[   71.215657][ T1420] ieee802154 phy0 wpan0: encryption failed: -22
[   71.217729][ T1420] ieee802154 phy1 wpan1: encryption failed: -22
Warning: Permanently added '[localhost]:61169' (ED25519) to the list of known hosts.
2025/04/29 04:31:18 ignoring optional flag "sandboxArg"="0"
2025/04/29 04:31:18 parsed 1 programs
[   75.762885][   T40] audit: type=1400 audit(1745901080.723:141): avc:  denied  { unlink } for  pid=6183 comm="syz-executor" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   76.647537][ T6183] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   78.722118][ T6245] chnl_net:caif_netlink_parms(): no params data found
[   78.800482][ T6245] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.802868][ T6245] bridge0: port 1(bridge_slave_0) entered disabled state
[   78.805105][ T6245] bridge_slave_0: entered allmulticast mode
[   78.807641][ T6245] bridge_slave_0: entered promiscuous mode
[   78.810717][ T6245] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.813330][ T6245] bridge0: port 2(bridge_slave_1) entered disabled state
[   78.815619][ T6245] bridge_slave_1: entered allmulticast mode
[   78.818207][ T6245] bridge_slave_1: entered promiscuous mode
[   78.856408][ T6245] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   78.865086][ T6245] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   78.895845][ T6245] team0: Port device team_slave_0 added
[   78.900628][ T6245] team0: Port device team_slave_1 added
[   78.934697][ T6245] batman_adv: batadv0: Adding interface: batadv_slave_0
[   78.936886][ T6245] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.944751][ T6245] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   78.949354][ T6245] batman_adv: batadv0: Adding interface: batadv_slave_1
[   78.951734][ T6245] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.959756][ T6245] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   78.996422][ T6245] hsr_slave_0: entered promiscuous mode
[   78.999089][ T6245] hsr_slave_1: entered promiscuous mode
[   79.591506][ T6245] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   79.596202][ T6245] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   79.600484][ T6245] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   79.604874][ T6245] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   79.620766][ T6245] bridge0: port 2(bridge_slave_1) entered blocking state
[   79.623271][ T6245] bridge0: port 2(bridge_slave_1) entered forwarding state
[   79.626141][ T6245] bridge0: port 1(bridge_slave_0) entered blocking state
[   79.628293][ T6245] bridge0: port 1(bridge_slave_0) entered forwarding state
[   79.674920][ T6245] 8021q: adding VLAN 0 to HW filter on device bond0
[   79.682127][ T1150] bridge0: port 1(bridge_slave_0) entered disabled state
[   79.685659][ T1150] bridge0: port 2(bridge_slave_1) entered disabled state
[   79.695831][ T6245] 8021q: adding VLAN 0 to HW filter on device team0
[   79.703366][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   79.705574][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   79.712549][ T1150] bridge0: port 2(bridge_slave_1) entered blocking state
[   79.714841][ T1150] bridge0: port 2(bridge_slave_1) entered forwarding state
[   79.820373][ T6245] 8021q: adding VLAN 0 to HW filter on device batadv0
[   79.850230][ T6245] veth0_vlan: entered promiscuous mode
[   79.855640][ T6245] veth1_vlan: entered promiscuous mode
[   79.870697][ T6245] veth0_macvtap: entered promiscuous mode
[   79.875788][ T6245] veth1_macvtap: entered promiscuous mode
[   79.887739][ T6245] batman_adv: batadv0: Interface activated: batadv_slave_0
[   79.893945][ T6245] batman_adv: batadv0: Interface activated: batadv_slave_1
[   79.899479][ T6245] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   79.902200][ T6245] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   79.905288][ T6245] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   79.908705][ T6245] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   79.987900][ T1150] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   80.042300][ T1150] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   80.063545][   T40] audit: type=1401 audit(1745901085.033:142): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
