[�[0;32m OK �[0m] Started Getty on tty4.
[�[0;32m OK �[0m] Started Getty on tty3.
[�[0;32m OK �[0m] Started Getty on tty2.
[�[0;32m OK �[0m] Started Getty on tty1.
[�[0;32m OK �[0m] Started Serial Getty on ttyS0.
[�[0;32m OK �[0m] Reached target Login Prompts.
[�[0;32m OK �[0m] Reached target Multi-User System.
[�[0;32m OK �[0m] Reached target Graphical Interface.
Starting Update UTMP about System Runlevel Changes...
[�[0;32m OK �[0m] Started Update UTMP about System Runlevel Changes.
Starting Load/Save RF Kill Switch Status...
[�[0;32m OK �[0m] Started Load/Save RF Kill Switch Status.
Debian GNU/Linux 9 syzkaller ttyS0
Warning: Permanently added '10.128.10.6' (ECDSA) to the list of known hosts.
syzkaller login: [ 67.473271][ T6530] chnl_net:caif_netlink_parms(): no params data found
[ 67.552563][ T6530] bridge0: port 1(bridge_slave_0) entered blocking state
[ 67.560662][ T6530] bridge0: port 1(bridge_slave_0) entered disabled state
[ 67.568684][ T6530] device bridge_slave_0 entered promiscuous mode
[ 67.579128][ T6530] bridge0: port 2(bridge_slave_1) entered blocking state
[ 67.586553][ T6530] bridge0: port 2(bridge_slave_1) entered disabled state
[ 67.594705][ T6530] device bridge_slave_1 entered promiscuous mode
[ 67.625723][ T6530] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 67.637041][ T6530] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 67.670914][ T6530] team0: Port device team_slave_0 added
[ 67.683021][ T6530] team0: Port device team_slave_1 added
[ 67.712154][ T6530] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 67.720576][ T6530] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 67.746622][ T6530] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 67.761591][ T6530] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 67.768590][ T6530] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 67.794888][ T6530] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 67.830752][ T6530] device hsr_slave_0 entered promiscuous mode
[ 67.837576][ T6530] device hsr_slave_1 entered promiscuous mode
[ 67.959011][ T6530] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 67.972255][ T6530] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 67.982463][ T6530] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 67.993262][ T6530] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 68.016240][ T6530] bridge0: port 2(bridge_slave_1) entered blocking state
[ 68.023592][ T6530] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 68.031572][ T6530] bridge0: port 1(bridge_slave_0) entered blocking state
[ 68.038848][ T6530] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 68.086247][ T6530] 8021q: adding VLAN 0 to HW filter on device bond0
[ 68.101056][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 68.112815][ T25] bridge0: port 1(bridge_slave_0) entered disabled state
[ 68.123355][ T25] bridge0: port 2(bridge_slave_1) entered disabled state
[ 68.132959][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 68.146222][ T6530] 8021q: adding VLAN 0 to HW filter on device team0
[ 68.158430][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 68.166968][ T5] bridge0: port 1(bridge_slave_0) entered blocking state
[ 68.174136][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 68.185565][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 68.194880][ T20] bridge0: port 2(bridge_slave_1) entered blocking state
[ 68.202935][ T20] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 68.230977][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 68.239850][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 68.248348][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 68.257295][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 68.266473][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 68.277359][ T6530] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 68.298212][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 68.305877][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 68.320915][ T6530] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 68.341355][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 68.362425][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 68.371063][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 68.378801][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 68.391290][ T6530] device veth0_vlan entered promiscuous mode
[ 68.403553][ T6530] device veth1_vlan entered promiscuous mode
[ 68.425281][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 68.433760][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 68.442514][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 68.455535][ T6530] device veth0_macvtap entered promiscuous mode
[ 68.466013][ T6530] device veth1_macvtap entered promiscuous mode
[ 68.486321][ T6530] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 68.494486][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 68.504195][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 68.517092][ T6530] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 68.524924][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 68.533989][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 68.546350][ T6530] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 68.555539][ T6530] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 68.564381][ T6530] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 68.573334][ T6530] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 68.659752][ T44] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 68.667736][ T44] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 68.680488][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 68.696078][ T54] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
executing program
[ 68.704150][ T54] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 68.721113][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 69.010525][ T6868] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 69.269543][ T6868] usb 1-1: Using ep0 maxpacket: 32
[ 69.320170][ T5] Bluetooth: hci0: command 0x0409 tx timeout
[ 69.562027][ T6868] usb 1-1: New USB device found, idVendor=2040, idProduct=d300, bcdDevice=73.ce
[ 69.571304][ T6868] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=20
[ 69.579598][ T6868] usb 1-1: Product: syz
[ 69.583759][ T6868] usb 1-1: Manufacturer: syz
[ 69.588461][ T6868] usb 1-1: SerialNumber: syz
[ 69.598145][ T6868] usb 1-1: config 0 descriptor??
