Warning: Permanently added '[localhost]:40287' (ED25519) to the list of known hosts.
2024/05/07 15:16:54 ignoring optional flag "sandboxArg"="0"
2024/05/07 15:16:55 parsed 1 programs
[   75.252602][   T38] kauditd_printk_skb: 73 callbacks suppressed
[   75.252619][   T38] audit: type=1400 audit(1715095015.144:207): avc:  denied  { getattr } for  pid=5378 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   75.304787][   T38] audit: type=1400 audit(1715095015.194:208): avc:  denied  { mounton } for  pid=5402 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   75.315555][   T38] audit: type=1400 audit(1715095015.204:209): avc:  denied  { mount } for  pid=5402 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   75.325735][   T38] audit: type=1400 audit(1715095015.214:210): avc:  denied  { read write } for  pid=5402 comm="syz-executor" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   75.337574][   T38] audit: type=1400 audit(1715095015.214:211): avc:  denied  { open } for  pid=5402 comm="syz-executor" path="/swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   75.399806][   T38] audit: type=1400 audit(1715095015.284:212): avc:  denied  { unlink } for  pid=5402 comm="syz-executor" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   75.989349][   T38] audit: type=1400 audit(1715095015.874:213): avc:  denied  { relabelto } for  pid=5411 comm="mkswap" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   76.907345][ T5402] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
2024/05/07 15:16:56 executed programs: 0
[   76.977010][   T64] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   76.980888][   T64] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   76.984432][   T64] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   76.988213][   T64] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   76.992105][   T64] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   76.995899][   T64] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   77.004671][   T38] audit: type=1400 audit(1715095016.894:214): avc:  denied  { mounton } for  pid=5416 comm="syz-executor.0" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[   77.156875][ T5416] chnl_net:caif_netlink_parms(): no params data found
[   77.170772][   T38] audit: type=1400 audit(1715095017.064:215): avc:  denied  { search } for  pid=4667 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   77.278071][ T5416] bridge0: port 1(bridge_slave_0) entered blocking state
[   77.280949][ T5416] bridge0: port 1(bridge_slave_0) entered disabled state
[   77.283670][ T5416] bridge_slave_0: entered allmulticast mode
[   77.287117][ T5416] bridge_slave_0: entered promiscuous mode
[   77.291383][ T5416] bridge0: port 2(bridge_slave_1) entered blocking state
[   77.293810][ T5416] bridge0: port 2(bridge_slave_1) entered disabled state
[   77.296467][ T5416] bridge_slave_1: entered allmulticast mode
[   77.299950][ T5416] bridge_slave_1: entered promiscuous mode
[   77.337721][ T5416] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   77.343792][ T5416] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   77.390502][ T5416] team0: Port device team_slave_0 added
[   77.394909][ T5416] team0: Port device team_slave_1 added
[   77.439746][ T5416] batman_adv: batadv0: Adding interface: batadv_slave_0
[   77.442024][ T5416] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   77.453111][ T5416] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   77.459725][ T5416] batman_adv: batadv0: Adding interface: batadv_slave_1
[   77.462426][ T5416] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   77.472388][ T5416] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   77.550056][ T5416] hsr_slave_0: entered promiscuous mode
[   77.552413][ T5416] hsr_slave_1: entered promiscuous mode