[   80.101791][ T1150] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   80.171293][ T1150] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   80.574431][ T5294] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   80.577697][ T5294] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   80.580757][ T5294] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   80.585552][ T5294] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   80.588627][ T5294] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   81.002100][  T216] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   81.005099][  T216] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   81.019557][  T216] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   81.022235][  T216] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/04/29 04:31:26 executed programs: 0
[   81.106500][ T5294] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   81.109667][ T5294] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   81.113439][ T5294] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   81.116502][ T5294] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   81.119393][ T5294] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   81.216751][ T6413] chnl_net:caif_netlink_parms(): no params data found
[   81.315795][ T6413] bridge0: port 1(bridge_slave_0) entered blocking state
[   81.318724][ T6413] bridge0: port 1(bridge_slave_0) entered disabled state
[   81.321899][ T6413] bridge_slave_0: entered allmulticast mode
[   81.327470][ T6413] bridge_slave_0: entered promiscuous mode
[   81.332916][ T6413] bridge0: port 2(bridge_slave_1) entered blocking state
[   81.335292][ T6413] bridge0: port 2(bridge_slave_1) entered disabled state
[   81.337467][ T6413] bridge_slave_1: entered allmulticast mode
[   81.339963][ T6413] bridge_slave_1: entered promiscuous mode
[   81.383765][ T6413] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   81.389192][ T6413] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   81.424697][ T6413] team0: Port device team_slave_0 added
[   81.428835][ T6413] team0: Port device team_slave_1 added
[   81.461046][ T6413] batman_adv: batadv0: Adding interface: batadv_slave_0
[   81.461240][   T10] cfg80211: failed to load regulatory.db
[   81.463349][ T6413] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   81.463381][ T6413] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   81.464827][ T6413] batman_adv: batadv0: Adding interface: batadv_slave_1
[   81.479434][ T6413] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   81.487287][ T6413] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   81.525875][ T6413] hsr_slave_0: entered promiscuous mode
[   81.528079][ T6413] hsr_slave_1: entered promiscuous mode
[   81.530131][ T6413] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   81.532649][ T6413] Cannot create hsr debugfs directory
[   83.133039][ T5294] Bluetooth: hci0: command tx timeout
[   83.475875][ T1150] bridge_slave_1: left allmulticast mode
[   83.478349][ T1150] bridge_slave_1: left promiscuous mode
[   83.480961][ T1150] bridge0: port 2(bridge_slave_1) entered disabled state
[   83.486558][ T1150] bridge_slave_0: left allmulticast mode
[   83.488773][ T1150] bridge_slave_0: left promiscuous mode
[   83.491562][ T1150] bridge0: port 1(bridge_slave_0) entered disabled state
[   83.686641][ T1150] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   83.690447][ T1150] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   83.694379][ T1150] bond0 (unregistering): Released all slaves
[   83.819347][ T1150] hsr_slave_0: left promiscuous mode
[   83.821584][ T1150] hsr_slave_1: left promiscuous mode
[   83.824129][ T1150] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   83.826434][ T1150] batman_adv: batadv0: Removing interface: batadv_slave_0
[   83.833029][ T1150] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   83.835363][ T1150] batman_adv: batadv0: Removing interface: batadv_slave_1
[   83.847000][ T1150] veth1_macvtap: left promiscuous mode
[   83.848897][ T1150] veth0_macvtap: left promiscuous mode
[   83.850671][ T1150] veth1_vlan: left promiscuous mode
[   83.852365][ T1150] veth0_vlan: left promiscuous mode
[   84.205119][ T1150] team0 (unregistering): Port device team_slave_1 removed
[   84.247439][ T1150] team0 (unregistering): Port device team_slave_0 removed
[   84.917884][ T6413] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   84.924708][ T6413] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   84.930526][ T6413] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   84.938949][ T6413] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   84.975548][ T6413] 8021q: adding VLAN 0 to HW filter on device bond0
