Warning: Permanently added '10.128.0.6' (ED25519) to the list of known hosts. 2025/10/05 11:40:30 parsed 1 programs [ 60.512019][ T30] audit: type=1400 audit(1759664430.963:103): avc: denied { unlink } for pid=2707 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 61.389413][ T2707] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 61.896799][ T30] audit: type=1400 audit(1759664432.343:104): avc: denied { unmount } for pid=2711 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 66.493965][ T30] audit: type=1401 audit(1759664436.943:105): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768" 2025/10/05 11:40:37 executed programs: 0 [ 71.127251][ T30] audit: type=1400 audit(1759664441.573:106): avc: denied { read } for pid=3605 comm="syz.3.17" name="card0" dev="devtmpfs" ino=107 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 71.149936][ T30] audit: type=1400 audit(1759664441.573:107): avc: denied { open } for pid=3605 comm="syz.3.17" path="/dev/dri/card0" dev="devtmpfs" ino=107 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 71.173326][ T30] audit: type=1400 audit(1759664441.583:108): avc: denied { ioctl } for pid=3605 comm="syz.3.17" path="/dev/dri/card0" dev="devtmpfs" ino=107 ioctlcmd=0x64b2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 71.198158][ T30] audit: type=1400 audit(1759664441.583:109): avc: denied { map } for pid=3605 comm="syz.3.17" path="/dev/dri/card0" dev="devtmpfs" ino=107 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 71.221460][ T30] audit: type=1400 audit(1759664441.583:110): avc: denied { execute } for pid=3605 comm="syz.3.17" path="/dev/dri/card0" dev="devtmpfs" ino=107 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 71.247347][ T3606] ================================================================== [ 71.255571][ T3606] BUG: KASAN: slab-out-of-bounds in __cpa_addr+0x1a2/0x200 [ 71.262746][ T3606] Read of size 8 at addr ffff8881123028f8 by task syz.3.17/3606 [ 71.270346][ T3606] [ 71.272663][ T3606] CPU: 0 UID: 0 PID: 3606 Comm: syz.3.17 Not tainted syzkaller #0 PREEMPT(none) [ 71.272669][ T3606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 71.272675][ T3606] Call Trace: [ 71.272679][ T3606] [ 71.272684][ T3606] dump_stack_lvl+0x5a/0x90 [ 71.272694][ T3606] print_report+0xcd/0x630 [ 71.272700][ T3606] ? __virt_addr_valid+0x206/0x310 [ 71.272705][ T3606] ? __cpa_addr+0x1a2/0x200 [ 71.272709][ T3606] kasan_report+0xe0/0x110 [ 71.272712][ T3606] ? __cpa_addr+0x1a2/0x200 [ 71.272716][ T3606] __cpa_addr+0x1a2/0x200 [ 71.272720][ T3606] cpa_flush+0x201/0x830 [ 71.272724][ T3606] ? _vm_unmap_aliases+0xf0/0x450 [ 71.272729][ T3606] ? __pfx_cpa_flush+0x10/0x10 [ 71.272734][ T3606] ? __pfx_pgprot2cachemode+0x10/0x10 [ 71.272739][ T3606] change_page_attr_set_clr+0x269/0x3b0 [ 71.272742][ T3606] ? __pfx_change_page_attr_set_clr+0x10/0x10 [ 71.272745][ T3606] ? memtype_reserve+0x6de/0x9a0 [ 71.272750][ T3606] _set_pages_array+0x14f/0x1f0 [ 71.272753][ T3606] drm_gem_shmem_get_pages_locked+0x299/0x380 [ 71.272758][ T3606] ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10 [ 71.272761][ T3606] drm_gem_shmem_mmap+0xae/0x470 [ 71.272765][ T3606] drm_gem_mmap_obj+0x157/0x470 [ 71.272769][ T3606] drm_gem_mmap+0x33f/0x5d0 [ 71.272773][ T3606] ? __pfx_drm_gem_mmap+0x10/0x10 [ 71.272776][ T3606] ? lockdep_init_map_type+0x5e/0x1d0 [ 71.272782][ T3606] __mmap_region+0x132c/0x21f0 [ 71.272786][ T3606] ? __pfx___mmap_region+0x10/0x10 [ 71.272792][ T3606] ? kmem_cache_free+0x2da/0x510 [ 71.272796][ T3606] ? __wake_up+0x3f/0x60 [ 71.272800][ T3606] ? common_lsm_audit+0x1c4/0x260 [ 71.272810][ T3606] mmap_region+0x11d/0x2f0 [ 71.272814][ T3606] ? __pfx_drm_gem_mmap+0x10/0x10 [ 71.272817][ T3606] do_mmap+0xa6b/0xf60 [ 71.272822][ T3606] ? lock_acquire+0x124/0x190 [ 71.272826][ T3606] ? __pfx_do_mmap+0x10/0x10 [ 71.272829][ T3606] ? down_write_killable+0x109/0x1b0 [ 71.272834][ T3606] ? __pfx_down_write_killable+0x10/0x10 [ 71.272837][ T3606] vm_mmap_pgoff+0x217/0x390 [ 71.272842][ T3606] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 71.272845][ T3606] ? fget+0x1a5/0x260 [ 71.272849][ T3606] ? fget+0x1af/0x260 [ 71.272852][ T3606] ksys_mmap_pgoff+0x2e9/0x450 [ 71.272856][ T3606] do_syscall_64+0x6d/0x2f0 [ 71.272860][ T3606] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 71.272865][ T3606] RIP: 0033:0x7f35bad8eec9 [ 71.272870][ T3606] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 71.272876][ T3606] RSP: 002b:00007f35bbc6b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 71.272880][ T3606] RAX: ffffffffffffffda RBX: 00007f35bafe5fa0 RCX: 00007f35bad8eec9 [ 71.272882][ T3606] RDX: 0000000000000004 RSI: 0000000000004000 RDI: 0000200000001000 [ 71.272885][ T3606] RBP: 00007f35bae11f91 R08: 0000000000000003 R09: 0000000100000000 [ 71.272887][ T3606] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000 [ 71.272889][ T3606] R13: 00007f35bafe6038 R14: 00007f35bafe5fa0 R15: 00007ffefeb3bfb8 [ 71.272892][ T3606] [ 71.272894][ T3606] [ 71.574446][ T3606] The buggy address belongs to the physical page: [ 71.580853][ T3606] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888112301800 pfn:0x112300 [ 71.590960][ T3606] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 71.599420][ T3606] flags: 0x100000000000040(head|node=0|zone=2) [ 71.605559][ T3606] page_type: f8(unknown) [ 71.609765][ T3606] raw: 0100000000000040 0000000000000000 dead000000000122 0000000000000000 [ 71.618308][ T3606] raw: ffff888112301800 0000000000000000 00000000f8000000 0000000000000000 [ 71.626866][ T3606] head: 0100000000000040 0000000000000000 dead000000000122 0000000000000000 [ 71.635510][ T3606] head: ffff888112301800 0000000000000000 00000000f8000000 0000000000000000 [ 71.644161][ T3606] head: 0100000000000002 ffffea000448c001 00000000ffffffff 00000000ffffffff [ 71.652789][ T3606] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 71.661428][ T3606] page dumped because: kasan: bad access detected [ 71.667808][ T3606] page_owner tracks the page as allocated [ 71.673485][ T3606] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x428c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_COMP), pid 3606, tgid 3605 (syz.3.17), ts 71150223140, free_ts 71137866445 [ 71.691582][ T3606] post_alloc_hook+0x168/0x1d0 [ 71.696310][ T3606] get_page_from_freelist+0x115d/0x4310 [ 71.701822][ T3606] __alloc_frozen_pages_noprof+0x20c/0x470 [ 71.707590][ T3606] alloc_pages_mpol+0x135/0x400 [ 71.712420][ T3606] ___kmalloc_large_node+0xf0/0x130 [ 71.717583][ T3606] __kmalloc_large_node_noprof+0x18/0xc0 [ 71.723173][ T3606] __kvmalloc_node_noprof+0x4bd/0x660 [ 71.728507][ T3606] drm_gem_get_pages+0x114/0x720 [ 71.733417][ T3606] drm_gem_shmem_get_pages_locked+0x15c/0x380 [ 71.739443][ T3606] drm_gem_shmem_mmap+0xae/0x470 [ 71.744363][ T3606] drm_gem_mmap_obj+0x157/0x470 [ 71.749172][ T3606] drm_gem_mmap+0x33f/0x5d0 [ 71.753633][ T3606] __mmap_region+0x132c/0x21f0 [ 71.758356][ T3606] mmap_region+0x11d/0x2f0 [ 71.762730][ T3606] do_mmap+0xa6b/0xf60 [ 71.766760][ T3606] vm_mmap_pgoff+0x217/0x390 [ 71.771308][ T3606] page last free pid 3606 tgid 3605 stack trace: [ 71.777594][ T3606] __free_frozen_pages+0x801/0x1120 [ 71.782758][ T3606] stack_depot_save_flags+0x345/0x8d0 [ 71.788088][ T3606] kasan_save_stack+0x42/0x60 [ 71.792742][ T3606] kasan_save_track+0x14/0x30 [ 71.797379][ T3606] __kasan_slab_alloc+0x89/0x90 [ 71.802189][ T3606] kmem_cache_alloc_noprof+0x1c9/0x3f0 [ 71.807605][ T3606] radix_tree_node_alloc.constprop.0+0x185/0x300 [ 71.813897][ T3606] idr_get_free+0x49e/0x860 [ 71.818371][ T3606] idr_alloc_u32+0x148/0x270 [ 71.822920][ T3606] idr_alloc+0x75/0xc0 [ 71.826973][ T3606] drm_gem_handle_create_tail+0xf2/0x450 [ 71.832561][ T3606] drm_gem_shmem_dumb_create+0x1a1/0x260 [ 71.838173][ T3606] drm_ioctl_kernel+0x165/0x2e0 [ 71.843067][ T3606] drm_ioctl+0x4af/0xb00 [ 71.847268][ T3606] __x64_sys_ioctl+0x134/0x1c0 [ 71.852000][ T3606] do_syscall_64+0x6d/0x2f0 [ 71.856461][ T3606] [ 71.858747][ T3606] Memory state around the buggy address: [ 71.864335][ T3606] ffff888112302780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 71.872355][ T3606] ffff888112302800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 71.880375][ T3606] >ffff888112302880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe [ 71.888389][ T3606] ^ [ 71.896327][ T3606] ffff888112302900: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 71.904359][ T3606] ffff888112302980: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 71.912388][ T3606] ================================================================== [ 71.920730][ T3606] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 71.928079][ T3606] Kernel Offset: disabled [ 71.932369][ T3606] Rebooting in 86400 seconds..