Warning: Permanently added '[localhost]:9988' (ED25519) to the list of known hosts.
2025/04/29 04:43:47 ignoring optional flag "sandboxArg"="0"
2025/04/29 04:43:48 parsed 1 programs
[ 81.440578][ T65] cfg80211: failed to load regulatory.db
[ 82.799778][ T40] audit: type=1400 audit(1745901830.636:144): avc: denied { unlink } for pid=6221 comm="syz-executor" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 83.848719][ T6221] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 85.586039][ T40] audit: type=1401 audit(1745901833.426:145): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
[ 85.751702][ T67] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 85.755579][ T67] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 85.759383][ T67] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 85.763430][ T67] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 85.766159][ T67] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 87.225276][ T6307] chnl_net:caif_netlink_parms(): no params data found
[ 87.323141][ T6307] bridge0: port 1(bridge_slave_0) entered blocking state
[ 87.326049][ T6307] bridge0: port 1(bridge_slave_0) entered disabled state
[ 87.329006][ T6307] bridge_slave_0: entered allmulticast mode
[ 87.333109][ T6307] bridge_slave_0: entered promiscuous mode
[ 87.341005][ T6307] bridge0: port 2(bridge_slave_1) entered blocking state
[ 87.344095][ T6307] bridge0: port 2(bridge_slave_1) entered disabled state
[ 87.347178][ T6307] bridge_slave_1: entered allmulticast mode
[ 87.351554][ T6307] bridge_slave_1: entered promiscuous mode
[ 87.388643][ T6307] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 87.395164][ T6307] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 87.438705][ T6307] team0: Port device team_slave_0 added
[ 87.442073][ T6307] team0: Port device team_slave_1 added
[ 87.468719][ T6307] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 87.471346][ T6307] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 87.479169][ T6307] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 87.483482][ T6307] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 87.486197][ T6307] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 87.496394][ T6307] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 87.536592][ T6307] hsr_slave_0: entered promiscuous mode
[ 87.538863][ T6307] hsr_slave_1: entered promiscuous mode
[ 88.130395][ T6307] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 88.135205][ T6307] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 88.140518][ T6307] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 88.148727][ T6307] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 88.206944][ T6307] 8021q: adding VLAN 0 to HW filter on device bond0
[ 88.220888][ T6307] 8021q: adding VLAN 0 to HW filter on device team0
[ 88.229334][ T83] bridge0: port 1(bridge_slave_0) entered blocking state
[ 88.232480][ T83] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 88.241975][ T1139] bridge0: port 2(bridge_slave_1) entered blocking state
[ 88.244966][ T1139] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 88.347211][ T6307] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 88.372639][ T6307] veth0_vlan: entered promiscuous mode
[ 88.379893][ T6307] veth1_vlan: entered promiscuous mode
[ 88.398363][ T6307] veth0_macvtap: entered promiscuous mode
[ 88.404804][ T6307] veth1_macvtap: entered promiscuous mode
[ 88.414811][ T6307] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 88.423021][ T6307] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 88.428751][ T6307] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 88.431802][ T6307] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 88.434690][ T6307] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 88.437332][ T6307] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 88.518494][ T83] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 88.590856][ T83] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 88.658764][ T83] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 88.731631][ T83] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 88.754114][ T64] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 88.757186][ T64] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 88.772844][ T93] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 88.775495][ T93] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/04/29 04:43:56 executed programs: 0
