Warning: Permanently added '10.128.1.31' (ED25519) to the list of known hosts.
2025/10/05 02:54:34 parsed 1 programs
[ 59.936583][ T30] audit: type=1400 audit(1759632874.480:62): avc: denied { write } for pid=5815 comm="syz-execprog" path="pipe:[3983]" dev="pipefs" ino=3983 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 59.960643][ T30] audit: type=1400 audit(1759632874.490:63): avc: denied { node_bind } for pid=5815 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[ 61.857573][ T30] audit: type=1400 audit(1759632876.410:64): avc: denied { mounton } for pid=5823 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[ 61.881194][ T30] audit: type=1400 audit(1759632876.430:65): avc: denied { mount } for pid=5823 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 61.883695][ T5823] cgroup: Unknown subsys name 'net'
[ 61.911336][ T30] audit: type=1400 audit(1759632876.460:66): avc: denied { unmount } for pid=5823 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 62.019488][ T5823] cgroup: Unknown subsys name 'cpuset'
[ 62.027243][ T5823] cgroup: Unknown subsys name 'rlimit'
[ 62.191087][ T30] audit: type=1400 audit(1759632876.740:67): avc: denied { setattr } for pid=5823 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=819 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 62.223573][ T30] audit: type=1400 audit(1759632876.740:68): avc: denied { create } for pid=5823 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 62.246515][ T30] audit: type=1400 audit(1759632876.740:69): avc: denied { write } for pid=5823 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 62.267340][ T30] audit: type=1400 audit(1759632876.740:70): avc: denied { read } for pid=5823 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 62.287805][ T30] audit: type=1400 audit(1759632876.750:71): avc: denied { mounton } for pid=5823 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 62.331969][ T5825] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped).
[ 63.297824][ T5823] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 65.007551][ T30] kauditd_printk_skb: 15 callbacks suppressed
[ 65.007566][ T30] audit: type=1400 audit(1759632879.560:87): avc: denied { mounton } for pid=5832 comm="syz-executor" path="/root/syzkaller.x2omxR/syz-tmp" dev="sda1" ino=2031 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[ 65.037919][ T30] audit: type=1400 audit(1759632879.560:88): avc: denied { mount } for pid=5832 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[ 65.059941][ T30] audit: type=1400 audit(1759632879.560:89): avc: denied { mounton } for pid=5832 comm="syz-executor" path="/root/syzkaller.x2omxR/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[ 65.085537][ T30] audit: type=1400 audit(1759632879.560:90): avc: denied { mount } for pid=5832 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[ 65.107304][ T30] audit: type=1400 audit(1759632879.560:91): avc: denied { mounton } for pid=5832 comm="syz-executor" path="/root/syzkaller.x2omxR/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[ 65.135327][ T30] audit: type=1400 audit(1759632879.560:92): avc: denied { mounton } for pid=5832 comm="syz-executor" path="/root/syzkaller.x2omxR/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=4020 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[ 65.162687][ T30] audit: type=1400 audit(1759632879.570:93): avc: denied { unmount } for pid=5832 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 65.182283][ T30] audit: type=1400 audit(1759632879.590:94): avc: denied { mounton } for pid=5832 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=2782 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[ 65.205333][ T30] audit: type=1400 audit(1759632879.590:95): avc: denied { mount } for pid=5832 comm="syz-executor" name="/" dev="gadgetfs" ino=4021 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[ 65.231084][ T5832] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 65.256808][ T30] audit: type=1400 audit(1759632879.800:96): avc: denied { read write } for pid=5832 comm="syz-executor" name="loop0" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 65.872463][ T5847] chnl_net:caif_netlink_parms(): no params data found
