Warning: Permanently added '10.128.0.41' (ED25519) to the list of known hosts.
2025/10/05 03:52:07 parsed 1 programs
[ 62.989929][ T30] audit: type=1400 audit(1759636327.548:62): avc: denied { write } for pid=5816 comm="syz-execprog" path="pipe:[3987]" dev="pipefs" ino=3987 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 63.013767][ T30] audit: type=1400 audit(1759636327.548:63): avc: denied { node_bind } for pid=5816 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[ 64.923393][ T30] audit: type=1400 audit(1759636329.488:64): avc: denied { mounton } for pid=5824 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[ 64.947021][ T30] audit: type=1400 audit(1759636329.508:65): avc: denied { mount } for pid=5824 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 64.949558][ T5824] cgroup: Unknown subsys name 'net'
[ 64.975999][ T30] audit: type=1400 audit(1759636329.538:66): avc: denied { unmount } for pid=5824 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 65.154414][ T5824] cgroup: Unknown subsys name 'cpuset'
[ 65.162407][ T5824] cgroup: Unknown subsys name 'rlimit'
[ 65.326189][ T30] audit: type=1400 audit(1759636329.888:67): avc: denied { setattr } for pid=5824 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=819 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 65.349639][ T30] audit: type=1400 audit(1759636329.888:68): avc: denied { create } for pid=5824 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 65.371246][ T30] audit: type=1400 audit(1759636329.888:69): avc: denied { write } for pid=5824 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 65.396602][ T30] audit: type=1400 audit(1759636329.888:70): avc: denied { read } for pid=5824 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 65.417703][ T30] audit: type=1400 audit(1759636329.918:71): avc: denied { mounton } for pid=5824 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 65.434493][ T5826] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped).
[ 66.434742][ T5824] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 68.022964][ T30] kauditd_printk_skb: 7 callbacks suppressed
[ 68.022979][ T30] audit: type=1400 audit(1759636332.588:79): avc: denied { read } for pid=5831 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 68.052045][ T30] audit: type=1400 audit(1759636332.588:80): avc: denied { open } for pid=5831 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 68.075587][ T30] audit: type=1400 audit(1759636332.588:81): avc: denied { mounton } for pid=5831 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[ 68.097221][ T30] audit: type=1400 audit(1759636332.648:82): avc: denied { mounton } for pid=5831 comm="syz-executor" path="/root/syzkaller.WI26qH/syz-tmp" dev="sda1" ino=2030 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[ 68.121553][ T30] audit: type=1400 audit(1759636332.648:83): avc: denied { mount } for pid=5831 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[ 68.143762][ T30] audit: type=1400 audit(1759636332.648:84): avc: denied { mounton } for pid=5831 comm="syz-executor" path="/root/syzkaller.WI26qH/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[ 68.169277][ T30] audit: type=1400 audit(1759636332.648:85): avc: denied { mount } for pid=5831 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[ 68.191566][ T30] audit: type=1400 audit(1759636332.648:86): avc: denied { mounton } for pid=5831 comm="syz-executor" path="/root/syzkaller.WI26qH/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[ 68.218548][ T30] audit: type=1400 audit(1759636332.648:87): avc: denied { mounton } for pid=5831 comm="syz-executor" path="/root/syzkaller.WI26qH/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=4046 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[ 68.245926][ T30] audit: type=1400 audit(1759636332.668:88): avc: denied { unmount } for pid=5831 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 68.269127][ T5831] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 69.307860][ T52] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 69.317793][ T52] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 69.326709][ T52] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 69.335782][ T52] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 69.343942][ T52] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 69.730999][ T5880] chnl_net:caif_netlink_parms(): no params data found
