Warning: Permanently added '10.128.0.135' (ED25519) to the list of known hosts.
2025/10/24 03:21:13 parsed 1 programs
[ 24.479444][ T28] audit: type=1400 audit(1761276073.694:64): avc: denied { node_bind } for pid=283 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[ 24.500189][ T28] audit: type=1400 audit(1761276073.694:65): avc: denied { module_request } for pid=283 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[ 25.655850][ T28] audit: type=1400 audit(1761276074.864:66): avc: denied { mounton } for pid=292 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[ 25.657174][ T292] cgroup: Unknown subsys name 'net'
[ 25.678513][ T28] audit: type=1400 audit(1761276074.864:67): avc: denied { mount } for pid=292 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 25.705869][ T28] audit: type=1400 audit(1761276074.894:68): avc: denied { unmount } for pid=292 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 25.706157][ T292] cgroup: Unknown subsys name 'devices'
[ 25.849843][ T292] cgroup: Unknown subsys name 'hugetlb'
[ 25.855490][ T292] cgroup: Unknown subsys name 'rlimit'
[ 25.998326][ T28] audit: type=1400 audit(1761276075.214:69): avc: denied { setattr } for pid=292 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 26.021633][ T28] audit: type=1400 audit(1761276075.214:70): avc: denied { create } for pid=292 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 26.042068][ T28] audit: type=1400 audit(1761276075.214:71): avc: denied { write } for pid=292 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 26.053353][ T294] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped).
[ 26.062479][ T28] audit: type=1400 audit(1761276075.214:72): avc: denied { read } for pid=292 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 26.091111][ T28] audit: type=1400 audit(1761276075.214:73): avc: denied { mounton } for pid=292 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 26.135437][ T292] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 26.874708][ T296] request_module fs-gadgetfs succeeded, but still no fs?
[ 27.278455][ T317] syz-executor (317) used greatest stack depth: 21696 bytes left
[ 27.400417][ T333] bridge0: port 1(bridge_slave_0) entered blocking state
[ 27.407473][ T333] bridge0: port 1(bridge_slave_0) entered disabled state
[ 27.415195][ T333] device bridge_slave_0 entered promiscuous mode
[ 27.422852][ T333] bridge0: port 2(bridge_slave_1) entered blocking state
[ 27.430244][ T333] bridge0: port 2(bridge_slave_1) entered disabled state
[ 27.437989][ T333] device bridge_slave_1 entered promiscuous mode
[ 27.488991][ T333] bridge0: port 2(bridge_slave_1) entered blocking state
[ 27.496133][ T333] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 27.503483][ T333] bridge0: port 1(bridge_slave_0) entered blocking state
[ 27.510545][ T333] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 27.534679][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 27.542374][ T10] bridge0: port 1(bridge_slave_0) entered disabled state
[ 27.549676][ T10] bridge0: port 2(bridge_slave_1) entered disabled state
[ 27.562096][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 27.570343][ T10] bridge0: port 1(bridge_slave_0) entered blocking state
[ 27.577366][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 27.584934][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 27.594059][ T10] bridge0: port 2(bridge_slave_1) entered blocking state
[ 27.601117][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 27.613191][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 27.622449][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 27.636636][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 27.648661][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 27.656749][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 27.664461][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 27.672759][ T333] device veth0_vlan entered promiscuous mode
[ 27.682848][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 27.692056][ T333] device veth1_macvtap entered promiscuous mode
[ 27.701582][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 27.711826][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
2025/10/24 03:21:17 executed programs: 0
[ 28.102412][ T365] bridge0: port 1(bridge_slave_0) entered blocking state
[ 28.109512][ T365] bridge0: port 1(bridge_slave_0) entered disabled state
[ 28.116904][ T365] device bridge_slave_0 entered promiscuous mode
[ 28.124100][ T365] bridge0: port 2(bridge_slave_1) entered blocking state
[ 28.131357][ T365] bridge0: port 2(bridge_slave_1) entered disabled state
[ 28.138945][ T365] device bridge_slave_1 entered promiscuous mode
[ 28.211887][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 28.219428][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 28.234179][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 28.243203][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 28.251614][ T10] bridge0: port 1(bridge_slave_0) entered blocking state
[ 28.258674][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 28.272023][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 28.280641][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 28.289014][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 28.297126][ T10] bridge0: port 2(bridge_slave_1) entered blocking state
[ 28.304172][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 28.316079][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 28.324266][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 28.334595][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 28.342940][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 28.362884][ T365] device veth0_vlan entered promiscuous mode
[ 28.369087][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 28.377489][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 28.385920][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 28.394609][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 28.402799][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 28.410356][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 28.423134][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 28.431388][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 28.440738][ T365] device veth1_macvtap entered promiscuous mode
[ 28.450314][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 28.457957][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 28.466152][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 28.479161][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 28.487421][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 28.517221][ T375] loop2: detected capacity change from 0 to 1024
[ 28.523903][ T375] =======================================================
[ 28.523903][ T375] WARNING: The mand mount option has been deprecated and
[ 28.523903][ T375] and is ignored by this kernel. Remove the mand
[ 28.523903][ T375] option from the mount to silence this warning.
