Warning: Permanently added '[localhost]:19342' (ED25519) to the list of known hosts.
2025/07/22 05:33:00 ignoring optional flag "sandboxArg"="0"
2025/07/22 05:33:00 ignoring optional flag "type"="qemu"
2025/07/22 05:33:01 parsed 1 programs
[ 64.656934][ T40] kauditd_printk_skb: 6 callbacks suppressed
[ 64.656946][ T40] audit: type=1400 audit(1753162381.068:102): avc: denied { getattr } for pid=6085 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 64.734359][ T40] audit: type=1400 audit(1753162381.148:103): avc: denied { unlink } for pid=6092 comm="syz-executor" name="swap-file" dev="sda1" ino=2027 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 65.842206][ T6092] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
2025/07/22 05:33:02 executed programs: 0
[ 65.875319][ T40] audit: type=1400 audit(1753162382.288:104): avc: denied { create } for pid=6097 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 65.885990][ T5960] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 65.888816][ T5960] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 65.891348][ T5960] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 65.894766][ T5960] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 65.897457][ T5960] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 66.012048][ T6097] chnl_net:caif_netlink_parms(): no params data found
[ 66.111108][ T6097] bridge0: port 1(bridge_slave_0) entered blocking state
[ 66.114317][ T6097] bridge0: port 1(bridge_slave_0) entered disabled state
[ 66.117314][ T6097] bridge_slave_0: entered allmulticast mode
[ 66.121125][ T6097] bridge_slave_0: entered promiscuous mode
[ 66.126044][ T6097] bridge0: port 2(bridge_slave_1) entered blocking state
[ 66.129104][ T6097] bridge0: port 2(bridge_slave_1) entered disabled state
[ 66.131724][ T6097] bridge_slave_1: entered allmulticast mode
[ 66.134878][ T6097] bridge_slave_1: entered promiscuous mode
[ 66.173078][ T6097] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 66.177509][ T6097] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 66.210380][ T6097] team0: Port device team_slave_0 added
[ 66.213929][ T6097] team0: Port device team_slave_1 added
[ 66.245582][ T6097] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 66.247759][ T6097] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 66.255617][ T6097] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 66.259624][ T6097] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 66.261706][ T6097] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 66.272171][ T6097] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 66.307903][ T6097] hsr_slave_0: entered promiscuous mode
[ 66.310110][ T6097] hsr_slave_1: entered promiscuous mode
[ 66.415487][ T40] audit: type=1400 audit(1753162382.828:105): avc: denied { search } for pid=6106 comm="dhcpcd-run-hook" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 66.423888][ T40] audit: type=1400 audit(1753162382.828:106): avc: denied { search } for pid=6106 comm="dhcpcd-run-hook" name="dhcpcd" dev="tmpfs" ino=1905 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 66.431062][ T40] audit: type=1400 audit(1753162382.828:107): avc: denied { search } for pid=6106 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1909 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 66.438372][ T40] audit: type=1400 audit(1753162382.828:108): avc: denied { search } for pid=6106 comm="dhcpcd-run-hook" name="resolv.conf" dev="tmpfs" ino=1910 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 66.446203][ T40] audit: type=1400 audit(1753162382.828:109): avc: denied { read open } for pid=6108 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1910 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 66.455155][ T40] audit: type=1400 audit(1753162382.828:110): avc: denied { getattr } for pid=6108 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1910 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 66.463051][ T40] audit: type=1400 audit(1753162382.848:111): avc: denied { add_name } for pid=6106 comm="dhcpcd-run-hook" name="resolv.conf.lapb9.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 66.860413][ T6097] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 66.864876][ T6097] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 66.868977][ T6097] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 66.873532][ T6097] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 66.886094][ T6097] bridge0: port 2(bridge_slave_1) entered blocking state