[   78.230939][ T5416] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   78.237653][ T5416] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   78.249269][ T5416] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   78.256181][ T5416] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   78.330974][ T5416] 8021q: adding VLAN 0 to HW filter on device bond0
[   78.348456][ T5416] 8021q: adding VLAN 0 to HW filter on device team0
[   78.358925][   T34] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.362264][   T34] bridge0: port 1(bridge_slave_0) entered forwarding state
[   78.374590][ T5207] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.377834][ T5207] bridge0: port 2(bridge_slave_1) entered forwarding state
[   78.464149][   T38] audit: type=1400 audit(1715095018.354:216): avc:  denied  { sys_module } for  pid=5416 comm="syz-executor.0" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[   78.565227][ T5416] 8021q: adding VLAN 0 to HW filter on device batadv0
[   78.608435][ T5416] veth0_vlan: entered promiscuous mode
[   78.618627][ T5416] veth1_vlan: entered promiscuous mode
[   78.647044][ T5416] veth0_macvtap: entered promiscuous mode
[   78.653435][ T5416] veth1_macvtap: entered promiscuous mode
[   78.667710][ T5416] batman_adv: batadv0: Interface activated: batadv_slave_0
[   78.678486][ T5416] batman_adv: batadv0: Interface activated: batadv_slave_1
[   78.686122][ T5416] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   78.690036][ T5416] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   78.693930][ T5416] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   78.697872][ T5416] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   78.761692][ T1402] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   78.765385][ T1402] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   78.793506][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   78.797111][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   79.071191][   T64] Bluetooth: hci0: command tx timeout
[   79.132938][   T10] ==================================================================
[   79.136519][   T10] BUG: KASAN: slab-use-after-free in drm_atomic_helper_wait_for_vblanks.part.0+0x84f/0x930
[   79.140882][   T10] Read of size 1 at addr ffff88802c16c409 by task kworker/u32:0/10
[   79.158388][   T10] 
[   79.159485][   T10] CPU: 0 PID: 10 Comm: kworker/u32:0 Not tainted 6.9.0-rc7-syzkaller-gdccb07f2914c #0
[   79.162928][   T10] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   79.166424][   T10] Workqueue: events_unbound commit_work
[   79.168491][   T10] Call Trace:
[   79.169777][   T10]  <TASK>
[   79.170861][   T10]  dump_stack_lvl+0x116/0x1f0
[   79.172573][   T10]  print_report+0xc3/0x620
[   79.174566][   T10]  ? __virt_addr_valid+0x5e/0x580
[   79.176571][   T10]  ? __phys_addr+0xc6/0x150
[   79.178508][   T10]  kasan_report+0xd9/0x110
[   79.180573][   T10]  ? drm_atomic_helper_wait_for_vblanks.part.0+0x84f/0x930
[   79.183124][   T10]  ? drm_atomic_helper_wait_for_vblanks.part.0+0x84f/0x930
[   79.185651][   T10]  drm_atomic_helper_wait_for_vblanks.part.0+0x84f/0x930
[   79.188271][   T10]  ? preempt_schedule_thunk+0x1a/0x30
[   79.190289][   T10]  ? __pfx_drm_atomic_helper_wait_for_vblanks.part.0+0x10/0x10
[   79.193385][   T10]  ? _raw_spin_unlock_irqrestore+0x61/0x80
[   79.195442][   T10]  ? drm_atomic_helper_commit_hw_done+0x30e/0x4a0
[   79.197821][   T10]  drm_atomic_helper_commit_tail+0xcb/0xf0
[   79.200271][   T10]  commit_tail+0x356/0x410
[   79.202063][   T10]  process_one_work+0x9a9/0x1ac0
[   79.203994][   T10]  ? __pfx_lock_acquire+0x10/0x10
[   79.206088][   T10]  ? __pfx_process_one_work+0x10/0x10
[   79.208238][   T10]  ? assign_work+0x1a0/0x250
[   79.210135][   T10]  worker_thread+0x6c8/0xf70
[   79.212211][   T10]  ? __pfx_worker_thread+0x10/0x10
[   79.214536][   T10]  kthread+0x2c1/0x3a0
[   79.216388][   T10]  ? _raw_spin_unlock_irq+0x23/0x50
[   79.218724][   T10]  ? __pfx_kthread+0x10/0x10
[   79.220717][   T10]  ret_from_fork+0x45/0x80
