Warning: Permanently added '10.128.1.105' (ED25519) to the list of known hosts.
2025/10/20 09:08:02 parsed 1 programs
[   70.037369][ T2668] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
2025/10/20 09:08:10 executed programs: 0
2025/10/20 09:08:16 executed programs: 2
[   82.751993][ T3565] ==================================================================
[   82.760078][ T3565] BUG: KASAN: slab-out-of-bounds in change_page_attr_set_clr+0x61a/0xe20
[   82.768483][ T3565] Read of size 8 at addr ffff88810df74ef8 by task syz.3.17/3565
[   82.776084][ T3565] 
[   82.778399][ T3565] CPU: 1 UID: 0 PID: 3565 Comm: syz.3.17 Not tainted syzkaller #0 PREEMPT(none) 
[   82.778408][ T3565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   82.778413][ T3565] Call Trace:
[   82.778418][ T3565]  <TASK>
[   82.778421][ T3565]  dump_stack_lvl+0xf4/0x170
[   82.778438][ T3565]  ? __pfx_dump_stack_lvl+0x10/0x10
[   82.778442][ T3565]  ? rcu_is_watching+0x1f/0xa0
[   82.778446][ T3565]  ? __virt_addr_valid+0x176/0x2b0
[   82.778451][ T3565]  ? lock_release+0x42/0x2f0
[   82.778455][ T3565]  ? lock_acquire+0x69/0x210
[   82.778458][ T3565]  ? __virt_addr_valid+0x176/0x2b0
[   82.778462][ T3565]  ? __virt_addr_valid+0x262/0x2b0
[   82.778465][ T3565]  print_report+0xca/0x240
[   82.778470][ T3565]  ? change_page_attr_set_clr+0x61a/0xe20
[   82.778474][ T3565]  kasan_report+0x118/0x150
[   82.778479][ T3565]  ? change_page_attr_set_clr+0x61a/0xe20
[   82.778484][ T3565]  change_page_attr_set_clr+0x61a/0xe20
[   82.778489][ T3565]  ? __pfx_change_page_attr_set_clr+0x10/0x10
[   82.778493][ T3565]  ? __pfx_pagerange_is_ram_callback+0x10/0x10
[   82.778497][ T3565]  ? memtype_reserve+0x59c/0x830
[   82.778502][ T3565]  _set_pages_array+0xe3/0x1c0
[   82.778507][ T3565]  drm_gem_shmem_get_pages_locked+0x20c/0x350
[   82.778514][ T3565]  ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10
[   82.778519][ T3565]  ? ww_mutex_lock+0x32/0x350
[   82.778525][ T3565]  drm_gem_shmem_mmap+0x12b/0x360
[   82.778529][ T3565]  drm_gem_mmap_obj+0x14d/0x380
[   82.778535][ T3565]  drm_gem_mmap+0x30b/0x520
[   82.778539][ T3565]  ? __pfx_drm_gem_mmap+0x10/0x10
[   82.778543][ T3565]  ? kmem_cache_alloc_noprof+0x20f/0x400
[   82.778548][ T3565]  ? __mas_set_range+0xee/0x310
[   82.778553][ T3565]  mmap_region+0x14b1/0x1c50
[   82.778559][ T3565]  ? __pfx_mmap_region+0x10/0x10
[   82.778563][ T3565]  ? rcu_is_watching+0x1f/0xa0
[   82.778566][ T3565]  ? __schedule+0x1598/0x23a0
[   82.778574][ T3565]  ? __pfx_arch_get_unmapped_area_topdown+0x10/0x10
[   82.778579][ T3565]  ? security_mmap_addr+0x4d/0x100
[   82.778583][ T3565]  ? __get_unmapped_area+0x264/0x2d0
[   82.778589][ T3565]  do_mmap+0x930/0xc30
[   82.778594][ T3565]  ? __pfx_do_mmap+0x10/0x10
[   82.778598][ T3565]  ? down_write_killable+0x123/0x1b0
[   82.778602][ T3565]  ? vm_mmap_pgoff+0x22e/0x420
[   82.778607][ T3565]  ? __pfx_down_write_killable+0x10/0x10
[   82.778611][ T3565]  ? drm_ioctl+0x564/0x9b0
[   82.778615][ T3565]  vm_mmap_pgoff+0x2a2/0x420
[   82.778620][ T3565]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[   82.778624][ T3565]  ? __fget_files+0x2e/0x2a0
[   82.778629][ T3565]  ? __fget_files+0x23d/0x2a0
[   82.778632][ T3565]  ? __fget_files+0x2e/0x2a0
[   82.778636][ T3565]  ksys_mmap_pgoff+0x2be/0x3f0
[   82.778641][ T3565]  do_syscall_64+0x8f/0x250
[   82.778646][ T3565]  ? fpregs_assert_state_consistent+0x48/0x60
[   82.778651][ T3565]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   82.778656][ T3565] RIP: 0033:0x7f3d8169efc9
[   82.778665][ T3565] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   82.778668][ T3565] RSP: 002b:00007f3d81507038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[   82.778674][ T3565] RAX: ffffffffffffffda RBX: 00007f3d818f5fa0 RCX: 00007f3d8169efc9
[   82.778678][ T3565] RDX: 0000000000000004 RSI: 0000000000004000 RDI: 0000200000001000
[   82.778681][ T3565] RBP: 00007f3d81721f91 R08: 0000000000000003 R09: 0000000100000000
[   82.778683][ T3565] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000
[   82.778686][ T3565] R13: 00007f3d818f6038 R14: 00007f3d818f5fa0 R15: 00007ffddb583338