[ 65.932347][ T5847] bridge0: port 1(bridge_slave_0) entered blocking state
[ 65.939582][ T5847] bridge0: port 1(bridge_slave_0) entered disabled state
[ 65.946778][ T5847] bridge_slave_0: entered allmulticast mode
[ 65.953882][ T5847] bridge_slave_0: entered promiscuous mode
[ 65.964241][ T5847] bridge0: port 2(bridge_slave_1) entered blocking state
[ 65.971478][ T5847] bridge0: port 2(bridge_slave_1) entered disabled state
[ 65.978655][ T5847] bridge_slave_1: entered allmulticast mode
[ 65.985271][ T5847] bridge_slave_1: entered promiscuous mode
[ 66.009321][ T5847] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 66.020959][ T5847] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 66.048269][ T5847] team0: Port device team_slave_0 added
[ 66.055207][ T5847] team0: Port device team_slave_1 added
[ 66.073772][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 66.080851][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 66.106771][ T5847] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 66.118751][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 66.125712][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 66.152052][ T5847] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 66.182991][ T5847] hsr_slave_0: entered promiscuous mode
[ 66.190086][ T5847] hsr_slave_1: entered promiscuous mode
[ 66.281429][ T5847] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 66.291809][ T5847] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 66.300912][ T5847] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 66.310106][ T5847] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 66.332514][ T5847] bridge0: port 2(bridge_slave_1) entered blocking state
[ 66.339641][ T5847] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 66.347478][ T5847] bridge0: port 1(bridge_slave_0) entered blocking state
[ 66.354540][ T5847] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 66.394982][ T5847] 8021q: adding VLAN 0 to HW filter on device bond0
[ 66.410002][ T13] bridge0: port 1(bridge_slave_0) entered disabled state
[ 66.418057][ T13] bridge0: port 2(bridge_slave_1) entered disabled state
[ 66.431011][ T5847] 8021q: adding VLAN 0 to HW filter on device team0
[ 66.443887][ T13] bridge0: port 1(bridge_slave_0) entered blocking state
[ 66.451015][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 66.461607][ T36] bridge0: port 2(bridge_slave_1) entered blocking state
[ 66.468719][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 66.585785][ T5847] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 66.619786][ T5847] veth0_vlan: entered promiscuous mode
[ 66.629678][ T5847] veth1_vlan: entered promiscuous mode
[ 66.649909][ T5847] veth0_macvtap: entered promiscuous mode
[ 66.658177][ T5847] veth1_macvtap: entered promiscuous mode
