Warning: Permanently added '10.128.0.236' (ED25519) to the list of known hosts.
2025/10/05 16:53:52 parsed 1 programs
[   72.715148][ T5845] cgroup: Unknown subsys name 'net'
[   72.847987][ T5845] cgroup: Unknown subsys name 'cpuset'
[   72.856532][ T5845] cgroup: Unknown subsys name 'rlimit'
[   74.291578][ T5845] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   77.080291][ T5853] chnl_net:caif_netlink_parms(): no params data found
[   77.151032][ T5853] bridge0: port 1(bridge_slave_0) entered blocking state
[   77.158316][ T5853] bridge0: port 1(bridge_slave_0) entered disabled state
[   77.166659][ T5853] bridge_slave_0: entered allmulticast mode
[   77.173741][ T5853] bridge_slave_0: entered promiscuous mode
[   77.182468][ T5853] bridge0: port 2(bridge_slave_1) entered blocking state
[   77.189697][ T5853] bridge0: port 2(bridge_slave_1) entered disabled state
[   77.196916][ T5853] bridge_slave_1: entered allmulticast mode
[   77.203922][ T5853] bridge_slave_1: entered promiscuous mode
[   77.233296][ T5853] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   77.245165][ T5853] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   77.276262][ T5853] team0: Port device team_slave_0 added
[   77.283775][ T5853] team0: Port device team_slave_1 added
[   77.309469][ T5853] batman_adv: batadv0: Adding interface: batadv_slave_0
[   77.316819][ T5853] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   77.343169][ T5853] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   77.356549][ T5853] batman_adv: batadv0: Adding interface: batadv_slave_1
[   77.363491][ T5853] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   77.389441][ T5853] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   77.430227][ T5853] hsr_slave_0: entered promiscuous mode
[   77.436756][ T5853] hsr_slave_1: entered promiscuous mode
[   77.574165][ T5853] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   77.585897][ T5853] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   77.596202][ T5853] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   77.606915][ T5853] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   77.635047][ T5853] bridge0: port 2(bridge_slave_1) entered blocking state
[   77.642260][ T5853] bridge0: port 2(bridge_slave_1) entered forwarding state
[   77.650025][ T5853] bridge0: port 1(bridge_slave_0) entered blocking state
[   77.657201][ T5853] bridge0: port 1(bridge_slave_0) entered forwarding state
[   77.711645][ T5853] 8021q: adding VLAN 0 to HW filter on device bond0
[   77.742670][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[   77.757631][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[   77.773880][ T5853] 8021q: adding VLAN 0 to HW filter on device team0
[   77.787246][ T3000] bridge0: port 1(bridge_slave_0) entered blocking state
[   77.794369][ T3000] bridge0: port 1(bridge_slave_0) entered forwarding state
[   77.809508][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   77.816707][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   77.971902][ T5853] 8021q: adding VLAN 0 to HW filter on device batadv0
[   78.016440][ T5853] veth0_vlan: entered promiscuous mode
[   78.027793][ T5853] veth1_vlan: entered promiscuous mode
[   78.059734][ T5853] veth0_macvtap: entered promiscuous mode
[   78.068867][ T5853] veth1_macvtap: entered promiscuous mode
[   78.088442][ T5853] batman_adv: batadv0: Interface activated: batadv_slave_0
[   78.103269][ T5853] batman_adv: batadv0: Interface activated: batadv_slave_1