[ 28.523903][ T375] =======================================================
[ 28.559592][ T375] EXT4-fs: Ignoring removed bh option
[ 28.565626][ T375] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 28.579785][ T375] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[ 28.601661][ T375] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3836: comm syz.2.17: Allocating blocks 497-513 which overlap fs metadata
[ 28.616587][ T375] EXT4-fs (loop2): pa ffff8881111c69d8: logic 64, phys. 193, len 20
[ 28.624728][ T375] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:4876: group 0, free 0, pa_free 1
[ 28.636643][ T10] ==================================================================
[ 28.644723][ T10] BUG: KASAN: use-after-free in ext4_find_extent+0xbeb/0xe20
[ 28.652132][ T10] Read of size 4 at addr ffff888123fa4c94 by task kworker/u4:1/10
[ 28.659943][ T10]
[ 28.662266][ T10] CPU: 1 PID: 10 Comm: kworker/u4:1 Not tainted syzkaller #0
[ 28.669644][ T10] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 28.679713][ T10] Workqueue: writeback wb_workfn (flush-7:2)
[ 28.685723][ T10] Call Trace:
[ 28.688999][ T10]
[ 28.691929][ T10] __dump_stack+0x21/0x24
[ 28.696281][ T10] dump_stack_lvl+0xee/0x150
[ 28.700882][ T10] ? __cfi_dump_stack_lvl+0x8/0x8
[ 28.705915][ T10] ? ext4_find_extent+0xbeb/0xe20
[ 28.710939][ T10] print_address_description+0x71/0x200
[ 28.716503][ T10] print_report+0x4a/0x60
[ 28.720845][ T10] kasan_report+0x122/0x150
[ 28.725355][ T10] ? ext4_find_extent+0xbeb/0xe20
[ 28.730380][ T10] __asan_report_load4_noabort+0x14/0x20
[ 28.736023][ T10] ext4_find_extent+0xbeb/0xe20
[ 28.740874][ T10] ? __cfi__raw_spin_lock_irqsave+0x10/0x10
[ 28.746777][ T10] ext4_ext_map_blocks+0x1dc/0x6060
[ 28.751993][ T10] ? _raw_spin_unlock_irqrestore+0x5a/0x80
[ 28.757800][ T10] ? __stack_depot_save+0x445/0x480
[ 28.763003][ T10] ? kasan_set_track+0x60/0x70
[ 28.767770][ T10] ? kasan_set_track+0x4b/0x70
[ 28.772534][ T10] ? kasan_save_alloc_info+0x25/0x30
[ 28.777827][ T10] ? __kasan_slab_alloc+0x72/0x80
[ 28.782857][ T10] ? slab_post_alloc_hook+0x4f/0x2d0
[ 28.788146][ T10] ? kmem_cache_alloc+0x16e/0x330
[ 28.793168][ T10] ? ext4_alloc_io_end_vec+0x2a/0x160
[ 28.798544][ T10] ? ext4_writepages+0xf42/0x3020
[ 28.803571][ T10] ? do_writepages+0x3a9/0x5e0
[ 28.808341][ T10] ? __writeback_single_inode+0xc6/0xad0
[ 28.813972][ T10] ? writeback_sb_inodes+0x9b8/0x1550
[ 28.819434][ T10] ? wb_writeback+0x3f1/0x980
[ 28.824105][ T10] ? wb_workfn+0x350/0xda0
[ 28.828513][ T10] ? process_one_work+0x71f/0xc40
[ 28.833532][ T10] ? worker_thread+0xa29/0x11f0
[ 28.838391][ T10] ? kthread+0x281/0x320
[ 28.842655][ T10] ? __cfi_ext4_ext_map_blocks+0x10/0x10
[ 28.848306][ T10] ? ext4_es_lookup_extent+0x32d/0x8c0
[ 28.853773][ T10] ext4_map_blocks+0x9cb/0x1b60
[ 28.858624][ T10] ? __cfi_ext4_map_blocks+0x10/0x10
[ 28.863907][ T10] ? ext4_inode_journal_mode+0x19a/0x480
[ 28.869533][ T10] ext4_writepages+0x1260/0x3020
[ 28.874473][ T10] ? xas_load+0x39e/0x3b0
[ 28.878819][ T10] ? __cfi_ext4_writepages+0x10/0x10
[ 28.884102][ T10] ? __kasan_check_write+0x14/0x20
[ 28.889207][ T10] ? __filemap_get_folio+0x81c/0x980
[ 28.894490][ T10] ? __kasan_check_read+0x11/0x20
[ 28.899527][ T10] ? folio_mark_accessed+0x1b8/0x4d0
[ 28.904821][ T10] ? __kasan_check_write+0x14/0x20
[ 28.909933][ T10] ? __cfi_ext4_writepages+0x10/0x10
[ 28.915217][ T10] do_writepages+0x3a9/0x5e0
[ 28.919809][ T10] ? __update_load_avg_cfs_rq+0xaf/0x2f0
[ 28.925447][ T10] ? __cfi_do_writepages+0x10/0x10
[ 28.930562][ T10] ? __kasan_check_write+0x14/0x20
[ 28.935669][ T10] ? _raw_spin_lock+0x8e/0xe0
[ 28.940343][ T10] __writeback_single_inode+0xc6/0xad0
[ 28.945804][ T10] ? inode_io_list_move_locked+0x366/0x3d0
[ 28.951612][ T10] writeback_sb_inodes+0x9b8/0x1550
[ 28.956811][ T10] ? check_preempt_wakeup+0x7fd/0xbc0
[ 28.962181][ T10] ? queue_io+0x4c0/0x4c0
[ 28.966511][ T10] ? __kasan_check_read+0x11/0x20
[ 28.971538][ T10] ? queue_io+0x382/0x4c0
[ 28.975870][ T10] wb_writeback+0x3f1/0x980
[ 28.980380][ T10] ? inode_cgwb_move_to_attached+0x3e0/0x3e0
[ 28.986365][ T10] ? set_worker_desc+0x155/0x1c0
[ 28.991307][ T10] ? update_load_avg+0x4c2/0x13f0
[ 28.996342][ T10] ? __kasan_check_write+0x14/0x20
[ 29.001471][ T10] ? sched_clock_cpu+0x6e/0x250
[ 29.006326][ T10] wb_workfn+0x350/0xda0
[ 29.010571][ T10] ? __cfi_wb_workfn+0x10/0x10
[ 29.015328][ T10] ? kthread_data+0x50/0xc0
[ 29.019845][ T10] ? _raw_spin_unlock+0x4c/0x70
[ 29.024695][ T10] ? finish_task_switch+0x16b/0x7b0
[ 29.029901][ T10] ? __switch_to_asm+0x3a/0x60
[ 29.034671][ T10] ? __schedule+0xb8f/0x14e0
[ 29.039259][ T10] ? __cfi__raw_spin_lock_irq+0x10/0x10
[ 29.044804][ T10] process_one_work+0x71f/0xc40
[ 29.049654][ T10] worker_thread+0xa29/0x11f0
[ 29.054330][ T10] kthread+0x281/0x320
[ 29.058394][ T10] ? __cfi_worker_thread+0x10/0x10
[ 29.063500][ T10] ? __cfi_kthread+0x10/0x10
[ 29.068091][ T10] ret_from_fork+0x1f/0x30
[ 29.072509][ T10]
[ 29.075524][ T10]
[ 29.077843][ T10] Allocated by task 297:
[ 29.082076][ T10] kasan_set_track+0x4b/0x70
[ 29.086661][ T10] kasan_save_alloc_info+0x25/0x30
[ 29.091774][ T10] __kasan_slab_alloc+0x72/0x80
[ 29.096642][ T10] slab_post_alloc_hook+0x4f/0x2d0
[ 29.101757][ T10] kmem_cache_alloc_lru+0x104/0x280
[ 29.106954][ T10] shmem_alloc_inode+0x28/0x40