[   79.222673][   T10]  ? __pfx_kthread+0x10/0x10
[   79.224585][   T10]  ret_from_fork_asm+0x1a/0x30
[   79.226468][   T10]  </TASK>
[   79.227677][   T10] 
[   79.228613][   T10] Allocated by task 5504:
[   79.230374][   T10]  kasan_save_stack+0x33/0x60
[   79.232275][   T10]  kasan_save_track+0x14/0x30
[   79.234348][   T10]  __kasan_kmalloc+0xaa/0xb0
[   79.236396][   T10]  drm_atomic_helper_crtc_duplicate_state+0x70/0xd0
[   79.239319][   T10]  drm_atomic_get_crtc_state+0x162/0x440
[   79.241721][   T10]  page_flip_common+0x57/0x320
[   79.243576][   T10]  drm_atomic_helper_page_flip+0xb6/0x190
[   79.245802][   T10]  drm_mode_page_flip_ioctl+0x103f/0x1470
[   79.248049][   T10]  drm_ioctl_kernel+0x1ec/0x3e0
[   79.250232][   T10]  drm_ioctl+0x5dc/0xc10
[   79.252147][   T10]  __x64_sys_ioctl+0x193/0x220
[   79.254149][   T10]  do_syscall_64+0xcf/0x260
[   79.255927][   T10]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   79.258458][   T10] 
[   79.259528][   T10] Freed by task 5503:
[   79.260927][   T10]  kasan_save_stack+0x33/0x60
[   79.262872][   T10]  kasan_save_track+0x14/0x30
[   79.264622][   T10]  kasan_save_free_info+0x3b/0x60
[   79.266375][   T10]  __kasan_slab_free+0x11d/0x1a0
[   79.268072][   T10]  kfree+0x129/0x3a0
[   79.269439][   T10]  drm_atomic_state_default_clear+0x3aa/0xde0
[   79.271512][   T10]  __drm_atomic_state_free+0x185/0x2b0
[   79.273379][   T10]  drm_client_modeset_commit_atomic+0x6db/0x810
[   79.275527][   T10]  drm_client_modeset_commit_locked+0x14d/0x580
[   79.277777][   T10]  drm_client_modeset_commit+0x4f/0x80
[   79.280114][   T10]  drm_fb_helper_lastclose+0xc7/0x160
[   79.282305][   T10]  drm_fbdev_generic_client_restore+0x2c/0x40
[   79.284908][   T10]  drm_client_dev_restore+0x188/0x2a0
[   79.287289][   T10]  drm_release+0x32f/0x3e0
[   79.289286][   T10]  __fput+0x270/0xb80
[   79.291066][   T10]  __fput_sync+0x47/0x50
[   79.292949][   T10]  __x64_sys_close+0x86/0x100
[   79.295042][   T10]  do_syscall_64+0xcf/0x260
[   79.297071][   T10]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   79.299687][   T10] 
[   79.300815][   T10] The buggy address belongs to the object at ffff88802c16c400
[   79.300815][   T10]  which belongs to the cache kmalloc-512 of size 512
[   79.306948][   T10] The buggy address is located 9 bytes inside of
[   79.306948][   T10]  freed 512-byte region [ffff88802c16c400, ffff88802c16c600)
[   79.312609][   T10] 
[   79.313707][   T10] The buggy address belongs to the physical page:
[   79.316295][   T10] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2c16c
[   79.319868][   T10] head: order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   79.323168][   T10] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   79.326312][   T10] page_type: 0xffffffff()
[   79.327870][   T10] raw: 00fff00000000840 ffff888015042c80 dead000000000100 dead000000000122
[   79.330997][   T10] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[   79.334078][   T10] head: 00fff00000000840 ffff888015042c80 dead000000000100 dead000000000122
[   79.337544][   T10] head: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[   79.341078][   T10] head: 00fff00000000002 ffffea0000b05b01 dead000000000122 00000000ffffffff
[   79.344771][   T10] head: 0000000400000000 0000000000000000 00000000ffffffff 0000000000000000
[   79.348403][   T10] page dumped because: kasan: bad access detected
[   79.350763][   T10] page_owner tracks the page as allocated
[   79.352985][   T10] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid -1743385718 (swapper/0), ts 1, free_ts 18670382752
[   79.361178][   T10]  post_alloc_hook+0x2d4/0x350
[   79.363242][   T10]  get_page_from_freelist+0xa28/0x3780
[   79.365518][   T10]  __alloc_pages+0x22b/0x2460
[   79.367557][   T10]  new_slab+0xcc/0x3a0
[   79.369300][   T10]  ___slab_alloc+0x66d/0x1790
[   79.371195][   T10]  __slab_alloc.constprop.0+0x56/0xb0