[ 66.673588][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 66.686449][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 66.699740][ T36] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 66.710119][ T36] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 66.720211][ T36] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 66.729301][ T36] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 66.814750][ T36] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 66.878434][ T36] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 66.908719][ T3677] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 66.917251][ T3677] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 66.940557][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 66.950109][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 66.963346][ T36] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 67.033146][ T36] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 67.949829][ T5905] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 67.960487][ T5905] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 67.968818][ T5905] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 67.976540][ T5905] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 67.984421][ T5905] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
2025/10/05 02:54:43 executed programs: 0
[ 68.698722][ T5145] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 68.706239][ T5145] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 68.713854][ T5145] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 68.721867][ T5145] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 68.730107][ T5145] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 68.830499][ T5925] chnl_net:caif_netlink_parms(): no params data found
[ 68.877332][ T5925] bridge0: port 1(bridge_slave_0) entered blocking state
[ 68.884427][ T5925] bridge0: port 1(bridge_slave_0) entered disabled state
[ 68.891928][ T5925] bridge_slave_0: entered allmulticast mode
[ 68.899041][ T5925] bridge_slave_0: entered promiscuous mode
[ 68.906817][ T5925] bridge0: port 2(bridge_slave_1) entered blocking state
[ 68.914009][ T5925] bridge0: port 2(bridge_slave_1) entered disabled state
[ 68.921654][ T5925] bridge_slave_1: entered allmulticast mode
[ 68.928949][ T5925] bridge_slave_1: entered promiscuous mode
[ 68.950645][ T5925] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 68.962112][ T5925] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 68.985168][ T5925] team0: Port device team_slave_0 added
[ 68.992857][ T5925] team0: Port device team_slave_1 added
[ 69.015090][ T5925] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 69.022204][ T5925] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 69.048299][ T5925] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 69.060244][ T5925] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 69.067347][ T5925] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 69.093587][ T5925] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 69.125573][ T5925] hsr_slave_0: entered promiscuous mode
[ 69.131708][ T5925] hsr_slave_1: entered promiscuous mode
[ 69.137743][ T5925] debugfs: 'hsr0' already exists in 'hsr'
[ 69.143537][ T5925] Cannot create hsr debugfs directory
[ 70.088815][ T30] kauditd_printk_skb: 11 callbacks suppressed
[ 70.088829][ T30] audit: type=1400 audit(1759632884.640:108): avc: denied { search } for pid=5489 comm="dhcpcd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 70.117422][ T30] audit: type=1400 audit(1759632884.660:109): avc: denied { search } for pid=5489 comm="dhcpcd" name="udev" dev="tmpfs" ino=9 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 70.139552][ T30] audit: type=1400 audit(1759632884.660:110): avc: denied { search } for pid=5489 comm="dhcpcd" name="data" dev="tmpfs" ino=14 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 70.171238][ T36] bridge_slave_1: left allmulticast mode
[ 70.177322][ T36] bridge_slave_1: left promiscuous mode
[ 70.183425][ T36] bridge0: port 2(bridge_slave_1) entered disabled state
[ 70.193218][ T36] bridge_slave_0: left allmulticast mode
[ 70.199873][ T36] bridge_slave_0: left promiscuous mode
[ 70.205507][ T36] bridge0: port 1(bridge_slave_0) entered disabled state