[ 29.111719][ T10] new_inode_pseudo+0x70/0x1f0
[ 29.116490][ T10] new_inode+0x28/0x1e0
[ 29.120667][ T10] shmem_get_inode+0x349/0xc20
[ 29.125431][ T10] shmem_symlink+0x9e/0x4c0
[ 29.129938][ T10] vfs_symlink+0x261/0x3f0
[ 29.134353][ T10] do_symlinkat+0x124/0x5a0
[ 29.138856][ T10] __x64_sys_symlink+0x7e/0x90
[ 29.143619][ T10] x64_sys_call+0x369/0x9a0
[ 29.148115][ T10] do_syscall_64+0x4c/0xa0
[ 29.152526][ T10] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 29.158416][ T10]
[ 29.160733][ T10] Freed by task 344:
[ 29.164612][ T10] kasan_set_track+0x4b/0x70
[ 29.169195][ T10] kasan_save_free_info+0x31/0x50
[ 29.174220][ T10] ____kasan_slab_free+0x132/0x180
[ 29.179326][ T10] __kasan_slab_free+0x11/0x20
[ 29.184091][ T10] slab_free_freelist_hook+0xc2/0x190
[ 29.189468][ T10] kmem_cache_free+0x12d/0x300
[ 29.194231][ T10] shmem_free_in_core_inode+0x90/0xb0
[ 29.199600][ T10] i_callback+0x5a/0x80
[ 29.203755][ T10] rcu_do_batch+0x515/0xb90
[ 29.208249][ T10] rcu_core+0x5a5/0xe70
[ 29.212409][ T10] rcu_core_si+0x9/0x10
[ 29.216564][ T10] handle_softirqs+0x1d7/0x600
[ 29.221327][ T10] __do_softirq+0xb/0xd
[ 29.225488][ T10]
[ 29.227809][ T10] Last potentially related work creation:
[ 29.233517][ T10] kasan_save_stack+0x3a/0x60
[ 29.238194][ T10] __kasan_record_aux_stack+0xb6/0xc0
[ 29.243566][ T10] kasan_record_aux_stack_noalloc+0xb/0x10
[ 29.249394][ T10] call_rcu+0xd4/0xf90
[ 29.253468][ T10] evict+0x7f6/0x890
[ 29.257368][ T10] iput+0x620/0x670
[ 29.261173][ T10] do_unlinkat+0x375/0x6b0
[ 29.265587][ T10] __x64_sys_unlink+0x49/0x50
[ 29.270269][ T10] x64_sys_call+0x958/0x9a0
[ 29.274773][ T10] do_syscall_64+0x4c/0xa0
[ 29.279185][ T10] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 29.285077][ T10]
[ 29.287393][ T10] The buggy address belongs to the object at ffff888123fa4b58
[ 29.287393][ T10] which belongs to the cache shmem_inode_cache of size 840
[ 29.301956][ T10] The buggy address is located 316 bytes inside of
[ 29.301956][ T10] 840-byte region [ffff888123fa4b58, ffff888123fa4ea0)
[ 29.315225][ T10]
[ 29.317542][ T10] The buggy address belongs to the physical page:
[ 29.323941][ T10] page:ffffea00048fe900 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x123fa4
[ 29.334170][ T10] head:ffffea00048fe900 order:2 compound_mapcount:0 compound_pincount:0
[ 29.342485][ T10] flags: 0x4000000000010200(slab|head|zone=1)
[ 29.348561][ T10] raw: 4000000000010200 0000000000000000 dead000000000122 ffff8881001ecd80
[ 29.357145][ T10] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[ 29.365723][ T10] page dumped because: kasan: bad access detected
[ 29.372135][ T10] page_owner tracks the page as allocated
[ 29.377838][ T10] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 349, tgid 349 (syz-executor), ts 27769171127, free_ts 27327814755
[ 29.400420][ T10] post_alloc_hook+0x1f5/0x210
[ 29.405193][ T10] prep_new_page+0x1c/0x110
[ 29.409700][ T10] get_page_from_freelist+0x2c7b/0x2cf0
[ 29.415252][ T10] __alloc_pages+0x1c3/0x450
[ 29.419842][ T10] alloc_slab_page+0x6e/0xf0
[ 29.424433][ T10] new_slab+0x98/0x3d0
[ 29.428499][ T10] ___slab_alloc+0x6bd/0xb20
[ 29.433091][ T10] __slab_alloc+0x5e/0xa0
[ 29.437418][ T10] kmem_cache_alloc_lru+0x144/0x280
[ 29.442617][ T10] shmem_alloc_inode+0x28/0x40
[ 29.447384][ T10] new_inode_pseudo+0x70/0x1f0
[ 29.452152][ T10] new_inode+0x28/0x1e0
[ 29.456310][ T10] shmem_get_inode+0x349/0xc20
[ 29.461075][ T10] shmem_symlink+0x9e/0x4c0
[ 29.465581][ T10] vfs_symlink+0x261/0x3f0
[ 29.470012][ T10] do_symlinkat+0x124/0x5a0
[ 29.474526][ T10] page last free stack trace:
[ 29.479185][ T10] free_unref_page_prepare+0x742/0x750
[ 29.484672][ T10] free_unref_page+0x8f/0x530
[ 29.489375][ T10] __free_pages+0x67/0x100
[ 29.493796][ T10] __vunmap+0x9af/0xb70
[ 29.497946][ T10] vfree+0x61/0x90
[ 29.501663][ T10] kcov_close+0x2b/0x50
[ 29.505826][ T10] __fput+0x1fc/0x8f0
[ 29.509808][ T10] ____fput+0x15/0x20
[ 29.513784][ T10] task_work_run+0x1db/0x240
[ 29.518373][ T10] do_exit+0xa25/0x2650
[ 29.522550][ T10] do_group_exit+0x210/0x2d0
[ 29.527143][ T10] get_signal+0x13b5/0x1520
[ 29.531662][ T10] arch_do_signal_or_restart+0xb0/0x1030
[ 29.537296][ T10] exit_to_user_mode_loop+0x7a/0xb0
[ 29.542505][ T10] exit_to_user_mode_prepare+0x5a/0xa0
[ 29.548009][ T10] syscall_exit_to_user_mode+0x1a/0x30
[ 29.553489][ T10]
[ 29.555818][ T10] Memory state around the buggy address:
[ 29.561454][ T10] ffff888123fa4b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 29.569510][ T10] ffff888123fa4c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 29.577562][ T10] >ffff888123fa4c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 29.585626][ T10] ^
[ 29.590205][ T10] ffff888123fa4d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 29.598257][ T10] ffff888123fa4d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 29.606310][ T10] ==================================================================
[ 29.617257][ T10] Disabling lock debugging due to kernel taint
[ 29.623571][ T28] kauditd_printk_skb: 38 callbacks suppressed
[ 29.623585][ T28] audit: type=1400 audit(1761276078.834:112): avc: denied { read } for pid=84 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[ 29.642201][ T365] EXT4-fs (loop2): unmounting filesystem.
