Warning: Permanently added '[localhost]:11080' (ED25519) to the list of known hosts.
2024/07/16 15:56:42 ignoring optional flag "sandboxArg"="0"
2024/07/16 15:56:43 parsed 1 programs
[   70.783352][   T39] audit: type=1400 audit(1721145403.094:134): avc:  denied  { getattr } for  pid=5308 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   70.859416][   T39] audit: type=1400 audit(1721145403.174:135): avc:  denied  { unlink } for  pid=5314 comm="syz-executor" name="swap-file" dev="sda1" ino=1931 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   71.613970][ T1357] ieee802154 phy0 wpan0: encryption failed: -22
[   71.617179][ T1357] ieee802154 phy1 wpan1: encryption failed: -22
[   72.531949][ T5314] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
2024/07/16 15:56:44 executed programs: 0
[   72.588102][ T4634] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   72.592647][ T4634] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   72.597764][ T4634] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   72.605563][ T4634] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   72.612351][ T4634] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   72.615834][ T4634] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   72.630481][   T39] audit: type=1400 audit(1721145404.934:136): avc:  denied  { mounton } for  pid=5319 comm="syz-executor.0" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[   72.773955][ T5319] chnl_net:caif_netlink_parms(): no params data found
[   72.888005][ T5319] bridge0: port 1(bridge_slave_0) entered blocking state
[   72.892122][ T5319] bridge0: port 1(bridge_slave_0) entered disabled state
[   72.896733][ T5319] bridge_slave_0: entered allmulticast mode
[   72.904539][ T5319] bridge_slave_0: entered promiscuous mode
[   72.910472][ T5319] bridge0: port 2(bridge_slave_1) entered blocking state
[   72.914000][ T5319] bridge0: port 2(bridge_slave_1) entered disabled state
[   72.917969][ T5319] bridge_slave_1: entered allmulticast mode
[   72.922604][ T5319] bridge_slave_1: entered promiscuous mode
[   73.002072][ T5319] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   73.028144][ T5319] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   73.097581][ T5319] team0: Port device team_slave_0 added
[   73.104089][ T5319] team0: Port device team_slave_1 added
[   73.167930][ T5319] batman_adv: batadv0: Adding interface: batadv_slave_0
[   73.170837][ T5319] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   73.181604][ T5319] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   73.188145][ T5319] batman_adv: batadv0: Adding interface: batadv_slave_1
[   73.191252][ T5319] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   73.203361][ T5319] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   73.297503][ T5319] hsr_slave_0: entered promiscuous mode
[   73.301238][ T5319] hsr_slave_1: entered promiscuous mode
[   74.176289][ T5319] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   74.190867][ T5319] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   74.207948][ T5319] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   74.214679][ T5319] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   74.299283][ T5319] 8021q: adding VLAN 0 to HW filter on device bond0
[   74.316195][ T5319] 8021q: adding VLAN 0 to HW filter on device team0
[   74.327693][ T1273] bridge0: port 1(bridge_slave_0) entered blocking state
[   74.331829][ T1273] bridge0: port 1(bridge_slave_0) entered forwarding state
[   74.360153][   T57] bridge0: port 2(bridge_slave_1) entered blocking state
[   74.362904][   T57] bridge0: port 2(bridge_slave_1) entered forwarding state
[   74.410277][ T5319] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   74.578513][ T5319] 8021q: adding VLAN 0 to HW filter on device batadv0
[   74.631386][ T5319] veth0_vlan: entered promiscuous mode
[   74.641370][ T5319] veth1_vlan: entered promiscuous mode