[ 70.355897][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 70.366277][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 70.375798][ T36] bond0 (unregistering): Released all slaves
[ 70.435491][ T30] audit: type=1400 audit(1759632884.980:111): avc: denied { read open } for pid=5936 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1835 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 70.461545][ T30] audit: type=1400 audit(1759632885.000:112): avc: denied { getattr } for pid=5936 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1835 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 70.545268][ T36] hsr_slave_0: left promiscuous mode
[ 70.551290][ T36] hsr_slave_1: left promiscuous mode
[ 70.559467][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 70.567150][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 70.575279][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 70.583665][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 70.602181][ T36] veth1_macvtap: left promiscuous mode
[ 70.608048][ T36] veth0_macvtap: left promiscuous mode
[ 70.613830][ T36] veth1_vlan: left promiscuous mode
[ 70.620246][ T36] veth0_vlan: left promiscuous mode
[ 70.628250][ T30] audit: type=1400 audit(1759632885.170:113): avc: denied { add_name } for pid=5935 comm="dhcpcd-run-hook" name="resolv.conf.eth1.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 70.688956][ T30] audit: type=1400 audit(1759632885.240:114): avc: denied { remove_name } for pid=5946 comm="rm" name="resolv.conf.eth1.link" dev="tmpfs" ino=2017 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 70.767344][ T5145] Bluetooth: hci0: command tx timeout
[ 70.885959][ T36] team0 (unregistering): Port device team_slave_1 removed
[ 70.908885][ T36] team0 (unregistering): Port device team_slave_0 removed
[ 71.010365][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[ 71.016790][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[ 71.259964][ T5925] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 71.274153][ T5925] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 71.286243][ T5925] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 71.296387][ T5925] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 71.677309][ T5925] 8021q: adding VLAN 0 to HW filter on device bond0
[ 71.701797][ T5925] 8021q: adding VLAN 0 to HW filter on device team0
[ 71.713510][ T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 71.720716][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 71.740873][ T12] bridge0: port 2(bridge_slave_1) entered blocking state
[ 71.748045][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 71.944182][ T5925] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 72.000265][ T5925] veth0_vlan: entered promiscuous mode
[ 72.009488][ T5925] veth1_vlan: entered promiscuous mode
[ 72.059447][ T5925] veth0_macvtap: entered promiscuous mode
[ 72.067788][ T5925] veth1_macvtap: entered promiscuous mode
[ 72.086347][ T5925] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 72.101981][ T5925] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 72.123683][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 72.133862][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 72.144549][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 72.153873][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 72.205541][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 72.222572][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 72.254534][ T3677] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 72.263311][ T3677] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 72.313341][ T30] audit: type=1400 audit(1759632886.860:115): avc: denied { read } for pid=5978 comm="syz.0.17" name="card0" dev="devtmpfs" ino=626 