Warning: Permanently added '10.128.1.50' (ED25519) to the list of known hosts.
2026/04/18 15:25:27 parsed 1 programs
[ 30.757824][ T28] audit: type=1400 audit(1776525927.558:64): avc: denied { node_bind } for pid=282 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[ 30.778568][ T28] audit: type=1400 audit(1776525927.558:65): avc: denied { module_request } for pid=282 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[ 31.879877][ T28] audit: type=1400 audit(1776525928.678:66): avc: denied { mounton } for pid=289 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[ 31.883291][ T289] cgroup: Unknown subsys name 'net'
[ 31.902668][ T28] audit: type=1400 audit(1776525928.678:67): avc: denied { mount } for pid=289 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 31.929935][ T28] audit: type=1400 audit(1776525928.708:68): avc: denied { unmount } for pid=289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 31.930358][ T289] cgroup: Unknown subsys name 'devices'
[ 32.069541][ T289] cgroup: Unknown subsys name 'hugetlb'
[ 32.075173][ T289] cgroup: Unknown subsys name 'rlimit'
[ 32.187853][ T28] audit: type=1400 audit(1776525928.988:69): avc: denied { setattr } for pid=289 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 32.211165][ T28] audit: type=1400 audit(1776525928.988:70): avc: denied { create } for pid=289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 32.231622][ T28] audit: type=1400 audit(1776525928.988:71): avc: denied { write } for pid=289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 32.251977][ T28] audit: type=1400 audit(1776525928.988:72): avc: denied { read } for pid=289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 32.272453][ T28] audit: type=1400 audit(1776525928.988:73): avc: denied { mounton } for pid=289 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 32.282532][ T292] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped).
Setting up swapspace version 1, size = 127995904 bytes
[ 32.366860][ T289] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 33.025242][ T295] request_module fs-gadgetfs succeeded, but still no fs?
[ 33.637717][ T334] bridge0: port 1(bridge_slave_0) entered blocking state
[ 33.644802][ T334] bridge0: port 1(bridge_slave_0) entered disabled state
[ 33.652294][ T334] device bridge_slave_0 entered promiscuous mode
[ 33.659212][ T334] bridge0: port 2(bridge_slave_1) entered blocking state
[ 33.666255][ T334] bridge0: port 2(bridge_slave_1) entered disabled state
[ 33.673898][ T334] device bridge_slave_1 entered promiscuous mode
[ 33.720362][ T334] bridge0: port 2(bridge_slave_1) entered blocking state
[ 33.727424][ T334] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 33.734814][ T334] bridge0: port 1(bridge_slave_0) entered blocking state
[ 33.741910][ T334] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 33.761805][ T10] bridge0: port 1(bridge_slave_0) entered disabled state
[ 33.769014][ T10] bridge0: port 2(bridge_slave_1) entered disabled state
[ 33.776263][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 33.783817][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 33.793085][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 33.801392][ T10] bridge0: port 1(bridge_slave_0) entered blocking state
[ 33.808552][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 33.817258][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 33.825747][ T10] bridge0: port 2(bridge_slave_1) entered blocking state
[ 33.832854][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 33.845687][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 33.855126][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 33.868853][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 33.880701][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 33.889142][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 33.896564][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 33.905195][ T334] device veth0_vlan entered promiscuous mode
[ 33.915783][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 33.924946][ T334] device veth1_macvtap entered promiscuous mode
[ 33.934488][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 33.944693][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 33.977061][ T334] syz-executor (334) used greatest stack depth: 21984 bytes left
2026/04/18 15:25:31 executed programs: 0
[ 34.410570][ T358] bridge0: port 1(bridge_slave_0) entered blocking state
[ 34.417739][ T358] bridge0: port 1(bridge_slave_0) entered disabled state
[ 34.425118][ T358] device bridge_slave_0 entered promiscuous mode
[ 34.436458][ T358] bridge0: port 2(bridge_slave_1) entered blocking state
[ 34.443783][ T358] bridge0: port 2(bridge_slave_1) entered disabled state
[ 34.451214][ T358] device bridge_slave_1 entered promiscuous mode
[ 34.503019][ T358] bridge0: port 2(bridge_slave_1) entered blocking state
