Warning: Permanently added '[localhost]:41352' (ED25519) to the list of known hosts.
2024/02/14 03:54:01 ignoring optional flag "sandboxArg"="0"
2024/02/14 03:54:01 parsed 1 programs
[ 63.863485][ T38] kauditd_printk_skb: 29 callbacks suppressed
[ 63.863495][ T38] audit: type=1400 audit(1707882841.363:206): avc: denied { getattr } for pid=5340 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 63.889439][ T38] audit: type=1400 audit(1707882841.393:207): avc: denied { mounton } for pid=5346 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 63.900326][ T38] audit: type=1400 audit(1707882841.403:208): avc: denied { mount } for pid=5346 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[ 63.908703][ T38] audit: type=1400 audit(1707882841.413:209): avc: denied { read write } for pid=5346 comm="syz-executor" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 63.920322][ T38] audit: type=1400 audit(1707882841.413:210): avc: denied { open } for pid=5346 comm="syz-executor" path="/swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 63.996318][ T38] audit: type=1400 audit(1707882841.503:211): avc: denied { unlink } for pid=5346 comm="syz-executor" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 64.335449][ T38] audit: type=1400 audit(1707882841.843:212): avc: denied { relabelto } for pid=5355 comm="mkswap" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 65.146785][ T5346] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
2024/02/14 03:54:02 executed programs: 0
[ 65.190556][ T5167] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 65.195025][ T5167] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 65.198012][ T5167] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 65.201012][ T5167] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 65.205305][ T5167] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 65.208916][ T5167] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 65.217204][ T38] audit: type=1400 audit(1707882842.723:213): avc: denied { mounton } for pid=5385 comm="syz-executor.0" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[ 65.347727][ T5385] chnl_net:caif_netlink_parms(): no params data found
[ 65.437544][ T5385] bridge0: port 1(bridge_slave_0) entered blocking state
[ 65.440190][ T5385] bridge0: port 1(bridge_slave_0) entered disabled state
[ 65.442758][ T5385] bridge_slave_0: entered allmulticast mode
[ 65.445983][ T5385] bridge_slave_0: entered promiscuous mode
[ 65.450665][ T5385] bridge0: port 2(bridge_slave_1) entered blocking state
[ 65.453270][ T5385] bridge0: port 2(bridge_slave_1) entered disabled state
[ 65.456187][ T5385] bridge_slave_1: entered allmulticast mode
[ 65.459069][ T5385] bridge_slave_1: entered promiscuous mode
[ 65.515281][ T5385] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 65.521319][ T5385] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 65.525602][ T38] audit: type=1400 audit(1707882843.033:214): avc: denied { search } for pid=4646 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 65.561298][ T5385] team0: Port device team_slave_0 added
[ 65.566337][ T5385] team0: Port device team_slave_1 added
[ 65.613711][ T5385] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 65.616799][ T5385] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 65.626078][ T5385] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 65.631142][ T5385] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 65.633643][ T5385] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 65.643183][ T5385] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 65.696888][ T5385] hsr_slave_0: entered promiscuous mode
[ 65.700405][ T5385] hsr_slave_1: entered promiscuous mode
[ 66.251277][ T5385] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 66.261340][ T5385] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 66.266329][ T5385] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 66.270830][ T5385] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 66.290772][ T5385] bridge0: port 2(bridge_slave_1) entered blocking state
