[  129.831366][   T25]  sco_sock_release+0x154/0x2d0
[  129.833015][   T25]  __sock_release+0xb0/0x270
[  129.834604][   T25]  sock_close+0x1c/0x30
[  129.836015][   T25]  __fput+0x408/0xbb0
[  129.837373][   T25]  task_work_run+0x14e/0x250
[  129.838965][   T25]  get_signal+0x1ca/0x2710
[  129.840694][   T25]  arch_do_signal_or_restart+0x90/0x7e0
[  129.842807][   T25]  syscall_exit_to_user_mode+0x14a/0x2a0
[  129.844985][   T25]  do_syscall_64+0xda/0x250
[  129.846780][   T25]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  129.849076][   T25] 
[  129.850007][   T25] The buggy address belongs to the object at ffff88801ac60000
[  129.850007][   T25]  which belongs to the cache kmalloc-2k of size 2048
[  129.855277][   T25] The buggy address is located 128 bytes inside of
[  129.855277][   T25]  freed 2048-byte region [ffff88801ac60000, ffff88801ac60800)
[  129.860470][   T25] 
[  129.861380][   T25] The buggy address belongs to the physical page:
[  129.863830][   T25] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88801ac60000 pfn:0x1ac60
[  129.867895][   T25] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  129.871159][   T25] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  129.873974][   T25] page_type: 0xffffefff(slab)
[  129.875602][   T25] raw: 00fff00000000040 ffff888015442f00 0000000000000000 dead000000000001
[  129.878457][   T25] raw: ffff88801ac60000 0000000000080007 00000001ffffefff 0000000000000000
[  129.881355][   T25] head: 00fff00000000040 ffff888015442f00 0000000000000000 dead000000000001
[  129.884644][   T25] head: ffff88801ac60000 0000000000080007 00000001ffffefff 0000000000000000
[  129.887883][   T25] head: 00fff00000000003 ffffea00006b1801 ffffffffffffffff 0000000000000000
[  129.891199][   T25] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  129.894456][   T25] page dumped because: kasan: bad access detected
[  129.896910][   T25] page_owner tracks the page as allocated
[  129.898812][   T25] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 4385196805, free_ts 0
[  129.905266][   T25]  post_alloc_hook+0x2d1/0x350
[  129.907087][   T25]  get_page_from_freelist+0x1353/0x2e50
[  129.909212][   T25]  __alloc_pages_noprof+0x22b/0x2460
[  129.911243][   T25]  alloc_slab_page+0x56/0x110
[  129.913080][   T25]  new_slab+0x84/0x260
[  129.914676][   T25]  ___slab_alloc+0xdac/0x1870
[  129.916501][   T25]  __slab_alloc.constprop.0+0x56/0xb0
[  129.918596][   T25]  kmalloc_trace_noprof+0x2b4/0x300
[  129.920610][   T25]  acpi_ds_create_walk_state+0x78/0x250
[  129.922729][   T25]  acpi_ds_call_control_method+0xf3/0x6d0
[  129.924887][   T25]  acpi_ps_parse_aml+0x845/0xcb0
[  129.926778][   T25]  acpi_ps_execute_method+0x55a/0xb30
[  129.928845][   T25]  acpi_ns_evaluate+0x76c/0xca0
[  129.930730][   T25]  acpi_ut_evaluate_object+0xda/0x4a0
[  129.932773][   T25]  acpi_rs_get_method_data+0x85/0xf0
[  129.934809][   T25]  acpi_walk_resources+0x15c/0x1f0
[  129.936794][   T25] page_owner free stack trace missing
[  129.938851][   T25] 
[  129.939778][   T25] Memory state around the buggy address:
[  129.941903][   T25]  ffff88801ac5ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  129.944728][   T25]  ffff88801ac60000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  129.947463][   T25] >ffff88801ac60080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  129.950135][   T25]                    ^
[  129.951527][   T25]  ffff88801ac60100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  129.954233][   T25]  ffff88801ac60180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  129.956927][   T25] ==================================================================
[  129.959989][   T25] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  129.963693][   T25] CPU: 2 PID: 25 Comm: kworker/2:0 Not tainted 6.10.0-rc7-syzkaller-g4d145e3f830b #0
[  129.967662][   T25] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  129.972201][   T25] Workqueue: events sco_sock_timeout
[  129.974492][   T25] Call Trace:
[  129.975923][   T25]  <TASK>
[  129.977083][   T25]  dump_stack_lvl+0x3d/0x1f0
[  129.978997][   T25]  panic+0x6f5/0x7a0
[  129.980751][   T25]  ? mark_held_locks+0x9f/0xe0
[  129.982701][   T25]  ? __pfx_panic+0x10/0x10
[  129.984445][   T25]  ? irqentry_exit+0x3b/0x90
[  129.986246][   T25]  ? lockdep_hardirqs_on+0x7c/0x110
[  129.988476][   T25]  ? check_panic_on_warn+0x1f/0xb0
[  129.990702][   T25]  check_panic_on_warn+0xab/0xb0
[  129.992723][   T25]  end_report+0x117/0x180
[  129.994455][   T25]  kasan_report+0xe9/0x110
[  129.996403][   T25]  ? sco_sock_timeout+0x97/0x2e0
[  129.998539][   T25]  ? sco_sock_timeout+0x97/0x2e0
[  130.000377][   T25]  kasan_check_range+0xef/0x1a0
[  130.002215][   T25]  sco_sock_timeout+0x97/0x2e0
[  130.003976][   T25]  process_one_work+0x9c5/0x1b40
[  130.005780][   T25]  ? __pfx_lock_acquire+0x10/0x10
[  130.007481][   T25]  ? __pfx_process_one_work+0x10/0x10
[  130.009265][   T25]  ? assign_work+0x1a0/0x250
[  130.010811][   T25]  worker_thread+0x6c8/0xf30
[  130.012518][   T25]  ? __pfx_worker_thread+0x10/0x10
[  130.014630][   T25]  kthread+0x2c1/0x3a0
[  130.016460][   T25]  ? _raw_spin_unlock_irq+0x23/0x50
[  130.018788][   T25]  ? __pfx_kthread+0x10/0x10
[  130.020607][   T25]  ret_from_fork+0x45/0x80
[  130.022517][   T25]  ? __pfx_kthread+0x10/0x10
[  130.024558][   T25]  ret_from_fork_asm+0x1a/0x30
[  130.026527][   T25]  </TASK>
[  130.039176][   T25] Kernel Offset: disabled
[  130.041150][   T25] Rebooting in 86400 seconds..