[ 34.510088][ T358] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 34.517344][ T358] bridge0: port 1(bridge_slave_0) entered blocking state
[ 34.524401][ T358] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 34.548985][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 34.556892][ T10] bridge0: port 1(bridge_slave_0) entered disabled state
[ 34.564295][ T10] bridge0: port 2(bridge_slave_1) entered disabled state
[ 34.576818][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 34.585065][ T10] bridge0: port 1(bridge_slave_0) entered blocking state
[ 34.592151][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 34.599687][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 34.609356][ T10] bridge0: port 2(bridge_slave_1) entered blocking state
[ 34.616387][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 34.630538][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 34.638652][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 34.647683][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 34.655770][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 34.671163][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 34.679593][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 34.690654][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 34.698980][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 34.706986][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 34.714600][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 34.722725][ T358] device veth0_vlan entered promiscuous mode
[ 34.737466][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 34.745634][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 34.754943][ T358] device veth1_macvtap entered promiscuous mode
[ 34.764031][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 34.771721][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 34.780170][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 34.789755][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 34.798048][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 34.827530][ T364] loop2: detected capacity change from 0 to 1024
[ 34.834198][ T364] =======================================================
[ 34.834198][ T364] WARNING: The mand mount option has been deprecated and
[ 34.834198][ T364] and is ignored by this kernel. Remove the mand
[ 34.834198][ T364] option from the mount to silence this warning.
[ 34.834198][ T364] =======================================================
[ 34.880775][ T364] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 34.894399][ T358] EXT4-fs (loop2): unmounting filesystem.
[ 34.911598][ T368] loop2: detected capacity change from 0 to 1024
[ 34.929016][ T368] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 34.943729][ T358] EXT4-fs (loop2): unmounting filesystem.
[ 34.960511][ T371] loop2: detected capacity change from 0 to 1024
[ 34.978748][ T371] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 34.993394][ T358] EXT4-fs (loop2): unmounting filesystem.
[ 35.010263][ T374] loop2: detected capacity change from 0 to 1024
[ 35.028791][ T374] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 35.044755][ T358] EXT4-fs (loop2): unmounting filesystem.
[ 35.063058][ T377] loop2: detected capacity change from 0 to 1024
[ 35.080039][ T377] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 35.092462][ T358] EXT4-fs (loop2): unmounting filesystem.
[ 35.109192][ T380] loop2: detected capacity change from 0 to 1024
[ 35.129794][ T380] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 35.144758][ T358] EXT4-fs (loop2): unmounting filesystem.
[ 35.161583][ T383] loop2: detected capacity change from 0 to 1024
[ 35.188862][ T383] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 35.202209][ T358] EXT4-fs (loop2): unmounting filesystem.
[ 35.219386][ T386] loop2: detected capacity change from 0 to 1024
[ 35.230619][ T43] device bridge_slave_1 left promiscuous mode
[ 35.236814][ T43] bridge0: port 2(bridge_slave_1) entered disabled state
[ 35.244750][ T43] device bridge_slave_0 left promiscuous mode
[ 35.245889][ T386] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 35.253617][ T43] bridge0: port 1(bridge_slave_0) entered disabled state
[ 35.269809][ T43] device veth1_macvtap left promiscuous mode
[ 35.275929][ T43] device veth0_vlan left promiscuous mode
[ 35.278704][ T358] EXT4-fs (loop2): unmounting filesystem.
[ 35.297793][ T390] loop2: detected capacity change from 0 to 1024
[ 35.322614][ T390] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 35.336172][ T358] EXT4-fs (loop2): unmounting filesystem.
[ 35.364763][ T393] loop2: detected capacity change from 0 to 1024
[ 35.380758][ T393] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 35.394375][ T358] EXT4-fs (loop2): unmounting filesystem.
[ 35.449128][ T396] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 35.468014][ T358] EXT4-fs (loop2): unmounting filesystem.