[ 69.697350][ T6868] msi2500 1-1:0.0: Registered as swradio16
[ 69.703766][ T6868] msi2500 1-1:0.0: SDR API is still slightly experimental and functionality changes may follow
[ 69.853793][ T6868] usb 1-1: USB disconnect, device number 2
[ 69.892000][ T6868]
[ 69.894357][ T6868] =========================
[ 69.898851][ T6868] WARNING: held lock freed!
[ 69.903348][ T6868] 5.15.0-rc5-next-20211015-syzkaller #0 Not tainted
[ 69.909938][ T6868] -------------------------
[ 69.914448][ T6868] kworker/0:3/6868 is freeing memory ffff88801c10e000-ffff88801c10efff, with a lock still held there!
[ 69.925477][ T6868] ffff88801c10e668 (&ctlr->add_lock){+.+.}-{3:3}, at: spi_unregister_controller+0x57/0x3b0
[ 69.935515][ T6868] 8 locks held by kworker/0:3/6868:
[ 69.940749][ T6868] #0: ffff88814159ed38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x896/0x1690
[ 69.951463][ T6868] #1: ffffc900033cfdb0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x8ca/0x1690
[ 69.962755][ T6868] #2: ffff888147a51220 (&dev->mutex){....}-{3:3}, at: hub_event+0x1c1/0x4330
[ 69.971621][ T6868] #3: ffff88806dfad220 (&dev->mutex){....}-{3:3}, at: usb_disconnect.cold+0x43/0x78e
[ 69.981214][ T6868] #4: ffff888076e1d1a8 (&dev->mutex){....}-{3:3}, at: device_release_driver+0x1c/0x40
[ 69.990948][ T6868] #5: ffff88801c10cd38 (&dev->vb_queue_lock){+.+.}-{3:3}, at: msi2500_disconnect+0x5d/0x160
[ 70.001112][ T6868] #6: ffff88801c10cca8 (&dev->v4l2_lock){+.+.}-{3:3}, at: msi2500_disconnect+0x67/0x160
[ 70.010929][ T6868] #7: ffff88801c10e668 (&ctlr->add_lock){+.+.}-{3:3}, at: spi_unregister_controller+0x57/0x3b0
[ 70.021351][ T6868]
[ 70.021351][ T6868] stack backtrace:
[ 70.027579][ T6868] CPU: 0 PID: 6868 Comm: kworker/0:3 Not tainted 5.15.0-rc5-next-20211015-syzkaller #0
[ 70.037331][ T6868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 70.047400][ T6868] Workqueue: usb_hub_wq hub_event
[ 70.052482][ T6868] Call Trace:
[ 70.055797][ T6868]
[ 70.058739][ T6868] dump_stack_lvl+0xcd/0x134
[ 70.063512][ T6868] debug_check_no_locks_freed.cold+0x9d/0xa9
[ 70.069586][ T6868] slab_free_freelist_hook+0x73/0x1c0
[ 70.075064][ T6868] ? spi_device_messages_show+0x80/0x80
[ 70.080621][ T6868] ? device_release+0x9f/0x240
[ 70.085391][ T6868] kfree+0xf6/0x560
[ 70.089260][ T6868] ? devm_krealloc+0x530/0x530
[ 70.094044][ T6868] ? device_del+0x963/0xd60
[ 70.098644][ T6868] ? spi_device_messages_show+0x80/0x80
[ 70.104275][ T6868] device_release+0x9f/0x240
[ 70.108860][ T6868] kobject_put+0x1c8/0x540
[ 70.113363][ T6868] put_device+0x1b/0x30
[ 70.117511][ T6868] spi_unregister_controller+0x2a8/0x3b0
[ 70.123337][ T6868] ? device_unregister+0x31/0xc0
[ 70.128530][ T6868] msi2500_disconnect+0xd2/0x160
[ 70.133469][ T6868] usb_unbind_interface+0x1d8/0x8e0
[ 70.138665][ T6868] ? up_write+0x148/0x470
[ 70.143090][ T6868] ? kernfs_remove_by_name_ns+0x60/0xa0
[ 70.148627][ T6868] ? usb_unbind_device+0x1a0/0x1a0
[ 70.153729][ T6868] __device_release_driver+0x5d7/0x700
[ 70.159315][ T6868] device_release_driver+0x26/0x40
[ 70.164556][ T6868] bus_remove_device+0x2eb/0x5a0
[ 70.169525][ T6868] device_del+0x502/0xd60
[ 70.173860][ T6868] ? fw_devlink_purge_absent_suppliers+0x50/0x50
[ 70.180234][ T6868] ? mutex_lock_io_nested+0x1150/0x1150