[ 29.651624][ T28] audit: type=1400 audit(1761276078.834:113): avc: denied { search } for pid=84 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 29.679295][ T28] audit: type=1400 audit(1761276078.834:114): avc: denied { write } for pid=84 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 29.697966][ T380] loop2: detected capacity change from 0 to 1024
[ 29.713243][ T28] audit: type=1400 audit(1761276078.834:115): avc: denied { add_name } for pid=84 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 29.716871][ T380] EXT4-fs: Ignoring removed bh option
[ 29.734046][ T28] audit: type=1400 audit(1761276078.834:116): avc: denied { create } for pid=84 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 29.752780][ T380] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 29.760506][ T28] audit: type=1400 audit(1761276078.834:117): avc: denied { append open } for pid=84 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 29.789352][ T380] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[ 29.794661][ T28] audit: type=1400 audit(1761276078.834:118): avc: denied { getattr } for pid=84 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 29.826701][ T380] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3836: comm syz.2.18: Allocating blocks 497-513 which overlap fs metadata
[ 29.841144][ T380] EXT4-fs (loop2): pa ffff8881111c62a0: logic 64, phys. 193, len 20
[ 29.849712][ T380] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:4876: group 0, free 0, pa_free 1
[ 29.861921][ T376] EXT4-fs error (device loop2): ext4_map_blocks:745: inode #15: block 350691876: comm kworker/u4:4: lblock 36 mapped to illegal pblock 350691876 (length 1)
[ 29.877930][ T376] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 36 with max blocks 1 with error 117
[ 29.890553][ T376] EXT4-fs (loop2): This should not happen!! Data will be lost
[ 29.890553][ T376]
[ 29.903751][ T365] EXT4-fs (loop2): unmounting filesystem.
[ 29.919979][ T383] loop2: detected capacity change from 0 to 1024
[ 29.926749][ T383] EXT4-fs: Ignoring removed bh option
[ 29.932668][ T383] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 29.959076][ T383] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[ 29.981925][ T383] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3836: comm syz.2.19: Allocating blocks 497-513 which overlap fs metadata
[ 29.996478][ T383] EXT4-fs (loop2): pa ffff8881111c61f8: logic 64, phys. 193, len 20
[ 30.004533][ T383] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:4876: group 0, free 0, pa_free 1
[ 30.017419][ T376] EXT4-fs error (device loop2): ext4_map_blocks:745: inode #15: block 22359599712421: comm kworker/u4:4: lblock 36 mapped to illegal pblock 22359599712421 (length 1)
[ 30.034182][ T376] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 36 with max blocks 1 with error 117
[ 30.046719][ T376] EXT4-fs (loop2): This should not happen!! Data will be lost
[ 30.046719][ T376]
[ 30.060039][ T365] EXT4-fs (loop2): unmounting filesystem.
[ 30.075131][ T386] loop2: detected capacity change from 0 to 1024
[ 30.081899][ T386] EXT4-fs: Ignoring removed bh option
[ 30.087699][ T386] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 30.119743][ T386] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[ 30.141447][ T386] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3836: comm syz.2.20: Allocating blocks 497-513 which overlap fs metadata
[ 30.155987][ T386] EXT4-fs (loop2): pa ffff8881111c6888: logic 64, phys. 193, len 20
[ 30.164031][ T386] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:4876: group 0, free 0, pa_free 1
[ 30.187474][ T365] EXT4-fs (loop2): unmounting filesystem.
[ 30.202664][ T389] loop2: detected capacity change from 0 to 1024
[ 30.209447][ T389] EXT4-fs: Ignoring removed bh option
[ 30.215283][ T389] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 30.238903][ T389] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[ 30.258391][ T389] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3836: comm syz.2.21: Allocating blocks 497-513 which overlap fs metadata
[ 30.273600][ T43] device bridge_slave_1 left promiscuous mode
[ 30.273718][ T389] EXT4-fs (loop2): pa ffff8881235150a8: logic 64, phys. 193, len 20
[ 30.280001][ T43] bridge0: port 2(bridge_slave_1) entered disabled state
[ 30.287874][ T389] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:4876: group 0, free 0, pa_free 1
[ 30.304964][ T43] device bridge_slave_0 left promiscuous mode
[ 30.311164][ T43] bridge0: port 1(bridge_slave_0) entered disabled state
[ 30.320900][ T43] device veth1_macvtap left promiscuous mode
[ 30.323500][ T365] EXT4-fs (loop2): unmounting filesystem.
[ 30.326956][ T43] device veth0_vlan left promiscuous mode
[ 30.359200][ T392] loop2: detected capacity change from 0 to 1024
[ 30.366844][ T392] EXT4-fs: Ignoring removed bh option
[ 30.373063][ T392] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 30.396922][ T392] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[ 30.416467][ T392] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3836: comm syz.2.22: Allocating blocks 497-513 which overlap fs metadata
[ 30.431158][ T392] EXT4-fs (loop2): pa ffff888123515f18: logic 64, phys. 193, len 20
[ 30.439222][ T392] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:4876: group 0, free 0, pa_free 1
[ 30.450921][ T376] EXT4-fs error (device loop2): ext4_map_blocks:745: inode #15: block 676: comm kworker/u4:4: lblock 36 mapped to illegal pblock 676 (length 1)
[ 30.465751][ T376] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 36 with max blocks 1 with error 117
[ 30.478143][ T376] EXT4-fs (loop2): This should not happen!! Data will be lost
[ 30.478143][ T376]
[ 30.490962][ T365] EXT4-fs (loop2): unmounting filesystem.
[ 30.508455][ T395] loop2: detected capacity change from 0 to 1024
[ 30.515252][ T395] EXT4-fs: Ignoring removed bh option
[ 30.521376][ T395] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 30.538898][ T395] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[ 30.559070][ T395] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3836: comm syz.2.23: Allocating blocks 497-513 which overlap fs metadata
[ 30.573526][ T395] EXT4-fs (loop2): pa ffff888123515b28: logic 64, phys. 193, len 20
[ 30.581610][ T395] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:4876: group 0, free 0, pa_free 1
[ 30.601564][ T365] EXT4-fs (loop2): unmounting filesystem.
[ 30.623110][ T398] loop2: detected capacity change from 0 to 1024
[ 30.629940][ T398] EXT4-fs: Ignoring removed bh option
[ 30.635754][ T398] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 30.650071][ T398] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[ 30.669871][ T398] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3836: comm syz.2.24: Allocating blocks 497-513 which overlap fs metadata
[ 30.684243][ T398] EXT4-fs (loop2): pa ffff8881237ad0a8: logic 64, phys. 193, len 20
[ 30.692298][ T398] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:4876: group 0, free 0, pa_free 1
[ 30.712335][ T365] EXT4-fs (loop2): unmounting filesystem.
[ 30.736694][ T401] loop2: detected capacity change from 0 to 1024
[ 30.746355][ T401] EXT4-fs: Ignoring removed bh option
[ 30.754570][ T401] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 30.769685][ T401] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[ 30.788473][ T401] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3836: comm syz.2.25: Allocating blocks 497-513 which overlap fs metadata
[ 30.802988][ T401] EXT4-fs (loop2): pa ffff888123515348: logic 64, phys. 193, len 20
[ 30.811054][ T401] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:4876: group 0, free 0, pa_free 1
[ 30.831592][ T365] EXT4-fs (loop2): unmounting filesystem.
[ 30.851595][ T404] loop2: detected capacity change from 0 to 1024
[ 30.861411][ T404] EXT4-fs: Ignoring removed bh option
[ 30.867255][ T404] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 30.889761][ T404] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[ 30.909024][ T404] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3836: comm syz.2.26: Allocating blocks 497-513 which overlap fs metadata
[ 30.923495][ T404] EXT4-fs (loop2): pa ffff88812378b1f8: logic 64, phys. 193, len 20
[ 30.931620][ T404] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:4876: group 0, free 0, pa_free 1
[ 30.951738][ T365] EXT4-fs (loop2): unmounting filesystem.