[ 89.162329][ T5295] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 89.165823][ T5295] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 89.168458][ T5295] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 89.171612][ T5295] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 89.174457][ T5295] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 89.285868][ T6423] chnl_net:caif_netlink_parms(): no params data found
[ 89.366858][ T6423] bridge0: port 1(bridge_slave_0) entered blocking state
[ 89.369486][ T6423] bridge0: port 1(bridge_slave_0) entered disabled state
[ 89.374116][ T6423] bridge_slave_0: entered allmulticast mode
[ 89.376808][ T6423] bridge_slave_0: entered promiscuous mode
[ 89.381246][ T6423] bridge0: port 2(bridge_slave_1) entered blocking state
[ 89.383554][ T6423] bridge0: port 2(bridge_slave_1) entered disabled state
[ 89.385872][ T6423] bridge_slave_1: entered allmulticast mode
[ 89.388615][ T6423] bridge_slave_1: entered promiscuous mode
[ 89.435087][ T6423] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 89.441625][ T6423] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 89.492066][ T6423] team0: Port device team_slave_0 added
[ 89.497379][ T6423] team0: Port device team_slave_1 added
[ 89.545136][ T6423] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 89.548097][ T6423] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 89.558743][ T6423] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 89.565053][ T6423] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 89.567963][ T6423] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 89.578675][ T6423] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 89.624961][ T6423] hsr_slave_0: entered promiscuous mode
[ 89.627162][ T6423] hsr_slave_1: entered promiscuous mode
[ 89.629238][ T6423] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 89.631734][ T6423] Cannot create hsr debugfs directory
[ 91.199890][ T5295] Bluetooth: hci0: command tx timeout
[ 92.123991][ T83] bridge_slave_1: left allmulticast mode
[ 92.126468][ T83] bridge_slave_1: left promiscuous mode
[ 92.128955][ T83] bridge0: port 2(bridge_slave_1) entered disabled state
[ 92.134504][ T83] bridge_slave_0: left allmulticast mode
[ 92.136859][ T83] bridge_slave_0: left promiscuous mode
[ 92.139336][ T83] bridge0: port 1(bridge_slave_0) entered disabled state
[ 92.380465][ T83] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 92.384372][ T83] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 92.387794][ T83] bond0 (unregistering): Released all slaves
[ 92.532513][ T83] hsr_slave_0: left promiscuous mode
[ 92.535684][ T83] hsr_slave_1: left promiscuous mode
[ 92.538146][ T83] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 92.541120][ T83] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 92.543797][ T83] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 92.546218][ T83] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 92.565721][ T83] veth1_macvtap: left promiscuous mode
[ 92.568106][ T83] veth0_macvtap: left promiscuous mode
[ 92.570664][ T83] veth1_vlan: left promiscuous mode
[ 92.572935][ T83] veth0_vlan: left promiscuous mode
[ 92.936145][ T83] team0 (unregistering): Port device team_slave_1 removed
[ 92.976844][ T83] team0 (unregistering): Port device team_slave_0 removed
[ 93.289647][ T5295] Bluetooth: hci0: command tx timeout
[ 93.582375][ T6423] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 93.586311][ T6423] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 93.591447][ T6423] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 93.595877][ T6423] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 93.642927][ T6423] 8021q: adding VLAN 0 to HW filter on device bond0