[   79.373303][   T10]  __kmalloc+0x3bf/0x440
[   79.375054][   T10]  mpi_resize+0x188/0x230
[   79.376901][   T10]  mpi_powm+0x7dd/0x1be0
[   79.378714][   T10]  rsa_enc+0x1ff/0x3c0
[   79.380516][   T10]  pkcs1pad_verify+0x54f/0x6f0
[   79.382637][   T10]  crypto_sig_verify+0x181/0x210
[   79.384833][   T10]  public_key_verify_signature+0x5e9/0x7f0
[   79.387418][   T10]  x509_check_for_self_signed+0x31a/0x500
[   79.389715][   T10]  x509_cert_parse+0x614/0x8a0
[   79.391614][   T10]  x509_key_preparse+0x65/0x970
[   79.393536][   T10] page last free pid 9 tgid 9 stack trace:
[   79.395840][   T10]  free_unref_page_prepare+0x527/0xb10
[   79.397985][   T10]  free_unref_page+0x33/0x3c0
[   79.399829][   T10]  vfree+0x181/0x7a0
[   79.401496][   T10]  delayed_vfree_work+0x56/0x70
[   79.403668][   T10]  process_one_work+0x9a9/0x1ac0
[   79.405753][   T10]  worker_thread+0x6c8/0xf70
[   79.407358][   T10]  kthread+0x2c1/0x3a0
[   79.408736][   T10]  ret_from_fork+0x45/0x80
[   79.410408][   T10]  ret_from_fork_asm+0x1a/0x30
[   79.412440][   T10] 
[   79.413469][   T10] Memory state around the buggy address:
[   79.415834][   T10]  ffff88802c16c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   79.419211][   T10]  ffff88802c16c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   79.422549][   T10] >ffff88802c16c400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   79.425939][   T10]                       ^
[   79.427768][   T10]  ffff88802c16c480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   79.431265][   T10]  ffff88802c16c500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   79.434519][   T10] ==================================================================
[   79.442249][   T10] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   79.445223][   T10] CPU: 0 PID: 10 Comm: kworker/u32:0 Not tainted 6.9.0-rc7-syzkaller-gdccb07f2914c #0
[   79.449423][   T10] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   79.453320][   T10] Workqueue: events_unbound commit_work
[   79.455507][   T10] Call Trace:
[   79.456844][   T10]  <TASK>
[   79.458025][   T10]  dump_stack_lvl+0x3d/0x1f0
[   79.459971][   T10]  panic+0x6f5/0x7a0
[   79.461696][   T10]  ? __pfx_panic+0x10/0x10
[   79.463599][   T10]  ? preempt_schedule_thunk+0x1a/0x30
[   79.465711][   T10]  ? preempt_schedule_common+0x44/0xc0
[   79.467744][   T10]  ? check_panic_on_warn+0x1f/0xb0
[   79.469685][   T10]  check_panic_on_warn+0xab/0xb0
[   79.471729][   T10]  end_report+0x117/0x180
[   79.473419][   T10]  kasan_report+0xe9/0x110
[   79.475093][   T10]  ? drm_atomic_helper_wait_for_vblanks.part.0+0x84f/0x930
[   79.477815][   T10]  ? drm_atomic_helper_wait_for_vblanks.part.0+0x84f/0x930
[   79.480856][   T10]  drm_atomic_helper_wait_for_vblanks.part.0+0x84f/0x930
[   79.483830][   T10]  ? preempt_schedule_thunk+0x1a/0x30
[   79.486216][   T10]  ? __pfx_drm_atomic_helper_wait_for_vblanks.part.0+0x10/0x10
[   79.489287][   T10]  ? _raw_spin_unlock_irqrestore+0x61/0x80
[   79.491380][   T10]  ? drm_atomic_helper_commit_hw_done+0x30e/0x4a0
[   79.494125][   T10]  drm_atomic_helper_commit_tail+0xcb/0xf0
[   79.496751][   T10]  commit_tail+0x356/0x410
[   79.498816][   T10]  process_one_work+0x9a9/0x1ac0
[   79.501011][   T10]  ? __pfx_lock_acquire+0x10/0x10
[   79.503113][   T10]  ? __pfx_process_one_work+0x10/0x10
[   79.505334][   T10]  ? assign_work+0x1a0/0x250
[   79.507233][   T10]  worker_thread+0x6c8/0xf70
[   79.509126][   T10]  ? __pfx_worker_thread+0x10/0x10
[   79.511428][   T10]  kthread+0x2c1/0x3a0
[   79.513309][   T10]  ? _raw_spin_unlock_irq+0x23/0x50
[   79.515673][   T10]  ? __pfx_kthread+0x10/0x10
[   79.517803][   T10]  ret_from_fork+0x45/0x80
[   79.519832][   T10]  ? __pfx_kthread+0x10/0x10
[   79.521848][   T10]  ret_from_fork_asm+0x1a/0x30
[   79.523812][   T10]  </TASK>
[   79.525629][   T10] Kernel Offset: disabled
[   79.527316][   T10] Rebooting in 86400 seconds..