[ 30.976917][ T407] loop2: detected capacity change from 0 to 1024
[ 30.983787][ T407] EXT4-fs: Ignoring removed bh option
[ 30.989882][ T407] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 31.009646][ T407] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[ 31.028381][ T407] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3836: comm syz.2.27: Allocating blocks 497-513 which overlap fs metadata
[ 31.042974][ T407] EXT4-fs (loop2): pa ffff8881237ad7e0: logic 64, phys. 193, len 20
[ 31.051039][ T407] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:4876: group 0, free 0, pa_free 1
[ 31.063069][ T8] EXT4-fs error (device loop2): ext4_map_blocks:745: inode #15: block 1700: comm kworker/u4:0: lblock 36 mapped to illegal pblock 1700 (length 1)
[ 31.078137][ T8] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 36 with max blocks 1 with error 117
[ 31.090522][ T8] EXT4-fs (loop2): This should not happen!! Data will be lost
[ 31.090522][ T8]
[ 31.102438][ T365] EXT4-fs (loop2): unmounting filesystem.
[ 31.118949][ T410] loop2: detected capacity change from 0 to 1024
[ 31.125783][ T410] EXT4-fs: Ignoring removed bh option
[ 31.131741][ T410] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 31.148895][ T410] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[ 31.169278][ T410] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3836: comm syz.2.28: Allocating blocks 497-513 which overlap fs metadata
[ 31.183913][ T410] EXT4-fs (loop2): pa ffff88812378b348: logic 64, phys. 193, len 20
[ 31.191959][ T410] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:4876: group 0, free 0, pa_free 1
[ 31.211824][ T365] EXT4-fs (loop2): unmounting filesystem.
[ 31.231248][ T413] loop2: detected capacity change from 0 to 1024
[ 31.240992][ T413] EXT4-fs: Ignoring removed bh option
[ 31.246804][ T413] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 31.269334][ T413] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[ 31.288412][ T413] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3836: comm syz.2.29: Allocating blocks 497-513 which overlap fs metadata
[ 31.302834][ T413] EXT4-fs (loop2): pa ffff88812378b540: logic 64, phys. 193, len 20
[ 31.310886][ T413] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:4876: group 0, free 0, pa_free 1
[ 31.330622][ T365] EXT4-fs (loop2): unmounting filesystem.
[ 31.346126][ T416] loop2: detected capacity change from 0 to 1024
[ 31.352946][ T416] EXT4-fs: Ignoring removed bh option
[ 31.358900][ T416] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 31.379443][ T416] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[ 31.398353][ T416] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3836: comm syz.2.30: Allocating blocks 497-513 which overlap fs metadata
[ 31.412804][ T416] EXT4-fs (loop2): pa ffff88812d07bd20: logic 64, phys. 193, len 20
[ 31.420879][ T416] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:4876: group 0, free 0, pa_free 1
[ 31.432657][ T8] EXT4-fs error (device loop2): ext4_map_blocks:745: inode #15: block 2214369204: comm kworker/u4:0: lblock 36 mapped to illegal pblock 2214369204 (length 1)
[ 31.448758][ T8] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 36 with max blocks 1 with error 117
[ 31.461192][ T8] EXT4-fs (loop2): This should not happen!! Data will be lost
[ 31.461192][ T8]
[ 31.473151][ T365] EXT4-fs (loop2): unmounting filesystem.
[ 31.488591][ T419] loop2: detected capacity change from 0 to 1024
[ 31.495343][ T419] EXT4-fs: Ignoring removed bh option
[ 31.501093][ T419] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 31.519310][ T419] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[ 31.538801][ T419] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3836: comm syz.2.31: Allocating blocks 497-513 which overlap fs metadata
[ 31.553305][ T419] EXT4-fs (loop2): pa ffff88812d07bdc8: logic 64, phys. 193, len 20
[ 31.561352][ T419] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:4876: group 0, free 0, pa_free 1
[ 31.581356][ T365] EXT4-fs (loop2): unmounting filesystem.
[ 31.596921][ T422] loop2: detected capacity change from 0 to 1024
[ 31.603741][ T422] EXT4-fs: Ignoring removed bh option
[ 31.609640][ T422] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 31.629366][ T422] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[ 31.648306][ T422] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3836: comm syz.2.32: Allocating blocks 497-513 which overlap fs metadata
[ 31.662742][ T422] EXT4-fs (loop2): pa ffff88812d07b498: logic 64, phys. 193, len 20
[ 31.671202][ T422] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:4876: group 0, free 0, pa_free 1
[ 31.682962][ T43] EXT4-fs error (device loop2): ext4_map_blocks:745: inode #15: block 29175712811173: comm kworker/u4:2: lblock 36 mapped to illegal pblock 29175712811173 (length 1)
[ 31.699814][ T43] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 36 with max blocks 1 with error 117
[ 31.712201][ T43] EXT4-fs (loop2): This should not happen!! Data will be lost
[ 31.712201][ T43]
[ 31.712414][ T91] general protection fault, probably for non-canonical address 0xec67154e5b2da54: 0000 [#1] PREEMPT SMP KASAN
[ 31.725562][ T365] EXT4-fs (loop2): unmounting filesystem.
