Warning: Permanently added '[localhost]:6695' (ED25519) to the list of known hosts.
2024/12/11 09:15:19 ignoring optional flag "sandboxArg"="0"
2024/12/11 09:15:19 ignoring optional flag "type"="qemu"
2024/12/11 09:15:19 parsed 1 programs
[ 58.351853][ T39] audit: type=1400 audit(1733908519.668:134): avc: denied { getattr } for pid=6048 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 58.409149][ T39] audit: type=1400 audit(1733908519.728:135): avc: denied { unlink } for pid=6054 comm="syz-executor" name="swap-file" dev="sda1" ino=1931 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 59.534874][ T6054] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
2024/12/11 09:15:20 executed programs: 0
[ 59.600440][ T5946] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 59.603908][ T5946] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 59.606784][ T5946] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 59.609997][ T5946] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 59.612067][ T5946] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 59.614072][ T5946] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 59.688953][ T6059] chnl_net:caif_netlink_parms(): no params data found
[ 59.728395][ T6059] bridge0: port 1(bridge_slave_0) entered blocking state
[ 59.730313][ T6059] bridge0: port 1(bridge_slave_0) entered disabled state
[ 59.732198][ T6059] bridge_slave_0: entered allmulticast mode
[ 59.734232][ T6059] bridge_slave_0: entered promiscuous mode
[ 59.738003][ T6059] bridge0: port 2(bridge_slave_1) entered blocking state
[ 59.740141][ T6059] bridge0: port 2(bridge_slave_1) entered disabled state
[ 59.741994][ T6059] bridge_slave_1: entered allmulticast mode
[ 59.744061][ T6059] bridge_slave_1: entered promiscuous mode
[ 59.764243][ T6059] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 59.768789][ T6059] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 59.788603][ T6059] team0: Port device team_slave_0 added
[ 59.791968][ T6059] team0: Port device team_slave_1 added
[ 59.810468][ T6059] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 59.812342][ T6059] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 59.819677][ T6059] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 59.823350][ T6059] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 59.825174][ T6059] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 59.832086][ T6059] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 59.854990][ T6059] hsr_slave_0: entered promiscuous mode
[ 59.857738][ T6059] hsr_slave_1: entered promiscuous mode
[ 60.318300][ T6059] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 60.323303][ T6059] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 60.327758][ T6059] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 60.331498][ T6059] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 60.340507][ T6059] bridge0: port 2(bridge_slave_1) entered blocking state
[ 60.342331][ T6059] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 60.344277][ T6059] bridge0: port 1(bridge_slave_0) entered blocking state
[ 60.346042][ T6059] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 60.376087][ T6059] 8021q: adding VLAN 0 to HW filter on device bond0
[ 60.387175][ T1139] bridge0: port 1(bridge_slave_0) entered disabled state
[ 60.390040][ T1139] bridge0: port 2(bridge_slave_1) entered disabled state
[ 60.401166][ T6059] 8021q: adding VLAN 0 to HW filter on device team0
[ 60.405846][ T1137] bridge0: port 1(bridge_slave_0) entered blocking state
