Warning: Permanently added '[localhost]:30061' (ED25519) to the list of known hosts.
2024/10/02 08:49:09 ignoring optional flag "sandboxArg"="0"
2024/10/02 08:49:09 ignoring optional flag "type"="qemu"
2024/10/02 08:49:10 parsed 1 programs
[ 59.093314][ T39] audit: type=1400 audit(1727858950.081:134): avc: denied { getattr } for pid=5451 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 59.150349][ T39] audit: type=1400 audit(1727858950.141:135): avc: denied { unlink } for pid=5457 comm="syz-executor" name="swap-file" dev="sda1" ino=1931 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 60.101670][ T5457] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
2024/10/02 08:49:11 executed programs: 0
[ 60.139937][ T66] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 60.143528][ T66] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 60.147247][ T66] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 60.150969][ T66] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 60.154187][ T66] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 60.157377][ T66] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 60.258303][ T5463] chnl_net:caif_netlink_parms(): no params data found
[ 60.307956][ T5463] bridge0: port 1(bridge_slave_0) entered blocking state
[ 60.309913][ T5463] bridge0: port 1(bridge_slave_0) entered disabled state
[ 60.311797][ T5463] bridge_slave_0: entered allmulticast mode
[ 60.313828][ T5463] bridge_slave_0: entered promiscuous mode
[ 60.316376][ T5463] bridge0: port 2(bridge_slave_1) entered blocking state
[ 60.318648][ T5463] bridge0: port 2(bridge_slave_1) entered disabled state
[ 60.321039][ T5463] bridge_slave_1: entered allmulticast mode
[ 60.323037][ T5463] bridge_slave_1: entered promiscuous mode
[ 60.346739][ T5463] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 60.350301][ T5463] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 60.372834][ T5463] team0: Port device team_slave_0 added
[ 60.375614][ T5463] team0: Port device team_slave_1 added
[ 60.402526][ T5463] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 60.404627][ T5463] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 60.411101][ T5463] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 60.414427][ T5463] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 60.416075][ T5463] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 60.422254][ T5463] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 60.445410][ T5463] hsr_slave_0: entered promiscuous mode
[ 60.447497][ T5463] hsr_slave_1: entered promiscuous mode
[ 60.881217][ T5463] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 60.884989][ T5463] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 60.888728][ T5463] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 60.892138][ T5463] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 60.908961][ T5463] bridge0: port 2(bridge_slave_1) entered blocking state
[ 60.910903][ T5463] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 60.912987][ T5463] bridge0: port 1(bridge_slave_0) entered blocking state
[ 60.914947][ T5463] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 60.940850][ T5463] 8021q: adding VLAN 0 to HW filter on device bond0
[ 60.951145][ T76] bridge0: port 1(bridge_slave_0) entered disabled state
[ 60.955356][ T76] bridge0: port 2(bridge_slave_1) entered disabled state
[ 60.972400][ T5463] 8021q: adding VLAN 0 to HW filter on device team0
[ 60.984806][ T76] bridge0: port 1(bridge_slave_0) entered blocking state