[   84.986667][ T6413] 8021q: adding VLAN 0 to HW filter on device team0
[   84.991866][  T216] bridge0: port 1(bridge_slave_0) entered blocking state
[   84.994746][  T216] bridge0: port 1(bridge_slave_0) entered forwarding state
[   85.002263][  T216] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.004651][  T216] bridge0: port 2(bridge_slave_1) entered forwarding state
[   85.222659][ T5294] Bluetooth: hci0: command tx timeout
[   85.277661][ T6413] 8021q: adding VLAN 0 to HW filter on device batadv0
[   85.317417][ T6413] veth0_vlan: entered promiscuous mode
[   85.325681][ T6413] veth1_vlan: entered promiscuous mode
[   85.357273][ T6413] veth0_macvtap: entered promiscuous mode
[   85.363340][ T6413] veth1_macvtap: entered promiscuous mode
[   85.378842][ T6413] batman_adv: batadv0: Interface activated: batadv_slave_0
[   85.390490][ T6413] batman_adv: batadv0: Interface activated: batadv_slave_1
[   85.394850][ T6413] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   85.397565][ T6413] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   85.400323][ T6413] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   85.403160][ T6413] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   85.452451][   T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   85.456105][   T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   85.469979][   T84] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   85.473368][   T84] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   85.517373][   T40] audit: type=1400 audit(1745901090.483:143): avc:  denied  { read } for  pid=6492 comm="syz.0.15" name="card2" dev="devtmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[   85.524884][   T40] audit: type=1400 audit(1745901090.483:144): avc:  denied  { open } for  pid=6492 comm="syz.0.15" path="/dev/dri/card2" dev="devtmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[   85.533617][   T40] audit: type=1400 audit(1745901090.483:145): avc:  denied  { ioctl } for  pid=6492 comm="syz.0.15" path="/dev/dri/card2" dev="devtmpfs" ino=639 ioctlcmd=0x64a0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
2025/04/29 04:31:31 executed programs: 30
[   86.219653][  T216] ==================================================================
[   86.222382][  T216] BUG: KASAN: slab-use-after-free in drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0
[   86.225459][  T216] Read of size 1 at addr ffff8880203b6009 by task kworker/u32:5/216
[   86.229337][  T216] 
[   86.230292][  T216] CPU: 0 UID: 0 PID: 216 Comm: kworker/u32:5 Not tainted 6.15.0-rc4-syzkaller-gca91b9500108 #0 PREEMPT(full) 
[   86.230306][  T216] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   86.230313][  T216] Workqueue: events_unbound commit_work
[   86.230338][  T216] Call Trace:
[   86.230342][  T216]  <TASK>
[   86.230346][  T216]  dump_stack_lvl+0x116/0x1f0
[   86.230360][  T216]  print_report+0xc3/0x670
[   86.230371][  T216]  ? __virt_addr_valid+0x5e/0x590
[   86.230386][  T216]  ? __phys_addr+0xc6/0x150
[   86.230399][  T216]  ? drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0
[   86.230416][  T216]  kasan_report+0xe0/0x110
[   86.230427][  T216]  ? drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0
[   86.230445][  T216]  drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0
[   86.230463][  T216]  ? preempt_schedule_thunk+0x16/0x30
[   86.230474][  T216]  ? __pfx_drm_atomic_helper_wait_for_vblanks.part.0+0x10/0x10
[   86.230491][  T216]  ? _raw_spin_unlock_irqrestore+0x61/0x80
[   86.230502][  T216]  ? drm_atomic_helper_commit_hw_done+0x330/0x490
[   86.230520][  T216]  drm_atomic_helper_commit_tail+0xcb/0xf0
[   86.230537][  T216]  commit_tail+0x35b/0x400
[   86.230554][  T216]  process_one_work+0x9cc/0x1b70
[   86.230567][  T216]  ? __pfx_process_one_work+0x10/0x10
[   86.230579][  T216]  ? assign_work+0x1a0/0x250
[   86.230590][  T216]  worker_thread+0x6c8/0xf10
[   86.230602][  T216]  ? __kthread_parkme+0x19e/0x250
[   86.230617][  T216]  ? __pfx_worker_thread+0x10/0x10
[   86.230627][  T216]  kthread+0x3c2/0x780
[   86.230636][  T216]  ? __pfx_kthread+0x10/0x10
[   86.230644][  T216]  ? __pfx_kthread+0x10/0x10
[   86.230653][  T216]  ? __pfx_kthread+0x10/0x10