[ 69.821053][ T5880] bridge0: port 1(bridge_slave_0) entered blocking state
[ 69.830989][ T5880] bridge0: port 1(bridge_slave_0) entered disabled state
[ 69.838750][ T5880] bridge_slave_0: entered allmulticast mode
[ 69.846097][ T5880] bridge_slave_0: entered promiscuous mode
[ 69.858525][ T5880] bridge0: port 2(bridge_slave_1) entered blocking state
[ 69.866189][ T5880] bridge0: port 2(bridge_slave_1) entered disabled state
[ 69.873482][ T5880] bridge_slave_1: entered allmulticast mode
[ 69.881108][ T5880] bridge_slave_1: entered promiscuous mode
[ 69.911428][ T5880] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 69.922637][ T5880] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 69.946704][ T5880] team0: Port device team_slave_0 added
[ 69.953756][ T5880] team0: Port device team_slave_1 added
[ 69.976282][ T5880] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 69.983294][ T5880] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 70.009412][ T5880] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 70.021989][ T5880] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 70.028943][ T5880] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 70.055522][ T5880] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 70.097720][ T5880] hsr_slave_0: entered promiscuous mode
[ 70.103893][ T5880] hsr_slave_1: entered promiscuous mode
[ 70.212304][ T5880] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 70.222973][ T5880] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 70.232676][ T5880] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 70.242553][ T5880] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 70.263894][ T5880] bridge0: port 2(bridge_slave_1) entered blocking state
[ 70.271007][ T5880] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 70.278932][ T5880] bridge0: port 1(bridge_slave_0) entered blocking state
[ 70.286033][ T5880] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 70.327228][ T5880] 8021q: adding VLAN 0 to HW filter on device bond0
[ 70.342316][ T2957] bridge0: port 1(bridge_slave_0) entered disabled state
[ 70.350375][ T2957] bridge0: port 2(bridge_slave_1) entered disabled state
[ 70.369733][ T5880] 8021q: adding VLAN 0 to HW filter on device team0
[ 70.381636][ T2957] bridge0: port 1(bridge_slave_0) entered blocking state
[ 70.388760][ T2957] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 70.402730][ T2957] bridge0: port 2(bridge_slave_1) entered blocking state
[ 70.409851][ T2957] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 70.530829][ T5880] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 70.563383][ T5880] veth0_vlan: entered promiscuous mode
[ 70.573389][ T5880] veth1_vlan: entered promiscuous mode
[ 70.595390][ T5880] veth0_macvtap: entered promiscuous mode
[ 70.603695][ T5880] veth1_macvtap: entered promiscuous mode