[ 60.987173][ T76] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 60.990635][ T76] bridge0: port 2(bridge_slave_1) entered blocking state
[ 60.993090][ T76] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 61.120207][ T5463] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 61.144864][ T5463] veth0_vlan: entered promiscuous mode
[ 61.150526][ T5463] veth1_vlan: entered promiscuous mode
[ 61.164048][ T5463] veth0_macvtap: entered promiscuous mode
[ 61.169982][ T5463] veth1_macvtap: entered promiscuous mode
[ 61.181219][ T5463] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 61.187590][ T5463] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 61.193365][ T5463] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 61.197238][ T5463] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 61.199924][ T5463] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 61.202458][ T5463] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 61.240815][ T76] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 61.243423][ T76] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 61.262007][ T76] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 61.264748][ T76] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 61.292614][ T39] audit: type=1400 audit(1727858952.281:136): avc: denied { read } for pid=5514 comm="syz-executor.0" name="card2" dev="devtmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[ 61.297555][ T76] ==================================================================
[ 61.301180][ T39] audit: type=1400 audit(1727858952.281:137): avc: denied { open } for pid=5514 comm="syz-executor.0" path="/dev/dri/card2" dev="devtmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[ 61.303843][ T76] BUG: KASAN: slab-use-after-free in drm_atomic_helper_wait_for_vblanks.part.0+0x851/0x930
[ 61.312841][ T39] audit: type=1400 audit(1727858952.281:138): avc: denied { ioctl } for pid=5514 comm="syz-executor.0" path="/dev/dri/card2" dev="devtmpfs" ino=639 ioctlcmd=0x64a0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[ 61.314792][ T76] Read of size 1 at addr ffff8880337b0009 by task kworker/u32:4/76
[ 61.326744][ T76]
[ 61.327624][ T76] CPU: 3 UID: 0 PID: 76 Comm: kworker/u32:4 Not tainted 6.12.0-rc1-syzkaller-ge32cde8d2bd7 #0
[ 61.331350][ T76] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 61.335298][ T76] Workqueue: events_unbound commit_work
[ 61.336840][ T76] Call Trace:
[ 61.337775][ T76]
[ 61.338808][ T76] dump_stack_lvl+0x116/0x1f0
[ 61.340601][ T76] print_report+0xc3/0x620
[ 61.342265][ T76] ? __virt_addr_valid+0x5e/0x590
[ 61.344029][ T76] ? __phys_addr+0xc6/0x150
[ 61.345617][ T76] kasan_report+0xd9/0x110
[ 61.347156][ T76] ? drm_atomic_helper_wait_for_vblanks.part.0+0x851/0x930
[ 61.349655][ T76] ? drm_atomic_helper_wait_for_vblanks.part.0+0x851/0x930
[ 61.352182][ T76] drm_atomic_helper_wait_for_vblanks.part.0+0x851/0x930
[ 61.354599][ T76] ? preempt_schedule_thunk+0x1a/0x30
[ 61.356499][ T76] ? __pfx_drm_atomic_helper_wait_for_vblanks.part.0+0x10/0x10
[ 61.359158][ T76] ? _raw_spin_unlock_irqrestore+0x61/0x80
[ 61.361214][ T76] ? drm_atomic_helper_commit_hw_done+0x325/0x490
[ 61.363144][ T76] drm_atomic_helper_commit_tail+0xcb/0xf0
[ 61.365227][ T76] commit_tail+0x353/0x400
[ 61.366510][ T76] process_one_work+0x9c5/0x1ba0
[ 61.367911][ T76] ? __pfx_lock_acquire.part.0+0x10/0x10
[ 61.369731][ T76] ? __pfx_process_one_work+0x10/0x10
[ 61.371524][ T76] ? assign_work+0x1a0/0x250
[ 61.373206][ T76] worker_thread+0x6c8/0xf00
[ 61.374830][ T76] ? __pfx_worker_thread+0x10/0x10