[ 31.733453][ T91] CPU: 0 PID: 91 Comm: klogd Tainted: G B syzkaller #0
[ 31.733475][ T91] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 31.733486][ T91] RIP: 0010:kmem_cache_alloc_node+0x106/0x340
[ 31.733518][ T91] Code: 8b 38 48 85 ff 0f 84 c3 00 00 00 48 83 78 10 00 0f 84 b8 00 00 00 41 8b 44 24 28 48 8d 0c 07 49 8b 9c 24 d8 00 00 00 48 0f c9 <48> 33 1c 07 48 31 cb 48 8d 4a 08 4d 8b 04 24 48 89 f8 65 49 0f c7
[ 31.733539][ T91] RSP: 0018:ffffc900009d77f0 EFLAGS: 00010286
[ 31.733557][ T91] RAX: 0000000000000080 RBX: 4ec81a4d643a262b RCX: 54dab2e55471c60e
[ 31.733571][ T91] RDX: 0000000000013fe0 RSI: 0000000000000100 RDI: 0ec67154e5b2d9d4
[ 31.805189][ T91] RBP: ffffc900009d7840 R08: 0000000000400cc0 R09: ffffed1021e17beb
[ 31.813168][ T91] R10: 0000000000000000 R11: 1ffff11021e17bea R12: ffff88810885c300
[ 31.821135][ T91] R13: 0000000000000100 R14: 00000000ffffffff R15: 0000000000400cc0
[ 31.829114][ T91] FS: 00007f0e0f3b5c80(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 31.838053][ T91] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 31.844641][ T91] CR2: 00007ffe4f430fa8 CR3: 000000010fcac000 CR4: 00000000003506b0
[ 31.852613][ T91] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 31.860580][ T91] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 31.868548][ T91] Call Trace:
[ 31.871822][ T91]
[ 31.874750][ T91] ? __alloc_skb+0xea/0x4b0
[ 31.879256][ T91] __alloc_skb+0xea/0x4b0
[ 31.883585][ T91] alloc_skb_with_frags+0xa8/0x620
[ 31.888703][ T91] ? memcpy+0x56/0x70
[ 31.892682][ T91] sock_alloc_send_pskb+0x853/0x980
[ 31.897904][ T91] ? __cfi_sock_alloc_send_pskb+0x10/0x10
[ 31.903625][ T91] ? __kasan_check_write+0x14/0x20
[ 31.908735][ T91] ? _raw_spin_lock+0x8e/0xe0
[ 31.913415][ T91] ? __cfi__raw_spin_lock+0x10/0x10
[ 31.918612][ T91] ? security_socket_getpeersec_dgram+0xbb/0xd0
[ 31.924854][ T91] unix_dgram_sendmsg+0x592/0x16d0
[ 31.929975][ T91] ? __cfi_selinux_socket_sendmsg+0x10/0x10
[ 31.935878][ T91] ? __cfi_unix_dgram_sendmsg+0x10/0x10
[ 31.941432][ T91] ? security_socket_sendmsg+0x93/0xb0
[ 31.946894][ T91] __sys_sendto+0x464/0x5e0
[ 31.951397][ T91] ? __cfi_autoremove_wake_function+0x10/0x10
[ 31.957466][ T91] ? __cfi___sys_sendto+0x10/0x10
[ 31.962490][ T91] ? __cfi_do_syslog+0x10/0x10
[ 31.967257][ T91] ? __this_cpu_preempt_check+0x13/0x20
[ 31.972808][ T91] ? xfd_validate_state+0x70/0x150
[ 31.977918][ T91] __x64_sys_sendto+0xe5/0x100
[ 31.982677][ T91] x64_sys_call+0x83/0x9a0
[ 31.987093][ T91] do_syscall_64+0x4c/0xa0
[ 31.991504][ T91] ? clear_bhb_loop+0x30/0x80
[ 31.996182][ T91] ? clear_bhb_loop+0x30/0x80
[ 32.000868][ T91] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 32.006763][ T91] RIP: 0033:0x7f0e0f505407
[ 32.011186][ T91] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[ 32.030792][ T91] RSP: 002b:00007ffc52decb20 EFLAGS: 00000202 ORIG_RAX: 000000000000002c
[ 32.039219][ T91] RAX: ffffffffffffffda RBX: 00007f0e0f3b5c80 RCX: 00007f0e0f505407
[ 32.047193][ T91] RDX: 000000000000006d RSI: 00007ffc52decc60 RDI: 0000000000000003
[ 32.055171][ T91] RBP: 00007ffc52ded090 R08: 0000000000000000 R09: 0000000000000000
[ 32.063140][ T91] R10: 0000000000004000 R11: 0000000000000202 R12: 00007ffc52ded0a8
[ 32.071114][ T91] R13: 00007ffc52decc60 R14: 0000000000000052 R15: 00007ffc52decc60
[ 32.079101][ T91]
[ 32.082115][ T91] Modules linked in:
[ 32.086063][ C0] general protection fault, probably for non-canonical address 0xec67154e5b2da54: 0000 [#2] PREEMPT SMP KASAN
[ 32.097701][ C0] CPU: 0 PID: 91 Comm: klogd Tainted: G B D syzkaller #0
[ 32.105935][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 32.116004][ C0] RIP: 0010:kmem_cache_alloc_node+0x106/0x340
[ 32.122076][ C0] Code: 8b 38 48 85 ff 0f 84 c3 00 00 00 48 83 78 10 00 0f 84 b8 00 00 00 41 8b 44 24 28 48 8d 0c 07 49 8b 9c 24 d8 00 00 00 48 0f c9 <48> 33 1c 07 48 31 cb 48 8d 4a 08 4d 8b 04 24 48 89 f8 65 49 0f c7
[ 32.141669][ C0] RSP: 0018:ffffc90000007b40 EFLAGS: 00010286
[ 32.147725][ C0] RAX: 0000000000000080 RBX: 4ec81a4d643a262b RCX: 54dab2e55471c60e
[ 32.155686][ C0] RDX: 0000000000013fe0 RSI: 0000000000000100 RDI: 0ec67154e5b2d9d4
[ 32.163646][ C0] RBP: ffffc90000007b90 R08: dffffc0000000000 R09: ffffed1025757185
[ 32.171607][ C0] R10: 0000000000000000 R11: 1ffff11025757184 R12: ffff88810885c300
[ 32.179566][ C0] R13: 0000000000000100 R14: 00000000ffffffff R15: 0000000000000a20
[ 32.187543][ C0] FS: 00007f0e0f3b5c80(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 32.196463][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 32.203038][ C0] CR2: 00007ffe4f430fa8 CR3: 000000010fcac000 CR4: 00000000003506b0
[ 32.211000][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 32.218957][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 32.226913][ C0] Call Trace:
[ 32.230176][ C0]
[ 32.233008][ C0] ? __alloc_skb+0xea/0x4b0
[ 32.237498][ C0] __alloc_skb+0xea/0x4b0
[ 32.241810][ C0] ndisc_send_rs+0x304/0x870
[ 32.246399][ C0] addrconf_rs_timer+0x2c7/0x600
[ 32.251328][ C0] ? __cfi_addrconf_rs_timer+0x10/0x10
[ 32.256772][ C0] ? __cfi_addrconf_rs_timer+0x10/0x10
[ 32.262219][ C0] call_timer_fn+0x46/0x2a0