[ 93.652043][ T6423] 8021q: adding VLAN 0 to HW filter on device team0
[ 93.656958][ T1139] bridge0: port 1(bridge_slave_0) entered blocking state
[ 93.659141][ T1139] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 93.665014][ T43] bridge0: port 2(bridge_slave_1) entered blocking state
[ 93.667206][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 93.762280][ T6423] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 93.787620][ T6423] veth0_vlan: entered promiscuous mode
[ 93.876508][ T6423] veth1_vlan: entered promiscuous mode
[ 93.893821][ T6423] veth0_macvtap: entered promiscuous mode
[ 93.899367][ T6423] veth1_macvtap: entered promiscuous mode
[ 93.912790][ T6423] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 93.922764][ T6423] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 93.928405][ T6423] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 93.932382][ T6423] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 93.935463][ T6423] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 93.938269][ T6423] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 94.007418][ T43] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 94.010909][ T43] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 94.037471][ T43] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 94.041118][ T43] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 94.105819][ T40] audit: type=1400 audit(1745901841.946:146): avc: denied { read append } for pid=6520 comm="syz.0.16" name="card2" dev="devtmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[ 94.116665][ T40] audit: type=1400 audit(1745901841.946:147): avc: denied { open } for pid=6520 comm="syz.0.16" path="/dev/dri/card2" dev="devtmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[ 94.127071][ T40] audit: type=1400 audit(1745901841.946:148): avc: denied { ioctl } for pid=6520 comm="syz.0.16" path="/dev/dri/card2" dev="devtmpfs" ino=639 ioctlcmd=0x64a0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
2025/04/29 04:44:02 executed programs: 3
[ 94.600416][ T83] ==================================================================
[ 94.603294][ T83] BUG: KASAN: slab-use-after-free in drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0
[ 94.606355][ T83] Read of size 1 at addr ffff88802095e409 by task kworker/u32:4/83
[ 94.610041][ T83]
[ 94.610829][ T83] CPU: 3 UID: 0 PID: 83 Comm: kworker/u32:4 Not tainted 6.15.0-rc4-syzkaller-gca91b9500108 #0 PREEMPT(full)
[ 94.610843][ T83] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 94.610850][ T83] Workqueue: events_unbound commit_work
[ 94.610870][ T83] Call Trace:
[ 94.610874][ T83]
[ 94.610878][ T83] dump_stack_lvl+0x116/0x1f0
[ 94.610892][ T83] print_report+0xc3/0x670
[ 94.610903][ T83] ? __virt_addr_valid+0x5e/0x590
[ 94.610917][ T83] ? __phys_addr+0xc6/0x150
[ 94.610931][ T83] ? drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0
[ 94.610948][ T83] kasan_report+0xe0/0x110
[ 94.610958][ T83] ? drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0
[ 94.610976][ T83] drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0
[ 94.610995][ T83] ? preempt_schedule_thunk+0x16/0x30
[ 94.611005][ T83] ? __pfx_drm_atomic_helper_wait_for_vblanks.part.0+0x10/0x10
[ 94.611023][ T83] ? _raw_spin_unlock_irqrestore+0x61/0x80
[ 94.611034][ T83] ? drm_atomic_helper_commit_hw_done+0x330/0x490
[ 94.611052][ T83] drm_atomic_helper_commit_tail+0xcb/0xf0
[ 94.611069][ T83] commit_tail+0x35b/0x400
[ 94.611086][ T83] process_one_work+0x9cc/0x1b70
[ 94.611099][ T83] ? __pfx_process_one_work+0x10/0x10
[ 94.611111][ T83] ? assign_work+0x1a0/0x250
[ 94.611121][ T83] worker_thread+0x6c8/0xf10
[ 94.611134][ T83] ? __pfx_worker_thread+0x10/0x10
[ 94.611144][ T83] kthread+0x3c2/0x780
[ 94.611153][ T83] ? __pfx_kthread+0x10/0x10
[ 94.611162][ T83] ? __pfx_kthread+0x10/0x10
[ 94.611170][ T83] ? __pfx_kthread+0x10/0x10