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[ 72.341879][ T30] audit: type=1400 audit(1759632886.870:116): avc: denied { open } for pid=5978 comm="syz.0.17" path="/dev/dri/card0" dev="devtmpfs" ino=626 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[ 72.366642][ T30] audit: type=1400 audit(1759632886.870:117): avc: denied { ioctl } for pid=5978 comm="syz.0.17" path="/dev/dri/card0" dev="devtmpfs" ino=626 ioctlcmd=0x64b2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[ 72.399347][ T5978] ==================================================================
[ 72.407435][ T5978] BUG: KASAN: slab-out-of-bounds in __cpa_addr+0x1d3/0x220
[ 72.414644][ T5978] Read of size 8 at addr ffff88801f75e8f8 by task syz.0.17/5978
[ 72.422244][ T5978]
[ 72.424545][ T5978] CPU: 0 UID: 0 PID: 5978 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)
[ 72.424558][ T5978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 72.424564][ T5978] Call Trace:
[ 72.424569][ T5978]
[ 72.424573][ T5978] dump_stack_lvl+0x116/0x1f0
[ 72.424590][ T5978] print_report+0xcd/0x630
[ 72.424604][ T5978] ? __virt_addr_valid+0x81/0x610
[ 72.424620][ T5978] ? __phys_addr+0xe8/0x180
[ 72.424636][ T5978] ? __cpa_addr+0x1d3/0x220
[ 72.424646][ T5978] kasan_report+0xe0/0x110
[ 72.424659][ T5978] ? __cpa_addr+0x1d3/0x220
[ 72.424671][ T5978] __cpa_addr+0x1d3/0x220
[ 72.424683][ T5978] cpa_flush+0x28b/0x8a0
[ 72.424695][ T5978] ? __pfx_cpa_flush+0x10/0x10
[ 72.424708][ T5978] ? pgprot2cachemode+0x9a/0x130
[ 72.424723][ T5978] ? __pfx_pgprot2cachemode+0x10/0x10
[ 72.424739][ T5978] ? drm_gem_get_pages+0x6a0/0xa10
[ 72.424754][ T5978] change_page_attr_set_clr+0x34e/0x4a0
[ 72.424769][ T5978] ? __pfx_change_page_attr_set_clr+0x10/0x10
[ 72.424786][ T5978] _set_pages_array+0x1ab/0x2c0
[ 72.424800][ T5978] drm_gem_shmem_get_pages_locked+0x384/0x490
[ 72.424812][ T5978] ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10
[ 72.424823][ T5978] ? __pfx___might_resched+0x10/0x10
[ 72.424840][ T5978] drm_gem_shmem_mmap+0xc9/0x550
[ 72.424851][ T5978] ? __pfx_drm_gem_shmem_object_mmap+0x10/0x10
[ 72.424862][ T5978] drm_gem_mmap_obj+0x1b5/0x560
[ 72.424875][ T5978] drm_gem_mmap+0x40b/0x620
[ 72.424887][ T5978] ? __pfx_drm_gem_mmap+0x10/0x10
[ 72.424899][ T5978] ? vm_area_alloc+0x1f/0x160
[ 72.424915][ T5978] ? lockdep_init_map_type+0x5c/0x280
[ 72.424928][ T5978] __mmap_region+0x1306/0x27a0
[ 72.424939][ T5978] ? __pfx___mmap_region+0x10/0x10
[ 72.424949][ T5978] ? __pfx_avc_audit_post_callback+0x10/0x10
[ 72.424965][ T5978] ? audit_log_end+0x1f/0x30
[ 72.424977][ T5978] ? audit_log_end+0x1f/0x30
[ 72.424987][ T5978] ? common_lsm_audit+0x260/0x300
[ 72.425011][ T5978] ? __lock_acquire+0xb97/0x1ce0
[ 72.425023][ T5978] mmap_region+0x1ab/0x3f0
[ 72.425033][ T5978] ? __get_unmapped_area+0x267/0x440
[ 72.425046][ T5978] do_mmap+0xa3e/0x1210
[ 72.425059][ T5978] ? __pfx_do_mmap+0x10/0x10
[ 72.425072][ T5978] ? __pfx_down_write_killable+0x10/0x10
[ 72.425088][ T5978] vm_mmap_pgoff+0x29e/0x470
[ 72.425102][ T5978] ? __pfx_vm_mmap_pgoff+0x10/0x10
[ 72.425115][ T5978] ? __fget_files+0x20e/0x3c0
[ 72.425127][ T5978] ksys_mmap_pgoff+0x32c/0x5c0
[ 72.425140][ T5978] __x64_sys_mmap+0x125/0x190
[ 72.425152][ T5978] do_syscall_64+0xcd/0x4e0
[ 72.425169][ T5978] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 72.425181][ T5978] RIP: 0033:0x7f825658eec9
[ 72.425190][ T5978] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 72.425200][ T5978] RSP: 002b:00007ffcee652688 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 72.425211][ T5978] RAX: ffffffffffffffda RBX: 00007f82567e5fa0 RCX: 00007f825658eec9
[ 72.425218][ T5978] RDX: 0000000000000004 RSI: 0000000000004000 RDI: 0000200000001000
