Warning: Permanently added '[localhost]:48213' (ED25519) to the list of known hosts.
[   71.029345][ T1416] ieee802154 phy0 wpan0: encryption failed: -22
[   71.031194][ T1416] ieee802154 phy1 wpan1: encryption failed: -22
2024/11/26 19:17:41 ignoring optional flag "sandboxArg"="0"
2024/11/26 19:17:41 parsed 1 programs
[   73.566444][   T39] audit: type=1400 audit(1732648663.669:144): avc:  denied  { unlink } for  pid=6192 comm="syz-executor" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   74.388312][ T6192] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   75.882918][ T6029] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   75.885357][ T6029] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   75.888066][ T6029] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   75.890893][ T6029] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   75.893100][ T6029] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   75.895173][ T6029] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   76.162496][   T39] audit: type=1401 audit(1732648666.269:145): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
[   76.352906][ T6283] chnl_net:caif_netlink_parms(): no params data found
[   76.394088][ T6283] bridge0: port 1(bridge_slave_0) entered blocking state
[   76.396831][ T6283] bridge0: port 1(bridge_slave_0) entered disabled state
[   76.399327][ T6283] bridge_slave_0: entered allmulticast mode
[   76.402111][ T6283] bridge_slave_0: entered promiscuous mode
[   76.446881][ T6283] bridge0: port 2(bridge_slave_1) entered blocking state
[   76.449168][ T6283] bridge0: port 2(bridge_slave_1) entered disabled state
[   76.451104][ T6283] bridge_slave_1: entered allmulticast mode
[   76.453071][ T6283] bridge_slave_1: entered promiscuous mode
[   76.477386][ T6283] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   76.481154][ T6283] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   76.499835][ T6283] team0: Port device team_slave_0 added
[   76.502319][ T6283] team0: Port device team_slave_1 added
[   76.519060][ T6283] batman_adv: batadv0: Adding interface: batadv_slave_0
[   76.520890][ T6283] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   76.527656][ T6283] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   76.533825][ T6283] batman_adv: batadv0: Adding interface: batadv_slave_1
[   76.535639][ T6283] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   76.544352][ T6283] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   76.582162][ T6283] hsr_slave_0: entered promiscuous mode
[   76.584325][ T6283] hsr_slave_1: entered promiscuous mode
[   77.056202][ T6283] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   77.059577][ T6283] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   77.062753][ T6283] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   77.065754][ T6283] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   77.074028][ T6283] bridge0: port 2(bridge_slave_1) entered blocking state
[   77.075890][ T6283] bridge0: port 2(bridge_slave_1) entered forwarding state
[   77.077861][ T6283] bridge0: port 1(bridge_slave_0) entered blocking state
[   77.079693][ T6283] bridge0: port 1(bridge_slave_0) entered forwarding state
[   77.103070][ T6283] 8021q: adding VLAN 0 to HW filter on device bond0
[   77.110492][  T103] bridge0: port 1(bridge_slave_0) entered disabled state
[   77.113027][  T103] bridge0: port 2(bridge_slave_1) entered disabled state
[   77.121922][ T6283] 8021q: adding VLAN 0 to HW filter on device team0
[   77.129862][ T1138] bridge0: port 1(bridge_slave_0) entered blocking state
[   77.132467][ T1138] bridge0: port 1(bridge_slave_0) entered forwarding state