[ 66.888350][ T6097] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 66.890690][ T6097] bridge0: port 1(bridge_slave_0) entered blocking state
[ 66.893137][ T6097] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 66.923968][ T6097] 8021q: adding VLAN 0 to HW filter on device bond0
[ 66.933455][ T1246] bridge0: port 1(bridge_slave_0) entered disabled state
[ 66.937589][ T1246] bridge0: port 2(bridge_slave_1) entered disabled state
[ 66.954254][ T6097] 8021q: adding VLAN 0 to HW filter on device team0
[ 66.962785][ T1246] bridge0: port 1(bridge_slave_0) entered blocking state
[ 66.965022][ T1246] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 66.970648][ T1246] bridge0: port 2(bridge_slave_1) entered blocking state
[ 66.972917][ T1246] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 67.096112][ T6097] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 67.120864][ T6097] veth0_vlan: entered promiscuous mode
[ 67.127655][ T6097] veth1_vlan: entered promiscuous mode
[ 67.147562][ T6097] veth0_macvtap: entered promiscuous mode
[ 67.151344][ T6097] veth1_macvtap: entered promiscuous mode
[ 67.160176][ T6097] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 67.167232][ T6097] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 67.173565][ T6097] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 67.177187][ T6097] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 67.180776][ T6097] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 67.185813][ T6097] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 67.239406][ T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 67.242492][ T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 67.251589][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 67.255568][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 67.953501][ T5960] Bluetooth: hci0: command tx timeout
[ 68.124318][ T12] ==================================================================
[ 68.126868][ T12] BUG: KASAN: slab-use-after-free in drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0
[ 68.130012][ T12] Read of size 1 at addr ffff888035dbf809 by task kworker/u32:0/12
[ 68.134509][ T12]
[ 68.135288][ T12] CPU: 3 UID: 0 PID: 12 Comm: kworker/u32:0 Not tainted 6.16.0-rc7-syzkaller-g89be9a83ccf1 #0 PREEMPT(full)
[ 68.135302][ T12] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 68.135309][ T12] Workqueue: events_unbound commit_work
[ 68.135325][ T12] Call Trace:
[ 68.135329][ T12]
[ 68.135333][ T12] dump_stack_lvl+0x116/0x1f0
[ 68.135352][ T12] print_report+0xcd/0x610
[ 68.135362][ T12] ? __virt_addr_valid+0x81/0x610
[ 68.135375][ T12] ? __phys_addr+0xe8/0x180
[ 68.135386][ T12] ? drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0
[ 68.135398][ T12] kasan_report+0xe0/0x110
[ 68.135407][ T12] ? drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0
[ 68.135420][ T12] drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0
[ 68.135433][ T12] ? preempt_schedule_thunk+0x16/0x30
[ 68.135447][ T12] ? __pfx_drm_atomic_helper_wait_for_vblanks.part.0+0x10/0x10
[ 68.135466][ T12] ? _raw_spin_unlock_irqrestore+0x61/0x80
[ 68.135482][ T12] ? drm_atomic_helper_commit_hw_done+0x330/0x490
[ 68.135494][ T12] drm_atomic_helper_commit_tail+0xcb/0xf0
[ 68.135505][ T12] commit_tail+0x35b/0x400
[ 68.135516][ T12] process_one_work+0x9cf/0x1b70
[ 68.135531][ T12] ? __pfx_process_one_work+0x10/0x10
[ 68.135543][ T12] ? assign_work+0x1a0/0x250
