Warning: Permanently added '[localhost]:31341' (ED25519) to the list of known hosts.
2025/07/08 05:13:07 ignoring optional flag "sandboxArg"="0"
2025/07/08 05:13:08 parsed 1 programs
[   79.730979][   T40] audit: type=1400 audit(1751951590.344:118): avc:  denied  { unlink } for  pid=6207 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   80.705281][ T6207] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   81.394777][   T10] cfg80211: failed to load regulatory.db
[   82.896826][ T6279] chnl_net:caif_netlink_parms(): no params data found
[   83.002262][ T6279] bridge0: port 1(bridge_slave_0) entered blocking state
[   83.005468][ T6279] bridge0: port 1(bridge_slave_0) entered disabled state
[   83.008416][ T6279] bridge_slave_0: entered allmulticast mode
[   83.012103][ T6279] bridge_slave_0: entered promiscuous mode
[   83.016614][ T6279] bridge0: port 2(bridge_slave_1) entered blocking state
[   83.019546][ T6279] bridge0: port 2(bridge_slave_1) entered disabled state
[   83.022459][ T6279] bridge_slave_1: entered allmulticast mode
[   83.026233][ T6279] bridge_slave_1: entered promiscuous mode
[   83.058038][ T6279] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   83.066982][ T6279] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   83.101356][ T6279] team0: Port device team_slave_0 added
[   83.105683][ T6279] team0: Port device team_slave_1 added
[   83.138013][ T6279] batman_adv: batadv0: Adding interface: batadv_slave_0
[   83.140486][ T6279] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   83.148869][ T6279] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   83.153204][ T6279] batman_adv: batadv0: Adding interface: batadv_slave_1
[   83.155688][ T6279] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   83.163823][ T6279] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   83.205057][ T6279] hsr_slave_0: entered promiscuous mode
[   83.207398][ T6279] hsr_slave_1: entered promiscuous mode
[   83.771351][ T6279] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   83.777020][ T6279] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   83.781353][ T6279] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   83.786490][ T6279] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   83.801325][ T6279] bridge0: port 2(bridge_slave_1) entered blocking state
[   83.803633][ T6279] bridge0: port 2(bridge_slave_1) entered forwarding state
[   83.806360][ T6279] bridge0: port 1(bridge_slave_0) entered blocking state
[   83.808919][ T6279] bridge0: port 1(bridge_slave_0) entered forwarding state
[   83.838671][ T6279] 8021q: adding VLAN 0 to HW filter on device bond0
[   83.847874][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[   83.851373][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[   83.869655][ T6279] 8021q: adding VLAN 0 to HW filter on device team0
[   83.876540][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[   83.879083][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[   83.885934][   T46] bridge0: port 2(bridge_slave_1) entered blocking state
[   83.888196][   T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[   84.009202][ T6279] 8021q: adding VLAN 0 to HW filter on device batadv0
[   84.037295][ T6279] veth0_vlan: entered promiscuous mode
[   84.042790][ T6279] veth1_vlan: entered promiscuous mode
[   84.065145][ T6279] veth0_macvtap: entered promiscuous mode
[   84.070207][ T6279] veth1_macvtap: entered promiscuous mode
[   84.079449][ T6279] batman_adv: batadv0: Interface activated: batadv_slave_0
[   84.086350][ T6279] batman_adv: batadv0: Interface activated: batadv_slave_1
[   84.091788][ T6279] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   84.094650][ T6279] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   84.098831][ T6279] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   84.101580][ T6279] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   84.175639][   T46] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   84.243061][   T46] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   84.260659][ T5970] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   84.263915][ T5970] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   84.268962][ T5970] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   84.275638][ T5970] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   84.279205][ T5970] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   84.294700][   T46] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   84.387587][   T46] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   84.449727][  T100] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   84.452789][  T100] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.481329][  T100] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   84.484642][  T100] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.931917][   T40] audit: type=1401 audit(1751951595.544:119): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
2025/07/08 05:13:16 executed programs: 0
[   85.888412][   T63] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   85.891361][   T63] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   85.893876][   T63] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   85.897055][   T63] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   85.899715][   T63] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   85.994899][ T6462] chnl_net:caif_netlink_parms(): no params data found
[   86.084596][ T6462] bridge0: port 1(bridge_slave_0) entered blocking state
[   86.087646][ T6462] bridge0: port 1(bridge_slave_0) entered disabled state
[   86.090520][ T6462] bridge_slave_0: entered allmulticast mode
[   86.093741][ T6462] bridge_slave_0: entered promiscuous mode
[   86.097105][ T6462] bridge0: port 2(bridge_slave_1) entered blocking state
[   86.099447][ T6462] bridge0: port 2(bridge_slave_1) entered disabled state
[   86.101874][ T6462] bridge_slave_1: entered allmulticast mode
[   86.105826][ T6462] bridge_slave_1: entered promiscuous mode
[   86.158360][ T6462] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   86.164871][ T6462] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   86.218946][ T6462] team0: Port device team_slave_0 added
[   86.222312][ T6462] team0: Port device team_slave_1 added
[   86.260924][ T6462] batman_adv: batadv0: Adding interface: batadv_slave_0
[   86.263896][ T6462] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   86.273590][ T6462] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   86.280885][ T6462] batman_adv: batadv0: Adding interface: batadv_slave_1
[   86.283185][ T6462] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   86.291342][ T6462] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   86.332548][ T6462] hsr_slave_0: entered promiscuous mode
[   86.334869][ T6462] hsr_slave_1: entered promiscuous mode
[   86.337110][ T6462] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   86.339970][ T6462] Cannot create hsr debugfs directory
[   87.732330][   T46] bridge_slave_1: left allmulticast mode
[   87.734709][   T46] bridge_slave_1: left promiscuous mode
[   87.737710][   T46] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.743568][   T46] bridge_slave_0: left allmulticast mode
[   87.746175][   T46] bridge_slave_0: left promiscuous mode
[   87.748691][   T46] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.957595][   T63] Bluetooth: hci0: command tx timeout
[   87.986595][   T46] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   87.990529][   T46] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   87.993952][   T46] bond0 (unregistering): Released all slaves
[   88.124153][   T46] hsr_slave_0: left promiscuous mode
[   88.126559][   T46] hsr_slave_1: left promiscuous mode
[   88.128527][   T46] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   88.130788][   T46] batman_adv: batadv0: Removing interface: batadv_slave_0
[   88.133983][   T46] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   88.136636][   T46] batman_adv: batadv0: Removing interface: batadv_slave_1
[   88.158155][   T46] veth1_macvtap: left promiscuous mode
[   88.160460][   T46] veth0_macvtap: left promiscuous mode
[   88.162750][   T46] veth1_vlan: left promiscuous mode
[   88.164964][   T46] veth0_vlan: left promiscuous mode
[   88.560373][   T46] team0 (unregistering): Port device team_slave_1 removed
[   88.601291][   T46] team0 (unregistering): Port device team_slave_0 removed