[   86.230661][  T216]  ? __pfx_kthread+0x10/0x10
[   86.230670][  T216]  ? rcu_is_watching+0x12/0xc0
[   86.230682][  T216]  ? __pfx_kthread+0x10/0x10
[   86.230691][  T216]  ret_from_fork+0x45/0x80
[   86.230700][  T216]  ? __pfx_kthread+0x10/0x10
[   86.230709][  T216]  ret_from_fork_asm+0x1a/0x30
[   86.230727][  T216]  </TASK>
[   86.230730][  T216] 
[   86.290360][  T216] Allocated by task 6565:
[   86.291644][  T216]  kasan_save_stack+0x33/0x60
[   86.293057][  T216]  kasan_save_track+0x14/0x30
[   86.294466][  T216]  __kasan_kmalloc+0xaa/0xb0
[   86.295852][  T216]  drm_atomic_helper_crtc_duplicate_state+0x70/0xd0
[   86.297837][  T216]  drm_atomic_get_crtc_state+0x16e/0x450
[   86.299558][  T216]  page_flip_common+0x57/0x320
[   86.301021][  T216]  drm_atomic_helper_page_flip+0xb6/0x180
[   86.302737][  T216]  drm_mode_page_flip_ioctl+0x1029/0x1460
[   86.304468][  T216]  drm_ioctl_kernel+0x1f1/0x3e0
[   86.305940][  T216]  drm_ioctl+0x5c9/0xc30
[   86.307241][  T216]  __x64_sys_ioctl+0x190/0x200
[   86.308708][  T216]  do_syscall_64+0xcd/0x260
[   86.310137][  T216]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.311931][  T216] 
[   86.312696][  T216] Freed by task 6564:
[   86.313913][  T216]  kasan_save_stack+0x33/0x60
[   86.315389][  T216]  kasan_save_track+0x14/0x30
[   86.316823][  T216]  kasan_save_free_info+0x3b/0x60
[   86.318370][  T216]  __kasan_slab_free+0x51/0x70
[   86.319885][  T216]  kfree+0x2b6/0x4d0
[   86.321097][  T216]  drm_atomic_state_default_clear+0x455/0xe40
[   86.322966][  T216]  __drm_atomic_state_free+0x185/0x2b0
[   86.324622][  T216]  drm_client_modeset_commit_atomic+0x6b2/0x7e0
[   86.326440][  T216]  drm_client_modeset_commit_locked+0x14d/0x580
[   86.328353][  T216]  drm_client_modeset_commit+0x4f/0x80
[   86.330083][  T216]  __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200
[   86.332318][  T216]  drm_fbdev_client_restore+0x2c/0x40
[   86.333948][  T216]  drm_client_dev_restore+0x1f3/0x2a0
[   86.335578][  T216]  drm_release+0x2c4/0x360
[   86.336944][  T216]  __fput+0x3ff/0xb70
[   86.338168][  T216]  task_work_run+0x14d/0x240
[   86.339629][  T216]  syscall_exit_to_user_mode+0x27b/0x2a0
[   86.341336][  T216]  do_syscall_64+0xda/0x260
[   86.342718][  T216]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.344509][  T216] 
[   86.345256][  T216] The buggy address belongs to the object at ffff8880203b6000
[   86.345256][  T216]  which belongs to the cache kmalloc-512 of size 512
[   86.349459][  T216] The buggy address is located 9 bytes inside of
[   86.349459][  T216]  freed 512-byte region [ffff8880203b6000, ffff8880203b6200)
[   86.353400][  T216] 
[   86.354110][  T216] The buggy address belongs to the physical page:
[   86.355966][  T216] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x203b4
[   86.358492][  T216] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   86.361005][  T216] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[   86.363430][  T216] page_type: f5(slab)
[   86.364722][  T216] raw: 00fff00000000040 ffff88801b442c80 0000000000000000 dead000000000001
[   86.367314][  T216] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[   86.369918][  T216] head: 00fff00000000040 ffff88801b442c80 0000000000000000 dead000000000001
[   86.372520][  T216] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[   86.375019][  T216] head: 00fff00000000002 ffffea000080ed01 00000000ffffffff 00000000ffffffff
[   86.377592][  T216] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   86.380159][  T216] page dumped because: kasan: bad access detected
[   86.382113][  T216] page_owner tracks the page as allocated
[   86.383851][  T216] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 18045546187, free_ts 17450169587
[   86.389942][  T216]  post_alloc_hook+0x181/0x1b0
[   86.391442][  T216]  get_page_from_freelist+0x135c/0x3920
[   86.393134][  T216]  __alloc_frozen_pages_noprof+0x263/0x23a0
[   86.394931][  T216]  alloc_pages_mpol+0x1fb/0x550
[   86.396440][  T216]  new_slab+0x244/0x340
[   86.397735][  T216]  ___slab_alloc+0xd9c/0x1940
[   86.399225][  T216]  __slab_alloc.constprop.0+0x56/0xb0
[   86.400854][  T216]  __kmalloc_cache_noprof+0xfb/0x3e0
[   86.402480][  T216]  device_add+0xccc/0x1a70
[   86.403872][  T216]  __video_register_device+0x1d24/0x5aa0
[   86.406077][  T216]  vivid_probe+0x9b0f/0xb890
[   86.407874][  T216]  platform_probe+0xff/0x1f0
[   86.409315][  T216]  really_probe+0x23e/0xa90