[   78.119523][   T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   78.129372][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   78.141959][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   78.151452][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   78.209840][ T5853] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   78.333396][   T77] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   78.408167][   T77] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   78.466395][   T77] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   78.566298][   T77] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   79.411696][   T52] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   79.421778][   T52] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   79.429819][   T52] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   79.438320][   T52] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   79.446475][   T52] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   80.441090][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   80.460155][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   80.500016][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   80.508523][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   81.308696][   T77] bridge_slave_1: left allmulticast mode
[   81.314471][   T77] bridge_slave_1: left promiscuous mode
[   81.362537][   T77] bridge0: port 2(bridge_slave_1) entered disabled state
[   81.387208][   T77] bridge_slave_0: left allmulticast mode
[   81.392885][   T77] bridge_slave_0: left promiscuous mode
[   81.398921][   T77] bridge0: port 1(bridge_slave_0) entered disabled state
[   81.824134][   T77] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   81.858939][   T77] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   81.886653][   T77] bond0 (unregistering): Released all slaves
[   82.055639][   T77] hsr_slave_0: left promiscuous mode
[   82.063536][   T77] hsr_slave_1: left promiscuous mode
[   82.070582][   T77] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   82.078954][   T77] batman_adv: batadv0: Removing interface: batadv_slave_0
[   82.089367][   T77] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   82.097117][   T77] batman_adv: batadv0: Removing interface: batadv_slave_1
[   82.117608][   T77] veth1_macvtap: left promiscuous mode
[   82.123278][   T77] veth0_macvtap: left promiscuous mode
[   82.129859][   T77] veth1_vlan: left promiscuous mode
[   82.135628][   T77] veth0_vlan: left promiscuous mode
2025/10/05 16:54:04 executed programs: 0
[   82.412600][   T52] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   82.422131][   T52] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   82.430293][   T52] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   82.440551][   T52] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   82.448256][   T52] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   82.553455][   T77] team0 (unregistering): Port device team_slave_1 removed
[   82.579925][   T77] team0 (unregistering): Port device team_slave_0 removed
[   83.014935][ T5972] chnl_net:caif_netlink_parms(): no params data found
[   83.160113][ T5972] bridge0: port 1(bridge_slave_0) entered blocking state
[   83.171949][ T5972] bridge0: port 1(bridge_slave_0) entered disabled state
[   83.179885][ T5972] bridge_slave_0: entered allmulticast mode
[   83.190420][ T5972] bridge_slave_0: entered promiscuous mode
[   83.205659][ T5972] bridge0: port 2(bridge_slave_1) entered blocking state
[   83.212932][ T5972] bridge0: port 2(bridge_slave_1) entered disabled state
[   83.221805][ T5972] bridge_slave_1: entered allmulticast mode
[   83.230113][ T5972] bridge_slave_1: entered promiscuous mode
[   83.279605][ T5972] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   83.764533][ T5972] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   83.812945][ T5972] team0: Port device team_slave_0 added
[   83.833379][ T5972] team0: Port device team_slave_1 added