[   89.243510][ T6462] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   89.252357][ T6462] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   89.256476][ T6462] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   89.260857][ T6462] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   89.306882][ T6462] 8021q: adding VLAN 0 to HW filter on device bond0
[   89.317171][ T6462] 8021q: adding VLAN 0 to HW filter on device team0
[   89.322224][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.324494][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   89.331072][ T1253] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.333437][ T1253] bridge0: port 2(bridge_slave_1) entered forwarding state
[   89.444174][ T6462] 8021q: adding VLAN 0 to HW filter on device batadv0
[   89.675649][ T6462] veth0_vlan: entered promiscuous mode
[   89.681271][ T6462] veth1_vlan: entered promiscuous mode
[   89.696349][ T6462] veth0_macvtap: entered promiscuous mode
[   89.700150][ T6462] veth1_macvtap: entered promiscuous mode
[   89.709659][ T6462] batman_adv: batadv0: Interface activated: batadv_slave_0
[   89.716235][ T6462] batman_adv: batadv0: Interface activated: batadv_slave_1
[   89.722144][ T6462] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   89.725030][ T6462] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   89.728113][ T6462] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   89.731749][ T6462] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   89.812909][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   89.815439][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   89.851428][ T1253] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   89.854745][ T1253] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   89.890497][   T40] audit: type=1400 audit(1751951600.504:120): avc:  denied  { read append } for  pid=6535 comm="syz.0.16" name="card2" dev="devtmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[   89.901656][   T40] audit: type=1400 audit(1751951600.504:121): avc:  denied  { open } for  pid=6535 comm="syz.0.16" path="/dev/dri/card2" dev="devtmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[   89.911433][   T40] audit: type=1400 audit(1751951600.504:122): avc:  denied  { ioctl } for  pid=6535 comm="syz.0.16" path="/dev/dri/card2" dev="devtmpfs" ino=639 ioctlcmd=0x64a0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[   90.035465][   T63] Bluetooth: hci0: command tx timeout
[   90.164155][ T1253] ==================================================================
[   90.167652][ T1253] BUG: KASAN: slab-use-after-free in drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0
[   90.171748][ T1253] Read of size 1 at addr ffff888027048009 by task kworker/u32:10/1253
[   90.176774][ T1253] 
[   90.177816][ T1253] CPU: 1 UID: 0 PID: 1253 Comm: kworker/u32:10 Not tainted 6.16.0-rc5-syzkaller-gd7b8f8e20813 #0 PREEMPT(full) 
[   90.177838][ T1253] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   90.177850][ T1253] Workqueue: events_unbound commit_work
[   90.177878][ T1253] Call Trace:
[   90.177884][ T1253]  <TASK>
[   90.177891][ T1253]  dump_stack_lvl+0x116/0x1f0
[   90.177916][ T1253]  print_report+0xcd/0x680
[   90.177940][ T1253]  ? __virt_addr_valid+0x81/0x610
[   90.177960][ T1253]  ? __phys_addr+0xe8/0x180
[   90.177980][ T1253]  ? drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0
[   90.178004][ T1253]  kasan_report+0xe0/0x110
[   90.178028][ T1253]  ? drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0
[   90.178055][ T1253]  drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0
[   90.178083][ T1253]  ? preempt_schedule_thunk+0x16/0x30
[   90.178106][ T1253]  ? __pfx_drm_atomic_helper_wait_for_vblanks.part.0+0x10/0x10
[   90.178132][ T1253]  ? _raw_spin_unlock_irqrestore+0x61/0x80
[   90.178153][ T1253]  ? drm_atomic_helper_commit_hw_done+0x330/0x490
[   90.178180][ T1253]  drm_atomic_helper_commit_tail+0xcb/0xf0
[   90.178204][ T1253]  commit_tail+0x35b/0x400
[   90.178229][ T1253]  process_one_work+0x9cf/0x1b70
[   90.178253][ T1253]  ? __pfx_process_one_work+0x10/0x10
[   90.178274][ T1253]  ? assign_work+0x1a0/0x250
[   90.178291][ T1253]  worker_thread+0x6c8/0xf10
[   90.178312][ T1253]  ? __kthread_parkme+0x19e/0x250
[   90.178336][ T1253]  ? __pfx_worker_thread+0x10/0x10
[   90.178354][ T1253]  kthread+0x3c5/0x780
[   90.178370][ T1253]  ? __pfx_kthread+0x10/0x10