[   77.135850][ T1138] bridge0: port 2(bridge_slave_1) entered blocking state
[   77.137914][ T1138] bridge0: port 2(bridge_slave_1) entered forwarding state
[   77.217292][ T6283] 8021q: adding VLAN 0 to HW filter on device batadv0
[   77.234613][ T6283] veth0_vlan: entered promiscuous mode
[   77.238354][ T6283] veth1_vlan: entered promiscuous mode
[   77.249223][ T6283] veth0_macvtap: entered promiscuous mode
[   77.252123][ T6283] veth1_macvtap: entered promiscuous mode
[   77.258196][ T6283] batman_adv: batadv0: Interface activated: batadv_slave_0
[   77.263916][ T6283] batman_adv: batadv0: Interface activated: batadv_slave_1
[   77.269075][ T6283] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   77.271463][ T6283] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   77.273757][ T6283] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   77.275986][ T6283] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   77.362417][   T11] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   77.425809][   T11] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   77.437076][   T65] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.440231][   T65] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.452410][   T76] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.454501][   T76] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.512665][   T11] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   77.574828][   T11] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2024/11/26 19:17:48 executed programs: 0
[   77.912725][ T6029] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   77.915925][ T6029] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   77.918346][ T6029] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   77.920598][ T6029] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   77.922667][ T6029] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   77.924574][ T6029] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   77.993386][ T6409] chnl_net:caif_netlink_parms(): no params data found
[   78.040388][ T6409] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.042289][ T6409] bridge0: port 1(bridge_slave_0) entered disabled state
[   78.044159][ T6409] bridge_slave_0: entered allmulticast mode
[   78.046160][ T6409] bridge_slave_0: entered promiscuous mode
[   78.049641][ T6409] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.051524][ T6409] bridge0: port 2(bridge_slave_1) entered disabled state
[   78.053371][ T6409] bridge_slave_1: entered allmulticast mode
[   78.055340][ T6409] bridge_slave_1: entered promiscuous mode
[   78.075379][ T6409] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   78.079349][ T6409] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   78.098755][ T6409] team0: Port device team_slave_0 added
[   78.101250][ T6409] team0: Port device team_slave_1 added
[   78.118833][ T6409] batman_adv: batadv0: Adding interface: batadv_slave_0
[   78.120666][ T6409] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.127804][ T6409] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   78.131368][ T6409] batman_adv: batadv0: Adding interface: batadv_slave_1
[   78.133198][ T6409] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.140927][ T6409] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   78.165195][ T6409] hsr_slave_0: entered promiscuous mode
[   78.168238][ T6409] hsr_slave_1: entered promiscuous mode
[   78.169987][ T6409] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   78.171996][ T6409] Cannot create hsr debugfs directory
[   79.987194][ T5324] Bluetooth: hci0: command tx timeout
