Warning: Permanently added '[localhost]:30204' (ED25519) to the list of known hosts.
2025/05/13 04:58:48 ignoring optional flag "sandboxArg"="0"
2025/05/13 04:58:48 ignoring optional flag "type"="qemu"
2025/05/13 04:58:48 parsed 1 programs
[   65.300413][   T40] audit: type=1400 audit(1747112328.946:113): avc:  denied  { getattr } for  pid=6065 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   65.406542][   T40] audit: type=1400 audit(1747112329.056:114): avc:  denied  { unlink } for  pid=6072 comm="syz-executor" name="swap-file" dev="sda1" ino=2027 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   66.352724][ T6072] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
2025/05/13 04:58:50 executed programs: 0
[   66.395374][   T67] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   66.398137][   T67] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   66.401319][   T67] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   66.406605][   T67] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   66.410358][   T67] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   66.531630][ T6077] chnl_net:caif_netlink_parms(): no params data found
[   66.627881][ T6077] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.630698][ T6077] bridge0: port 1(bridge_slave_0) entered disabled state
[   66.633916][ T6077] bridge_slave_0: entered allmulticast mode
[   66.637011][ T6077] bridge_slave_0: entered promiscuous mode
[   66.641119][ T6077] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.644048][ T6077] bridge0: port 2(bridge_slave_1) entered disabled state
[   66.646870][ T6077] bridge_slave_1: entered allmulticast mode
[   66.650177][ T6077] bridge_slave_1: entered promiscuous mode
[   66.681056][ T6077] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   66.687369][ T6077] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   66.720117][ T6077] team0: Port device team_slave_0 added
[   66.724010][ T6077] team0: Port device team_slave_1 added
[   66.758799][ T6077] batman_adv: batadv0: Adding interface: batadv_slave_0
[   66.761521][ T6077] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   66.771452][ T6077] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   66.778223][ T6077] batman_adv: batadv0: Adding interface: batadv_slave_1
[   66.780879][ T6077] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   66.790798][ T6077] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   66.827564][ T6077] hsr_slave_0: entered promiscuous mode
[   66.830362][ T6077] hsr_slave_1: entered promiscuous mode
[   67.346367][ T6077] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   67.351005][ T6077] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   67.355644][ T6077] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   67.360799][ T6077] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   67.373913][ T6077] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.376205][ T6077] bridge0: port 2(bridge_slave_1) entered forwarding state
[   67.378673][ T6077] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.380935][ T6077] bridge0: port 1(bridge_slave_0) entered forwarding state
[   67.415470][ T6077] 8021q: adding VLAN 0 to HW filter on device bond0
[   67.425543][   T46] bridge0: port 1(bridge_slave_0) entered disabled state
[   67.428498][   T46] bridge0: port 2(bridge_slave_1) entered disabled state
[   67.439244][ T6077] 8021q: adding VLAN 0 to HW filter on device team0
[   67.446421][   T58] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.448707][   T58] bridge0: port 1(bridge_slave_0) entered forwarding state
[   67.455428][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.457729][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   67.570305][ T6077] 8021q: adding VLAN 0 to HW filter on device batadv0
[   67.596120][ T6077] veth0_vlan: entered promiscuous mode
[   67.601388][ T6077] veth1_vlan: entered promiscuous mode
[   67.618784][ T6077] veth0_macvtap: entered promiscuous mode
[   67.623580][ T6077] veth1_macvtap: entered promiscuous mode