[   83.920375][ T5972] batman_adv: batadv0: Adding interface: batadv_slave_0
[   83.938019][ T5972] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   83.964447][ T5972] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   83.990313][ T5972] batman_adv: batadv0: Adding interface: batadv_slave_1
[   83.997617][ T5972] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   84.023921][ T5972] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   84.187953][ T5972] hsr_slave_0: entered promiscuous mode
[   84.196580][ T5972] hsr_slave_1: entered promiscuous mode
[   84.535339][   T52] Bluetooth: hci0: command tx timeout
[   85.054165][ T5972] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   85.070627][ T5972] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   85.092289][ T5972] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   85.106452][ T5972] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   85.221420][ T5972] 8021q: adding VLAN 0 to HW filter on device bond0
[   85.251831][ T5972] 8021q: adding VLAN 0 to HW filter on device team0
[   85.266670][   T77] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.273851][   T77] bridge0: port 1(bridge_slave_0) entered forwarding state
[   85.294327][   T77] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.302163][   T77] bridge0: port 2(bridge_slave_1) entered forwarding state
[   85.560507][ T5972] 8021q: adding VLAN 0 to HW filter on device batadv0
[   85.627610][ T5972] veth0_vlan: entered promiscuous mode
[   85.643485][ T5972] veth1_vlan: entered promiscuous mode
[   85.687327][ T5972] veth0_macvtap: entered promiscuous mode
[   85.699747][ T5972] veth1_macvtap: entered promiscuous mode
[   85.723218][ T5972] batman_adv: batadv0: Interface activated: batadv_slave_0
[   85.744120][ T5972] batman_adv: batadv0: Interface activated: batadv_slave_1
[   85.762731][   T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   85.779908][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   85.795774][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   85.804537][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   85.894004][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   85.915258][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   85.952494][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   85.962188][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   86.098820][ T6058] ==================================================================
[   86.106912][ T6058] BUG: KASAN: slab-out-of-bounds in change_page_attr_set_clr+0x625/0xfc0
[   86.115434][ T6058] Read of size 8 at addr ffff88807fafe8f8 by task syz.0.17/6058
[   86.123072][ T6058] 
[   86.125415][ T6058] CPU: 1 UID: 0 PID: 6058 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) 
[   86.125437][ T6058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   86.125453][ T6058] Call Trace:
[   86.125465][ T6058]  <TASK>
[   86.125472][ T6058]  dump_stack_lvl+0x189/0x250
[   86.125492][ T6058]  ? __kasan_check_byte+0x12/0x40
[   86.125511][ T6058]  ? __pfx_dump_stack_lvl+0x10/0x10
[   86.125527][ T6058]  ? lock_release+0x4b/0x3e0
[   86.125554][ T6058]  ? __virt_addr_valid+0x4a5/0x5c0
[   86.125572][ T6058]  print_report+0xca/0x240
[   86.125591][ T6058]  ? change_page_attr_set_clr+0x625/0xfc0
[   86.125611][ T6058]  kasan_report+0x118/0x150
[   86.125629][ T6058]  ? change_page_attr_set_clr+0x625/0xfc0
[   86.125652][ T6058]  change_page_attr_set_clr+0x625/0xfc0
[   86.125675][ T6058]  ? __pfx_change_page_attr_set_clr+0x10/0x10
[   86.125695][ T6058]  ? __pfx_pagerange_is_ram_callback+0x10/0x10
[   86.125713][ T6058]  ? memtype_reserve+0x874/0xb30
[   86.125743][ T6058]  ? __pfx___ww_mutex_lock+0x10/0x10
[   86.125765][ T6058]  _set_pages_array+0x145/0x270