[ 70.185771][ T6868] usb_disable_device+0x35b/0x7b0
[ 70.190800][ T6868] usb_disconnect.cold+0x27a/0x78e
[ 70.195901][ T6868] hub_event+0x1c9c/0x4330
[ 70.200308][ T6868] ? hub_port_debounce+0x3c0/0x3c0
[ 70.205406][ T6868] ? lock_release+0x720/0x720
[ 70.210070][ T6868] ? lock_downgrade+0x6e0/0x6e0
[ 70.214906][ T6868] ? do_raw_spin_lock+0x120/0x2b0
[ 70.219920][ T6868] process_one_work+0x9b2/0x1690
[ 70.224983][ T6868] ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[ 70.230442][ T6868] ? rwlock_bug.part.0+0x90/0x90
[ 70.236120][ T6868] ? _raw_spin_lock_irq+0x41/0x50
[ 70.241652][ T6868] worker_thread+0x658/0x11f0
[ 70.246444][ T6868] ? process_one_work+0x1690/0x1690
[ 70.251836][ T6868] kthread+0x405/0x4f0
[ 70.255896][ T6868] ? set_kthread_struct+0x130/0x130
[ 70.261085][ T6868] ret_from_fork+0x1f/0x30
[ 70.265525][ T6868]
[ 70.268990][ T6868] ==================================================================
[ 70.270911][ T6530] syz-executor687 (6530) used greatest stack depth: 22752 bytes left
[ 70.277767][ T6868] BUG: KASAN: use-after-free in __mutex_unlock_slowpath+0xa6/0x5e0
[ 70.294262][ T6868] Read of size 8 at addr ffff88801c10e600 by task kworker/0:3/6868
[ 70.302411][ T6868]
[ 70.305078][ T6868] CPU: 0 PID: 6868 Comm: kworker/0:3 Not tainted 5.15.0-rc5-next-20211015-syzkaller #0
[ 70.315627][ T6868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 70.326064][ T6868] Workqueue: usb_hub_wq hub_event
[ 70.331093][ T6868] Call Trace:
[ 70.334376][ T6868]
[ 70.337393][ T6868] dump_stack_lvl+0xcd/0x134
[ 70.342085][ T6868] print_address_description.constprop.0.cold+0x8d/0x320
[ 70.349368][ T6868] ? __mutex_unlock_slowpath+0xa6/0x5e0
[ 70.354909][ T6868] ? __mutex_unlock_slowpath+0xa6/0x5e0
[ 70.360823][ T6868] kasan_report.cold+0x83/0xdf
[ 70.366065][ T6868] ? __mutex_unlock_slowpath+0xa6/0x5e0
[ 70.371709][ T6868] kasan_check_range+0x13d/0x180
[ 70.376837][ T6868] __mutex_unlock_slowpath+0xa6/0x5e0
[ 70.382655][ T6868] ? radix_tree_lookup+0x20/0x20
[ 70.387584][ T6868] ? wait_for_completion_io+0x270/0x270
[ 70.393154][ T6868] ? kfree_const+0x51/0x60
[ 70.397802][ T6868] ? kobject_put+0x1f3/0x540
[ 70.402580][ T6868] ? spi_unregister_controller+0x285/0x3b0
[ 70.408764][ T6868] msi2500_disconnect+0xd2/0x160
[ 70.414482][ T6868] usb_unbind_interface+0x1d8/0x8e0
[ 70.419976][ T6868] ? up_write+0x148/0x470
[ 70.424301][ T6868] ? kernfs_remove_by_name_ns+0x60/0xa0
[ 70.430016][ T6868] ? usb_unbind_device+0x1a0/0x1a0
[ 70.435218][ T6868] __device_release_driver+0x5d7/0x700
[ 70.440791][ T6868] device_release_driver+0x26/0x40
[ 70.446537][ T6868] bus_remove_device+0x2eb/0x5a0
[ 70.451776][ T6868] device_del+0x502/0xd60
[ 70.456126][ T6868] ? fw_devlink_purge_absent_suppliers+0x50/0x50
[ 70.462795][ T6868] ? mutex_lock_io_nested+0x1150/0x1150
[ 70.468643][ T6868] usb_disable_device+0x35b/0x7b0
[ 70.473690][ T6868] usb_disconnect.cold+0x27a/0x78e
[ 70.478813][ T6868] hub_event+0x1c9c/0x4330
[ 70.483636][ T6868] ? hub_port_debounce+0x3c0/0x3c0
[ 70.489184][ T6868] ? lock_release+0x720/0x720
[ 70.494136][ T6868] ? lock_downgrade+0x6e0/0x6e0
[ 70.498991][ T6868] ? do_raw_spin_lock+0x120/0x2b0
[ 70.504107][ T6868] process_one_work+0x9b2/0x1690