[ 66.293568][ T5385] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 66.296510][ T5385] bridge0: port 1(bridge_slave_0) entered blocking state
[ 66.299101][ T5385] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 66.337899][ T5385] 8021q: adding VLAN 0 to HW filter on device bond0
[ 66.348235][ T5385] 8021q: adding VLAN 0 to HW filter on device team0
[ 66.356087][ T822] bridge0: port 2(bridge_slave_1) entered disabled state
[ 66.371363][ T1929] bridge0: port 2(bridge_slave_1) entered blocking state
[ 66.374669][ T1929] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 66.392011][ T5385] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 66.398754][ T5385] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 66.427718][ T38] audit: type=1400 audit(1707882843.933:215): avc: denied { sys_module } for pid=5385 comm="syz-executor.0" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[ 66.505863][ T5385] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 66.545306][ T5385] veth0_vlan: entered promiscuous mode
[ 66.552453][ T5385] veth1_vlan: entered promiscuous mode
[ 66.570428][ T5385] veth0_macvtap: entered promiscuous mode
[ 66.577177][ T5385] veth1_macvtap: entered promiscuous mode
[ 66.589879][ T5385] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 66.595539][ T5385] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 66.601981][ T5385] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 66.605482][ T5385] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 66.608573][ T5385] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 66.611651][ T5385] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 66.648153][ T1092] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 66.651109][ T1092] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 66.666406][ T1092] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 66.669353][ T1092] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 67.255970][ T5167] Bluetooth: hci0: command 0x0409 tx timeout
[ 68.064719][ T1096] ==================================================================
[ 68.067969][ T1096] BUG: KASAN: slab-use-after-free in drm_atomic_helper_wait_for_vblanks.part.0+0x84f/0x930
[ 68.072147][ T1096] Read of size 1 at addr ffff88802a5f2409 by task kworker/u16:9/1096
[ 68.077012][ T1096]
[ 68.078139][ T1096] CPU: 0 PID: 1096 Comm: kworker/u16:9 Not tainted 6.8.0-rc4-syzkaller-g7e90b5c295ec-dirty #0
[ 68.083269][ T1096] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 68.087123][ T1096] Workqueue: events_unbound commit_work
[ 68.089243][ T1096] Call Trace:
[ 68.090499][ T1096]
[ 68.091639][ T1096] dump_stack_lvl+0xd9/0x1b0
[ 68.093664][ T1096] print_report+0xc4/0x620
[ 68.095367][ T1096] ? __virt_addr_valid+0x5e/0x580
[ 68.097450][ T1096] ? __phys_addr+0xc6/0x150
[ 68.099570][ T1096] kasan_report+0xda/0x110
[ 68.101652][ T1096] ? drm_atomic_helper_wait_for_vblanks.part.0+0x84f/0x930
[ 68.104923][ T1096] ? drm_atomic_helper_wait_for_vblanks.part.0+0x84f/0x930
[ 68.108191][ T1096] drm_atomic_helper_wait_for_vblanks.part.0+0x84f/0x930
[ 68.111377][ T1096] ? preempt_schedule_thunk+0x1a/0x30
[ 68.113861][ T1096] ? __pfx_drm_atomic_helper_wait_for_vblanks.part.0+0x10/0x10
[ 68.116678][ T1096] ? _raw_spin_unlock_irqrestore+0x61/0x80
[ 68.119148][ T1096] ? drm_atomic_helper_commit_hw_done+0x30e/0x4a0
[ 68.121588][ T1096] drm_atomic_helper_commit_tail+0xcb/0xf0
[ 68.123809][ T1096] commit_tail+0x356/0x410
[ 68.125431][ T1096] process_one_work+0x889/0x15e0
[ 68.127215][ T1096] ? __pfx_lock_acquire+0x10/0x10
[ 68.129519][ T1096] ? __pfx_process_one_work+0x10/0x10
[ 68.132016][ T1096] ? assign_work+0x1a0/0x250
[ 68.133903][ T1096] worker_thread+0x8b9/0x12a0
[ 68.135613][ T1096] ? __kthread_parkme+0x14b/0x220
[ 68.137436][ T1096] ? __pfx_worker_thread+0x10/0x10
[ 68.139350][ T1096] kthread+0x2c6/0x3b0