[   86.125788][ T6058]  drm_gem_shmem_get_pages_locked+0x2d0/0x440
[   86.125811][ T6058]  ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10
[   86.125833][ T6058]  ? ww_mutex_lock+0x3f/0x1c0
[   86.125853][ T6058]  drm_gem_shmem_mmap+0x193/0x460
[   86.125875][ T6058]  drm_gem_mmap_obj+0x18a/0x4e0
[   86.125892][ T6058]  drm_gem_mmap+0x384/0x640
[   86.125909][ T6058]  ? __pfx_drm_gem_mmap+0x10/0x10
[   86.125925][ T6058]  ? __mas_set_range+0x12f/0x3c0
[   86.125948][ T6058]  mmap_region+0x18b4/0x2110
[   86.125976][ T6058]  ? __pfx_mmap_region+0x10/0x10
[   86.125997][ T6058]  ? kasan_save_track+0x4f/0x80
[   86.126012][ T6058]  ? kasan_save_track+0x3e/0x80
[   86.126026][ T6058]  ? __kasan_kmalloc+0x93/0xb0
[   86.126042][ T6058]  ? __kmalloc_cache_noprof+0x3d5/0x6f0
[   86.126057][ T6058]  ? vma_node_allow+0x5a/0x240
[   86.126072][ T6058]  ? drm_gem_handle_create_tail+0x20d/0x490
[   86.126094][ T6058]  ? drm_gem_shmem_dumb_create+0x24d/0x3c0
[   86.126113][ T6058]  ? drm_ioctl_kernel+0x2cf/0x390
[   86.126134][ T6058]  ? lockdep_unlock+0x89/0x120
[   86.126170][ T6058]  ? __pfx_arch_get_unmapped_area_topdown+0x10/0x10
[   86.126198][ T6058]  ? bpf_lsm_mmap_addr+0x9/0x20
[   86.126217][ T6058]  ? security_mmap_addr+0x71/0x270
[   86.126242][ T6058]  ? shmem_mapping+0xd/0x50
[   86.126261][ T6058]  ? memfd_check_seals_mmap+0xc5/0x200
[   86.126284][ T6058]  do_mmap+0xc45/0x10d0
[   86.126311][ T6058]  ? __pfx_do_mmap+0x10/0x10
[   86.126331][ T6058]  ? down_write_killable+0x178/0x230
[   86.126353][ T6058]  ? __pfx_down_write_killable+0x10/0x10
[   86.126373][ T6058]  ? common_file_perm+0x1b5/0x230
[   86.126393][ T6058]  vm_mmap_pgoff+0x2a6/0x4d0
[   86.126416][ T6058]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[   86.126436][ T6058]  ? __fget_files+0x2a/0x420
[   86.126457][ T6058]  ? __fget_files+0x2a/0x420
[   86.126477][ T6058]  ? __fget_files+0x2a/0x420
[   86.126498][ T6058]  ksys_mmap_pgoff+0x51f/0x760
[   86.126523][ T6058]  do_syscall_64+0xfa/0xfa0
[   86.126546][ T6058]  ? lockdep_hardirqs_on+0x9c/0x150
[   86.126564][ T6058]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.126581][ T6058]  ? clear_bhb_loop+0x60/0xb0
[   86.126600][ T6058]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.126616][ T6058] RIP: 0033:0x7f538358eec9
[   86.126636][ T6058] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   86.126650][ T6058] RSP: 002b:00007ffc97da3fd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[   86.126669][ T6058] RAX: ffffffffffffffda RBX: 00007f53837e5fa0 RCX: 00007f538358eec9
[   86.126682][ T6058] RDX: 0000000000000004 RSI: 0000000000004000 RDI: 0000200000001000
[   86.126693][ T6058] RBP: 00007f5383611f91 R08: 0000000000000003 R09: 0000000100000000
[   86.126705][ T6058] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000
[   86.126715][ T6058] R13: 00007f53837e5fa0 R14: 00007f53837e5fa0 R15: 0000000000000006
[   86.126735][ T6058]  </TASK>
[   86.126741][ T6058] 
[   86.509836][ T6058] The buggy address belongs to the physical page:
[   86.516266][ T6058] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88807fafdc00 pfn:0x7fafc
[   86.526425][ T6058] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   86.534922][ T6058] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[   86.542487][ T6058] page_type: f8(unknown)
[   86.546740][ T6058] raw: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000
[   86.555325][ T6058] raw: ffff88807fafdc00 0000000000000000 00000000f8000000 0000000000000000
[   86.563913][ T6058] head: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000
[   86.572591][ T6058] head: ffff88807fafdc00 0000000000000000 00000000f8000000 0000000000000000
[   86.581265][ T6058] head: 00fff00000000002 ffffea0001febf01 00000000ffffffff 00000000ffffffff