[ 70.509145][ T6868] ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[ 70.514600][ T6868] ? rwlock_bug.part.0+0x90/0x90
[ 70.519537][ T6868] ? _raw_spin_lock_irq+0x41/0x50
[ 70.524559][ T6868] worker_thread+0x658/0x11f0
[ 70.529269][ T6868] ? process_one_work+0x1690/0x1690
[ 70.534569][ T6868] kthread+0x405/0x4f0
[ 70.538654][ T6868] ? set_kthread_struct+0x130/0x130
[ 70.544157][ T6868] ret_from_fork+0x1f/0x30
[ 70.548937][ T6868]
[ 70.552057][ T6868]
[ 70.554369][ T6868] Allocated by task 6868:
[ 70.558686][ T6868] kasan_save_stack+0x1e/0x50
[ 70.563365][ T6868] __kasan_kmalloc+0xa9/0xd0
[ 70.568220][ T6868] __spi_alloc_controller+0x35/0x310
[ 70.573586][ T6868] msi2500_probe+0x679/0xbf0
[ 70.578257][ T6868] usb_probe_interface+0x315/0x7f0
[ 70.583708][ T6868] really_probe+0x245/0xcc0
[ 70.588300][ T6868] __driver_probe_device+0x338/0x4d0
[ 70.594026][ T6868] driver_probe_device+0x4c/0x1a0
[ 70.599546][ T6868] __device_attach_driver+0x20b/0x2f0
[ 70.605014][ T6868] bus_for_each_drv+0x15f/0x1e0
[ 70.610130][ T6868] __device_attach+0x228/0x4a0
[ 70.614911][ T6868] bus_probe_device+0x1e4/0x290
[ 70.620381][ T6868] device_add+0xc17/0x1ee0
[ 70.624883][ T6868] usb_set_configuration+0x101e/0x1900
[ 70.631127][ T6868] usb_generic_driver_probe+0xba/0x100
[ 70.636756][ T6868] usb_probe_device+0xd9/0x2c0
[ 70.641612][ T6868] really_probe+0x245/0xcc0
[ 70.646467][ T6868] __driver_probe_device+0x338/0x4d0
[ 70.652023][ T6868] driver_probe_device+0x4c/0x1a0
[ 70.657041][ T6868] __device_attach_driver+0x20b/0x2f0
[ 70.662412][ T6868] bus_for_each_drv+0x15f/0x1e0
[ 70.667257][ T6868] __device_attach+0x228/0x4a0
[ 70.672096][ T6868] bus_probe_device+0x1e4/0x290
[ 70.676950][ T6868] device_add+0xc17/0x1ee0
[ 70.681379][ T6868] usb_new_device.cold+0x63f/0x108e
[ 70.686739][ T6868] hub_event+0x2357/0x4330
[ 70.691578][ T6868] process_one_work+0x9b2/0x1690
[ 70.696508][ T6868] worker_thread+0x658/0x11f0
[ 70.701177][ T6868] kthread+0x405/0x4f0
[ 70.705236][ T6868] ret_from_fork+0x1f/0x30
[ 70.709665][ T6868]
[ 70.712038][ T6868] Freed by task 6868:
[ 70.716093][ T6868] kasan_save_stack+0x1e/0x50
[ 70.720785][ T6868] kasan_set_track+0x21/0x30
[ 70.725369][ T6868] kasan_set_free_info+0x20/0x30
[ 70.730306][ T6868] __kasan_slab_free+0xff/0x130
[ 70.735244][ T6868] slab_free_freelist_hook+0x8b/0x1c0
[ 70.740701][ T6868] kfree+0xf6/0x560
[ 70.744496][ T6868] device_release+0x9f/0x240
[ 70.749168][ T6868] kobject_put+0x1c8/0x540
[ 70.753681][ T6868] put_device+0x1b/0x30
[ 70.758015][ T6868] spi_unregister_controller+0x2a8/0x3b0
[ 70.763638][ T6868] msi2500_disconnect+0xd2/0x160
[ 70.768563][ T6868] usb_unbind_interface+0x1d8/0x8e0
[ 70.773752][ T6868] __device_release_driver+0x5d7/0x700
[ 70.779292][ T6868] device_release_driver+0x26/0x40
[ 70.784402][ T6868] bus_remove_device+0x2eb/0x5a0
[ 70.789345][ T6868] device_del+0x502/0xd60
[ 70.793682][ T6868] usb_disable_device+0x35b/0x7b0
[ 70.798749][ T6868] usb_disconnect.cold+0x27a/0x78e
[ 70.803854][ T6868] hub_event+0x1c9c/0x4330
[ 70.808260][ T6868] process_one_work+0x9b2/0x1690
[ 70.813191][ T6868] worker_thread+0x658/0x11f0
[ 70.817958][ T6868] kthread+0x405/0x4f0
[ 70.822016][ T6868] ret_from_fork+0x1f/0x30
[ 70.826509][ T6868]
[ 70.828821][ T6868] The buggy address belongs to the object at ffff88801c10e000