[ 60.407714][ T1137] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 60.412175][ T75] bridge0: port 2(bridge_slave_1) entered blocking state
[ 60.414750][ T75] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 60.516581][ T6059] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 60.536582][ T6059] veth0_vlan: entered promiscuous mode
[ 60.540272][ T6059] veth1_vlan: entered promiscuous mode
[ 60.553408][ T6059] veth0_macvtap: entered promiscuous mode
[ 60.557187][ T6059] veth1_macvtap: entered promiscuous mode
[ 60.563478][ T6059] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 60.570742][ T6059] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 60.575881][ T6059] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 60.581244][ T6059] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 60.584370][ T6059] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 60.587710][ T6059] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 60.619261][ T1137] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 60.621734][ T1137] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 60.635730][ T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 60.639161][ T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 60.657458][ T39] audit: type=1400 audit(1733908521.978:136): avc: denied { read } for pid=6113 comm="syz-executor.0" name="card2" dev="devtmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[ 60.664992][ T39] audit: type=1400 audit(1733908521.978:137): avc: denied { open } for pid=6113 comm="syz-executor.0" path="/dev/dri/card2" dev="devtmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[ 60.672700][ T39] audit: type=1400 audit(1733908521.978:138): avc: denied { ioctl } for pid=6113 comm="syz-executor.0" path="/dev/dri/card2" dev="devtmpfs" ino=639 ioctlcmd=0x64a0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[ 61.629952][ T5946] Bluetooth: hci0: command tx timeout
[ 63.707048][ T5946] Bluetooth: hci0: command tx timeout
[ 63.819134][ T12] ==================================================================
[ 63.821759][ T12] BUG: KASAN: slab-use-after-free in drm_atomic_helper_wait_for_vblanks.part.0+0x851/0x930
[ 63.824225][ T12] Read of size 1 at addr ffff888027631809 by task kworker/u32:1/12
[ 63.828192][ T12]
[ 63.829375][ T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u32:1 Not tainted 6.13.0-rc2-syzkaller-gf92f4749861b #0
[ 63.832066][ T12] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 63.834958][ T12] Workqueue: events_unbound commit_work
[ 63.836553][ T12] Call Trace:
[ 63.837496][ T12]
[ 63.838314][ T12] dump_stack_lvl+0x116/0x1f0
[ 63.839900][ T12] print_report+0xc3/0x620
[ 63.841458][ T12] ? __virt_addr_valid+0x5e/0x590
[ 63.843156][ T12] ? __phys_addr+0xc6/0x150
[ 63.844737][ T12] kasan_report+0xd9/0x110
[ 63.845947][ T12] ? drm_atomic_helper_wait_for_vblanks.part.0+0x851/0x930
[ 63.847844][ T12] ? drm_atomic_helper_wait_for_vblanks.part.0+0x851/0x930
[ 63.849714][ T12] drm_atomic_helper_wait_for_vblanks.part.0+0x851/0x930
[ 63.851539][ T12] ? preempt_schedule_thunk+0x1a/0x30
[ 63.852929][ T12] ? __pfx_drm_atomic_helper_wait_for_vblanks.part.0+0x10/0x10
[ 63.854912][ T12] ? _raw_spin_unlock_irqrestore+0x61/0x80
[ 63.856508][ T12] ? drm_atomic_helper_commit_hw_done+0x325/0x490
[ 63.858221][ T12] drm_atomic_helper_commit_tail+0xcb/0xf0
[ 63.859770][ T12] commit_tail+0x353/0x400
[ 63.861003][ T12] process_one_work+0x9c5/0x1ba0
[ 63.862376][ T12] ? __pfx_lock_acquire.part.0+0x10/0x10
[ 63.864261][ T12] ? __pfx_process_one_work+0x10/0x10
[ 63.866092][ T12] ? rcu_is_watching+0x12/0xc0
[ 63.867411][ T12] ? assign_work+0x1a0/0x250