[   74.662014][ T4634] Bluetooth: hci0: command tx timeout
[   74.684239][ T5319] veth0_macvtap: entered promiscuous mode
[   74.706200][ T5319] veth1_macvtap: entered promiscuous mode
[   74.725987][ T5319] batman_adv: batadv0: Interface activated: batadv_slave_0
[   74.735099][ T5319] batman_adv: batadv0: Interface activated: batadv_slave_1
[   74.742791][ T5319] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   74.746347][ T5319] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   74.749609][ T5319] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   74.752450][ T5319] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   74.807600][   T93] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   74.810712][   T93] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   74.853673][   T93] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   74.858141][   T93] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   74.927839][   T39] audit: type=1400 audit(1721145407.234:137): avc:  denied  { read } for  pid=5381 comm="syz-executor.0" name="card2" dev="devtmpfs" ino=640 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[   74.940598][   T39] audit: type=1400 audit(1721145407.234:138): avc:  denied  { open } for  pid=5381 comm="syz-executor.0" path="/dev/dri/card2" dev="devtmpfs" ino=640 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[   74.950687][   T39] audit: type=1400 audit(1721145407.234:139): avc:  denied  { ioctl } for  pid=5381 comm="syz-executor.0" path="/dev/dri/card2" dev="devtmpfs" ino=640 ioctlcmd=0x64a0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[   75.289309][ T1095] ==================================================================
[   75.309006][ T1095] BUG: KASAN: slab-use-after-free in drm_atomic_helper_wait_for_vblanks.part.0+0x84f/0x930
[   75.313679][ T1095] Read of size 1 at addr ffff88802a3cdc09 by task kworker/u32:8/1095
[   75.319909][ T1095] 
[   75.320742][ T1095] CPU: 1 PID: 1095 Comm: kworker/u32:8 Not tainted 6.10.0-syzkaller-gd67978318827 #0
[   75.324022][ T1095] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   75.329878][ T1095] Workqueue: events_unbound commit_work
[   75.332028][ T1095] Call Trace:
[   75.333613][ T1095]  <TASK>
[   75.356735][ T1095]  dump_stack_lvl+0x116/0x1f0
[   75.358616][ T1095]  print_report+0xc3/0x620
[   75.360311][ T1095]  ? __virt_addr_valid+0x5e/0x590
[   75.362267][ T1095]  ? __phys_addr+0xc6/0x150
[   75.377816][ T1095]  kasan_report+0xd9/0x110
[   75.381306][ T1095]  ? drm_atomic_helper_wait_for_vblanks.part.0+0x84f/0x930
[   75.388372][ T1095]  ? drm_atomic_helper_wait_for_vblanks.part.0+0x84f/0x930
[   75.392097][ T1095]  drm_atomic_helper_wait_for_vblanks.part.0+0x84f/0x930
[   75.394758][ T1095]  ? preempt_schedule_thunk+0x1a/0x30
[   75.396784][ T1095]  ? __pfx_drm_atomic_helper_wait_for_vblanks.part.0+0x10/0x10
[   75.400472][ T1095]  ? _raw_spin_unlock_irqrestore+0x61/0x80
[   75.403007][ T1095]  ? drm_atomic_helper_commit_hw_done+0x30e/0x4a0
[   75.405460][ T1095]  drm_atomic_helper_commit_tail+0xcb/0xf0
[   75.407721][ T1095]  commit_tail+0x356/0x410
[   75.409483][ T1095]  process_one_work+0x9c5/0x1b40
[   75.411454][ T1095]  ? __pfx_batadv_nc_worker+0x10/0x10
[   75.413790][ T1095]  ? __pfx_process_one_work+0x10/0x10
[   75.415864][ T1095]  ? assign_work+0x1a0/0x250
[   75.417678][ T1095]  worker_thread+0x6c8/0xf20
[   75.419528][ T1095]  ? __pfx_worker_thread+0x10/0x10
[   75.421676][ T1095]  kthread+0x2c1/0x3a0
[   75.423276][ T1095]  ? _raw_spin_unlock_irq+0x23/0x50
[   75.425381][ T1095]  ? __pfx_kthread+0x10/0x10
[   75.427259][ T1095]  ret_from_fork+0x45/0x80
[   75.429019][ T1095]  ? __pfx_kthread+0x10/0x10
[   75.430811][ T1095]  ret_from_fork_asm+0x1a/0x30
[   75.432665][ T1095]  </TASK>
[   75.433964][ T1095] 
[   75.435014][ T1095] Allocated by task 5407:
[   75.437046][ T1095]  kasan_save_stack+0x33/0x60
[   75.439646][ T1095]  kasan_save_track+0x14/0x30
[   75.443008][ T1095]  __kasan_kmalloc+0xaa/0xb0