[ 32.266711][ C0] ? __cfi_addrconf_rs_timer+0x10/0x10
[ 32.272161][ C0] __run_timers+0x639/0x9a0
[ 32.276659][ C0] ? calc_index+0x200/0x200
[ 32.281153][ C0] ? kvm_sched_clock_read+0x18/0x40
[ 32.286351][ C0] run_timer_softirq+0x6a/0xf0
[ 32.291110][ C0] handle_softirqs+0x1d7/0x600
[ 32.295867][ C0] ? irqtime_account_irq+0xc4/0x240
[ 32.301074][ C0] __irq_exit_rcu+0x52/0xf0
[ 32.305564][ C0] irq_exit_rcu+0x9/0x10
[ 32.309799][ C0] sysvec_apic_timer_interrupt+0xa9/0xc0
[ 32.315429][ C0]
[ 32.318352][ C0]
[ 32.321270][ C0] asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 32.327249][ C0] RIP: 0010:preempt_schedule_irq+0x96/0x110
[ 32.333139][ C0] Code: 00 00 00 9c 8f 44 24 20 f6 44 24 21 02 74 0b 0f 0b 48 f7 03 08 00 00 00 74 4d bf 01 00 00 00 e8 00 f4 58 fc fb bf 01 00 00 00 55 e5 ff ff fa bf 01 00 00 00 e8 aa f5 58 fc 65 48 8b 1d 82 af
[ 32.352771][ C0] RSP: 0018:ffffc900009d74c0 EFLAGS: 00000246
[ 32.358825][ C0] RAX: 1ffff11021fb13e1 RBX: ffffc900009d7588 RCX: ffffffff87972100
[ 32.366784][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[ 32.374746][ C0] RBP: ffffc900009d7538 R08: dffffc0000000000 R09: ffffed1021fb1289
[ 32.382708][ C0] R10: ffffed1021fb1289 R11: 1ffff11021fb1288 R12: 0000000000000000
[ 32.390667][ C0] R13: 0000000000000000 R14: dffffc0000000000 R15: 1ffff9200013ae98
[ 32.398632][ C0] ? __cfi_preempt_schedule_irq+0x10/0x10
[ 32.404372][ C0] raw_irqentry_exit_cond_resched+0x29/0x30
[ 32.410254][ C0] irqentry_exit+0x37/0x40
[ 32.414665][ C0] sysvec_reschedule_ipi+0x78/0x80
[ 32.419771][ C0] asm_sysvec_reschedule_ipi+0x1b/0x20
[ 32.425227][ C0] RIP: 0010:oops_exit+0x0/0x30
[ 32.429996][ C0] Code: c1 0f 8c 0f ff ff ff 48 89 df e8 4b 82 cb fc e9 02 ff ff ff 66 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 b8 0c 67 40 a5 <55> 48 89 e5 e8 67 13 87 fc e8 d2 4d 58 fc 48 c7 c7 20 e4 48 85 31
[ 32.449590][ C0] RSP: 0018:ffffc900009d7630 EFLAGS: 00000206
[ 32.455644][ C0] RAX: 0000000000000001 RBX: 000000000000000b RCX: ffff88810fd89440
[ 32.463604][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff87957f60
[ 32.471561][ C0] RBP: ffffc900009d7648 R08: dffffc0000000000 R09: fffffbfff0f2d8fd
[ 32.479543][ C0] R10: fffffbfff0f2d8fd R11: 1ffffffff0f2d8fc R12: ffffc900009d76a0
[ 32.487506][ C0] R13: 0ec67154e5b2da54 R14: 0000000000000293 R15: 0000000000000000
[ 32.495471][ C0] ? oops_end+0x46/0xd0
[ 32.499624][ C0] die_addr+0x61/0x70
[ 32.503598][ C0] exc_general_protection+0x13a/0x1e0
[ 32.508965][ C0] asm_exc_general_protection+0x27/0x30
[ 32.514499][ C0] RIP: 0010:kmem_cache_alloc_node+0x106/0x340
[ 32.520560][ C0] Code: 8b 38 48 85 ff 0f 84 c3 00 00 00 48 83 78 10 00 0f 84 b8 00 00 00 41 8b 44 24 28 48 8d 0c 07 49 8b 9c 24 d8 00 00 00 48 0f c9 <48> 33 1c 07 48 31 cb 48 8d 4a 08 4d 8b 04 24 48 89 f8 65 49 0f c7
[ 32.540153][ C0] RSP: 0018:ffffc900009d77f0 EFLAGS: 00010286
[ 32.546208][ C0] RAX: 0000000000000080 RBX: 4ec81a4d643a262b RCX: 54dab2e55471c60e
[ 32.554176][ C0] RDX: 0000000000013fe0 RSI: 0000000000000100 RDI: 0ec67154e5b2d9d4
[ 32.562130][ C0] RBP: ffffc900009d7840 R08: 0000000000400cc0 R09: ffffed1021e17beb
[ 32.570088][ C0] R10: 0000000000000000 R11: 1ffff11021e17bea R12: ffff88810885c300
[ 32.578042][ C0] R13: 0000000000000100 R14: 00000000ffffffff R15: 0000000000400cc0
[ 32.586003][ C0] ? __alloc_skb+0xea/0x4b0
[ 32.590496][ C0] __alloc_skb+0xea/0x4b0
[ 32.594837][ C0] alloc_skb_with_frags+0xa8/0x620
[ 32.599956][ C0] ? memcpy+0x56/0x70
[ 32.603938][ C0] sock_alloc_send_pskb+0x853/0x980
[ 32.609144][ C0] ? __cfi_sock_alloc_send_pskb+0x10/0x10
[ 32.614860][ C0] ? __kasan_check_write+0x14/0x20
[ 32.619965][ C0] ? _raw_spin_lock+0x8e/0xe0
[ 32.624632][ C0] ? __cfi__raw_spin_lock+0x10/0x10
[ 32.629816][ C0] ? security_socket_getpeersec_dgram+0xbb/0xd0
[ 32.636051][ C0] unix_dgram_sendmsg+0x592/0x16d0
[ 32.641193][ C0] ? __cfi_selinux_socket_sendmsg+0x10/0x10
[ 32.647084][ C0] ? __cfi_unix_dgram_sendmsg+0x10/0x10
[ 32.652646][ C0] ? security_socket_sendmsg+0x93/0xb0
[ 32.658092][ C0] __sys_sendto+0x464/0x5e0
[ 32.662593][ C0] ? __cfi_autoremove_wake_function+0x10/0x10
[ 32.668655][ C0] ? __cfi___sys_sendto+0x10/0x10
[ 32.673673][ C0] ? __cfi_do_syslog+0x10/0x10
[ 32.678440][ C0] ? __this_cpu_preempt_check+0x13/0x20
[ 32.684009][ C0] ? xfd_validate_state+0x70/0x150
[ 32.689133][ C0] __x64_sys_sendto+0xe5/0x100
[ 32.693898][ C0] x64_sys_call+0x83/0x9a0
[ 32.698305][ C0] do_syscall_64+0x4c/0xa0
[ 32.702712][ C0] ? clear_bhb_loop+0x30/0x80
[ 32.707380][ C0] ? clear_bhb_loop+0x30/0x80
[ 32.712046][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 32.717933][ C0] RIP: 0033:0x7f0e0f505407
[ 32.722333][ C0] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[ 32.741921][ C0] RSP: 002b:00007ffc52decb20 EFLAGS: 00000202 ORIG_RAX: 000000000000002c
[ 32.750321][ C0] RAX: ffffffffffffffda RBX: 00007f0e0f3b5c80 RCX: 00007f0e0f505407
[ 32.758281][ C0] RDX: 000000000000006d RSI: 00007ffc52decc60 RDI: 0000000000000003
[ 32.766239][ C0] RBP: 00007ffc52ded090 R08: 0000000000000000 R09: 0000000000000000
[ 32.774200][ C0] R10: 0000000000004000 R11: 0000000000000202 R12: 00007ffc52ded0a8