[ 63.868615][ T12] worker_thread+0x6c8/0xf00
[ 63.869835][ T12] ? __pfx_worker_thread+0x10/0x10
[ 63.871162][ T12] kthread+0x2c1/0x3a0
[ 63.872241][ T12] ? _raw_spin_unlock_irq+0x23/0x50
[ 63.873590][ T12] ? __pfx_kthread+0x10/0x10
[ 63.874817][ T12] ret_from_fork+0x45/0x80
[ 63.876008][ T12] ? __pfx_kthread+0x10/0x10
[ 63.877271][ T12] ret_from_fork_asm+0x1a/0x30
[ 63.878522][ T12]
[ 63.879334][ T12]
[ 63.879957][ T12] Allocated by task 6553:
[ 63.881072][ T12] kasan_save_stack+0x33/0x60
[ 63.882329][ T12] kasan_save_track+0x14/0x30
[ 63.883874][ T12] __kasan_kmalloc+0xaa/0xb0
[ 63.885443][ T12] drm_atomic_helper_crtc_duplicate_state+0x70/0xd0
[ 63.887469][ T12] drm_atomic_get_crtc_state+0x162/0x440
[ 63.889056][ T12] page_flip_common+0x57/0x320
[ 63.890310][ T12] drm_atomic_helper_page_flip+0xb6/0x180
[ 63.891793][ T12] drm_mode_page_flip_ioctl+0x1036/0x1460
[ 63.893258][ T12] drm_ioctl_kernel+0x1e6/0x3d0
[ 63.894526][ T12] drm_ioctl+0x5d6/0xc00
[ 63.895649][ T12] __x64_sys_ioctl+0x190/0x200
[ 63.897049][ T12] do_syscall_64+0xcd/0x250
[ 63.898157][ T12] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 63.899719][ T12]
[ 63.900350][ T12] Freed by task 6552:
[ 63.901399][ T12] kasan_save_stack+0x33/0x60
[ 63.902631][ T12] kasan_save_track+0x14/0x30
[ 63.903890][ T12] kasan_save_free_info+0x3b/0x60
[ 63.905215][ T12] __kasan_slab_free+0x51/0x70
[ 63.906497][ T12] kfree+0x14f/0x4b0
[ 63.907544][ T12] drm_atomic_state_default_clear+0x43c/0xe00
[ 63.909121][ T12] __drm_atomic_state_free+0x185/0x2b0
[ 63.910557][ T12] drm_client_modeset_commit_atomic+0x6b7/0x7f0
[ 63.912201][ T12] drm_client_modeset_commit_locked+0x14d/0x580
[ 63.914001][ T12] drm_client_modeset_commit+0x4f/0x80
[ 63.915514][ T12] drm_fb_helper_lastclose+0xc7/0x160
[ 63.917292][ T12] drm_fbdev_client_restore+0x2c/0x40
[ 63.919061][ T12] drm_client_dev_restore+0x188/0x2a0
[ 63.920499][ T12] drm_release+0x2c2/0x360
[ 63.921732][ T12] __fput+0x3f8/0xb60
[ 63.922802][ T12] __fput_sync+0xa1/0xc0
[ 63.924022][ T12] __x64_sys_close+0x86/0x100
[ 63.925251][ T12] do_syscall_64+0xcd/0x250
[ 63.926446][ T12] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 63.927990][ T12]
[ 63.928647][ T12] The buggy address belongs to the object at ffff888027631800
[ 63.928647][ T12] which belongs to the cache kmalloc-512 of size 512
[ 63.932313][ T12] The buggy address is located 9 bytes inside of
[ 63.932313][ T12] freed 512-byte region [ffff888027631800, ffff888027631a00)
[ 63.936216][ T12]
[ 63.936885][ T12] The buggy address belongs to the physical page:
[ 63.938612][ T12] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x27630
[ 63.940993][ T12] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 63.943169][ T12] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 63.945221][ T12] page_type: f5(slab)
[ 63.946269][ T12] raw: 00fff00000000040 ffff88801b042c80 0000000000000000 dead000000000001
[ 63.948692][ T12] raw: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000
[ 63.950914][ T12] head: 00fff00000000040 ffff88801b042c80 0000000000000000 dead000000000001
[ 63.953151][ T12] head: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000
[ 63.955404][ T12] head: 00fff00000000002 ffffea00009d8c01 ffffffffffffffff 0000000000000000
[ 63.957611][ T12] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[ 63.959846][ T12] page dumped because: kasan: bad access detected
[ 63.961489][ T12] page_owner tracks the page as allocated
[ 63.962944][ T12] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 10472942576, free_ts 0
[ 63.968111][ T12] post_alloc_hook+0x2d1/0x350