[   86.589928][ T6058] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   86.598578][ T6058] page dumped because: kasan: bad access detected
[   86.604982][ T6058] page_owner tracks the page as allocated
[   86.610676][ T6058] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x428c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_COMP), pid 6058, tgid 6058 (syz.0.17), ts 86018656867, free_ts 78661363993
[   86.628822][ T6058]  post_alloc_hook+0x240/0x2a0
[   86.633574][ T6058]  get_page_from_freelist+0x2365/0x2440
[   86.639103][ T6058]  __alloc_frozen_pages_noprof+0x181/0x370
[   86.644891][ T6058]  alloc_pages_mpol+0x232/0x4a0
[   86.649723][ T6058]  ___kmalloc_large_node+0x5f/0x1b0
[   86.654910][ T6058]  __kmalloc_large_node_noprof+0x18/0x90
[   86.660533][ T6058]  __kvmalloc_node_noprof+0x6e/0x910
[   86.665812][ T6058]  drm_gem_get_pages+0x166/0xa20
[   86.670743][ T6058]  drm_gem_shmem_get_pages_locked+0x201/0x440
[   86.676797][ T6058]  drm_gem_shmem_mmap+0x193/0x460
[   86.681809][ T6058]  drm_gem_mmap_obj+0x18a/0x4e0
[   86.686640][ T6058]  drm_gem_mmap+0x384/0x640
[   86.691133][ T6058]  mmap_region+0x18b4/0x2110
[   86.695716][ T6058]  do_mmap+0xc45/0x10d0
[   86.699856][ T6058]  vm_mmap_pgoff+0x2a6/0x4d0
[   86.704431][ T6058]  ksys_mmap_pgoff+0x51f/0x760
[   86.709181][ T6058] page last free pid 5854 tgid 5854 stack trace:
[   86.715488][ T6058]  __free_frozen_pages+0xbc4/0xd30
[   86.720582][ T6058]  __slab_free+0x2e7/0x390
[   86.724980][ T6058]  qlist_free_all+0x97/0x140
[   86.729557][ T6058]  kasan_quarantine_reduce+0x148/0x160
[   86.735002][ T6058]  __kasan_slab_alloc+0x22/0x80
[   86.739833][ T6058]  __kmalloc_noprof+0x3c3/0x7f0
[   86.744660][ T6058]  tomoyo_realpath_from_path+0xe3/0x5d0
[   86.750278][ T6058]  tomoyo_path2_perm+0x288/0x680
[   86.755196][ T6058]  tomoyo_path_rename+0x141/0x190
[   86.760209][ T6058]  security_path_rename+0x250/0x490
[   86.765389][ T6058]  do_renameat2+0x52b/0xa50
[   86.769873][ T6058]  __x64_sys_rename+0x82/0x90
[   86.774537][ T6058]  do_syscall_64+0xfa/0xfa0
[   86.779027][ T6058]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.784904][ T6058] 
[   86.787207][ T6058] Memory state around the buggy address:
[   86.792815][ T6058]  ffff88807fafe780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   86.800854][ T6058]  ffff88807fafe800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   86.808895][ T6058] >ffff88807fafe880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe
[   86.816946][ T6058]                                                                 ^
[   86.824898][ T6058]  ffff88807fafe900: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   86.832939][ T6058]  ffff88807fafe980: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   86.840977][ T6058] ==================================================================
[   86.851294][   T52] Bluetooth: hci0: command tx timeout
[   86.894194][ T6058] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   86.901635][ T6058] CPU: 1 UID: 0 PID: 6058 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) 
[   86.910747][ T6058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   86.920806][ T6058] Call Trace:
[   86.924085][ T6058]  <TASK>
[   86.927016][ T6058]  dump_stack_lvl+0x99/0x250
[   86.931608][ T6058]  ? __asan_memcpy+0x40/0x70
[   86.936290][ T6058]  ? __pfx_dump_stack_lvl+0x10/0x10
[   86.941487][ T6058]  ? __pfx__printk+0x10/0x10
[   86.946088][ T6058]  vpanic+0x237/0x6d0
[   86.950078][ T6058]  ? __pfx_vpanic+0x10/0x10
[   86.954583][ T6058]  ? preempt_schedule+0xae/0xc0
[   86.959436][ T6058]  ? __pfx_preempt_schedule+0x10/0x10
[   86.964811][ T6058]  panic+0xb9/0xc0
[   86.968535][ T6058]  ? __pfx_panic+0x10/0x10