[   82.778689][ T3565]  </TASK>
[   82.778691][ T3565] 
[   83.124358][ T3565] Allocated by task 3565:
[   83.128661][ T3565]  kasan_save_track+0x3e/0x80
[   83.133312][ T3565]  __kasan_kmalloc+0x93/0xb0
[   83.137870][ T3565]  __kvmalloc_node_noprof+0x2e5/0x5c0
[   83.143214][ T3565]  drm_gem_get_pages+0x12b/0x7b0
[   83.148118][ T3565]  drm_gem_shmem_get_pages_locked+0x14e/0x350
[   83.154153][ T3565]  drm_gem_shmem_mmap+0x12b/0x360
[   83.159144][ T3565]  drm_gem_mmap_obj+0x14d/0x380
[   83.163964][ T3565]  drm_gem_mmap+0x30b/0x520
[   83.168444][ T3565]  mmap_region+0x14b1/0x1c50
[   83.173011][ T3565]  do_mmap+0x930/0xc30
[   83.177066][ T3565]  vm_mmap_pgoff+0x2a2/0x420
[   83.181628][ T3565]  ksys_mmap_pgoff+0x2be/0x3f0
[   83.186365][ T3565]  do_syscall_64+0x8f/0x250
[   83.190840][ T3565]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   83.196703][ T3565] 
[   83.199005][ T3565] The buggy address belongs to the object at ffff88810df74e00
[   83.199005][ T3565]  which belongs to the cache kmalloc-256 of size 256
[   83.213031][ T3565] The buggy address is located 0 bytes to the right of
[   83.213031][ T3565]  allocated 248-byte region [ffff88810df74e00, ffff88810df74ef8)
[   83.227562][ T3565] 
[   83.229865][ T3565] The buggy address belongs to the physical page:
[   83.236261][ T3565] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10df74
[   83.245108][ T3565] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   83.253578][ T3565] flags: 0x100000000000040(head|node=0|zone=2)
[   83.259714][ T3565] page_type: f5(slab)
[   83.263666][ T3565] raw: 0100000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   83.272220][ T3565] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   83.280779][ T3565] head: 0100000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   83.289420][ T3565] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   83.298061][ T3565] head: 0100000000000001 ffffea000437dd01 00000000ffffffff 00000000ffffffff
[   83.306708][ T3565] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000002
[   83.315431][ T3565] page dumped because: kasan: bad access detected
[   83.321818][ T3565] page_owner tracks the page as allocated
[   83.327507][ T3565] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 4901251468, free_ts 0
[   83.347089][ T3565]  post_alloc_hook+0x168/0x1a0
[   83.351838][ T3565]  get_page_from_freelist+0x3719/0x3870
[   83.357376][ T3565]  __alloc_frozen_pages_noprof+0x26b/0x460
[   83.363151][ T3565]  alloc_pages_mpol+0xcb/0x270
[   83.368165][ T3565]  allocate_slab+0x8a/0x320
[   83.372986][ T3565]  ___slab_alloc+0x9c6/0x10a0
[   83.377722][ T3565]  __kmalloc_node_track_caller_noprof+0x2e3/0x4f0
[   83.384102][ T3565]  krealloc_noprof+0x124/0x310
[   83.388837][ T3565]  add_sysfs_param+0xc4/0x8c0
[   83.393514][ T3565]  kernel_add_sysfs_param+0x7f/0xe0
[   83.398683][ T3565]  param_sysfs_builtin+0x18a/0x230
[   83.403760][ T3565]  param_sysfs_builtin_init+0x23/0x30
[   83.409097][ T3565]  do_one_initcall+0x197/0x4d0
[   83.413832][ T3565]  do_initcall_level+0x117/0x1d0
[   83.418833][ T3565]  do_initcalls+0x59/0xa0
[   83.423128][ T3565]  kernel_init_freeable+0x306/0x470
[   83.428297][ T3565] page_owner free stack trace missing
[   83.433745][ T3565] 
[   83.436071][ T3565] Memory state around the buggy address:
[   83.441670][ T3565]  ffff88810df74d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   83.449706][ T3565]  ffff88810df74e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   83.457740][ T3565] >ffff88810df74e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   83.465861][ T3565]                                                                 ^
[   83.473888][ T3565]  ffff88810df74f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   83.481989][ T3565]  ffff88810df74f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   83.490028][ T3565] ==================================================================
[   83.499022][ T3565] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   83.506328][ T3565] Kernel Offset: disabled
[   83.510644][ T3565] Rebooting in 86400 seconds..