Warning: Permanently added '[localhost]:26211' (ED25519) to the list of known hosts.
2023/10/09 19:00:30 ignoring optional flag "sandboxArg"="0"
2023/10/09 19:00:31 parsed 1 programs
[ 86.400359][ T37] kauditd_printk_skb: 75 callbacks suppressed
[ 86.400373][ T37] audit: type=1400 audit(1696878031.110:206): avc: denied { getattr } for pid=5362 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 86.416216][ T37] audit: type=1400 audit(1696878031.110:207): avc: denied { read } for pid=5362 comm="syz-execprog" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 86.440468][ T37] audit: type=1400 audit(1696878031.110:208): avc: denied { open } for pid=5362 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 86.466455][ T37] audit: type=1400 audit(1696878031.170:209): avc: denied { mounton } for pid=5369 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 86.482685][ T37] audit: type=1400 audit(1696878031.180:210): avc: denied { mount } for pid=5369 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[ 86.510631][ T37] audit: type=1400 audit(1696878031.180:211): avc: denied { read write } for pid=5369 comm="syz-executor" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 86.526765][ T37] audit: type=1400 audit(1696878031.180:212): avc: denied { open } for pid=5369 comm="syz-executor" path="/swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 86.560185][ T37] audit: type=1400 audit(1696878031.270:213): avc: denied { unlink } for pid=5369 comm="syz-executor" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 87.242899][ T37] audit: type=1400 audit(1696878031.950:214): avc: denied { relabelto } for pid=5385 comm="mkswap" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 87.287375][ T978] cfg80211: failed to load regulatory.db
[ 88.481165][ T5369] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
2023/10/09 19:00:33 executed programs: 0
[ 88.534917][ T61] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 88.539324][ T61] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 88.543614][ T61] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 88.548366][ T61] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 88.552371][ T61] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 88.557033][ T61] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 88.566001][ T37] audit: type=1400 audit(1696878033.280:215): avc: denied { mounton } for pid=5390 comm="syz-executor.0" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[ 88.718456][ T5390] chnl_net:caif_netlink_parms(): no params data found
[ 88.849500][ T5390] bridge0: port 1(bridge_slave_0) entered blocking state
[ 88.852689][ T5390] bridge0: port 1(bridge_slave_0) entered disabled state
[ 88.857602][ T5390] bridge_slave_0: entered allmulticast mode
[ 88.862029][ T5390] bridge_slave_0: entered promiscuous mode
[ 88.867814][ T5390] bridge0: port 2(bridge_slave_1) entered blocking state
[ 88.871084][ T5390] bridge0: port 2(bridge_slave_1) entered disabled state
[ 88.874590][ T5390] bridge_slave_1: entered allmulticast mode
[ 88.878240][ T5390] bridge_slave_1: entered promiscuous mode
[ 88.956084][ T5390] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 88.966069][ T5390] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 89.073016][ T5390] team0: Port device team_slave_0 added
[ 89.092741][ T5390] team0: Port device team_slave_1 added
[ 89.153781][ T5390] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 89.157496][ T5390] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 89.168446][ T5390] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 89.175287][ T5390] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 89.178572][ T5390] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 89.192440][ T5390] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 89.287137][ T5390] hsr_slave_0: entered promiscuous mode
[ 89.297510][ T5390] hsr_slave_1: entered promiscuous mode
[ 90.259579][ T5390] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 90.269089][ T5390] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 90.277408][ T5390] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 90.302037][ T5390] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 90.432839][ T5390] 8021q: adding VLAN 0 to HW filter on device bond0
[ 90.454651][ T5390] 8021q: adding VLAN 0 to HW filter on device team0
[ 90.466350][ T825] bridge0: port 1(bridge_slave_0) entered blocking state
[ 90.470737][ T825] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 90.486843][ T825] bridge0: port 2(bridge_slave_1) entered blocking state