[ 70.828821][ T6868] which belongs to the cache kmalloc-4k of size 4096
[ 70.842881][ T6868] The buggy address is located 1536 bytes inside of
[ 70.842881][ T6868] 4096-byte region [ffff88801c10e000, ffff88801c10f000)
[ 70.856508][ T6868] The buggy address belongs to the page:
[ 70.862119][ T6868] page:ffffea0000704200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1c108
[ 70.872342][ T6868] head:ffffea0000704200 order:3 compound_mapcount:0 compound_pincount:0
[ 70.884782][ T6868] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 70.892859][ T6868] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888010c42140
[ 70.901437][ T6868] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000
[ 70.910002][ T6868] page dumped because: kasan: bad access detected
[ 70.916400][ T6868] page_owner tracks the page as allocated
[ 70.922107][ T6868] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 6530, ts 69622938520, free_ts 69608701256
[ 70.941391][ T6868] get_page_from_freelist+0xa72/0x2f50
[ 70.946866][ T6868] __alloc_pages+0x1b2/0x500
[ 70.951476][ T6868] alloc_pages+0x1a7/0x300
[ 70.955887][ T6868] new_slab+0x32d/0x4a0
[ 70.960033][ T6868] ___slab_alloc+0x947/0x1040
[ 70.964697][ T6868] __slab_alloc.constprop.0+0x4d/0xa0
[ 70.970074][ T6868] kmem_cache_alloc_trace+0x300/0x3b0
[ 70.975433][ T6868] tomoyo_init_log+0x18a/0x1ee0
[ 70.980281][ T6868] tomoyo_supervisor+0x34d/0xf00
[ 70.985475][ T6868] tomoyo_path_number_perm+0x419/0x590
[ 70.990949][ T6868] security_file_ioctl+0x50/0xb0
[ 70.995891][ T6868] __x64_sys_ioctl+0xb3/0x200
[ 71.000732][ T6868] do_syscall_64+0x35/0xb0
[ 71.005141][ T6868] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 71.011029][ T6868] page last free stack trace:
[ 71.015682][ T6868] free_pcp_prepare+0x373/0x870
[ 71.020701][ T6868] free_unref_page+0x19/0x690
[ 71.025390][ T6868] __unfreeze_partials+0x343/0x360
[ 71.030514][ T6868] qlist_free_all+0x5a/0xc0
[ 71.035196][ T6868] kasan_quarantine_reduce+0x180/0x200
[ 71.040650][ T6868] __kasan_slab_alloc+0xa2/0xc0
[ 71.045504][ T6868] __kmalloc_node+0x242/0x370
[ 71.050179][ T6868] kvmalloc_node+0x61/0x120
[ 71.054759][ T6868] seq_read_iter+0x7e7/0x1240
[ 71.059605][ T6868] kernfs_fop_read_iter+0x44f/0x5f0
[ 71.064792][ T6868] new_sync_read+0x421/0x6e0
[ 71.069489][ T6868] vfs_read+0x35c/0x600
[ 71.073829][ T6868] ksys_read+0x12d/0x250
[ 71.078254][ T6868] do_syscall_64+0x35/0xb0
[ 71.082912][ T6868] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 71.089866][ T6868]
[ 71.092189][ T6868] Memory state around the buggy address:
[ 71.097902][ T6868] ffff88801c10e500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 71.106433][ T6868] ffff88801c10e580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 71.114478][ T6868] >ffff88801c10e600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 71.122523][ T6868] ^
[ 71.126574][ T6868] ffff88801c10e680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 71.134621][ T6868] ffff88801c10e700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 71.142755][ T6868] ==================================================================
[ 71.151763][ T6868] Kernel panic - not syncing: panic_on_warn set ...
[ 71.151893][ T1