[   81.119955][   T11] bridge_slave_1: left allmulticast mode
[   81.121769][   T11] bridge_slave_1: left promiscuous mode
[   81.124869][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[   81.127836][   T11] bridge_slave_0: left allmulticast mode
[   81.129352][   T11] bridge_slave_0: left promiscuous mode
[   81.130880][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[   81.267852][  T832] cfg80211: failed to load regulatory.db
[   81.347559][   T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   81.351221][   T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   81.354426][   T11] bond0 (unregistering): Released all slaves
[   81.471773][   T11] hsr_slave_0: left promiscuous mode
[   81.473565][   T11] hsr_slave_1: left promiscuous mode
[   81.475695][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   81.478555][   T11] batman_adv: batadv0: Removing interface: batadv_slave_0
[   81.481112][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   81.483050][   T11] batman_adv: batadv0: Removing interface: batadv_slave_1
[   81.494833][   T11] veth1_macvtap: left promiscuous mode
[   81.497320][   T11] veth0_macvtap: left promiscuous mode
[   81.499078][   T11] veth1_vlan: left promiscuous mode
[   81.500750][   T11] veth0_vlan: left promiscuous mode
[   81.915390][   T11] team0 (unregistering): Port device team_slave_1 removed
[   81.975873][   T11] team0 (unregistering): Port device team_slave_0 removed
[   82.067703][ T5324] Bluetooth: hci0: command tx timeout
[   82.624855][ T6409] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   82.629106][ T6409] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   82.632130][ T6409] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   82.635151][ T6409] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   82.672999][ T6409] 8021q: adding VLAN 0 to HW filter on device bond0
[   82.680196][ T6409] 8021q: adding VLAN 0 to HW filter on device team0
[   82.686492][  T103] bridge0: port 1(bridge_slave_0) entered blocking state
[   82.689024][  T103] bridge0: port 1(bridge_slave_0) entered forwarding state
[   82.694869][ T1145] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.696793][ T1145] bridge0: port 2(bridge_slave_1) entered forwarding state
[   82.784357][ T6409] 8021q: adding VLAN 0 to HW filter on device batadv0
[   82.802231][ T6409] veth0_vlan: entered promiscuous mode
[   82.805889][ T6409] veth1_vlan: entered promiscuous mode
[   82.884348][ T6409] veth0_macvtap: entered promiscuous mode
[   82.888689][ T6409] veth1_macvtap: entered promiscuous mode
[   82.896889][ T6409] batman_adv: batadv0: Interface activated: batadv_slave_0
[   82.902225][ T6409] batman_adv: batadv0: Interface activated: batadv_slave_1
[   82.907395][ T6409] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   82.910295][ T6409] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   82.912660][ T6409] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   82.914938][ T6409] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   82.948941][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   82.956188][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   82.973896][ T1145] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   82.977526][ T1145] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2024/11/26 19:17:53 executed programs: 2