[   90.178386][ T1253]  ? rcu_is_watching+0x12/0xc0
[   90.178408][ T1253]  ? __pfx_kthread+0x10/0x10
[   90.178424][ T1253]  ret_from_fork+0x5d4/0x6f0
[   90.178454][ T1253]  ? __pfx_kthread+0x10/0x10
[   90.178471][ T1253]  ret_from_fork_asm+0x1a/0x30
[   90.178492][ T1253]  </TASK>
[   90.178497][ T1253] 
[   90.253351][ T1253] Allocated by task 6562:
[   90.254764][ T1253]  kasan_save_stack+0x33/0x60
[   90.256353][ T1253]  kasan_save_track+0x14/0x30
[   90.257840][ T1253]  __kasan_kmalloc+0xaa/0xb0
[   90.259369][ T1253]  drm_atomic_helper_crtc_duplicate_state+0x70/0xd0
[   90.261434][ T1253]  drm_atomic_get_crtc_state+0x16e/0x450
[   90.263289][ T1253]  page_flip_common+0x57/0x320
[   90.264837][ T1253]  drm_atomic_helper_page_flip+0xb6/0x180
[   90.267112][ T1253]  drm_mode_page_flip_ioctl+0x102c/0x1460
[   90.268943][ T1253]  drm_ioctl_kernel+0x1f4/0x3e0
[   90.270542][ T1253]  drm_ioctl+0x5c9/0xc30
[   90.272321][ T1253]  __x64_sys_ioctl+0x18e/0x210
[   90.274128][ T1253]  do_syscall_64+0xcd/0x4c0
[   90.275947][ T1253]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   90.278376][ T1253] 
[   90.279428][ T1253] Freed by task 6561:
[   90.281089][ T1253]  kasan_save_stack+0x33/0x60
[   90.283041][ T1253]  kasan_save_track+0x14/0x30
[   90.284979][ T1253]  kasan_save_free_info+0x3b/0x60
[   90.287046][ T1253]  __kasan_slab_free+0x51/0x70
[   90.289007][ T1253]  kfree+0x2b4/0x4d0
[   90.290621][ T1253]  drm_atomic_state_default_clear+0x455/0xe40
[   90.293090][ T1253]  __drm_atomic_state_free+0x185/0x2b0
[   90.295315][ T1253]  drm_client_modeset_commit_atomic+0x6b2/0x7e0
[   90.297844][ T1253]  drm_client_modeset_commit_locked+0x14d/0x580
[   90.300362][ T1253]  drm_client_modeset_commit+0x4f/0x80
[   90.302194][ T1253]  __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200
[   90.305208][ T1253]  drm_fbdev_client_restore+0x2c/0x40
[   90.306974][ T1253]  drm_client_dev_restore+0x1f6/0x2a0
[   90.308638][ T1253]  drm_release+0x2c4/0x360
[   90.310035][ T1253]  __fput+0x3ff/0xb70
[   90.311309][ T1253]  task_work_run+0x14d/0x240
[   90.312780][ T1253]  exit_to_user_mode_loop+0xeb/0x110
[   90.314480][ T1253]  do_syscall_64+0x3f6/0x4c0
[   90.315951][ T1253]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   90.317803][ T1253] 
[   90.318584][ T1253] The buggy address belongs to the object at ffff888027048000
[   90.318584][ T1253]  which belongs to the cache kmalloc-512 of size 512
[   90.323103][ T1253] The buggy address is located 9 bytes inside of
[   90.323103][ T1253]  freed 512-byte region [ffff888027048000, ffff888027048200)
[   90.327114][ T1253] 
[   90.328091][ T1253] The buggy address belongs to the physical page:
[   90.330578][ T1253] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888027049c00 pfn:0x27048
[   90.334658][ T1253] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   90.338029][ T1253] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[   90.341084][ T1253] page_type: f5(slab)
[   90.342807][ T1253] raw: 00fff00000000040 ffff88801b842c80 ffffea0000dca600 dead000000000002
[   90.346352][ T1253] raw: ffff888027049c00 000000008010000d 00000000f5000000 0000000000000000
[   90.349855][ T1253] head: 00fff00000000040 ffff88801b842c80 ffffea0000dca600 dead000000000002
[   90.353385][ T1253] head: ffff888027049c00 000000008010000d 00000000f5000000 0000000000000000
[   90.356927][ T1253] head: 00fff00000000002 ffffea00009c1201 00000000ffffffff 00000000ffffffff
[   90.360488][ T1253] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   90.364078][ T1253] page dumped because: kasan: bad access detected
[   90.366255][ T1253] page_owner tracks the page as allocated
[   90.368015][ T1253] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5364, tgid 5364 (udevd), ts 28904287532, free_ts 28811157507
[   90.374888][ T1253]  post_alloc_hook+0x1c0/0x230
[   90.376682][ T1253]  get_page_from_freelist+0x1321/0x3890
[   90.378705][ T1253]  __alloc_frozen_pages_noprof+0x261/0x23f0
[   90.380885][ T1253]  alloc_pages_mpol+0x1fb/0x550
[   90.382704][ T1253]  new_slab+0x23b/0x330
[   90.384016][ T1253]  ___slab_alloc+0xd9c/0x1940
[   90.385487][ T1253]  __slab_alloc.constprop.0+0x56/0xb0
[   90.387165][ T1253]  __kmalloc_cache_noprof+0xfb/0x3e0
[   90.388828][ T1253]  kernfs_fop_open+0x244/0xda0