[   75.445047][ T1095]  drm_atomic_helper_crtc_duplicate_state+0x70/0xd0
[   75.448270][ T1095]  drm_atomic_get_crtc_state+0x162/0x440
[   75.450965][ T1095]  page_flip_common+0x57/0x320
[   75.452822][ T1095]  drm_atomic_helper_page_flip+0xb6/0x190
[   75.454721][ T1095]  drm_mode_page_flip_ioctl+0x103f/0x1470
[   75.456643][ T1095]  drm_ioctl_kernel+0x1ec/0x3e0
[   75.458294][ T1095]  drm_ioctl+0x5dc/0xc00
[   75.459728][ T1095]  __x64_sys_ioctl+0x193/0x220
[   75.461358][ T1095]  do_syscall_64+0xcd/0x250
[   75.462891][ T1095]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.465348][ T1095] 
[   75.466359][ T1095] Freed by task 5406:
[   75.468006][ T1095]  kasan_save_stack+0x33/0x60
[   75.469958][ T1095]  kasan_save_track+0x14/0x30
[   75.472008][ T1095]  kasan_save_free_info+0x3b/0x60
[   75.474167][ T1095]  poison_slab_object+0xf7/0x160
[   75.476039][ T1095]  __kasan_slab_free+0x32/0x50
[   75.477922][ T1095]  kfree+0x12a/0x3b0
[   75.479613][ T1095]  drm_atomic_state_default_clear+0x3aa/0xde0
[   75.481975][ T1095]  __drm_atomic_state_free+0x185/0x2b0
[   75.484735][ T1095]  drm_client_modeset_commit_atomic+0x6db/0x810
[   75.487940][ T1095]  drm_client_modeset_commit_locked+0x14d/0x580
[   75.490698][ T1095]  drm_client_modeset_commit+0x4f/0x80
[   75.493418][ T1095]  drm_fb_helper_lastclose+0xc7/0x160
[   75.495795][ T1095]  drm_fbdev_generic_client_restore+0x2c/0x40
[   75.498013][ T1095]  drm_client_dev_restore+0x188/0x2a0
[   75.499810][ T1095]  drm_release+0x32f/0x3e0
[   75.501347][ T1095]  __fput+0x408/0xbb0
[   75.502702][ T1095]  __fput_sync+0x47/0x50
[   75.504172][ T1095]  __x64_sys_close+0x86/0x100
[   75.506308][ T1095]  do_syscall_64+0xcd/0x250
[   75.508227][ T1095]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.510951][ T1095] 
[   75.512071][ T1095] The buggy address belongs to the object at ffff88802a3cdc00
[   75.512071][ T1095]  which belongs to the cache kmalloc-512 of size 512
[   75.518322][ T1095] The buggy address is located 9 bytes inside of
[   75.518322][ T1095]  freed 512-byte region [ffff88802a3cdc00, ffff88802a3cde00)
[   75.523868][ T1095] 
[   75.525085][ T1095] The buggy address belongs to the physical page:
[   75.527817][ T1095] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2a3cc
[   75.531172][ T1095] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   75.534391][ T1095] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[   75.537285][ T1095] page_type: 0xffffefff(slab)
[   75.539078][ T1095] raw: 00fff00000000040 ffff888015442c80 0000000000000000 dead000000000001
[   75.542362][ T1095] raw: 0000000000000000 0000000000100010 00000001ffffefff 0000000000000000
[   75.545578][ T1095] head: 00fff00000000040 ffff888015442c80 0000000000000000 dead000000000001
[   75.549080][ T1095] head: 0000000000000000 0000000000100010 00000001ffffefff 0000000000000000
[   75.552440][ T1095] head: 00fff00000000002 ffffea0000a8f301 ffffffffffffffff 0000000000000000
[   75.555846][ T1095] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   75.559366][ T1095] page dumped because: kasan: bad access detected
[   75.563394][ T1095] page_owner tracks the page as allocated
[   75.565586][ T1095] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1273, tgid 1273 (kworker/3:2), ts 54031654328, free_ts 53977427723
[   75.572890][ T1095]  post_alloc_hook+0x2d1/0x350
[   75.574787][ T1095]  get_page_from_freelist+0x1353/0x2e50
[   75.577246][ T1095]  __alloc_pages_noprof+0x22b/0x2460
[   75.579280][ T1095]  alloc_slab_page+0x56/0x110
[   75.581090][ T1095]  new_slab+0x84/0x260
[   75.582671][ T1095]  ___slab_alloc+0xdac/0x1870
[   75.584484][ T1095]  __slab_alloc.constprop.0+0x56/0xb0
[   75.586751][ T1095]  __kmalloc_noprof+0x36d/0x410
[   75.588607][ T1095]  switchdev_deferred_enqueue+0x2b/0x2b0
[   75.590695][ T1095]  switchdev_port_attr_set+0xb5/0x120
[   75.592738][ T1095]  __set_ageing_time+0xc3/0x140
[   75.594606][ T1095]  br_init_port+0x18b/0x250