[ 94.611178][ T83] ? __pfx_kthread+0x10/0x10
[ 94.611187][ T83] ? rcu_is_watching+0x12/0xc0
[ 94.611199][ T83] ? __pfx_kthread+0x10/0x10
[ 94.611208][ T83] ret_from_fork+0x45/0x80
[ 94.611218][ T83] ? __pfx_kthread+0x10/0x10
[ 94.611227][ T83] ret_from_fork_asm+0x1a/0x30
[ 94.611244][ T83]
[ 94.611247][ T83]
[ 94.670583][ T83] Allocated by task 6572:
[ 94.671936][ T83] kasan_save_stack+0x33/0x60
[ 94.673413][ T83] kasan_save_track+0x14/0x30
[ 94.674926][ T83] __kasan_kmalloc+0xaa/0xb0
[ 94.676483][ T83] drm_atomic_helper_crtc_duplicate_state+0x70/0xd0
[ 94.678520][ T83] drm_atomic_get_crtc_state+0x16e/0x450
[ 94.680258][ T83] page_flip_common+0x57/0x320
[ 94.682141][ T83] drm_atomic_helper_page_flip+0xb6/0x180
[ 94.684169][ T83] drm_mode_page_flip_ioctl+0x1029/0x1460
[ 94.686020][ T83] drm_ioctl_kernel+0x1f1/0x3e0
[ 94.687635][ T83] drm_ioctl+0x5c9/0xc30
[ 94.688997][ T83] __x64_sys_ioctl+0x190/0x200
[ 94.690598][ T83] do_syscall_64+0xcd/0x260
[ 94.692085][ T83] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 94.693997][ T83]
[ 94.694789][ T83] Freed by task 6571:
[ 94.696101][ T83] kasan_save_stack+0x33/0x60
[ 94.697670][ T83] kasan_save_track+0x14/0x30
[ 94.699176][ T83] kasan_save_free_info+0x3b/0x60
[ 94.700799][ T83] __kasan_slab_free+0x51/0x70
[ 94.702367][ T83] kfree+0x2b6/0x4d0
[ 94.703659][ T83] drm_atomic_state_default_clear+0x455/0xe40
[ 94.705621][ T83] __drm_atomic_state_free+0x185/0x2b0
[ 94.707347][ T83] drm_client_modeset_commit_atomic+0x6b2/0x7e0
[ 94.709359][ T83] drm_client_modeset_commit_locked+0x14d/0x580
[ 94.711411][ T83] drm_client_modeset_commit+0x4f/0x80
[ 94.713155][ T83] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200
[ 94.715479][ T83] drm_fbdev_client_restore+0x2c/0x40
[ 94.717216][ T83] drm_client_dev_restore+0x1f3/0x2a0
[ 94.718975][ T83] drm_release+0x2c4/0x360
[ 94.720489][ T83] __fput+0x3ff/0xb70
[ 94.721786][ T83] task_work_run+0x14d/0x240
[ 94.723280][ T83] syscall_exit_to_user_mode+0x27b/0x2a0
[ 94.725083][ T83] do_syscall_64+0xda/0x260
[ 94.726618][ T83] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 94.728480][ T83]
[ 94.729271][ T83] The buggy address belongs to the object at ffff88802095e400
[ 94.729271][ T83] which belongs to the cache kmalloc-512 of size 512
[ 94.733657][ T83] The buggy address is located 9 bytes inside of
[ 94.733657][ T83] freed 512-byte region [ffff88802095e400, ffff88802095e600)
[ 94.738000][ T83]
[ 94.738789][ T83] The buggy address belongs to the physical page:
[ 94.740922][ T83] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2095c
[ 94.743598][ T83] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 94.746191][ T83] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 94.748702][ T83] page_type: f5(slab)
[ 94.750077][ T83] raw: 00fff00000000040 ffff88801b442c80 0000000000000000 dead000000000001
[ 94.752702][ T83] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[ 94.755667][ T83] head: 00fff00000000040 ffff88801b442c80 0000000000000000 dead000000000001
[ 94.758448][ T83] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[ 94.761141][ T83] head: 00fff00000000002 ffffea0000825701 00000000ffffffff 00000000ffffffff
[ 94.763845][ T83] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[ 94.766607][ T83] page dumped because: kasan: bad access detected
[ 94.768939][ T83] page_owner tracks the page as allocated
[ 94.770745][ T83] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 17792235708, free_ts 15944699040
[ 94.777364][ T83] post_alloc_hook+0x181/0x1b0
[ 94.778878][ T83] get_page_from_freelist+0x135c/0x3920
[ 94.780624][ T83] __alloc_frozen_pages_noprof+0x263/0x23a0
[ 94.782474][ T83] alloc_pages_mpol+0x1fb/0x550
[ 94.784022][ T83] new_slab+0x244/0x340
[ 94.785326][ T83] ___slab_alloc+0xd9c/0x1940
[ 94.786881][ T83] __slab_alloc.constprop.0+0x56/0xb0
[ 94.788552][ T83] __kmalloc_cache_noprof+0xfb/0x3e0
[ 94.790205][ T83] device_add+0xccc/0x1a70
[ 94.791613][ T83] __video_register_device+0x1d24/0x5aa0
[ 94.793350][ T83] vivid_probe+0x8c21/0xb890