[   83.016209][   T39] audit: type=1400 audit(1732648673.119:146): avc:  denied  { read } for  pid=6499 comm="syz.0.15" name="card2" dev="devtmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[   83.022815][   T39] audit: type=1400 audit(1732648673.119:147): avc:  denied  { open } for  pid=6499 comm="syz.0.15" path="/dev/dri/card2" dev="devtmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[   83.030810][   T39] audit: type=1400 audit(1732648673.139:148): avc:  denied  { ioctl } for  pid=6499 comm="syz.0.15" path="/dev/dri/card2" dev="devtmpfs" ino=639 ioctlcmd=0x64a0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[   83.059499][ T1145] ==================================================================
[   83.062028][ T1145] BUG: KASAN: slab-use-after-free in drm_atomic_helper_wait_for_vblanks.part.0+0x851/0x930
[   83.065023][ T1145] Read of size 1 at addr ffff8880253d5409 by task kworker/u32:8/1145
[   83.069686][ T1145] 
[   83.070571][ T1145] CPU: 2 UID: 0 PID: 1145 Comm: kworker/u32:8 Not tainted 6.12.0-syzkaller-09567-g7eef7e306d3c #0
[   83.073833][ T1145] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   83.077487][ T1145] Workqueue: events_unbound commit_work
[   83.079396][ T1145] Call Trace:
[   83.080543][ T1145]  <TASK>
[   83.081578][ T1145]  dump_stack_lvl+0x116/0x1f0
[   83.083213][ T1145]  print_report+0xc3/0x620
[   83.084746][ T1145]  ? __virt_addr_valid+0x5e/0x590
[   83.086502][ T1145]  ? __phys_addr+0xc6/0x150
[   83.087725][ T1145]  kasan_report+0xd9/0x110
[   83.088897][ T1145]  ? drm_atomic_helper_wait_for_vblanks.part.0+0x851/0x930
[   83.090785][ T1145]  ? drm_atomic_helper_wait_for_vblanks.part.0+0x851/0x930
[   83.092648][ T1145]  drm_atomic_helper_wait_for_vblanks.part.0+0x851/0x930
[   83.094472][ T1145]  ? preempt_schedule_thunk+0x1a/0x30
[   83.095948][ T1145]  ? __pfx_drm_atomic_helper_wait_for_vblanks.part.0+0x10/0x10
[   83.097957][ T1145]  ? _raw_spin_unlock_irqrestore+0x61/0x80
[   83.099485][ T1145]  ? drm_atomic_helper_commit_hw_done+0x325/0x490
[   83.101082][ T1145]  drm_atomic_helper_commit_tail+0xcb/0xf0
[   83.102403][ T1145]  commit_tail+0x353/0x400
[   83.103415][ T1145]  process_one_work+0x9c5/0x1ba0
[   83.104536][ T1145]  ? __pfx_lock_acquire.part.0+0x10/0x10
[   83.105795][ T1145]  ? __pfx_process_one_work+0x10/0x10
[   83.107175][ T1145]  ? rcu_is_watching+0x12/0xc0
[   83.108264][ T1145]  ? assign_work+0x1a0/0x250
[   83.109311][ T1145]  worker_thread+0x6c8/0xf00
[   83.110387][ T1145]  ? __pfx_worker_thread+0x10/0x10
[   83.111731][ T1145]  kthread+0x2c1/0x3a0
[   83.112806][ T1145]  ? _raw_spin_unlock_irq+0x23/0x50
[   83.114170][ T1145]  ? __pfx_kthread+0x10/0x10
[   83.115402][ T1145]  ret_from_fork+0x45/0x80
[   83.116605][ T1145]  ? __pfx_kthread+0x10/0x10
[   83.117833][ T1145]  ret_from_fork_asm+0x1a/0x30
[   83.119125][ T1145]  </TASK>
[   83.119947][ T1145] 
[   83.120701][ T1145] Allocated by task 6504:
[   83.121858][ T1145]  kasan_save_stack+0x33/0x60
[   83.123129][ T1145]  kasan_save_track+0x14/0x30
[   83.124366][ T1145]  __kasan_kmalloc+0xaa/0xb0
[   83.125675][ T1145]  drm_atomic_helper_crtc_duplicate_state+0x70/0xd0
[   83.127459][ T1145]  drm_atomic_get_crtc_state+0x162/0x440
[   83.128939][ T1145]  page_flip_common+0x57/0x320
[   83.130208][ T1145]  drm_atomic_helper_page_flip+0xb6/0x180
[   83.131728][ T1145]  drm_mode_page_flip_ioctl+0x1036/0x1460
[   83.133217][ T1145]  drm_ioctl_kernel+0x1e6/0x3d0
[   83.134502][ T1145]  drm_ioctl+0x5d6/0xc00
[   83.135614][ T1145]  __x64_sys_ioctl+0x190/0x200
[   83.136899][ T1145]  do_syscall_64+0xcd/0x250
[   83.138218][ T1145]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   83.139788][ T1145] 
[   83.140435][ T1145] Freed by task 6503:
[   83.141531][ T1145]  kasan_save_stack+0x33/0x60
[   83.142795][ T1145]  kasan_save_track+0x14/0x30
[   83.144042][ T1145]  kasan_save_free_info+0x3b/0x60
[   83.145269][ T1145]  __kasan_slab_free+0x51/0x70