[ 70.619500][ T5880] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 70.634302][ T5880] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 70.648486][ T1081] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 70.660858][ T1081] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 70.670463][ T1081] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 70.685547][ T1081] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 70.779195][ T3001] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 70.823694][ T3001] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 70.908427][ T3001] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 70.993092][ T3001] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 71.016167][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[ 71.023847][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[ 71.257853][ T2957] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 71.267090][ T2957] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 71.295197][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 71.303423][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/10/05 03:52:16 executed programs: 0
[ 72.056499][ T52] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 72.064626][ T52] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 72.076173][ T52] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 72.084333][ T52] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 72.092628][ T52] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 72.205604][ T5934] chnl_net:caif_netlink_parms(): no params data found
[ 72.262849][ T5934] bridge0: port 1(bridge_slave_0) entered blocking state
[ 72.269966][ T5934] bridge0: port 1(bridge_slave_0) entered disabled state
[ 72.277528][ T5934] bridge_slave_0: entered allmulticast mode
[ 72.284307][ T5934] bridge_slave_0: entered promiscuous mode
[ 72.292862][ T5934] bridge0: port 2(bridge_slave_1) entered blocking state
[ 72.300079][ T5934] bridge0: port 2(bridge_slave_1) entered disabled state
[ 72.307421][ T5934] bridge_slave_1: entered allmulticast mode
[ 72.314390][ T5934] bridge_slave_1: entered promiscuous mode
[ 72.339421][ T5934] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 72.350715][ T5934] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 72.379348][ T5934] team0: Port device team_slave_0 added
[ 72.387244][ T5934] team0: Port device team_slave_1 added
[ 72.407278][ T5934] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 72.414262][ T5934] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 72.440339][ T5934] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 72.454068][ T5934] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 72.461026][ T5934] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 72.487541][ T5934] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 72.526398][ T5934] hsr_slave_0: entered promiscuous mode
[ 72.532735][ T5934] hsr_slave_1: entered promiscuous mode
[ 72.539554][ T5934] debugfs: 'hsr0' already exists in 'hsr'
[ 72.545816][ T5934] Cannot create hsr debugfs directory
[ 73.702339][ T30] kauditd_printk_skb: 19 callbacks suppressed
[ 73.702353][ T30] audit: type=1400 audit(1759636338.268:108): avc: denied { search } for pid=5490 comm="dhcpcd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 73.733213][ T30] audit: type=1400 audit(1759636338.278:109): avc: denied { search } for pid=5490 comm="dhcpcd" name="udev" dev="tmpfs" ino=9 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 73.760568][ T30] audit: type=1400 audit(1759636338.278:110): avc: denied { search } for pid=5490 comm="dhcpcd" name="data" dev="tmpfs" ino=13 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 73.786532][ T30] audit: type=1400 audit(1759636338.338:111): avc: denied { read open } for pid=5944 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1835 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 73.813917][ T3001] bridge_slave_1: left allmulticast mode
[ 73.819709][ T3001] bridge_slave_1: left promiscuous mode
[ 73.826717][ T3001] bridge0: port 2(bridge_slave_1) entered disabled state
[ 73.836895][ T30] audit: type=1400 audit(1759636338.338:112): avc: denied { getattr } for pid=5944 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1835 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 73.867530][ T3001] bridge_slave_0: left allmulticast mode