[ 94.795103][ T83] platform_probe+0xff/0x1f0
[ 94.796757][ T83] really_probe+0x23e/0xa90
[ 94.798252][ T83] __driver_probe_device+0x1de/0x440
[ 94.799888][ T83] driver_probe_device+0x4c/0x1b0
[ 94.801516][ T83] __driver_attach+0x283/0x580
[ 94.803051][ T83] page last free pid 1 tgid 1 stack trace:
[ 94.804944][ T83] __free_frozen_pages+0x69d/0xff0
[ 94.806802][ T83] __put_partials+0x16d/0x1c0
[ 94.808357][ T83] qlist_free_all+0x4e/0x120
[ 94.809861][ T83] kasan_quarantine_reduce+0x195/0x1e0
[ 94.811628][ T83] __kasan_slab_alloc+0x69/0x90
[ 94.813175][ T83] __kmalloc_cache_noprof+0x1f1/0x3e0
[ 94.814946][ T83] cdev_alloc+0x3c/0xd0
[ 94.816318][ T83] __video_register_device+0x1afa/0x5aa0
[ 94.818176][ T83] vivid_probe+0x9618/0xb890
[ 94.819660][ T83] platform_probe+0xff/0x1f0
[ 94.821159][ T83] really_probe+0x23e/0xa90
[ 94.822694][ T83] __driver_probe_device+0x1de/0x440
[ 94.824365][ T83] driver_probe_device+0x4c/0x1b0
[ 94.826048][ T83] __driver_attach+0x283/0x580
[ 94.827587][ T83] bus_for_each_dev+0x13b/0x1d0
[ 94.829162][ T83] bus_add_driver+0x2e9/0x690
[ 94.830725][ T83]
[ 94.831517][ T83] Memory state around the buggy address:
[ 94.833285][ T83] ffff88802095e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 94.835868][ T83] ffff88802095e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 94.838389][ T83] >ffff88802095e400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 94.840910][ T83] ^
[ 94.842274][ T83] ffff88802095e480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 94.844739][ T83] ffff88802095e500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 94.847203][ T83] ==================================================================
[ 94.852671][ T83] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 94.854952][ T83] CPU: 3 UID: 0 PID: 83 Comm: kworker/u32:4 Not tainted 6.15.0-rc4-syzkaller-gca91b9500108 #0 PREEMPT(full)
[ 94.858742][ T83] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 94.862235][ T83] Workqueue: events_unbound commit_work
[ 94.863994][ T83] Call Trace:
[ 94.865070][ T83]
[ 94.866061][ T83] dump_stack_lvl+0x3d/0x1f0
[ 94.867587][ T83] panic+0x71c/0x800
[ 94.868907][ T83] ? __pfx_panic+0x10/0x10
[ 94.870394][ T83] ? irqentry_exit+0x3b/0x90
[ 94.872064][ T83] ? lockdep_hardirqs_on+0x7c/0x110
[ 94.873783][ T83] ? preempt_schedule_thunk+0x16/0x30
[ 94.875551][ T83] ? drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0
[ 94.877957][ T83] ? preempt_schedule_common+0x44/0xc0
[ 94.879756][ T83] ? check_panic_on_warn+0x1f/0xb0
[ 94.881481][ T83] ? drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0
[ 94.883847][ T83] check_panic_on_warn+0xab/0xb0
[ 94.885518][ T83] end_report+0x107/0x170
[ 94.886997][ T83] kasan_report+0xee/0x110
[ 94.888486][ T83] ? drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0
[ 94.891035][ T83] drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0
[ 94.893257][ T83] ? preempt_schedule_thunk+0x16/0x30
[ 94.895041][ T83] ? __pfx_drm_atomic_helper_wait_for_vblanks.part.0+0x10/0x10
[ 94.897514][ T83] ? _raw_spin_unlock_irqrestore+0x61/0x80
[ 94.899428][ T83] ? drm_atomic_helper_commit_hw_done+0x330/0x490
[ 94.901528][ T83] drm_atomic_helper_commit_tail+0xcb/0xf0
[ 94.903395][ T83] commit_tail+0x35b/0x400
[ 94.904827][ T83] process_one_work+0x9cc/0x1b70
[ 94.906441][ T83] ? __pfx_process_one_work+0x10/0x10
[ 94.908185][ T83] ? assign_work+0x1a0/0x250
[ 94.909706][ T83] worker_thread+0x6c8/0xf10
[ 94.911289][ T83] ? __pfx_worker_thread+0x10/0x10
[ 94.912910][ T83] kthread+0x3c2/0x780
[ 94.914236][ T83] ? __pfx_kthread+0x10/0x10
[ 94.915737][ T83] ? __pfx_kthread+0x10/0x10
[ 94.917360][ T83] ? __pfx_kthread+0x10/0x10
[ 94.918875][ T83] ? __pfx_kthread+0x10/0x10
[ 94.920730][ T83] ? rcu_is_watching+0x12/0xc0
[ 94.922268][ T83] ? __pfx_kthread+0x10/0x10
[ 94.923707][ T83] ret_from_fork+0x45/0x80
[ 94.925102][ T83] ? __pfx_kthread+0x10/0x10
[ 94.926559][ T83] ret_from_fork_asm+0x1a/0x30
[ 94.928096][ T83]
[ 94.929670][ T83] Kernel Offset: disabled
[ 94.931034][ T83] Rebooting in 86400 seconds..