[ 68.140826][ T1096] ? _raw_spin_unlock_irq+0x23/0x50
[ 68.143034][ T1096] ? __pfx_kthread+0x10/0x10
[ 68.145127][ T1096] ret_from_fork+0x45/0x80
[ 68.147090][ T1096] ? __pfx_kthread+0x10/0x10
[ 68.149255][ T1096] ret_from_fork_asm+0x1b/0x30
[ 68.151458][ T1096]
[ 68.152807][ T1096]
[ 68.153681][ T1096] Allocated by task 5653:
[ 68.155210][ T1096] kasan_save_stack+0x33/0x60
[ 68.156899][ T1096] kasan_save_track+0x14/0x30
[ 68.158910][ T1096] __kasan_kmalloc+0xaa/0xb0
[ 68.161053][ T1096] drm_atomic_helper_crtc_duplicate_state+0x70/0xd0
[ 68.164024][ T1096] drm_atomic_get_crtc_state+0x162/0x440
[ 68.166583][ T1096] page_flip_common+0x57/0x320
[ 68.168803][ T1096] drm_atomic_helper_page_flip+0xb6/0x190
[ 68.171414][ T1096] drm_mode_page_flip_ioctl+0x103f/0x1470
[ 68.174023][ T1096] drm_ioctl_kernel+0x1ec/0x3e0
[ 68.176237][ T1096] drm_ioctl+0x5d8/0xc00
[ 68.178095][ T1096] __x64_sys_ioctl+0x193/0x220
[ 68.179992][ T1096] do_syscall_64+0xd5/0x270
[ 68.181662][ T1096] entry_SYSCALL_64_after_hwframe+0x6f/0x77
[ 68.184127][ T1096]
[ 68.185247][ T1096] Freed by task 5652:
[ 68.187228][ T1096] kasan_save_stack+0x33/0x60
[ 68.189402][ T1096] kasan_save_track+0x14/0x30
[ 68.191590][ T1096] kasan_save_free_info+0x3f/0x60
[ 68.193907][ T1096] __kasan_slab_free+0x121/0x1c0
[ 68.196082][ T1096] kfree+0x124/0x370
[ 68.197497][ T1096] drm_atomic_state_default_clear+0x3aa/0xde0
[ 68.199688][ T1096] __drm_atomic_state_free+0x185/0x2b0
[ 68.201631][ T1096] drm_client_modeset_commit_atomic+0x70f/0x850
[ 68.203868][ T1096] drm_client_modeset_commit_locked+0x14d/0x580
[ 68.206087][ T1096] drm_client_modeset_commit+0x4f/0x80
[ 68.208044][ T1096] drm_fb_helper_lastclose+0xc7/0x160
[ 68.209956][ T1096] drm_fbdev_generic_client_restore+0x2c/0x40
[ 68.212139][ T1096] drm_client_dev_restore+0x188/0x2a0
[ 68.214113][ T1096] drm_release+0x32f/0x3e0
[ 68.215731][ T1096] __fput+0x270/0xb80
[ 68.217172][ T1096] __fput_sync+0x47/0x50
[ 68.218695][ T1096] __x64_sys_close+0x87/0x100
[ 68.220388][ T1096] do_syscall_64+0xd5/0x270
[ 68.222035][ T1096] entry_SYSCALL_64_after_hwframe+0x6f/0x77
[ 68.224165][ T1096]
[ 68.225033][ T1096] The buggy address belongs to the object at ffff88802a5f2400
[ 68.225033][ T1096] which belongs to the cache kmalloc-512 of size 512
[ 68.229969][ T1096] The buggy address is located 9 bytes inside of
[ 68.229969][ T1096] freed 512-byte region [ffff88802a5f2400, ffff88802a5f2600)
[ 68.234776][ T1096]
[ 68.235647][ T1096] The buggy address belongs to the physical page:
[ 68.237931][ T1096] page:ffffea0000a97c00 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88802a5f3c00 pfn:0x2a5f0
[ 68.241974][ T1096] head:ffffea0000a97c00 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 68.245137][ T1096] flags: 0xfff00000000a40(workingset|slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 68.248311][ T1096] page_type: 0xffffffff()
[ 68.249864][ T1096] raw: 00fff00000000a40 ffff888014c42c80 ffffea0000a4e410 ffffea00009bd610
[ 68.252930][ T1096] raw: ffff88802a5f3c00 000000000010000b 00000001ffffffff 0000000000000000
[ 68.255982][ T1096] page dumped because: kasan: bad access detected
[ 68.258264][ T1096] page_owner tracks the page as allocated
[ 68.260298][ T1096] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5166, tgid 5166 (syz-executor.0), ts 45262333507, free_ts 42769982140
[ 68.267857][ T1096] post_alloc_hook+0x2d4/0x350
[ 68.269579][ T1096] get_page_from_freelist+0xa28/0x3780
[ 68.271539][ T1096] __alloc_pages+0x22f/0x2440
[ 68.273224][ T1096] new_slab+0xcc/0x3a0
[ 68.274716][ T1096] ___slab_alloc+0x4af/0x19a0
[ 68.276414][ T1096] __slab_alloc.constprop.0+0x56/0xb0
[ 68.278335][ T1096] __kmalloc+0x3b8/0x440
[ 68.279874][ T1096] fib6_info_alloc+0x40/0x100
[ 68.281575][ T1096] ip6_route_info_create+0x337/0x1b70
[ 68.283516][ T1096] ip6_route_add+0x26/0x150
[ 68.285143][ T1096] addrconf_prefix_route+0x2fe/0x510
[ 68.287045][ T1096] inet6_addr_add+0x609/0xbe0
[ 68.288762][ T1096] inet6_rtm_newaddr+0x11de/0x1ab0