[ 73.873462][ T3001] bridge_slave_0: left promiscuous mode
[ 73.879215][ T3001] bridge0: port 1(bridge_slave_0) entered disabled state
[ 73.974814][ T30] audit: type=1400 audit(1759636338.528:113): avc: denied { add_name } for pid=5943 comm="dhcpcd-run-hook" name="resolv.conf.eth1.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 74.045820][ T30] audit: type=1400 audit(1759636338.608:114): avc: denied { remove_name } for pid=5954 comm="rm" name="resolv.conf.eth1.link" dev="tmpfs" ino=2018 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 74.125027][ T52] Bluetooth: hci0: command tx timeout
[ 74.163478][ T3001] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 74.174473][ T3001] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 74.183906][ T3001] bond0 (unregistering): Released all slaves
[ 74.254594][ T3001] hsr_slave_0: left promiscuous mode
[ 74.260909][ T3001] hsr_slave_1: left promiscuous mode
[ 74.267269][ T3001] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 74.275002][ T3001] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 74.283557][ T3001] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 74.290969][ T3001] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 74.311463][ T3001] veth1_macvtap: left promiscuous mode
[ 74.320413][ T3001] veth0_macvtap: left promiscuous mode
[ 74.326860][ T3001] veth1_vlan: left promiscuous mode
[ 74.332382][ T3001] veth0_vlan: left promiscuous mode
[ 74.648831][ T3001] team0 (unregistering): Port device team_slave_1 removed
[ 74.670965][ T3001] team0 (unregistering): Port device team_slave_0 removed
[ 74.996456][ T5934] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 75.017245][ T5934] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 75.032229][ T5934] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 75.046939][ T5934] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 75.143883][ T5934] 8021q: adding VLAN 0 to HW filter on device bond0
[ 75.367860][ T5934] 8021q: adding VLAN 0 to HW filter on device team0
[ 75.389307][ T1081] bridge0: port 1(bridge_slave_0) entered blocking state
[ 75.396466][ T1081] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 75.416586][ T1081] bridge0: port 2(bridge_slave_1) entered blocking state
[ 75.423722][ T1081] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 75.751412][ T5934] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 75.780025][ T5934] veth0_vlan: entered promiscuous mode
[ 75.796881][ T5934] veth1_vlan: entered promiscuous mode
[ 75.824339][ T5934] veth0_macvtap: entered promiscuous mode
[ 75.834019][ T5934] veth1_macvtap: entered promiscuous mode
[ 75.854549][ T5934] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 75.874999][ T5934] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 75.893180][ T36] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 75.904033][ T36] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 75.913094][ T36] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 75.922493][ T36] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 75.970296][ T3001] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 75.978451][ T3001] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 75.997464][ T3001] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 76.006606][ T3001] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 76.041687][ T30] audit: type=1400 audit(1759636340.598:115): avc: denied { read write } for pid=6007 comm="syz.0.17" name="card0" dev="devtmpfs" ino=626 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[ 76.068498][ T30] audit: type=1400 audit(1759636340.598:116): avc: denied { open } for pid=6007 comm="syz.0.17" path="/dev/dri/card0" dev="devtmpfs" ino=626 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[ 76.093120][ T30] audit: type=1400 audit(1759636340.598:117): avc: denied { ioctl } for pid=6007 comm="syz.0.17" path="/dev/dri/card0" dev="devtmpfs" ino=626 ioctlcmd=0x64b2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[ 76.118773][ T6007] ==================================================================