[   86.410956][  T216]  __driver_probe_device+0x1de/0x440
[   86.413042][  T216]  driver_probe_device+0x4c/0x1b0
[   86.414987][  T216]  __driver_attach+0x283/0x580
[   86.416860][  T216] page last free pid 1 tgid 1 stack trace:
[   86.418921][  T216]  __free_frozen_pages+0x69d/0xff0
[   86.420752][  T216]  qlist_free_all+0x4e/0x120
[   86.422510][  T216]  kasan_quarantine_reduce+0x195/0x1e0
[   86.424571][  T216]  __kasan_slab_alloc+0x69/0x90
[   86.426477][  T216]  __kmalloc_cache_noprof+0x1f1/0x3e0
[   86.428396][  T216]  cdev_alloc+0x3c/0xd0
[   86.429724][  T216]  __video_register_device+0x1afa/0x5aa0
[   86.431718][  T216]  vivid_probe+0x7612/0xb890
[   86.433177][  T216]  platform_probe+0xff/0x1f0
[   86.434566][  T216]  really_probe+0x23e/0xa90
[   86.435983][  T216]  __driver_probe_device+0x1de/0x440
[   86.437559][  T216]  driver_probe_device+0x4c/0x1b0
[   86.439124][  T216]  __driver_attach+0x283/0x580
[   86.440585][  T216]  bus_for_each_dev+0x13b/0x1d0
[   86.442050][  T216]  bus_add_driver+0x2e9/0x690
[   86.443480][  T216]  driver_register+0x15c/0x4b0
[   86.444887][  T216] 
[   86.445624][  T216] Memory state around the buggy address:
[   86.447307][  T216]  ffff8880203b5f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   86.449705][  T216]  ffff8880203b5f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   86.452145][  T216] >ffff8880203b6000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   86.454526][  T216]                       ^
[   86.455829][  T216]  ffff8880203b6080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   86.458189][  T216]  ffff8880203b6100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   86.460628][  T216] ==================================================================
[   86.463907][  T216] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   86.466126][  T216] CPU: 0 UID: 0 PID: 216 Comm: kworker/u32:5 Not tainted 6.15.0-rc4-syzkaller-gca91b9500108 #0 PREEMPT(full) 
[   86.469647][  T216] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   86.472907][  T216] Workqueue: events_unbound commit_work
[   86.474626][  T216] Call Trace:
[   86.475689][  T216]  <TASK>
[   86.476610][  T216]  dump_stack_lvl+0x3d/0x1f0
[   86.478033][  T216]  panic+0x71c/0x800
[   86.480474][  T216]  ? __pfx_panic+0x10/0x10
[   86.481856][  T216]  ? irqentry_exit+0x3b/0x90
[   86.483290][  T216]  ? lockdep_hardirqs_on+0x7c/0x110
[   86.484888][  T216]  ? preempt_schedule_thunk+0x16/0x30
[   86.486532][  T216]  ? drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0
[   86.488730][  T216]  ? preempt_schedule_common+0x44/0xc0
[   86.490425][  T216]  ? check_panic_on_warn+0x1f/0xb0
[   86.492013][  T216]  ? drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0
[   86.494187][  T216]  check_panic_on_warn+0xab/0xb0
[   86.495732][  T216]  end_report+0x107/0x170
[   86.497090][  T216]  kasan_report+0xee/0x110
[   86.498465][  T216]  ? drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0
[   86.500710][  T216]  drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0
[   86.502788][  T216]  ? preempt_schedule_thunk+0x16/0x30
[   86.504377][  T216]  ? __pfx_drm_atomic_helper_wait_for_vblanks.part.0+0x10/0x10
[   86.506624][  T216]  ? _raw_spin_unlock_irqrestore+0x61/0x80
[   86.508419][  T216]  ? drm_atomic_helper_commit_hw_done+0x330/0x490
[   86.510387][  T216]  drm_atomic_helper_commit_tail+0xcb/0xf0
[   86.512190][  T216]  commit_tail+0x35b/0x400
[   86.513572][  T216]  process_one_work+0x9cc/0x1b70
[   86.515099][  T216]  ? __pfx_process_one_work+0x10/0x10
[   86.516738][  T216]  ? assign_work+0x1a0/0x250
[   86.518285][  T216]  worker_thread+0x6c8/0xf10
[   86.519750][  T216]  ? __kthread_parkme+0x19e/0x250
[   86.521294][  T216]  ? __pfx_worker_thread+0x10/0x10
[   86.522827][  T216]  kthread+0x3c2/0x780
[   86.524083][  T216]  ? __pfx_kthread+0x10/0x10
[   86.525503][  T216]  ? __pfx_kthread+0x10/0x10
[   86.526906][  T216]  ? __pfx_kthread+0x10/0x10
[   86.528336][  T216]  ? __pfx_kthread+0x10/0x10
[   86.529764][  T216]  ? rcu_is_watching+0x12/0xc0
[   86.531249][  T216]  ? __pfx_kthread+0x10/0x10
[   86.532692][  T216]  ret_from_fork+0x45/0x80
[   86.534069][  T216]  ? __pfx_kthread+0x10/0x10
[   86.535502][  T216]  ret_from_fork_asm+0x1a/0x30
[   86.536985][  T216]  </TASK>
[   86.538584][  T216] Kernel Offset: disabled
[   86.539944][  T216] Rebooting in 86400 seconds..