[   67.631951][ T6077] batman_adv: batadv0: Interface activated: batadv_slave_0
[   67.640251][ T6077] batman_adv: batadv0: Interface activated: batadv_slave_1
[   67.645351][ T6077] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   67.648006][ T6077] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   67.650653][ T6077] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   67.653507][ T6077] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   67.684908][ T1140] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.687537][ T1140] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.702959][ T1140] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.706101][ T1140] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.728556][   T40] audit: type=1400 audit(1747112331.376:115): avc:  denied  { read } for  pid=6131 comm="syz-executor.0" name="card2" dev="devtmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[   67.739766][   T40] audit: type=1400 audit(1747112331.376:116): avc:  denied  { open } for  pid=6131 comm="syz-executor.0" path="/dev/dri/card2" dev="devtmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[   67.750548][   T40] audit: type=1400 audit(1747112331.376:117): avc:  denied  { ioctl } for  pid=6131 comm="syz-executor.0" path="/dev/dri/card2" dev="devtmpfs" ino=639 ioctlcmd=0x64a0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[   67.965895][   T13] ==================================================================
[   67.968769][   T13] BUG: KASAN: slab-use-after-free in drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0
[   67.972211][   T13] Read of size 1 at addr ffff888024266c09 by task kworker/u32:1/13
[   67.976492][   T13] 
[   67.977349][   T13] CPU: 0 UID: 0 PID: 13 Comm: kworker/u32:1 Not tainted 6.15.0-rc6-syzkaller-ge9565e23cd89 #0 PREEMPT(full) 
[   67.977363][   T13] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   67.977371][   T13] Workqueue: events_unbound commit_work
[   67.977386][   T13] Call Trace:
[   67.977390][   T13]  <TASK>
[   67.977394][   T13]  dump_stack_lvl+0x116/0x1f0
[   67.977444][   T13]  print_report+0xc3/0x670
[   67.977456][   T13]  ? __virt_addr_valid+0x5e/0x590
[   67.977472][   T13]  ? __phys_addr+0xc6/0x150
[   67.977487][   T13]  ? drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0
[   67.977506][   T13]  kasan_report+0xe0/0x110
[   67.977517][   T13]  ? drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0
[   67.977537][   T13]  drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0
[   67.977557][   T13]  ? preempt_schedule_thunk+0x16/0x30
[   67.977568][   T13]  ? __pfx_drm_atomic_helper_wait_for_vblanks.part.0+0x10/0x10
[   67.977588][   T13]  ? _raw_spin_unlock_irqrestore+0x61/0x80
[   67.977603][   T13]  ? drm_atomic_helper_commit_hw_done+0x330/0x490
[   67.977615][   T13]  drm_atomic_helper_commit_tail+0xcb/0xf0
[   67.977626][   T13]  commit_tail+0x35b/0x400
[   67.977637][   T13]  process_one_work+0x9cf/0x1b70
[   67.977651][   T13]  ? __pfx_process_one_work+0x10/0x10
[   67.977664][   T13]  ? assign_work+0x1a0/0x250
[   67.977675][   T13]  worker_thread+0x6c8/0xf10
[   67.977689][   T13]  ? __pfx_worker_thread+0x10/0x10
[   67.977700][   T13]  kthread+0x3c2/0x780
[   67.977710][   T13]  ? __pfx_kthread+0x10/0x10
[   67.977720][   T13]  ? __pfx_kthread+0x10/0x10
[   67.977729][   T13]  ? __pfx_kthread+0x10/0x10
[   67.977739][   T13]  ? __pfx_kthread+0x10/0x10
[   67.977749][   T13]  ? rcu_is_watching+0x12/0xc0
[   67.977762][   T13]  ? __pfx_kthread+0x10/0x10
[   67.977772][   T13]  ret_from_fork+0x45/0x80
[   67.977782][   T13]  ? __pfx_kthread+0x10/0x10
[   67.977792][   T13]  ret_from_fork_asm+0x1a/0x30
[   67.977810][   T13]  </TASK>
[   67.977814][   T13] 
[   68.042128][   T13] Allocated by task 6172:
[   68.043462][   T13]  kasan_save_stack+0x33/0x60
[   68.044914][   T13]  kasan_save_track+0x14/0x30
[   68.046371][   T13]  __kasan_kmalloc+0xaa/0xb0
[   68.047811][   T13]  drm_atomic_helper_crtc_duplicate_state+0x70/0xd0
[   68.049870][   T13]  drm_atomic_get_crtc_state+0x16e/0x450