[ 90.490382][ T825] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 90.541531][ T5390] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 90.546966][ T5390] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 90.645678][ T5169] Bluetooth: hci0: command 0x0409 tx timeout
[ 90.733039][ T5390] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 90.781603][ T5390] veth0_vlan: entered promiscuous mode
[ 90.795383][ T5390] veth1_vlan: entered promiscuous mode
[ 90.831933][ T5390] veth0_macvtap: entered promiscuous mode
[ 90.840575][ T5390] veth1_macvtap: entered promiscuous mode
[ 90.866968][ T5390] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 90.875747][ T5390] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 90.891564][ T5390] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 90.896119][ T5390] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 90.900730][ T5390] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 90.906002][ T5390] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 90.984615][ T978] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 90.989685][ T978] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 91.019022][ T825] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 91.022575][ T825] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 92.734353][ T5169] Bluetooth: hci0: command 0x041b tx timeout
[ 93.065948][ T978] ==================================================================
[ 93.069236][ T978] BUG: KASAN: slab-use-after-free in do_raw_spin_unlock+0x1f7/0x230
[ 93.072625][ T978] Read of size 4 at addr ffff88801c3bc93c by task kworker/3:4/978
[ 93.081316][ T978]
[ 93.082440][ T978] CPU: 3 PID: 978 Comm: kworker/3:4 Not tainted 6.6.0-rc5-syzkaller-g94f6f0550c62 #0
[ 93.087136][ T978] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 93.092093][ T978] Workqueue: pencrypt_serial padata_serial_worker
[ 93.095127][ T978] Call Trace:
[ 93.096725][ T978]
[ 93.098105][ T978] dump_stack_lvl+0xd9/0x1b0
[ 93.100430][ T978] print_report+0xc4/0x620
[ 93.102634][ T978] ? __virt_addr_valid+0x5e/0x2d0
[ 93.105209][ T978] ? __phys_addr+0xc6/0x140
[ 93.107313][ T978] kasan_report+0xda/0x110
[ 93.109314][ T978] ? do_raw_spin_unlock+0x1f7/0x230
[ 93.111689][ T978] ? do_raw_spin_unlock+0x1f7/0x230
[ 93.114073][ T978] do_raw_spin_unlock+0x1f7/0x230
[ 93.116300][ T978] _raw_spin_unlock_bh+0x1e/0x30
[ 93.118093][ T978] tls_encrypt_done+0x281/0x560
[ 93.119882][ T978] padata_serial_worker+0x246/0x490
[ 93.122054][ T978] ? padata_find_next+0x430/0x430
[ 93.124139][ T978] process_one_work+0x884/0x15c0
[ 93.126016][ T978] ? init_worker_pool+0x770/0x770
[ 93.128443][ T978] ? assign_work+0x1a0/0x240
[ 93.130663][ T978] worker_thread+0x8b9/0x1290
[ 93.133240][ T978] ? __kthread_parkme+0x14b/0x220
[ 93.136119][ T978] ? process_one_work+0x15c0/0x15c0
[ 93.138717][ T978] kthread+0x33c/0x440
[ 93.140680][ T978] ? _raw_spin_unlock_irq+0x23/0x50
[ 93.143109][ T978] ? kthread_complete_and_exit+0x40/0x40
[ 93.146057][ T978] ret_from_fork+0x45/0x80
[ 93.148137][ T978] ? kthread_complete_and_exit+0x40/0x40
[ 93.150957][ T978] ret_from_fork_asm+0x11/0x20
[ 93.153456][ T978]
[ 93.154933][ T978]
[ 93.156033][ T978] Allocated by task 5597:
[ 93.158330][ T978] kasan_save_stack+0x33/0x50
[ 93.161004][ T978] kasan_set_track+0x25/0x30
[ 93.163194][ T978] __kasan_kmalloc+0xa3/0xb0
[ 93.165327][ T978] tls_set_sw_offload+0x12e0/0x1700
[ 93.167954][ T978] tls_setsockopt+0x108c/0x1340
[ 93.170275][ T978] __sys_setsockopt+0x2cd/0x5b0
[ 93.172566][ T978] __x64_sys_setsockopt+0xbd/0x150
[ 93.175058][ T978] do_syscall_64+0x38/0xb0
[ 93.177118][ T978] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 93.179932][ T978]
[ 93.181059][ T978] Freed by task 5596:
[ 93.182919][ T978] kasan_save_stack+0x33/0x50
[ 93.184941][ T978] kasan_set_track+0x25/0x30
[ 93.187080][ T978] kasan_save_free_info+0x28/0x40
[ 93.189498][ T978] ____kasan_slab_free+0x138/0x190
[ 93.191900][ T978] __kmem_cache_free+0xcc/0x2d0
[ 93.194411][ T978] tls_sk_proto_close+0x4c3/0xb00
[ 93.196872][ T978] inet_release+0x132/0x270
[ 93.198988][ T978] inet6_release+0x4f/0x70
[ 93.201108][ T978] __sock_release+0xae/0x260
[ 93.203222][ T978] sock_close+0x1c/0x20
[ 93.205188][ T978] __fput+0x3f7/0xa70
[ 93.207116][ T978] __fput_sync+0x47/0x50
[ 93.209104][ T978] __x64_sys_close+0x87/0xf0
[ 93.210994][ T978] do_syscall_64+0x38/0xb0
[ 93.213339][ T978] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 93.216412][ T978]
[ 93.217374][ T978] The buggy address belongs to the object at ffff88801c3bc800