[ 72.425224][ T5978] RBP: 00007f8256611f91 R08: 0000000000000003 R09: 0000000100000000
[ 72.425230][ T5978] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000
[ 72.425236][ T5978] R13: 00007f82567e5fa0 R14: 00007f82567e5fa0 R15: 0000000000000006
[ 72.425246][ T5978]
[ 72.425249][ T5978]
[ 72.751145][ T5978] The buggy address belongs to the physical page:
[ 72.757533][ T5978] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88801f75fc00 pfn:0x1f75c
[ 72.767575][ T5978] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 72.776046][ T5978] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 72.783565][ T5978] page_type: f8(unknown)
[ 72.787785][ T5978] raw: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000
[ 72.796342][ T5978] raw: ffff88801f75fc00 0000000000000000 00000000f8000000 0000000000000000
[ 72.804899][ T5978] head: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000
[ 72.813560][ T5978] head: ffff88801f75fc00 0000000000000000 00000000f8000000 0000000000000000
[ 72.822215][ T5978] head: 00fff00000000002 ffffea00007dd701 00000000ffffffff 00000000ffffffff
[ 72.830867][ T5978] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[ 72.839509][ T5978] page dumped because: kasan: bad access detected
[ 72.845913][ T5978] page_owner tracks the page as allocated
[ 72.851613][ T5978] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x428c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_COMP), pid 5978, tgid 5978 (syz.0.17), ts 72327313076, free_ts 72326414796
[ 72.869737][ T5978] post_alloc_hook+0x1c0/0x230
[ 72.874487][ T5978] get_page_from_freelist+0x10a3/0x3a30
[ 72.880015][ T5978] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 72.885894][ T5978] alloc_pages_mpol+0x1fb/0x550
[ 72.890726][ T5978] ___kmalloc_large_node+0xed/0x160
[ 72.895908][ T5978] __kmalloc_large_node_noprof+0x1c/0x70
[ 72.901520][ T5978] __kvmalloc_node_noprof.cold+0xf/0x66
[ 72.907484][ T5978] drm_gem_get_pages+0x144/0xa10
[ 72.912400][ T5978] drm_gem_shmem_get_pages_locked+0x1e6/0x490
[ 72.918448][ T5978] drm_gem_shmem_mmap+0xc9/0x550
[ 72.923361][ T5978] drm_gem_mmap_obj+0x1b5/0x560
[ 72.928239][ T5978] drm_gem_mmap+0x40b/0x620
[ 72.932723][ T5978] __mmap_region+0x1306/0x27a0
[ 72.937463][ T5978] mmap_region+0x1ab/0x3f0
[ 72.941943][ T5978] do_mmap+0xa3e/0x1210
[ 72.946079][ T5978] vm_mmap_pgoff+0x29e/0x470
[ 72.950649][ T5978] page last free pid 5978 tgid 5978 stack trace:
[ 72.956963][ T5978] __free_frozen_pages+0x7df/0x1160
[ 72.962145][ T5978] stack_depot_save_flags+0x352/0x9c0
[ 72.967504][ T5978] kasan_save_stack+0x42/0x60
[ 72.972161][ T5978] kasan_save_track+0x14/0x30
[ 72.976817][ T5978] __kasan_kmalloc+0xaa/0xb0
[ 72.981401][ T5978] __kmalloc_node_noprof+0x347/0x8a0
[ 72.986665][ T5978] alloc_slab_obj_exts+0x3a/0xd0
[ 72.991587][ T5978] __memcg_slab_post_alloc_hook+0x251/0x940
[ 72.997464][ T5978] kmem_cache_alloc_noprof+0x550/0x6e0
[ 73.002922][ T5978] anon_vma_clone+0xd8/0x5c0
[ 73.007495][ T5978] __split_vma+0x65e/0x1070
[ 73.011982][ T5978] vms_gather_munmap_vmas+0x1cb/0x1340
[ 73.017421][ T5978] __mmap_region+0x434/0x27a0
[ 73.022072][ T5978] mmap_region+0x1ab/0x3f0
[ 73.026469][ T5978] do_mmap+0xa3e/0x1210
[ 73.030603][ T5978] vm_mmap_pgoff+0x29e/0x470
[ 73.035175][ T5978]
[ 73.037477][ T5978] Memory state around the buggy address:
[ 73.043091][ T5978] ffff88801f75e780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 73.051129][ T5978] ffff88801f75e800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 73.059176][ T5978] >ffff88801f75e880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe
[ 73.067212][ T5978] ^
[ 73.075177][ T5978] ffff88801f75e900: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 73.083228][ T5978] ffff88801f75e980: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 73.091267][ T5978] ==================================================================