[   68.051652][   T13]  page_flip_common+0x57/0x320
[   68.053207][   T13]  drm_atomic_helper_page_flip+0xb6/0x180
[   68.054989][   T13]  drm_mode_page_flip_ioctl+0x102c/0x1460
[   68.056794][   T13]  drm_ioctl_kernel+0x1f1/0x3e0
[   68.058337][   T13]  drm_ioctl+0x5c9/0xc30
[   68.059673][   T13]  __x64_sys_ioctl+0x190/0x200
[   68.061199][   T13]  do_syscall_64+0xcd/0x260
[   68.062662][   T13]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.064499][   T13] 
[   68.065277][   T13] Freed by task 6171:
[   68.066532][   T13]  kasan_save_stack+0x33/0x60
[   68.067987][   T13]  kasan_save_track+0x14/0x30
[   68.069444][   T13]  kasan_save_free_info+0x3b/0x60
[   68.071020][   T13]  __kasan_slab_free+0x51/0x70
[   68.072533][   T13]  kfree+0x2b6/0x4d0
[   68.073769][   T13]  drm_atomic_state_default_clear+0x458/0xe40
[   68.075632][   T13]  __drm_atomic_state_free+0x185/0x2b0
[   68.077296][   T13]  drm_client_modeset_commit_atomic+0x6b2/0x7e0
[   68.079136][   T13]  drm_client_modeset_commit_locked+0x14d/0x580
[   68.081037][   T13]  drm_client_modeset_commit+0x4f/0x80
[   68.082750][   T13]  __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200
[   68.084988][   T13]  drm_fbdev_client_restore+0x2c/0x40
[   68.086644][   T13]  drm_client_dev_restore+0x1f6/0x2a0
[   68.088247][   T13]  drm_release+0x2c4/0x360
[   68.089596][   T13]  __fput+0x3ff/0xb70
[   68.090850][   T13]  fput_close_sync+0x118/0x260
[   68.092394][   T13]  __x64_sys_close+0x8b/0x120
[   68.093944][   T13]  do_syscall_64+0xcd/0x260
[   68.095393][   T13]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.097304][   T13] 
[   68.098102][   T13] The buggy address belongs to the object at ffff888024266c00
[   68.098102][   T13]  which belongs to the cache kmalloc-512 of size 512
[   68.102388][   T13] The buggy address is located 9 bytes inside of
[   68.102388][   T13]  freed 512-byte region [ffff888024266c00, ffff888024266e00)
[   68.106551][   T13] 
[   68.107319][   T13] The buggy address belongs to the physical page:
[   68.109331][   T13] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x24264
[   68.112087][   T13] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   68.114707][   T13] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[   68.117059][   T13] page_type: f5(slab)
[   68.118326][   T13] raw: 00fff00000000040 ffff88801b442c80 dead000000000100 dead000000000122
[   68.120979][   T13] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[   68.123657][   T13] head: 00fff00000000040 ffff88801b442c80 dead000000000100 dead000000000122
[   68.126345][   T13] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[   68.129045][   T13] head: 00fff00000000002 ffffea0000909901 00000000ffffffff 00000000ffffffff
[   68.131725][   T13] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   68.134486][   T13] page dumped because: kasan: bad access detected
[   68.136496][   T13] page_owner tracks the page as allocated
[   68.138270][   T13] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5346, tgid 5346 (S10udev), ts 21647976629, free_ts 21568524783
[   68.144389][   T13]  post_alloc_hook+0x181/0x1b0
[   68.145910][   T13]  get_page_from_freelist+0x135c/0x3920
[   68.147633][   T13]  __alloc_frozen_pages_noprof+0x263/0x23a0
[   68.149504][   T13]  alloc_pages_mpol+0x1fb/0x550
[   68.151053][   T13]  new_slab+0x244/0x340
[   68.152369][   T13]  ___slab_alloc+0xd9c/0x1940
[   68.153858][   T13]  __slab_alloc.constprop.0+0x56/0xb0
[   68.155541][   T13]  __kmalloc_noprof+0x2f2/0x510
[   68.157098][   T13]  tomoyo_init_log+0x1385/0x2140
[   68.158655][   T13]  tomoyo_supervisor+0x302/0x13b0
[   68.160237][   T13]  tomoyo_path_permission+0x270/0x3b0
[   68.161926][   T13]  tomoyo_check_open_permission+0x37b/0x3c0
[   68.163779][   T13]  tomoyo_file_open+0x6b/0x90
[   68.165267][   T13]  security_file_open+0x84/0x1e0
[   68.166829][   T13]  do_dentry_open+0x596/0x1c10
[   68.168348][   T13]  vfs_open+0x82/0x3f0
[   68.169643][   T13] page last free pid 5345 tgid 5345 stack trace:
[   68.171612][   T13]  __free_frozen_pages+0x69d/0xff0