[ 63.969435][ T12] get_page_from_freelist+0xfce/0x2f80
[ 63.970958][ T12] __alloc_pages_noprof+0x223/0x25b0
[ 63.972471][ T12] alloc_pages_mpol_noprof+0x2c9/0x610
[ 63.974001][ T12] new_slab+0x2c9/0x410
[ 63.975080][ T12] ___slab_alloc+0xdac/0x1870
[ 63.976358][ T12] __slab_alloc.constprop.0+0x56/0xb0
[ 63.977785][ T12] __kmalloc_cache_noprof+0xfa/0x410
[ 63.979155][ T12] device_add+0xccf/0x1a70
[ 63.980340][ T12] usb_create_ep_devs+0x160/0x2b0
[ 63.981768][ T12] usb_new_device+0x104a/0x1a10
[ 63.983172][ T12] register_root_hub+0x299/0x730
[ 63.984498][ T12] usb_add_hcd+0xa77/0x16a0
[ 63.985690][ T12] usb_hcd_pci_probe+0x7e4/0xd90
[ 63.987004][ T12] local_pci_probe+0xde/0x1b0
[ 63.988246][ T12] pci_device_probe+0x676/0x7a0
[ 63.989508][ T12] page_owner free stack trace missing
[ 63.990905][ T12]
[ 63.991552][ T12] Memory state around the buggy address:
[ 63.993003][ T12] ffff888027631700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 63.995062][ T12] ffff888027631780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 63.997205][ T12] >ffff888027631800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 63.999276][ T12] ^
[ 64.000410][ T12] ffff888027631880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 64.002481][ T12] ffff888027631900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 64.004560][ T12] ==================================================================
[ 64.007311][ T12] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 64.009471][ T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u32:1 Not tainted 6.13.0-rc2-syzkaller-gf92f4749861b #0
[ 64.012293][ T12] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 64.015413][ T12] Workqueue: events_unbound commit_work
[ 64.017235][ T12] Call Trace:
[ 64.018480][ T12]
[ 64.019573][ T12] dump_stack_lvl+0x3d/0x1f0
[ 64.021319][ T12] panic+0x71d/0x800
[ 64.022778][ T12] ? __pfx_panic+0x10/0x10
[ 64.024458][ T12] ? irqentry_exit+0x3b/0x90
[ 64.026188][ T12] ? lockdep_hardirqs_on+0x7c/0x110
[ 64.028158][ T12] ? preempt_schedule_thunk+0x1a/0x30
[ 64.030034][ T12] ? preempt_schedule_common+0x44/0xc0
[ 64.031908][ T12] ? check_panic_on_warn+0x1f/0xb0
[ 64.033711][ T12] check_panic_on_warn+0xab/0xb0
[ 64.035538][ T12] end_report+0x117/0x180
[ 64.037118][ T12] kasan_report+0xe9/0x110
[ 64.038723][ T12] ? drm_atomic_helper_wait_for_vblanks.part.0+0x851/0x930
[ 64.041270][ T12] ? drm_atomic_helper_wait_for_vblanks.part.0+0x851/0x930
[ 64.043794][ T12] drm_atomic_helper_wait_for_vblanks.part.0+0x851/0x930
[ 64.046226][ T12] ? preempt_schedule_thunk+0x1a/0x30
[ 64.048105][ T12] ? __pfx_drm_atomic_helper_wait_for_vblanks.part.0+0x10/0x10
[ 64.050752][ T12] ? _raw_spin_unlock_irqrestore+0x61/0x80
[ 64.052803][ T12] ? drm_atomic_helper_commit_hw_done+0x325/0x490
[ 64.055058][ T12] drm_atomic_helper_commit_tail+0xcb/0xf0
[ 64.057095][ T12] commit_tail+0x353/0x400
[ 64.058680][ T12] process_one_work+0x9c5/0x1ba0
[ 64.060440][ T12] ? __pfx_lock_acquire.part.0+0x10/0x10
[ 64.062394][ T12] ? __pfx_process_one_work+0x10/0x10
[ 64.064273][ T12] ? rcu_is_watching+0x12/0xc0
[ 64.066003][ T12] ? assign_work+0x1a0/0x250
[ 64.067755][ T12] worker_thread+0x6c8/0xf00
[ 64.069535][ T12] ? __pfx_worker_thread+0x10/0x10
[ 64.071605][ T12] kthread+0x2c1/0x3a0
[ 64.073308][ T12] ? _raw_spin_unlock_irq+0x23/0x50
[ 64.075323][ T12] ? __pfx_kthread+0x10/0x10
[ 64.076939][ T12] ret_from_fork+0x45/0x80
[ 64.078485][ T12] ? __pfx_kthread+0x10/0x10
[ 64.080122][ T12] ret_from_fork_asm+0x1a/0x30
[ 64.081804][ T12]
[ 64.083483][ T12] Kernel Offset: disabled
[ 64.084990][ T12] Rebooting in 86400 seconds..