[ 93.217374][ T978] which belongs to the cache kmalloc-512 of size 512
[ 93.222751][ T978] The buggy address is located 316 bytes inside of
[ 93.222751][ T978] freed 512-byte region [ffff88801c3bc800, ffff88801c3bca00)
[ 93.227846][ T978]
[ 93.228990][ T978] The buggy address belongs to the physical page:
[ 93.232042][ T978] page:ffffea000070ef00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1c3bc
[ 93.236642][ T978] flags: 0xfff00000000800(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 93.240473][ T978] page_type: 0x4()
[ 93.242264][ T978] raw: 00fff00000000800 ffff888012c40600 ffffea0000735110 ffffea00006d3810
[ 93.246839][ T978] raw: 0000000000000000 ffff88801c3bc000 0000000100000004 0000000000000000
[ 93.251263][ T978] page dumped because: kasan: bad access detected
[ 93.254422][ T978] page_owner tracks the page as allocated
[ 93.257334][ T978] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2420c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_COMP|__GFP_THISNODE), pid 646, tgid 646 (kworker/u16:0), ts 9457497719, free_ts 9456618192
[ 93.266235][ T978] post_alloc_hook+0x2cf/0x340
[ 93.268298][ T978] get_page_from_freelist+0xee0/0x2f20
[ 93.270885][ T978] __alloc_pages+0x1d0/0x4a0
[ 93.273252][ T978] cache_grow_begin+0x99/0x3a0
[ 93.275440][ T978] cache_alloc_refill+0x294/0x3a0
[ 93.277803][ T978] __kmem_cache_alloc_node+0x3c5/0x470
[ 93.280376][ T978] kmalloc_trace+0x25/0xe0
[ 93.282597][ T978] alloc_bprm+0x51/0xaf0
[ 93.284379][ T978] kernel_execve+0xaf/0x4e0
[ 93.286189][ T978] call_usermodehelper_exec_async+0x256/0x4c0
[ 93.288560][ T978] ret_from_fork+0x45/0x80
[ 93.290300][ T978] ret_from_fork_asm+0x11/0x20
[ 93.292436][ T978] page last free stack trace:
[ 93.294556][ T978] free_unref_page_prepare+0x476/0xa40
[ 93.296782][ T978] free_unref_page+0x33/0x3b0
[ 93.298799][ T978] __mmdrop+0xd7/0x470
[ 93.300672][ T978] __mmput+0x409/0x4d0
[ 93.302569][ T978] mmput+0x62/0x70
[ 93.304290][ T978] free_bprm+0x144/0x3f0
[ 93.306050][ T978] kernel_execve+0x3e7/0x4e0
[ 93.307923][ T978] call_usermodehelper_exec_async+0x256/0x4c0
[ 93.310307][ T978] ret_from_fork+0x45/0x80
[ 93.312246][ T978] ret_from_fork_asm+0x11/0x20
[ 93.314373][ T978]
[ 93.315478][ T978] Memory state around the buggy address:
[ 93.317923][ T978] ffff88801c3bc800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 93.321023][ T978] ffff88801c3bc880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 93.324534][ T978] >ffff88801c3bc900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 93.328738][ T978] ^
[ 93.331707][ T978] ffff88801c3bc980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 93.335197][ T978] ffff88801c3bca00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 93.338926][ T978] ==================================================================
[ 93.342739][ T978] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 93.346436][ T978] CPU: 3 PID: 978 Comm: kworker/3:4 Not tainted 6.6.0-rc5-syzkaller-g94f6f0550c62 #0
[ 93.350711][ T978] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 93.355306][ T978] Workqueue: pencrypt_serial padata_serial_worker
[ 93.358262][ T978] Call Trace:
[ 93.359702][ T978]
[ 93.360995][ T978] dump_stack_lvl+0xd9/0x1b0
[ 93.363028][ T978] panic+0x6a6/0x750
[ 93.364731][ T978] ? panic_smp_self_stop+0xa0/0xa0
[ 93.367159][ T978] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 93.369897][ T978] check_panic_on_warn+0xab/0xb0
[ 93.371972][ T978] end_report+0x108/0x150
[ 93.373621][ T978] kasan_report+0xea/0x110
[ 93.375333][ T978] ? do_raw_spin_unlock+0x1f7/0x230
[ 93.377400][ T978] ? do_raw_spin_unlock+0x1f7/0x230
[ 93.379811][ T978] do_raw_spin_unlock+0x1f7/0x230
[ 93.382137][ T978] _raw_spin_unlock_bh+0x1e/0x30
[ 93.384420][ T978] tls_encrypt_done+0x281/0x560
[ 93.386613][ T978] padata_serial_worker+0x246/0x490
[ 93.389073][ T978] ? padata_find_next+0x430/0x430
[ 93.391808][ T978] process_one_work+0x884/0x15c0
[ 93.394520][ T978] ? init_worker_pool+0x770/0x770
[ 93.396601][ T978] ? assign_work+0x1a0/0x240
[ 93.398821][ T978] worker_thread+0x8b9/0x1290
[ 93.401012][ T978] ? __kthread_parkme+0x14b/0x220
[ 93.403367][ T978] ? process_one_work+0x15c0/0x15c0
[ 93.405778][ T978] kthread+0x33c/0x440
[ 93.407367][ T978] ? _raw_spin_unlock_irq+0x23/0x50
[ 93.409377][ T978] ? kthread_complete_and_exit+0x40/0x40
[ 93.411641][ T978] ret_from_fork+0x45/0x80
[ 93.413794][ T978] ? kthread_complete_and_exit+0x40/0x40
[ 93.416495][ T978] ret_from_fork_asm+0x11/0x20
[ 93.418657][ T978]
[ 93.420715][ T978] Kernel Offset: disabled
[ 93.422453][ T978] Rebooting in 86400 seconds..