[   68.173257][   T13]  __put_partials+0x16d/0x1c0
[   68.174742][   T13]  qlist_free_all+0x4e/0x120
[   68.176201][   T13]  kasan_quarantine_reduce+0x195/0x1e0
[   68.177908][   T13]  __kasan_slab_alloc+0x69/0x90
[   68.179431][   T13]  __kmalloc_noprof+0x1d4/0x510
[   68.180975][   T13]  tomoyo_realpath_from_path+0xc2/0x6e0
[   68.182719][   T13]  tomoyo_init_log+0xbe6/0x2140
[   68.184254][   T13]  tomoyo_supervisor+0x302/0x13b0
[   68.185831][   T13]  tomoyo_env_perm+0x191/0x200
[   68.187335][   T13]  tomoyo_find_next_domain+0xec2/0x20b0
[   68.189069][   T13]  tomoyo_bprm_check_security+0x12e/0x1d0
[   68.190667][   T13]  security_bprm_check+0x1b9/0x1e0
[   68.192102][   T13]  bprm_execve+0x810/0x1650
[   68.193402][   T13]  do_execveat_common.isra.0+0x4a5/0x610
[   68.195142][   T13]  __x64_sys_execve+0x8e/0xb0
[   68.196624][   T13] 
[   68.197405][   T13] Memory state around the buggy address:
[   68.199147][   T13]  ffff888024266b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   68.201617][   T13]  ffff888024266b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   68.204093][   T13] >ffff888024266c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   68.206554][   T13]                       ^
[   68.207900][   T13]  ffff888024266c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   68.210372][   T13]  ffff888024266d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   68.212859][   T13] ==================================================================
[   68.216443][   T13] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   68.218711][   T13] CPU: 0 UID: 0 PID: 13 Comm: kworker/u32:1 Not tainted 6.15.0-rc6-syzkaller-ge9565e23cd89 #0 PREEMPT(full) 
[   68.222265][   T13] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   68.225623][   T13] Workqueue: events_unbound commit_work
[   68.227352][   T13] Call Trace:
[   68.228414][   T13]  <TASK>
[   68.229365][   T13]  dump_stack_lvl+0x3d/0x1f0
[   68.230842][   T13]  panic+0x71c/0x800
[   68.232107][   T13]  ? __pfx_panic+0x10/0x10
[   68.233523][   T13]  ? irqentry_exit+0x3b/0x90
[   68.235008][   T13]  ? lockdep_hardirqs_on+0x7c/0x110
[   68.236626][   T13]  ? preempt_schedule_thunk+0x16/0x30
[   68.238302][   T13]  ? drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0
[   68.240532][   T13]  ? preempt_schedule_common+0x44/0xc0
[   68.242275][   T13]  ? check_panic_on_warn+0x1f/0xb0
[   68.243876][   T13]  ? drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0
[   68.246119][   T13]  check_panic_on_warn+0xab/0xb0
[   68.247671][   T13]  end_report+0x107/0x170
[   68.249040][   T13]  kasan_report+0xee/0x110
[   68.250450][   T13]  ? drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0
[   68.252702][   T13]  drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0
[   68.254888][   T13]  ? preempt_schedule_thunk+0x16/0x30
[   68.256562][   T13]  ? __pfx_drm_atomic_helper_wait_for_vblanks.part.0+0x10/0x10
[   68.258900][   T13]  ? _raw_spin_unlock_irqrestore+0x61/0x80
[   68.260715][   T13]  ? drm_atomic_helper_commit_hw_done+0x330/0x490
[   68.262751][   T13]  drm_atomic_helper_commit_tail+0xcb/0xf0
[   68.264589][   T13]  commit_tail+0x35b/0x400
[   68.266005][   T13]  process_one_work+0x9cf/0x1b70
[   68.267559][   T13]  ? __pfx_process_one_work+0x10/0x10
[   68.269245][   T13]  ? assign_work+0x1a0/0x250
[   68.270704][   T13]  worker_thread+0x6c8/0xf10
[   68.272192][   T13]  ? __pfx_worker_thread+0x10/0x10
[   68.273798][   T13]  kthread+0x3c2/0x780
[   68.275083][   T13]  ? __pfx_kthread+0x10/0x10
[   68.276532][   T13]  ? __pfx_kthread+0x10/0x10
[   68.278025][   T13]  ? __pfx_kthread+0x10/0x10
[   68.279484][   T13]  ? __pfx_kthread+0x10/0x10
[   68.280959][   T13]  ? rcu_is_watching+0x12/0xc0
[   68.282487][   T13]  ? __pfx_kthread+0x10/0x10
[   68.283935][   T13]  ret_from_fork+0x45/0x80
[   68.285351][   T13]  ? __pfx_kthread+0x10/0x10
[   68.286803][   T13]  ret_from_fork_asm+0x1a/0x30
[   68.288319][   T13]  </TASK>
[   68.289857][   T13] Kernel Offset: disabled
[   68.291213][   T13] Rebooting in 86400 seconds..