[ 73.102940][ T5145] Bluetooth: hci0: command tx timeout
[ 73.110514][ T5978] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 73.117722][ T5978] CPU: 0 UID: 0 PID: 5978 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)
[ 73.126832][ T5978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 73.136895][ T5978] Call Trace:
[ 73.140155][ T5978]
[ 73.143064][ T5978] dump_stack_lvl+0x3d/0x1f0
[ 73.147643][ T5978] vpanic+0x640/0x6f0
[ 73.151694][ T5978] panic+0xca/0xd0
[ 73.155395][ T5978] ? __pfx_panic+0x10/0x10
[ 73.159791][ T5978] ? __cpa_addr+0x1d3/0x220
[ 73.164284][ T5978] ? preempt_schedule_common+0x44/0xc0
[ 73.169723][ T5978] ? preempt_schedule_thunk+0x16/0x30
[ 73.175081][ T5978] ? check_panic_on_warn+0x1f/0xb0
[ 73.180172][ T5978] check_panic_on_warn+0xab/0xb0
[ 73.185090][ T5978] end_report+0x107/0x170
[ 73.189405][ T5978] kasan_report+0xee/0x110
[ 73.193851][ T5978] ? __cpa_addr+0x1d3/0x220
[ 73.198338][ T5978] __cpa_addr+0x1d3/0x220
[ 73.202651][ T5978] cpa_flush+0x28b/0x8a0
[ 73.206875][ T5978] ? __pfx_cpa_flush+0x10/0x10
[ 73.211624][ T5978] ? pgprot2cachemode+0x9a/0x130
[ 73.216547][ T5978] ? __pfx_pgprot2cachemode+0x10/0x10
[ 73.221922][ T5978] ? drm_gem_get_pages+0x6a0/0xa10
[ 73.227033][ T5978] change_page_attr_set_clr+0x34e/0x4a0
[ 73.232576][ T5978] ? __pfx_change_page_attr_set_clr+0x10/0x10
[ 73.238638][ T5978] _set_pages_array+0x1ab/0x2c0
[ 73.243478][ T5978] drm_gem_shmem_get_pages_locked+0x384/0x490
[ 73.249537][ T5978] ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10
[ 73.256131][ T5978] ? __pfx___might_resched+0x10/0x10
[ 73.261425][ T5978] drm_gem_shmem_mmap+0xc9/0x550
[ 73.266350][ T5978] ? __pfx_drm_gem_shmem_object_mmap+0x10/0x10
[ 73.272489][ T5978] drm_gem_mmap_obj+0x1b5/0x560
[ 73.277325][ T5978] drm_gem_mmap+0x40b/0x620
[ 73.281821][ T5978] ? __pfx_drm_gem_mmap+0x10/0x10
[ 73.286849][ T5978] ? vm_area_alloc+0x1f/0x160
[ 73.291525][ T5978] ? lockdep_init_map_type+0x5c/0x280
[ 73.296886][ T5978] __mmap_region+0x1306/0x27a0
[ 73.301645][ T5978] ? __pfx___mmap_region+0x10/0x10
[ 73.306743][ T5978] ? __pfx_avc_audit_post_callback+0x10/0x10
[ 73.312708][ T5978] ? audit_log_end+0x1f/0x30
[ 73.317285][ T5978] ? audit_log_end+0x1f/0x30
[ 73.321870][ T5978] ? common_lsm_audit+0x260/0x300
[ 73.326903][ T5978] ? __lock_acquire+0xb97/0x1ce0
[ 73.331836][ T5978] mmap_region+0x1ab/0x3f0
[ 73.336236][ T5978] ? __get_unmapped_area+0x267/0x440
[ 73.341505][ T5978] do_mmap+0xa3e/0x1210
[ 73.345652][ T5978] ? __pfx_do_mmap+0x10/0x10
[ 73.350224][ T5978] ? __pfx_down_write_killable+0x10/0x10
[ 73.355852][ T5978] vm_mmap_pgoff+0x29e/0x470
[ 73.360432][ T5978] ? __pfx_vm_mmap_pgoff+0x10/0x10
[ 73.365525][ T5978] ? __fget_files+0x20e/0x3c0
[ 73.370183][ T5978] ksys_mmap_pgoff+0x32c/0x5c0
[ 73.374934][ T5978] __x64_sys_mmap+0x125/0x190
[ 73.379592][ T5978] do_syscall_64+0xcd/0x4e0
[ 73.384080][ T5978] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 73.389951][ T5978] RIP: 0033:0x7f825658eec9
[ 73.394350][ T5978] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 73.413948][ T5978] RSP: 002b:00007ffcee652688 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 73.422343][ T5978] RAX: ffffffffffffffda RBX: 00007f82567e5fa0 RCX: 00007f825658eec9
[ 73.430293][ T5978] RDX: 0000000000000004 RSI: 0000000000004000 RDI: 0000200000001000
[ 73.438246][ T5978] RBP: 00007f8256611f91 R08: 0000000000000003 R09: 0000000100000000
[ 73.446193][ T5978] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000
[ 73.454144][ T5978] R13: 00007f82567e5fa0 R14: 00007f82567e5fa0 R15: 0000000000000006
[ 73.462096][ T5978]
[ 73.465292][ T5978] Kernel Offset: disabled
[ 73.469588][ T5978] Rebooting in 86400 seconds..