[ 68.290591][ T1096] rtnetlink_rcv_msg+0x3c7/0xe10
[ 68.292377][ T1096] netlink_rcv_skb+0x16b/0x440
[ 68.294111][ T1096] netlink_unicast+0x542/0x820
[ 68.295844][ T1096] page last free pid 5115 tgid 5115 stack trace:
[ 68.298110][ T1096] free_unref_page_prepare+0x527/0xb10
[ 68.300085][ T1096] free_unref_page+0x33/0x3c0
[ 68.301786][ T1096] qlist_free_all+0x58/0x150
[ 68.303458][ T1096] kasan_quarantine_reduce+0x192/0x1e0
[ 68.305441][ T1096] __kasan_slab_alloc+0x69/0x90
[ 68.307196][ T1096] kmem_cache_alloc_bulk+0x439/0x950
[ 68.309082][ T1096] mas_alloc_nodes+0x39b/0x860
[ 68.310809][ T1096] mas_node_count_gfp+0x105/0x130
[ 68.312639][ T1096] mas_preallocate+0x3bb/0x1020
[ 68.314406][ T1096] __split_vma+0x47a/0x1190
[ 68.316197][ T1096] vma_modify+0x32a/0x460
[ 68.317772][ T1096] mprotect_fixup+0x228/0xc90
[ 68.319477][ T1096] do_mprotect_pkey+0x860/0xd70
[ 68.321270][ T1096] __x64_sys_mprotect+0x78/0xc0
[ 68.323034][ T1096] do_syscall_64+0xd5/0x270
[ 68.324700][ T1096] entry_SYSCALL_64_after_hwframe+0x6f/0x77
[ 68.326853][ T1096]
[ 68.327738][ T1096] Memory state around the buggy address:
[ 68.329757][ T1096] ffff88802a5f2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 68.332635][ T1096] ffff88802a5f2380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 68.335540][ T1096] >ffff88802a5f2400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 68.338405][ T1096] ^
[ 68.339974][ T1096] ffff88802a5f2480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 68.342848][ T1096] ffff88802a5f2500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 68.345730][ T1096] ==================================================================
[ 68.349995][ T1096] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 68.352810][ T1096] CPU: 3 PID: 1096 Comm: kworker/u16:9 Not tainted 6.8.0-rc4-syzkaller-g7e90b5c295ec-dirty #0
[ 68.356627][ T1096] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 68.360515][ T1096] Workqueue: events_unbound commit_work
[ 68.362791][ T1096] Call Trace:
[ 68.364061][ T1096]
[ 68.365203][ T1096] dump_stack_lvl+0xd9/0x1b0
[ 68.366926][ T1096] panic+0x6ee/0x7a0
[ 68.368425][ T1096] ? __pfx_panic+0x10/0x10
[ 68.370109][ T1096] ? irqentry_exit+0x3b/0x90
[ 68.371980][ T1096] ? lockdep_hardirqs_on+0x7d/0x110
[ 68.373917][ T1096] ? preempt_schedule_thunk+0x1a/0x30
[ 68.375977][ T1096] ? preempt_schedule_common+0x45/0xd0
[ 68.378110][ T1096] ? check_panic_on_warn+0x1f/0xb0
[ 68.380164][ T1096] check_panic_on_warn+0xab/0xb0
[ 68.382228][ T1096] end_report+0x108/0x150
[ 68.383863][ T1096] kasan_report+0xea/0x110
[ 68.385638][ T1096] ? drm_atomic_helper_wait_for_vblanks.part.0+0x84f/0x930
[ 68.388379][ T1096] ? drm_atomic_helper_wait_for_vblanks.part.0+0x84f/0x930
[ 68.391143][ T1096] drm_atomic_helper_wait_for_vblanks.part.0+0x84f/0x930
[ 68.393813][ T1096] ? preempt_schedule_thunk+0x1a/0x30
[ 68.395867][ T1096] ? __pfx_drm_atomic_helper_wait_for_vblanks.part.0+0x10/0x10
[ 68.398692][ T1096] ? _raw_spin_unlock_irqrestore+0x61/0x80
[ 68.400960][ T1096] ? drm_atomic_helper_commit_hw_done+0x30e/0x4a0
[ 68.403409][ T1096] drm_atomic_helper_commit_tail+0xcb/0xf0
[ 68.405640][ T1096] commit_tail+0x356/0x410
[ 68.407348][ T1096] process_one_work+0x889/0x15e0
[ 68.409230][ T1096] ? __pfx_lock_acquire+0x10/0x10
[ 68.411175][ T1096] ? __pfx_process_one_work+0x10/0x10
[ 68.413223][ T1096] ? assign_work+0x1a0/0x250
[ 68.415271][ T1096] worker_thread+0x8b9/0x12a0
[ 68.417445][ T1096] ? __kthread_parkme+0x14b/0x220
[ 68.419534][ T1096] ? __pfx_worker_thread+0x10/0x10
[ 68.421526][ T1096] kthread+0x2c6/0x3b0
[ 68.423431][ T1096] ? _raw_spin_unlock_irq+0x23/0x50
[ 68.425553][ T1096] ? __pfx_kthread+0x10/0x10
[ 68.427225][ T1096] ret_from_fork+0x45/0x80
[ 68.428854][ T1096] ? __pfx_kthread+0x10/0x10
[ 68.430524][ T1096] ret_from_fork_asm+0x1b/0x30
[ 68.432440][ T1096]
[ 68.434498][ T1096] Kernel Offset: disabled
[ 68.436260][ T1096] Rebooting in 86400 seconds..