[   83.146566][ T1145]  kfree+0x14f/0x4b0
[   83.147620][ T1145]  drm_atomic_state_default_clear+0x43c/0xe00
[   83.149320][ T1145]  __drm_atomic_state_free+0x185/0x2b0
[   83.150767][ T1145]  drm_client_modeset_commit_atomic+0x6b7/0x7f0
[   83.152404][ T1145]  drm_client_modeset_commit_locked+0x14d/0x580
[   83.154057][ T1145]  drm_client_modeset_commit+0x4f/0x80
[   83.155516][ T1145]  drm_fb_helper_lastclose+0xc7/0x160
[   83.157023][ T1145]  drm_fbdev_client_restore+0x2c/0x40
[   83.158481][ T1145]  drm_client_dev_restore+0x188/0x2a0
[   83.159886][ T1145]  drm_release+0x2c2/0x360
[   83.161078][ T1145]  __fput+0x3f8/0xb60
[   83.162121][ T1145]  task_work_run+0x14e/0x250
[   83.163336][ T1145]  syscall_exit_to_user_mode+0x27b/0x2a0
[   83.164793][ T1145]  do_syscall_64+0xda/0x250
[   83.165995][ T1145]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   83.167566][ T1145] 
[   83.168205][ T1145] The buggy address belongs to the object at ffff8880253d5400
[   83.168205][ T1145]  which belongs to the cache kmalloc-512 of size 512
[   83.171782][ T1145] The buggy address is located 9 bytes inside of
[   83.171782][ T1145]  freed 512-byte region [ffff8880253d5400, ffff8880253d5600)
[   83.175271][ T1145] 
[   83.175900][ T1145] The buggy address belongs to the physical page:
[   83.177572][ T1145] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x253d4
[   83.179830][ T1145] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   83.182008][ T1145] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[   83.183962][ T1145] page_type: f5(slab)
[   83.185008][ T1145] raw: 00fff00000000040 ffff88801b042c80 dead000000000122 0000000000000000
[   83.187248][ T1145] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   83.189452][ T1145] head: 00fff00000000040 ffff88801b042c80 dead000000000122 0000000000000000
[   83.191702][ T1145] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   83.193933][ T1145] head: 00fff00000000002 ffffea000094f501 ffffffffffffffff 0000000000000000
[   83.196173][ T1145] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   83.198431][ T1145] page dumped because: kasan: bad access detected
[   83.200086][ T1145] page_owner tracks the page as allocated
[   83.201566][ T1145] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 6502, tgid 6501 (syz.0.16), ts 83042253432, free_ts 83004944873
[   83.207092][ T1145]  post_alloc_hook+0x2d1/0x350
[   83.208811][ T1145]  get_page_from_freelist+0xfce/0x2f80
[   83.210299][ T1145]  __alloc_pages_noprof+0x223/0x25a0
[   83.211685][ T1145]  alloc_pages_mpol_noprof+0x2c9/0x610
[   83.213112][ T1145]  new_slab+0x2c9/0x410
[   83.214232][ T1145]  ___slab_alloc+0xdac/0x1870
[   83.215464][ T1145]  __slab_alloc.constprop.0+0x56/0xb0
[   83.216894][ T1145]  __kmalloc_cache_noprof+0xfa/0x410
[   83.218284][ T1145]  drm_atomic_helper_crtc_duplicate_state+0x70/0xd0
[   83.220004][ T1145]  drm_atomic_get_crtc_state+0x162/0x440
[   83.221486][ T1145]  page_flip_common+0x57/0x320
[   83.222754][ T1145]  drm_atomic_helper_page_flip+0xb6/0x180
[   83.224235][ T1145]  drm_mode_page_flip_ioctl+0x1036/0x1460
[   83.225713][ T1145]  drm_ioctl_kernel+0x1e6/0x3d0
[   83.227026][ T1145]  drm_ioctl+0x5d6/0xc00
[   83.228136][ T1145]  __x64_sys_ioctl+0x190/0x200
[   83.229393][ T1145] page last free pid 65 tgid 65 stack trace:
[   83.230960][ T1145]  free_unref_page+0x661/0x1080
[   83.232191][ T1145]  __folio_put+0x32a/0x450
[   83.233364][ T1145]  sta_info_free+0x292/0x460
[   83.234579][ T1145]  __sta_info_flush+0x50a/0x730
[   83.235885][ T1145]  ieee80211_ibss_disconnect+0x15c/0x8f0
[   83.237369][ T1145]  ieee80211_ibss_leave+0x16/0x160