[ 32.782164][ C0] R13: 00007ffc52decc60 R14: 0000000000000052 R15: 00007ffc52decc60
[ 32.790144][ C0]
[ 32.793165][ C0] Modules linked in:
[ 32.797112][ C0] ---[ end trace 0000000000000000 ]---
[ 32.797118][ T297] general protection fault, probably for non-canonical address 0xbbdf1c4c53106c54: 0000 [#3] PREEMPT SMP KASAN
[ 32.802599][ C0] RIP: 0010:kmem_cache_alloc_node+0x106/0x340
[ 32.814300][ T297] CPU: 1 PID: 297 Comm: udevd Tainted: G B D syzkaller #0
[ 32.814327][ T297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 32.814338][ T297] RIP: 0010:kmem_cache_alloc+0xf7/0x330
[ 32.820434][ C0] Code: 8b 38 48 85 ff 0f 84 c3 00 00 00 48 83 78 10 00 0f 84 b8 00 00 00 41 8b 44 24 28 48 8d 0c 07 49 8b 9c 24 d8 00 00 00 48 0f c9 <48> 33 1c 07 48 31 cb 48 8d 4a 08 4d 8b 04 24 48 89 f8 65 49 0f c7
[ 32.828731][ T297] Code: 08 48 8b 38 48 85 ff 0f 84 bd 00 00 00 48 83 78 10 00 0f 84 b2 00 00 00 41 8b 47 28 48 8d 0c 07 49 8b 9f d8 00 00 00 48 0f c9 <48> 33 1c 07 48 31 cb 48 8d 4a 08 4d 8b 07 48 89 f8 65 49 0f c7 08
[ 32.828749][ T297] RSP: 0018:ffffc90003e6f8b0 EFLAGS: 00010282
[ 32.828768][ T297] RAX: 0000000000000008 RBX: 763776bed29893d5 RCX: 546c10534c1cdfbb
[ 32.838838][ C0] RSP: 0018:ffffc900009d77f0 EFLAGS: 00010286
[ 32.844394][ T297] RDX: 0000000000010d41 RSI: 0000000000000010 RDI: bbdf1c4c53106c4c
[ 32.864020][ C0]
[ 32.883589][ T297] RBP: ffffc90003e6f8f8 R08: dffffc0000000000 R09: ffffed10232cf901
[ 32.883607][ T297] R10: 0000000000000000 R11: 1ffff110232cf900 R12: 0000000000000010
[ 32.889692][ C0] RAX: 0000000000000080 RBX: 4ec81a4d643a262b RCX: 54dab2e55471c60e
[ 32.897640][ T297] R13: ffffffff82346573 R14: 0000000000000dc0 R15: ffff8881001eb200
[ 32.897656][ T297] FS: 00007f30c9b51880(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 32.903715][ C0] RDX: 0000000000013fe0 RSI: 0000000000000100 RDI: 0ec67154e5b2d9d4
[ 32.911675][ T297] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 32.911692][ T297] CR2: 00007f30c9271000 CR3: 000000010f984000 CR4: 00000000003506a0
[ 32.914008][ C0] RBP: ffffc900009d7840 R08: 0000000000400cc0 R09: ffffed1021e17beb
[ 32.921966][ T297] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 32.921979][ T297] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 32.929947][ C0] R10: 0000000000000000 R11: 1ffff11021e17bea R12: ffff88810885c300
[ 32.937900][ T297] Call Trace:
[ 32.937908][ T297]
[ 32.937917][ T297] ? security_file_alloc+0x33/0x130
[ 32.945876][ C0] R13: 0000000000000100 R14: 00000000ffffffff R15: 0000000000400cc0
[ 32.954794][ T297] security_file_alloc+0x33/0x130
[ 32.954821][ T297] __alloc_file+0xb5/0x2a0
[ 32.962792][ C0] FS: 00007f0e0f3b5c80(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 32.969355][ T297] alloc_empty_file+0x97/0x180
[ 32.977329][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 32.985294][ T297] path_openat+0xf4/0x2f50
[ 32.985319][ T297] ? kasan_set_track+0x4b/0x70
[ 32.993300][ C0] CR2: 00007ffe4f430fa8 CR3: 000000010fcac000 CR4: 00000000003506b0
[ 33.001355][ T297] ? kasan_save_alloc_info+0x25/0x30
[ 33.009340][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 33.012601][ T297] ? __kasan_slab_alloc+0x72/0x80
[ 33.015530][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 33.020716][ T297] ? kmem_cache_alloc+0x16e/0x330
[ 33.028705][ C0] Kernel panic - not syncing: Fatal exception in interrupt
[ 33.033704][ T297] ? getname_flags+0xb9/0x500
[ 33.033732][ T297] ? getname+0x19/0x20
[ 33.033745][ T297] ? do_sys_openat2+0xcb/0x7e0
[ 33.033766][ T297] ? __x64_sys_openat+0x136/0x160
[ 33.033788][ T297] ? x64_sys_call+0x783/0x9a0
[ 33.033808][ T297] ? do_syscall_64+0x4c/0xa0
[ 33.033825][ T297] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 33.033852][ T297] ? do_filp_open+0x3c0/0x3c0
[ 33.033872][ T297] do_filp_open+0x1c1/0x3c0
[ 33.033892][ T297] ? __cfi_do_filp_open+0x10/0x10
[ 33.033914][ T297] ? alloc_fd+0x4e6/0x590
[ 33.033942][ T297] do_sys_openat2+0x185/0x7e0
[ 33.033963][ T297] ? __x64_sys_recvmsg+0x205/0x2c0
[ 33.033985][ T297] ? do_sys_open+0xe0/0xe0
[ 33.034009][ T297] __x64_sys_openat+0x136/0x160
[ 33.034031][ T297] x64_sys_call+0x783/0x9a0
[ 33.034051][ T297] do_syscall_64+0x4c/0xa0
[ 33.034068][ T297] ? clear_bhb_loop+0x30/0x80
[ 33.034090][ T297] ? clear_bhb_loop+0x30/0x80
[ 33.034112][ T297] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 33.034134][ T297] RIP: 0033:0x7f30c94a7407
[ 33.034149][ T297] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[ 33.034164][ T297] RSP: 002b:00007ffc4cdeb180 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[ 33.034183][ T297] RAX: ffffffffffffffda RBX: 00007f30c9b51880 RCX: 00007f30c94a7407
[ 33.034196][ T297] RDX: 00000000000a0800 RSI: 000055ba97bdf600 RDI: ffffffffffffff9c
[ 33.034209][ T297] RBP: 000055ba9799a2c0 R08: 0000000000000000 R09: 0000000000000000
[ 33.034220][ T297] R10: 0000000000000000 R11: 0000000000000202 R12: 000055ba97be54d0
[ 33.034231][ T297] R13: 000055ba97bdf920 R14: 0000000000000000 R15: 000055ba97be54d0
[ 33.034246][ T297]
[ 33.034251][ T297] Modules linked in:
[ 33.038970][ C0] Kernel Offset: disabled
[ 33.293070][ C0] Rebooting in 86400 seconds..