[   90.390357][ T1253]  do_dentry_open+0x744/0x1c10
[   90.391939][ T1253]  vfs_open+0x82/0x3f0
[   90.393219][ T1253]  path_openat+0x1de4/0x2cb0
[   90.394667][ T1253]  do_filp_open+0x20b/0x470
[   90.396100][ T1253]  do_sys_openat2+0x11b/0x1d0
[   90.397587][ T1253]  __x64_sys_openat+0x174/0x210
[   90.399131][ T1253]  do_syscall_64+0xcd/0x4c0
[   90.400570][ T1253] page last free pid 5368 tgid 5368 stack trace:
[   90.402969][ T1253]  __free_frozen_pages+0x7fe/0x1180
[   90.405199][ T1253]  qlist_free_all+0x4d/0x120
[   90.406746][ T1253]  kasan_quarantine_reduce+0x195/0x1e0
[   90.408457][ T1253]  __kasan_slab_alloc+0x69/0x90
[   90.409977][ T1253]  __kmalloc_noprof+0x1d4/0x510
[   90.411535][ T1253]  tomoyo_realpath_from_path+0xc2/0x6e0
[   90.413320][ T1253]  tomoyo_path_number_perm+0x245/0x580
[   90.415009][ T1253]  tomoyo_path_chown+0x14b/0x1b0
[   90.416555][ T1253]  security_path_chown+0x12a/0x2e0
[   90.418144][ T1253]  chown_common+0x3d3/0x680
[   90.419626][ T1253]  do_fchownat+0x1a7/0x200
[   90.421039][ T1253]  __x64_sys_chown+0x7b/0xc0
[   90.422533][ T1253]  do_syscall_64+0xcd/0x4c0
[   90.423963][ T1253]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   90.425790][ T1253] 
[   90.426552][ T1253] Memory state around the buggy address:
[   90.428289][ T1253]  ffff888027047f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   90.430780][ T1253]  ffff888027047f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   90.433326][ T1253] >ffff888027048000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   90.436500][ T1253]                       ^
[   90.438317][ T1253]  ffff888027048080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   90.441071][ T1253]  ffff888027048100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   90.443599][ T1253] ==================================================================
[   90.453739][ T1253] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   90.456839][ T1253] CPU: 3 UID: 0 PID: 1253 Comm: kworker/u32:10 Not tainted 6.16.0-rc5-syzkaller-gd7b8f8e20813 #0 PREEMPT(full) 
[   90.461399][ T1253] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   90.465563][ T1253] Workqueue: events_unbound commit_work
[   90.467321][ T1253] Call Trace:
[   90.468381][ T1253]  <TASK>
[   90.469329][ T1253]  dump_stack_lvl+0x3d/0x1f0
[   90.470788][ T1253]  panic+0x71c/0x800
[   90.472047][ T1253]  ? __pfx_panic+0x10/0x10
[   90.473469][ T1253]  ? mark_held_locks+0x49/0x80
[   90.474989][ T1253]  ? preempt_schedule_thunk+0x16/0x30
[   90.476678][ T1253]  ? drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0
[   90.478964][ T1253]  ? preempt_schedule_common+0x44/0xc0
[   90.480691][ T1253]  ? check_panic_on_warn+0x1f/0xb0
[   90.482152][ T1253]  ? drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0
[   90.484290][ T1253]  check_panic_on_warn+0xab/0xb0
[   90.485865][ T1253]  end_report+0x107/0x170
[   90.487238][ T1253]  kasan_report+0xee/0x110
[   90.488668][ T1253]  ? drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0
[   90.490907][ T1253]  drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0
[   90.493093][ T1253]  ? preempt_schedule_thunk+0x16/0x30
[   90.494772][ T1253]  ? __pfx_drm_atomic_helper_wait_for_vblanks.part.0+0x10/0x10
[   90.497152][ T1253]  ? _raw_spin_unlock_irqrestore+0x61/0x80
[   90.499000][ T1253]  ? drm_atomic_helper_commit_hw_done+0x330/0x490
[   90.501005][ T1253]  drm_atomic_helper_commit_tail+0xcb/0xf0
[   90.502826][ T1253]  commit_tail+0x35b/0x400
[   90.504263][ T1253]  process_one_work+0x9cf/0x1b70
[   90.505820][ T1253]  ? __pfx_process_one_work+0x10/0x10
[   90.507467][ T1253]  ? assign_work+0x1a0/0x250
[   90.508790][ T1253]  worker_thread+0x6c8/0xf10
[   90.510179][ T1253]  ? __kthread_parkme+0x19e/0x250
[   90.511773][ T1253]  ? __pfx_worker_thread+0x10/0x10
[   90.513384][ T1253]  kthread+0x3c5/0x780
[   90.514683][ T1253]  ? __pfx_kthread+0x10/0x10
[   90.516170][ T1253]  ? rcu_is_watching+0x12/0xc0
[   90.517687][ T1253]  ? __pfx_kthread+0x10/0x10
[   90.519195][ T1253]  ret_from_fork+0x5d4/0x6f0
[   90.520666][ T1253]  ? __pfx_kthread+0x10/0x10
[   90.522120][ T1253]  ret_from_fork_asm+0x1a/0x30
[   90.523648][ T1253]  </TASK>
[   90.525313][ T1253] Kernel Offset: disabled
[   90.526680][ T1253] Rebooting in 86400 seconds..