[   83.238712][ T1145]  cfg80211_leave_ibss+0x1b4/0x490
[   83.240058][ T1145]  cfg80211_leave+0x135/0x3f0
[   83.241310][ T1145]  cfg80211_netdev_notifier_call+0x2ca/0x1110
[   83.242898][ T1145]  notifier_call_chain+0xb7/0x410
[   83.244211][ T1145]  call_netdevice_notifiers_info+0xbe/0x140
[   83.245750][ T1145]  __dev_close_many+0xf4/0x310
[   83.247040][ T1145]  dev_close_many+0x24c/0x6a0
[   83.248267][ T1145]  dev_close+0x181/0x230
[   83.249372][ T1145]  cfg80211_shutdown_all_interfaces+0x9a/0x200
[   83.251006][ T1145]  ieee80211_remove_interfaces+0xd2/0x760
[   83.252485][ T1145] 
[   83.253119][ T1145] Memory state around the buggy address:
[   83.254579][ T1145]  ffff8880253d5300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   83.256711][ T1145]  ffff8880253d5380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   83.258790][ T1145] >ffff8880253d5400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   83.260907][ T1145]                       ^
[   83.262036][ T1145]  ffff8880253d5480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   83.264142][ T1145]  ffff8880253d5500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   83.266222][ T1145] ==================================================================
[   83.269372][ T1145] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   83.272064][ T1145] CPU: 3 UID: 0 PID: 1145 Comm: kworker/u32:8 Not tainted 6.12.0-syzkaller-09567-g7eef7e306d3c #0
[   83.275575][ T1145] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   83.279231][ T1145] Workqueue: events_unbound commit_work
[   83.281796][ T1145] Call Trace:
[   83.282942][ T1145]  <TASK>
[   83.283959][ T1145]  dump_stack_lvl+0x3d/0x1f0
[   83.285562][ T1145]  panic+0x71d/0x800
[   83.286948][ T1145]  ? __pfx_panic+0x10/0x10
[   83.288463][ T1145]  ? irqentry_exit+0x3b/0x90
[   83.290030][ T1145]  ? lockdep_hardirqs_on+0x7c/0x110
[   83.291795][ T1145]  ? preempt_schedule_thunk+0x1a/0x30
[   83.293597][ T1145]  ? preempt_schedule_common+0x44/0xc0
[   83.295082][ T1145]  ? check_panic_on_warn+0x1f/0xb0
[   83.296425][ T1145]  check_panic_on_warn+0xab/0xb0
[   83.297718][ T1145]  end_report+0x117/0x180
[   83.298927][ T1145]  kasan_report+0xe9/0x110
[   83.300110][ T1145]  ? drm_atomic_helper_wait_for_vblanks.part.0+0x851/0x930
[   83.301982][ T1145]  ? drm_atomic_helper_wait_for_vblanks.part.0+0x851/0x930
[   83.303862][ T1145]  drm_atomic_helper_wait_for_vblanks.part.0+0x851/0x930
[   83.305670][ T1145]  ? preempt_schedule_thunk+0x1a/0x30
[   83.307086][ T1145]  ? __pfx_drm_atomic_helper_wait_for_vblanks.part.0+0x10/0x10
[   83.309007][ T1145]  ? _raw_spin_unlock_irqrestore+0x61/0x80
[   83.310364][ T1145]  ? drm_atomic_helper_commit_hw_done+0x325/0x490
[   83.311977][ T1145]  drm_atomic_helper_commit_tail+0xcb/0xf0
[   83.313499][ T1145]  commit_tail+0x353/0x400
[   83.314672][ T1145]  process_one_work+0x9c5/0x1ba0
[   83.315966][ T1145]  ? __pfx_lock_acquire.part.0+0x10/0x10
[   83.317424][ T1145]  ? __pfx_process_one_work+0x10/0x10
[   83.318838][ T1145]  ? rcu_is_watching+0x12/0xc0
[   83.320095][ T1145]  ? assign_work+0x1a0/0x250
[   83.321332][ T1145]  worker_thread+0x6c8/0xf00
[   83.322559][ T1145]  ? __pfx_worker_thread+0x10/0x10
[   83.323894][ T1145]  kthread+0x2c1/0x3a0
[   83.324962][ T1145]  ? _raw_spin_unlock_irq+0x23/0x50
[   83.326319][ T1145]  ? __pfx_kthread+0x10/0x10
[   83.327521][ T1145]  ret_from_fork+0x45/0x80
[   83.328711][ T1145]  ? __pfx_kthread+0x10/0x10
[   83.329953][ T1145]  ret_from_fork_asm+0x1a/0x30
[   83.331223][ T1145]  </TASK>
[   83.332510][ T1145] Kernel Offset: disabled
[   83.333632][ T1145] Rebooting in 86400 seconds..