[ 76.126852][ T6007] BUG: KASAN: slab-out-of-bounds in __cpa_addr+0x1d3/0x220
[ 76.134057][ T6007] Read of size 8 at addr ffff88807252c888 by task syz.0.17/6007
[ 76.141760][ T6007]
[ 76.144077][ T6007] CPU: 1 UID: 0 PID: 6007 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)
[ 76.144094][ T6007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 76.144103][ T6007] Call Trace:
[ 76.144108][ T6007]
[ 76.144114][ T6007] dump_stack_lvl+0x116/0x1f0
[ 76.144136][ T6007] print_report+0xcd/0x630
[ 76.144154][ T6007] ? __virt_addr_valid+0x81/0x610
[ 76.144176][ T6007] ? __phys_addr+0xe8/0x180
[ 76.144197][ T6007] ? __cpa_addr+0x1d3/0x220
[ 76.144211][ T6007] kasan_report+0xe0/0x110
[ 76.144228][ T6007] ? __cpa_addr+0x1d3/0x220
[ 76.144244][ T6007] __cpa_addr+0x1d3/0x220
[ 76.144259][ T6007] cpa_flush+0x28b/0x8a0
[ 76.144276][ T6007] ? __pfx_cpa_flush+0x10/0x10
[ 76.144291][ T6007] ? pgprot2cachemode+0x9a/0x130
[ 76.144311][ T6007] ? __pfx_pgprot2cachemode+0x10/0x10
[ 76.144332][ T6007] ? drm_gem_get_pages+0x6a0/0xa10
[ 76.144350][ T6007] change_page_attr_set_clr+0x34e/0x4a0
[ 76.144369][ T6007] ? __pfx_change_page_attr_set_clr+0x10/0x10
[ 76.144392][ T6007] _set_pages_array+0x1ab/0x2c0
[ 76.144410][ T6007] drm_gem_shmem_get_pages_locked+0x384/0x490
[ 76.144425][ T6007] ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10
[ 76.144440][ T6007] ? __pfx___might_resched+0x10/0x10
[ 76.144461][ T6007] drm_gem_shmem_mmap+0xc9/0x550
[ 76.144474][ T6007] ? __pfx_drm_gem_shmem_object_mmap+0x10/0x10
[ 76.144489][ T6007] drm_gem_mmap_obj+0x1b5/0x560
[ 76.144505][ T6007] drm_gem_mmap+0x40b/0x620
[ 76.144521][ T6007] ? __pfx_drm_gem_mmap+0x10/0x10
[ 76.144537][ T6007] ? vm_area_alloc+0x1f/0x160
[ 76.144558][ T6007] ? lockdep_init_map_type+0x5c/0x280
[ 76.144574][ T6007] __mmap_region+0x1306/0x27a0
[ 76.144588][ T6007] ? __pfx___mmap_region+0x10/0x10
[ 76.144601][ T6007] ? __pfx_avc_audit_post_callback+0x10/0x10
[ 76.144622][ T6007] ? audit_log_end+0x1f/0x30
[ 76.144636][ T6007] ? audit_log_end+0x1f/0x30
[ 76.144650][ T6007] ? common_lsm_audit+0x260/0x300
[ 76.144683][ T6007] ? __lock_acquire+0xb97/0x1ce0
[ 76.144699][ T6007] mmap_region+0x32b/0x3f0
[ 76.144713][ T6007] do_mmap+0xa3e/0x1210
[ 76.144731][ T6007] ? __pfx_do_mmap+0x10/0x10
[ 76.144747][ T6007] ? __pfx_down_write_killable+0x10/0x10
[ 76.144769][ T6007] vm_mmap_pgoff+0x29e/0x470
[ 76.144787][ T6007] ? __pfx_vm_mmap_pgoff+0x10/0x10
[ 76.144804][ T6007] ? __fget_files+0x20e/0x3c0
[ 76.144820][ T6007] ksys_mmap_pgoff+0x32c/0x5c0
[ 76.144837][ T6007] __x64_sys_mmap+0x125/0x190
[ 76.144853][ T6007] do_syscall_64+0xcd/0x4e0
[ 76.144871][ T6007] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 76.144885][ T6007] RIP: 0033:0x7fdbfd38eec9
[ 76.144897][ T6007] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 76.144910][ T6007] RSP: 002b:00007fff17fc13d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 76.144924][ T6007] RAX: ffffffffffffffda RBX: 00007fdbfd5e5fa0 RCX: 00007fdbfd38eec9
[ 76.144933][ T6007] RDX: 0000000000000004 RSI: 0000000000004000 RDI: 0000200000001000
[ 76.144941][ T6007] RBP: 00007fdbfd411f91 R08: 0000000000000003 R09: 0000000100000000
[ 76.144950][ T6007] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000
[ 76.144958][ T6007] R13: 00007fdbfd5e5fa0 R14: 00007fdbfd5e5fa0 R15: 0000000000000006
[ 76.144977][ T6007]
[ 76.144981][ T6007]
[ 76.465256][ T6007] Allocated by task 6007:
[ 76.469561][ T6007] kasan_save_stack+0x33/0x60
[ 76.474226][ T6007] kasan_save_track+0x14/0x30
[ 76.478885][ T6007] __kasan_kmalloc+0xaa/0xb0
[ 76.483469][ T6007] __kvmalloc_node_noprof+0x3a3/0x9c0