[ 68.135553][ T12] worker_thread+0x6c8/0xf10
[ 68.135566][ T12] ? __pfx_worker_thread+0x10/0x10
[ 68.135577][ T12] kthread+0x3c5/0x780
[ 68.135587][ T12] ? __pfx_kthread+0x10/0x10
[ 68.135597][ T12] ? rcu_is_watching+0x12/0xc0
[ 68.135610][ T12] ? __pfx_kthread+0x10/0x10
[ 68.135620][ T12] ret_from_fork+0x5d4/0x6f0
[ 68.135635][ T12] ? __pfx_kthread+0x10/0x10
[ 68.135644][ T12] ret_from_fork_asm+0x1a/0x30
[ 68.135658][ T12]
[ 68.135662][ T12]
[ 68.190864][ T12] Allocated by task 6304:
[ 68.192229][ T12] kasan_save_stack+0x33/0x60
[ 68.193769][ T12] kasan_save_track+0x14/0x30
[ 68.195271][ T12] __kasan_kmalloc+0xaa/0xb0
[ 68.196916][ T12] drm_atomic_helper_crtc_duplicate_state+0x70/0xd0
[ 68.199214][ T12] drm_atomic_get_crtc_state+0x16e/0x450
[ 68.201273][ T12] page_flip_common+0x57/0x320
[ 68.203232][ T12] drm_atomic_helper_page_flip+0xb6/0x180
[ 68.205471][ T12] drm_mode_page_flip_ioctl+0x1029/0x1460
[ 68.207794][ T12] drm_ioctl_kernel+0x1f1/0x3e0
[ 68.209564][ T12] drm_ioctl+0x5c9/0xc30
[ 68.211243][ T12] __x64_sys_ioctl+0x18e/0x210
[ 68.213203][ T12] do_syscall_64+0xcd/0x4c0
[ 68.215058][ T12] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 68.217436][ T12]
[ 68.218510][ T12] Freed by task 6303:
[ 68.220093][ T12] kasan_save_stack+0x33/0x60
[ 68.221969][ T12] kasan_save_track+0x14/0x30
[ 68.223878][ T12] kasan_save_free_info+0x3b/0x60
[ 68.225886][ T12] __kasan_slab_free+0x51/0x70
[ 68.227715][ T12] kfree+0x2b4/0x4d0
[ 68.229311][ T12] drm_atomic_state_default_clear+0x455/0xe40
[ 68.231669][ T12] __drm_atomic_state_free+0x185/0x2b0
[ 68.233832][ T12] drm_client_modeset_commit_atomic+0x6b2/0x7e0
[ 68.236243][ T12] drm_client_modeset_commit_locked+0x14d/0x580
[ 68.238809][ T12] drm_client_modeset_commit+0x4f/0x80
[ 68.240903][ T12] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200
[ 68.243761][ T12] drm_fbdev_client_restore+0x2c/0x40
[ 68.245850][ T12] drm_client_dev_restore+0x1f3/0x2a0
[ 68.248007][ T12] drm_release+0x2c4/0x360
[ 68.249833][ T12] __fput+0x3ff/0xb70
[ 68.251408][ T12] fput_close_sync+0x118/0x260
[ 68.253297][ T12] __x64_sys_close+0x8b/0x120
[ 68.255181][ T12] do_syscall_64+0xcd/0x4c0
[ 68.256984][ T12] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 68.259326][ T12]
[ 68.260314][ T12] The buggy address belongs to the object at ffff888035dbf800
[ 68.260314][ T12] which belongs to the cache kmalloc-512 of size 512
[ 68.265678][ T12] The buggy address is located 9 bytes inside of
[ 68.265678][ T12] freed 512-byte region [ffff888035dbf800, ffff888035dbfa00)
[ 68.270900][ T12]
[ 68.271852][ T12] The buggy address belongs to the physical page:
[ 68.274402][ T12] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x35dbc
[ 68.277874][ T12] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 68.281196][ T12] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 68.283990][ T12] page_type: f5(slab)
[ 68.285575][ T12] raw: 00fff00000000040 ffff88801b842c80 dead000000000100 dead000000000122
[ 68.288985][ T12] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[ 68.292332][ T12] head: 00fff00000000040 ffff88801b842c80 dead000000000100 dead000000000122
[ 68.295652][ T12] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[ 68.299048][ T12] head: 00fff00000000002 ffffea0000d76f01 00000000ffffffff 00000000ffffffff
[ 68.302451][ T12] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[ 68.305852][ T12] page dumped because: kasan: bad access detected
[ 68.308417][ T12] page_owner tracks the page as allocated
[ 68.310646][ T12] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5377, tgid 5377 (udevd), ts 23644129417, free_ts 23486250701
[ 68.318550][ T12] post_alloc_hook+0x1c0/0x230
[ 68.320468][ T12] get_page_from_freelist+0x1321/0x3890
[ 68.322649][ T12] __alloc_frozen_pages_noprof+0x261/0x23f0
[ 68.325002][ T12] alloc_pages_mpol+0x1fb/0x550
[ 68.326896][ T12] new_slab+0x23b/0x330
[ 68.328575][ T12] ___slab_alloc+0xd9c/0x1940
[ 68.330445][ T12] __slab_alloc.constprop.0+0x56/0xb0
[ 68.332554][ T12] __kmalloc_cache_noprof+0xfb/0x3e0