[   75.596353][ T1095]  br_stp_enable_port+0x15/0x50
[   75.598242][ T1095]  br_port_carrier_check+0x264/0x4c0
[   75.600248][ T1095]  br_device_event+0x50b/0x920
[   75.601928][ T1095]  notifier_call_chain+0xb9/0x410
[   75.603620][ T1095] page last free pid 5203 tgid 5203 stack trace:
[   75.605732][ T1095]  free_unref_page+0x64a/0xe40
[   75.607481][ T1095]  qlist_free_all+0x4e/0x140
[   75.609360][ T1095]  kasan_quarantine_reduce+0x192/0x1e0
[   75.611598][ T1095]  __kasan_slab_alloc+0x69/0x90
[   75.613570][ T1095]  kmem_cache_alloc_node_noprof+0x153/0x310
[   75.616042][ T1095]  __alloc_skb+0x2b1/0x380
[   75.618843][ T1095]  netlink_alloc_large_skb+0x69/0x130
[   75.620864][ T1095]  netlink_sendmsg+0x689/0xd70
[   75.622473][ T1095]  __sys_sendto+0x47f/0x4e0
[   75.624004][ T1095]  __x64_sys_sendto+0xe0/0x1c0
[   75.625911][ T1095]  do_syscall_64+0xcd/0x250
[   75.627701][ T1095]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.629968][ T1095] 
[   75.630898][ T1095] Memory state around the buggy address:
[   75.633029][ T1095]  ffff88802a3cdb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   75.636025][ T1095]  ffff88802a3cdb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   75.639158][ T1095] >ffff88802a3cdc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   75.642178][ T1095]                       ^
[   75.643863][ T1095]  ffff88802a3cdc80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   75.647145][ T1095]  ffff88802a3cdd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   75.649916][ T1095] ==================================================================
[   75.656195][ T1095] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   75.660112][ T1095] CPU: 0 PID: 1095 Comm: kworker/u32:8 Not tainted 6.10.0-syzkaller-gd67978318827 #0
[   75.665235][ T1095] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   75.670238][ T1095] Workqueue: events_unbound commit_work
[   75.672581][ T1095] Call Trace:
[   75.674135][ T1095]  <TASK>
[   75.675391][ T1095]  dump_stack_lvl+0x3d/0x1f0
[   75.677898][ T1095]  panic+0x6f5/0x7a0
[   75.679856][ T1095]  ? __pfx_panic+0x10/0x10
[   75.683521][ T1095]  ? irqentry_exit+0x3b/0x90
[   75.687046][ T1095]  ? lockdep_hardirqs_on+0x7c/0x110
[   75.690293][ T1095]  ? preempt_schedule_thunk+0x1a/0x30
[   75.693453][ T1095]  ? preempt_schedule_common+0x44/0xc0
[   75.695997][ T1095]  ? check_panic_on_warn+0x1f/0xb0
[   75.698494][ T1095]  check_panic_on_warn+0xab/0xb0
[   75.700983][ T1095]  end_report+0x117/0x180
[   75.703137][ T1095]  kasan_report+0xe9/0x110
[   75.705472][ T1095]  ? drm_atomic_helper_wait_for_vblanks.part.0+0x84f/0x930
[   75.709132][ T1095]  ? drm_atomic_helper_wait_for_vblanks.part.0+0x84f/0x930
[   75.712658][ T1095]  drm_atomic_helper_wait_for_vblanks.part.0+0x84f/0x930
[   75.716141][ T1095]  ? preempt_schedule_thunk+0x1a/0x30
[   75.718319][ T1095]  ? __pfx_drm_atomic_helper_wait_for_vblanks.part.0+0x10/0x10
[   75.721713][ T1095]  ? _raw_spin_unlock_irqrestore+0x61/0x80
[   75.723714][ T1095]  ? drm_atomic_helper_commit_hw_done+0x30e/0x4a0
[   75.725966][ T1095]  drm_atomic_helper_commit_tail+0xcb/0xf0
[   75.727925][ T1095]  commit_tail+0x356/0x410
[   75.729616][ T1095]  process_one_work+0x9c5/0x1b40
[   75.731581][ T1095]  ? __pfx_batadv_nc_worker+0x10/0x10
[   75.733910][ T1095]  ? __pfx_process_one_work+0x10/0x10
[   75.736404][ T1095]  ? assign_work+0x1a0/0x250
[   75.738736][ T1095]  worker_thread+0x6c8/0xf20
[   75.740533][ T1095]  ? __pfx_worker_thread+0x10/0x10
[   75.742553][ T1095]  kthread+0x2c1/0x3a0
[   75.744826][ T1095]  ? _raw_spin_unlock_irq+0x23/0x50
[   75.747628][ T1095]  ? __pfx_kthread+0x10/0x10
[   75.749772][ T1095]  ret_from_fork+0x45/0x80
[   75.751731][ T1095]  ? __pfx_kthread+0x10/0x10
[   75.753800][ T1095]  ret_from_fork_asm+0x1a/0x30
[   75.755612][ T1095]  </TASK>
[   75.764974][ T1095] Kernel Offset: disabled
[   75.767274][ T1095] Rebooting in 86400 seconds..