[   86.972953][ T6058]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[   86.978853][ T6058]  ? change_page_attr_set_clr+0x625/0xfc0
[   86.984587][ T6058]  check_panic_on_warn+0x89/0xb0
[   86.989534][ T6058]  ? change_page_attr_set_clr+0x625/0xfc0
[   86.995264][ T6058]  end_report+0x78/0x160
[   86.999515][ T6058]  kasan_report+0x129/0x150
[   87.004029][ T6058]  ? change_page_attr_set_clr+0x625/0xfc0
[   87.009757][ T6058]  change_page_attr_set_clr+0x625/0xfc0
[   87.015311][ T6058]  ? __pfx_change_page_attr_set_clr+0x10/0x10
[   87.021403][ T6058]  ? __pfx_pagerange_is_ram_callback+0x10/0x10
[   87.027565][ T6058]  ? memtype_reserve+0x874/0xb30
[   87.032524][ T6058]  ? __pfx___ww_mutex_lock+0x10/0x10
[   87.037820][ T6058]  _set_pages_array+0x145/0x270
[   87.042684][ T6058]  drm_gem_shmem_get_pages_locked+0x2d0/0x440
[   87.048768][ T6058]  ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10
[   87.055374][ T6058]  ? ww_mutex_lock+0x3f/0x1c0
[   87.060068][ T6058]  drm_gem_shmem_mmap+0x193/0x460
[   87.065103][ T6058]  drm_gem_mmap_obj+0x18a/0x4e0
[   87.069959][ T6058]  drm_gem_mmap+0x384/0x640
[   87.074463][ T6058]  ? __pfx_drm_gem_mmap+0x10/0x10
[   87.079509][ T6058]  ? __mas_set_range+0x12f/0x3c0
[   87.084455][ T6058]  mmap_region+0x18b4/0x2110
[   87.089073][ T6058]  ? __pfx_mmap_region+0x10/0x10
[   87.094023][ T6058]  ? kasan_save_track+0x4f/0x80
[   87.098879][ T6058]  ? kasan_save_track+0x3e/0x80
[   87.103732][ T6058]  ? __kasan_kmalloc+0x93/0xb0
[   87.108498][ T6058]  ? __kmalloc_cache_noprof+0x3d5/0x6f0
[   87.114047][ T6058]  ? vma_node_allow+0x5a/0x240
[   87.118902][ T6058]  ? drm_gem_handle_create_tail+0x20d/0x490
[   87.124889][ T6058]  ? drm_gem_shmem_dumb_create+0x24d/0x3c0
[   87.130701][ T6058]  ? drm_ioctl_kernel+0x2cf/0x390
[   87.135736][ T6058]  ? lockdep_unlock+0x89/0x120
[   87.140524][ T6058]  ? __pfx_arch_get_unmapped_area_topdown+0x10/0x10
[   87.147131][ T6058]  ? bpf_lsm_mmap_addr+0x9/0x20
[   87.151991][ T6058]  ? security_mmap_addr+0x71/0x270
[   87.157114][ T6058]  ? shmem_mapping+0xd/0x50
[   87.161625][ T6058]  ? memfd_check_seals_mmap+0xc5/0x200
[   87.167097][ T6058]  do_mmap+0xc45/0x10d0
[   87.171277][ T6058]  ? __pfx_do_mmap+0x10/0x10
[   87.175876][ T6058]  ? down_write_killable+0x178/0x230
[   87.181173][ T6058]  ? __pfx_down_write_killable+0x10/0x10
[   87.186813][ T6058]  ? common_file_perm+0x1b5/0x230
[   87.191854][ T6058]  vm_mmap_pgoff+0x2a6/0x4d0
[   87.196461][ T6058]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[   87.201598][ T6058]  ? __fget_files+0x2a/0x420
[   87.206200][ T6058]  ? __fget_files+0x2a/0x420
[   87.210797][ T6058]  ? __fget_files+0x2a/0x420
[   87.215654][ T6058]  ksys_mmap_pgoff+0x51f/0x760
[   87.220427][ T6058]  do_syscall_64+0xfa/0xfa0
[   87.224944][ T6058]  ? lockdep_hardirqs_on+0x9c/0x150
[   87.230152][ T6058]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.236227][ T6058]  ? clear_bhb_loop+0x60/0xb0
[   87.240923][ T6058]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.246831][ T6058] RIP: 0033:0x7f538358eec9
[   87.251252][ T6058] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   87.270867][ T6058] RSP: 002b:00007ffc97da3fd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[   87.279295][ T6058] RAX: ffffffffffffffda RBX: 00007f53837e5fa0 RCX: 00007f538358eec9
[   87.287280][ T6058] RDX: 0000000000000004 RSI: 0000000000004000 RDI: 0000200000001000
[   87.295264][ T6058] RBP: 00007f5383611f91 R08: 0000000000000003 R09: 0000000100000000
[   87.303245][ T6058] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000
[   87.311230][ T6058] R13: 00007f53837e5fa0 R14: 00007f53837e5fa0 R15: 0000000000000006
[   87.319229][ T6058]  </TASK>
[   87.322526][ T6058] Kernel Offset: disabled
[   87.326841][ T6058] Rebooting in 86400 seconds..