[ 68.334688][ T12] kernfs_fop_open+0x244/0xda0
[ 68.336619][ T12] do_dentry_open+0x744/0x1c10
[ 68.338576][ T12] vfs_open+0x82/0x3f0
[ 68.340214][ T12] path_openat+0x1de4/0x2cb0
[ 68.342077][ T12] do_filp_open+0x20b/0x470
[ 68.343905][ T12] do_sys_openat2+0x11b/0x1d0
[ 68.345799][ T12] __x64_sys_openat+0x174/0x210
[ 68.347774][ T12] do_syscall_64+0xcd/0x4c0
[ 68.349587][ T12] page last free pid 5379 tgid 5379 stack trace:
[ 68.352095][ T12] __free_frozen_pages+0x7fe/0x1180
[ 68.354177][ T12] __put_partials+0x16d/0x1c0
[ 68.356025][ T12] qlist_free_all+0x4d/0x120
[ 68.357883][ T12] kasan_quarantine_reduce+0x195/0x1e0
[ 68.360066][ T12] __kasan_slab_alloc+0x69/0x90
[ 68.362041][ T12] kmem_cache_alloc_lru_noprof+0x1d0/0x3b0
[ 68.364005][ T12] __d_alloc+0x31/0xaa0
[ 68.365355][ T12] d_alloc+0x4a/0x1e0
[ 68.366645][ T12] lookup_one_qstr_excl_raw.part.0+0x96/0x160
[ 68.368588][ T12] lookup_one_qstr_excl+0x3e/0x120
[ 68.370231][ T12] filename_create+0x1e7/0x4a0
[ 68.371867][ T12] do_mkdirat+0xaa/0x3e0
[ 68.373241][ T12] __x64_sys_mkdir+0xef/0x140
[ 68.374744][ T12] do_syscall_64+0xcd/0x4c0
[ 68.376172][ T12] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 68.378032][ T12]
[ 68.378861][ T12] Memory state around the buggy address:
[ 68.381189][ T12] ffff888035dbf700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 68.383879][ T12] ffff888035dbf780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 68.386328][ T12] >ffff888035dbf800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 68.388962][ T12] ^
[ 68.390528][ T12] ffff888035dbf880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 68.392982][ T12] ffff888035dbf900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 68.395442][ T12] ==================================================================
[ 68.398770][ T12] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 68.401050][ T12] CPU: 2 UID: 0 PID: 12 Comm: kworker/u32:0 Not tainted 6.16.0-rc7-syzkaller-g89be9a83ccf1 #0 PREEMPT(full)
[ 68.404584][ T12] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 68.407914][ T12] Workqueue: events_unbound commit_work
[ 68.409641][ T12] Call Trace:
[ 68.411365][ T12]
[ 68.412301][ T12] dump_stack_lvl+0x3d/0x1f0
[ 68.413758][ T12] panic+0x71c/0x800
[ 68.415047][ T12] ? __pfx_panic+0x10/0x10
[ 68.416451][ T12] ? mark_held_locks+0x49/0x80
[ 68.417958][ T12] ? preempt_schedule_thunk+0x16/0x30
[ 68.419647][ T12] ? drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0
[ 68.421873][ T12] ? preempt_schedule_common+0x44/0xc0
[ 68.423593][ T12] ? check_panic_on_warn+0x1f/0xb0
[ 68.425195][ T12] ? drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0
[ 68.427444][ T12] check_panic_on_warn+0xab/0xb0
[ 68.429001][ T12] end_report+0x107/0x170
[ 68.430363][ T12] kasan_report+0xee/0x110
[ 68.431821][ T12] ? drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0
[ 68.434043][ T12] drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0
[ 68.436214][ T12] ? preempt_schedule_thunk+0x16/0x30
[ 68.437919][ T12] ? __pfx_drm_atomic_helper_wait_for_vblanks.part.0+0x10/0x10
[ 68.440257][ T12] ? _raw_spin_unlock_irqrestore+0x61/0x80
[ 68.442074][ T12] ? drm_atomic_helper_commit_hw_done+0x330/0x490
[ 68.444050][ T12] drm_atomic_helper_commit_tail+0xcb/0xf0
[ 68.445852][ T12] commit_tail+0x35b/0x400
[ 68.447265][ T12] process_one_work+0x9cf/0x1b70
[ 68.448825][ T12] ? __pfx_process_one_work+0x10/0x10
[ 68.450494][ T12] ? assign_work+0x1a0/0x250
[ 68.451937][ T12] worker_thread+0x6c8/0xf10
[ 68.453382][ T12] ? __pfx_worker_thread+0x10/0x10
[ 68.454979][ T12] kthread+0x3c5/0x780
[ 68.456245][ T12] ? __pfx_kthread+0x10/0x10
[ 68.457712][ T12] ? rcu_is_watching+0x12/0xc0
[ 68.459214][ T12] ? __pfx_kthread+0x10/0x10
[ 68.460658][ T12] ret_from_fork+0x5d4/0x6f0
[ 68.462111][ T12] ? __pfx_kthread+0x10/0x10
[ 68.463557][ T12] ret_from_fork_asm+0x1a/0x30
[ 68.465054][ T12]
[ 68.466604][ T12] Kernel Offset: disabled
[ 68.467985][ T12] Rebooting in 86400 seconds..