[ 76.488906][ T6007] drm_gem_get_pages+0x144/0xa10
[ 76.493848][ T6007] drm_gem_shmem_get_pages_locked+0x1e6/0x490
[ 76.499911][ T6007] drm_gem_shmem_mmap+0xc9/0x550
[ 76.504852][ T6007] drm_gem_mmap_obj+0x1b5/0x560
[ 76.509686][ T6007] drm_gem_mmap+0x40b/0x620
[ 76.514175][ T6007] __mmap_region+0x1306/0x27a0
[ 76.518926][ T6007] mmap_region+0x32b/0x3f0
[ 76.523322][ T6007] do_mmap+0xa3e/0x1210
[ 76.527474][ T6007] vm_mmap_pgoff+0x29e/0x470
[ 76.532125][ T6007] ksys_mmap_pgoff+0x32c/0x5c0
[ 76.536882][ T6007] __x64_sys_mmap+0x125/0x190
[ 76.541541][ T6007] do_syscall_64+0xcd/0x4e0
[ 76.546027][ T6007] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 76.551901][ T6007]
[ 76.554290][ T6007] The buggy address belongs to the object at ffff88807252c800
[ 76.554290][ T6007] which belongs to the cache kmalloc-192 of size 192
[ 76.568334][ T6007] The buggy address is located 0 bytes to the right of
[ 76.568334][ T6007] allocated 136-byte region [ffff88807252c800, ffff88807252c888)
[ 76.582825][ T6007]
[ 76.585128][ T6007] The buggy address belongs to the physical page:
[ 76.591687][ T6007] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7252c
[ 76.600425][ T6007] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 76.607508][ T6007] page_type: f5(slab)
[ 76.611467][ T6007] raw: 00fff00000000000 ffff88801b0263c0 dead000000000122 0000000000000000
[ 76.620033][ T6007] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[ 76.628594][ T6007] page dumped because: kasan: bad access detected
[ 76.634982][ T6007] page_owner tracks the page as allocated
[ 76.640672][ T6007] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 5934, tgid 5934 (syz-executor), ts 75996274955, free_ts 75996254683
[ 76.660193][ T6007] post_alloc_hook+0x1c0/0x230
[ 76.664962][ T6007] get_page_from_freelist+0x10a3/0x3a30
[ 76.670528][ T6007] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 76.676423][ T6007] new_slab+0xa5/0x360
[ 76.680492][ T6007] ___slab_alloc+0xdc4/0x1ae0
[ 76.685153][ T6007] __slab_alloc.constprop.0+0x63/0x110
[ 76.690595][ T6007] __kmalloc_node_noprof+0x4dd/0x8a0
[ 76.695857][ T6007] alloc_slab_obj_exts+0x3a/0xd0
[ 76.700781][ T6007] new_slab+0x283/0x360
[ 76.704920][ T6007] ___slab_alloc+0xdc4/0x1ae0
[ 76.709579][ T6007] __slab_alloc.constprop.0+0x63/0x110
[ 76.715027][ T6007] kmem_cache_alloc_lru_noprof+0x443/0x6e0
[ 76.720820][ T6007] __d_alloc+0x32/0xae0
[ 76.725131][ T6007] d_alloc_parallel+0x111/0x1480
[ 76.730054][ T6007] __lookup_slow+0x193/0x460
[ 76.734629][ T6007] lookup_noperm+0xe1/0x110
[ 76.739115][ T6007] page last free pid 5934 tgid 5934 stack trace:
[ 76.745426][ T6007] __free_frozen_pages+0x7df/0x1160
[ 76.750610][ T6007] inode_doinit_with_dentry+0xacb/0x12e0
[ 76.756223][ T6007] selinux_d_instantiate+0x26/0x30
[ 76.761315][ T6007] security_d_instantiate+0x142/0x1a0
[ 76.766670][ T6007] d_instantiate+0x5c/0x90
[ 76.771083][ T6007] __debugfs_create_file+0x286/0x6b0
[ 76.776346][ T6007] debugfs_create_file_short+0x41/0x60
[ 76.781781][ T6007] ieee80211_debugfs_recreate_netdev+0x631/0x17e0
[ 76.788177][ T6007] ieee80211_if_change_type+0x2ba/0x800
[ 76.793709][ T6007] ieee80211_change_iface+0xa5/0x500
[ 76.799017][ T6007] cfg80211_change_iface+0x582/0xdc0
[ 76.804294][ T6007] nl80211_set_interface+0x911/0xcb0
[ 76.809580][ T6007] genl_family_rcv_msg_doit+0x206/0x2f0
[ 76.815113][ T6007] genl_rcv_msg+0x55c/0x800
[ 76.819612][ T6007] netlink_rcv_skb+0x155/0x420
[ 76.824375][ T6007] genl_rcv+0x28/0x40
[ 76.828358][ T6007]
[ 76.830678][ T6007] Memory state around the buggy address:
[ 76.836287][ T6007] ffff88807252c780: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[ 76.844336][ T6007] ffff88807252c800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 76.852807][ T6007] >ffff88807252c880: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 76.860842][ T6007] ^