[ 61.376598][ T76] kthread+0x2c1/0x3a0
[ 61.378087][ T76] ? _raw_spin_unlock_irq+0x23/0x50
[ 61.379968][ T76] ? __pfx_kthread+0x10/0x10
[ 61.381661][ T76] ret_from_fork+0x45/0x80
[ 61.383228][ T76] ? __pfx_kthread+0x10/0x10
[ 61.384878][ T76] ret_from_fork_asm+0x1a/0x30
[ 61.386648][ T76]
[ 61.387722][ T76]
[ 61.388615][ T76] Allocated by task 5516:
[ 61.390146][ T76] kasan_save_stack+0x33/0x60
[ 61.391880][ T76] kasan_save_track+0x14/0x30
[ 61.393592][ T76] __kasan_kmalloc+0xaa/0xb0
[ 61.395261][ T76] drm_atomic_helper_crtc_duplicate_state+0x70/0xd0
[ 61.397505][ T76] drm_atomic_get_crtc_state+0x162/0x440
[ 61.399468][ T76] page_flip_common+0x57/0x320
[ 61.400825][ T76] drm_atomic_helper_page_flip+0xb6/0x180
[ 61.402502][ T76] drm_mode_page_flip_ioctl+0x1044/0x1470
[ 61.404451][ T76] drm_ioctl_kernel+0x1e6/0x3d0
[ 61.406139][ T76] drm_ioctl+0x5d6/0xc00
[ 61.407639][ T76] __x64_sys_ioctl+0x18f/0x220
[ 61.409336][ T76] do_syscall_64+0xcd/0x250
[ 61.410992][ T76] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 61.412857][ T76]
[ 61.413497][ T76] Freed by task 5514:
[ 61.414552][ T76] kasan_save_stack+0x33/0x60
[ 61.415801][ T76] kasan_save_track+0x14/0x30
[ 61.417054][ T76] kasan_save_free_info+0x3b/0x60
[ 61.418383][ T76] __kasan_slab_free+0x51/0x70
[ 61.419638][ T76] kfree+0x14f/0x4b0
[ 61.420687][ T76] drm_atomic_state_default_clear+0x43c/0xe00
[ 61.422280][ T76] __drm_atomic_state_free+0x185/0x2b0
[ 61.423709][ T76] drm_client_modeset_commit_atomic+0x6c5/0x800
[ 61.425349][ T76] drm_client_modeset_commit_locked+0x14d/0x580
[ 61.426983][ T76] drm_client_modeset_commit+0x4f/0x80
[ 61.428547][ T76] drm_fb_helper_lastclose+0xc7/0x160
[ 61.430330][ T76] drm_fbdev_shmem_client_restore+0x2c/0x40
[ 61.432533][ T76] drm_client_dev_restore+0x188/0x2a0
[ 61.434533][ T76] drm_release+0x2c2/0x360
[ 61.436105][ T76] __fput+0x3f6/0xb60
[ 61.437210][ T76] __fput_sync+0x45/0x50
[ 61.438362][ T76] __x64_sys_close+0x86/0x100
[ 61.439655][ T76] do_syscall_64+0xcd/0x250
[ 61.440965][ T76] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 61.442542][ T76]
[ 61.443231][ T76] The buggy address belongs to the object at ffff8880337b0000
[ 61.443231][ T76] which belongs to the cache kmalloc-512 of size 512
[ 61.448035][ T76] The buggy address is located 9 bytes inside of
[ 61.448035][ T76] freed 512-byte region [ffff8880337b0000, ffff8880337b0200)
[ 61.452743][ T76]
[ 61.453628][ T76] The buggy address belongs to the physical page:
[ 61.455900][ T76] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x337b0
[ 61.459075][ T76] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 61.462167][ T76] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 61.465087][ T76] page_type: f5(slab)
[ 61.466547][ T76] raw: 00fff00000000040 ffff88801b042c80 0000000000000000 dead000000000001
[ 61.469750][ T76] raw: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000
[ 61.472869][ T76] head: 00fff00000000040 ffff88801b042c80 0000000000000000 dead000000000001
[ 61.475910][ T76] head: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000
[ 61.479004][ T76] head: 00fff00000000002 ffffea0000cdec01 ffffffffffffffff 0000000000000000
[ 61.481549][ T76] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[ 61.484007][ T76] page dumped because: kasan: bad access detected
[ 61.485859][ T76] page_owner tracks the page as allocated
[ 61.487648][ T76] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5343, tgid 5343 (syz-executor.0), ts 44334981971, free_ts 0
[ 61.493511][ T76] post_alloc_hook+0x2d1/0x350