[ 76.865144][ T6007] ffff88807252c900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 76.873442][ T6007] ffff88807252c980: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc
[ 76.881480][ T6007] ==================================================================
[ 76.895012][ T52] Bluetooth: hci0: command tx timeout
[ 76.901050][ T6007] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 76.908254][ T6007] CPU: 1 UID: 0 PID: 6007 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)
[ 76.917360][ T6007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 76.927425][ T6007] Call Trace:
[ 76.930700][ T6007]
[ 76.933622][ T6007] dump_stack_lvl+0x3d/0x1f0
[ 76.938226][ T6007] vpanic+0x640/0x6f0
[ 76.942217][ T6007] panic+0xca/0xd0
[ 76.945933][ T6007] ? __pfx_panic+0x10/0x10
[ 76.950340][ T6007] ? __cpa_addr+0x1d3/0x220
[ 76.955178][ T6007] ? preempt_schedule_common+0x44/0xc0
[ 76.960655][ T6007] ? preempt_schedule_thunk+0x16/0x30
[ 76.966027][ T6007] ? check_panic_on_warn+0x1f/0xb0
[ 76.971140][ T6007] check_panic_on_warn+0xab/0xb0
[ 76.976066][ T6007] end_report+0x107/0x170
[ 76.980389][ T6007] kasan_report+0xee/0x110
[ 76.984803][ T6007] ? __cpa_addr+0x1d3/0x220
[ 76.989303][ T6007] __cpa_addr+0x1d3/0x220
[ 76.993623][ T6007] cpa_flush+0x28b/0x8a0
[ 76.997867][ T6007] ? __pfx_cpa_flush+0x10/0x10
[ 77.002623][ T6007] ? pgprot2cachemode+0x9a/0x130
[ 77.007561][ T6007] ? __pfx_pgprot2cachemode+0x10/0x10
[ 77.012928][ T6007] ? drm_gem_get_pages+0x6a0/0xa10
[ 77.018037][ T6007] change_page_attr_set_clr+0x34e/0x4a0
[ 77.023583][ T6007] ? __pfx_change_page_attr_set_clr+0x10/0x10
[ 77.029659][ T6007] _set_pages_array+0x1ab/0x2c0
[ 77.034528][ T6007] drm_gem_shmem_get_pages_locked+0x384/0x490
[ 77.040586][ T6007] ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10
[ 77.047171][ T6007] ? __pfx___might_resched+0x10/0x10
[ 77.052471][ T6007] drm_gem_shmem_mmap+0xc9/0x550
[ 77.057402][ T6007] ? __pfx_drm_gem_shmem_object_mmap+0x10/0x10
[ 77.063547][ T6007] drm_gem_mmap_obj+0x1b5/0x560
[ 77.068395][ T6007] drm_gem_mmap+0x40b/0x620
[ 77.072890][ T6007] ? __pfx_drm_gem_mmap+0x10/0x10
[ 77.077904][ T6007] ? vm_area_alloc+0x1f/0x160
[ 77.082582][ T6007] ? lockdep_init_map_type+0x5c/0x280
[ 77.087970][ T6007] __mmap_region+0x1306/0x27a0
[ 77.092730][ T6007] ? __pfx___mmap_region+0x10/0x10
[ 77.097832][ T6007] ? __pfx_avc_audit_post_callback+0x10/0x10
[ 77.103804][ T6007] ? audit_log_end+0x1f/0x30
[ 77.108376][ T6007] ? audit_log_end+0x1f/0x30
[ 77.112960][ T6007] ? common_lsm_audit+0x260/0x300
[ 77.118030][ T6007] ? __lock_acquire+0xb97/0x1ce0
[ 77.122949][ T6007] mmap_region+0x32b/0x3f0
[ 77.127346][ T6007] do_mmap+0xa3e/0x1210
[ 77.131484][ T6007] ? __pfx_do_mmap+0x10/0x10
[ 77.136235][ T6007] ? __pfx_down_write_killable+0x10/0x10
[ 77.141859][ T6007] vm_mmap_pgoff+0x29e/0x470
[ 77.146462][ T6007] ? __pfx_vm_mmap_pgoff+0x10/0x10
[ 77.151559][ T6007] ? __fget_files+0x20e/0x3c0
[ 77.156309][ T6007] ksys_mmap_pgoff+0x32c/0x5c0
[ 77.161058][ T6007] __x64_sys_mmap+0x125/0x190
[ 77.165731][ T6007] do_syscall_64+0xcd/0x4e0
[ 77.170219][ T6007] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 77.176094][ T6007] RIP: 0033:0x7fdbfd38eec9
[ 77.180489][ T6007] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 77.200076][ T6007] RSP: 002b:00007fff17fc13d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 77.208482][ T6007] RAX: ffffffffffffffda RBX: 00007fdbfd5e5fa0 RCX: 00007fdbfd38eec9
[ 77.216433][ T6007] RDX: 0000000000000004 RSI: 0000000000004000 RDI: 0000200000001000
[ 77.224389][ T6007] RBP: 00007fdbfd411f91 R08: 0000000000000003 R09: 0000000100000000
[ 77.232341][ T6007] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000
[ 77.240297][ T6007] R13: 00007fdbfd5e5fa0 R14: 00007fdbfd5e5fa0 R15: 0000000000000006
[ 77.248250][ T6007]
[ 77.251345][ T6007] Kernel Offset: disabled
[ 77.255640][ T6007] Rebooting in 86400 seconds..