[ 61.494827][ T76] get_page_from_freelist+0x101e/0x3070
[ 61.496401][ T76] __alloc_pages_noprof+0x223/0x25c0
[ 61.497874][ T76] alloc_pages_mpol_noprof+0x2c9/0x610
[ 61.499345][ T76] new_slab+0x2ba/0x3f0
[ 61.500597][ T76] ___slab_alloc+0xdac/0x1880
[ 61.501890][ T76] __slab_alloc.constprop.0+0x56/0xb0
[ 61.503390][ T76] __kmalloc_noprof+0x367/0x400
[ 61.504707][ T76] tomoyo_init_log+0x13c7/0x2170
[ 61.506083][ T76] tomoyo_supervisor+0x30c/0xea0
[ 61.507491][ T76] tomoyo_path_number_perm+0x441/0x590
[ 61.509007][ T76] security_file_ioctl+0x9b/0x240
[ 61.510561][ T76] __x64_sys_ioctl+0xbb/0x220
[ 61.512069][ T76] do_syscall_64+0xcd/0x250
[ 61.513655][ T76] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 61.515543][ T76] page_owner free stack trace missing
[ 61.517163][ T76]
[ 61.517898][ T76] Memory state around the buggy address:
[ 61.519581][ T76] ffff8880337aff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 61.522521][ T76] ffff8880337aff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 61.525303][ T76] >ffff8880337b0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 61.528115][ T76] ^
[ 61.529489][ T76] ffff8880337b0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 61.532401][ T76] ffff8880337b0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 61.535215][ T76] ==================================================================
[ 61.539025][ T76] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 61.541694][ T76] CPU: 3 UID: 0 PID: 76 Comm: kworker/u32:4 Not tainted 6.12.0-rc1-syzkaller-ge32cde8d2bd7 #0
[ 61.545302][ T76] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 61.549471][ T76] Workqueue: events_unbound commit_work
[ 61.551453][ T76] Call Trace:
[ 61.552686][ T76]
[ 61.553793][ T76] dump_stack_lvl+0x3d/0x1f0
[ 61.555520][ T76] panic+0x71d/0x800
[ 61.556995][ T76] ? __pfx_panic+0x10/0x10
[ 61.558662][ T76] ? irqentry_exit+0x3b/0x90
[ 61.560410][ T76] ? lockdep_hardirqs_on+0x7c/0x110
[ 61.562318][ T76] ? preempt_schedule_thunk+0x1a/0x30
[ 61.564294][ T76] ? preempt_schedule_common+0x44/0xc0
[ 61.566304][ T76] ? check_panic_on_warn+0x1f/0xb0
[ 61.568199][ T76] check_panic_on_warn+0xab/0xb0
[ 61.570023][ T76] end_report+0x117/0x180
[ 61.573148][ T76] kasan_report+0xe9/0x110
[ 61.574821][ T76] ? drm_atomic_helper_wait_for_vblanks.part.0+0x851/0x930
[ 61.577475][ T76] ? drm_atomic_helper_wait_for_vblanks.part.0+0x851/0x930
[ 61.580002][ T76] drm_atomic_helper_wait_for_vblanks.part.0+0x851/0x930
[ 61.582357][ T76] ? preempt_schedule_thunk+0x1a/0x30
[ 61.584213][ T76] ? __pfx_drm_atomic_helper_wait_for_vblanks.part.0+0x10/0x10
[ 61.586853][ T76] ? _raw_spin_unlock_irqrestore+0x61/0x80
[ 61.588894][ T76] ? drm_atomic_helper_commit_hw_done+0x325/0x490
[ 61.591187][ T76] drm_atomic_helper_commit_tail+0xcb/0xf0
[ 61.593410][ T76] commit_tail+0x353/0x400
[ 61.596823][ T76] process_one_work+0x9c5/0x1ba0
[ 61.598687][ T76] ? __pfx_lock_acquire.part.0+0x10/0x10
[ 61.600716][ T76] ? __pfx_process_one_work+0x10/0x10
[ 61.602567][ T76] ? assign_work+0x1a0/0x250
[ 61.604238][ T76] worker_thread+0x6c8/0xf00
[ 61.605961][ T76] ? __pfx_worker_thread+0x10/0x10
[ 61.607875][ T76] kthread+0x2c1/0x3a0
[ 61.609419][ T76] ? _raw_spin_unlock_irq+0x23/0x50
[ 61.611344][ T76] ? __pfx_kthread+0x10/0x10
[ 61.613054][ T76] ret_from_fork+0x45/0x80
[ 61.614592][ T76] ? __pfx_kthread+0x10/0x10
[ 61.616199][ T76] ret_from_fork_asm+0x1a/0x30
[ 61.617848][ T76]
[ 61.619506][ T76] Kernel Offset: disabled
[ 61.621136][ T76] Rebooting in 86400 seconds..