[ 35.511910][ T399] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 35.533951][ T358] EXT4-fs (loop2): unmounting filesystem.
[ 35.558929][ T404] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 35.576108][ T358] EXT4-fs (loop2): unmounting filesystem.
[ 35.622173][ T407] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 35.634571][ T358] EXT4-fs (loop2): unmounting filesystem.
[ 35.661512][ T410] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 35.674202][ T358] EXT4-fs (loop2): unmounting filesystem.
[ 35.708952][ T413] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 35.722650][ T358] EXT4-fs (loop2): unmounting filesystem.
[ 35.759564][ T416] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 35.771985][ T358] EXT4-fs (loop2): unmounting filesystem.
[ 35.798764][ T419] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 35.811729][ T358] EXT4-fs (loop2): unmounting filesystem.
[ 35.838644][ T422] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 35.854515][ T358] EXT4-fs (loop2): unmounting filesystem.
[ 35.879059][ T425] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 35.891421][ T358] EXT4-fs (loop2): unmounting filesystem.
[ 35.928921][ T428] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 35.942003][ T358] EXT4-fs (loop2): unmounting filesystem.
[ 35.969615][ T431] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 35.982377][ T358] EXT4-fs (loop2): unmounting filesystem.
[ 36.008807][ T434] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 36.022424][ T358] EXT4-fs (loop2): unmounting filesystem.
[ 36.049678][ T437] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 36.062410][ T358] EXT4-fs (loop2): unmounting filesystem.
[ 36.088727][ T440] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 36.102436][ T358] EXT4-fs (loop2): unmounting filesystem.
[ 36.128603][ T443] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 36.141043][ T358] EXT4-fs (loop2): unmounting filesystem.
[ 36.169916][ T446] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 36.182728][ T358] EXT4-fs (loop2): unmounting filesystem.
[ 36.208753][ T449] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 36.222096][ T358] EXT4-fs (loop2): unmounting filesystem.
[ 36.248632][ T452] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 36.261882][ T358] EXT4-fs (loop2): unmounting filesystem.
[ 36.298860][ T455] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 36.312644][ T358] EXT4-fs (loop2): unmounting filesystem.
[ 36.338919][ T458] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 36.351516][ T358] EXT4-fs (loop2): unmounting filesystem.
[ 36.369907][ T461] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 36.381627][ T358] EXT4-fs (loop2): unmounting filesystem.
2026/04/18 15:25:36 executed programs: 168
[ 39.710167][ T920] ==================================================================
[ 39.718298][ T920] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x979/0x21d0
[ 39.726102][ T920] Read of size 18446744073709551588 at addr ffff88810fe92840 by task syz.2.200/920
[ 39.735383][ T920]
[ 39.737756][ T920] CPU: 1 PID: 920 Comm: syz.2.200 Not tainted syzkaller #0
[ 39.744973][ T920] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 39.755045][ T920] Call Trace:
[ 39.758330][ T920]
[ 39.761264][ T920] __dump_stack+0x21/0x24
[ 39.765593][ T920] dump_stack_lvl+0x110/0x170
[ 39.770269][ T920] ? __cfi_dump_stack_lvl+0x8/0x8
[ 39.775294][ T920] ? kasan_save_alloc_info+0x25/0x30
[ 39.780582][ T920] ? ext4_xattr_block_set+0x9d5/0x3260
[ 39.786039][ T920] ? ext4_xattr_set+0x242/0x320
[ 39.790886][ T920] ? ext4_xattr_security_set+0x3c/0x50
[ 39.796343][ T920] ? ext4_xattr_set_entry+0x979/0x21d0
[ 39.801804][ T920] print_address_description+0x71/0x200
[ 39.807379][ T920] print_report+0x4a/0x60
[ 39.811710][ T920] kasan_report+0x122/0x150
[ 39.816213][ T920] ? ext4_xattr_set_entry+0x979/0x21d0
[ 39.821674][ T920] ? ext4_xattr_set_entry+0x979/0x21d0
[ 39.827135][ T920] kasan_check_range+0x249/0x2a0
[ 39.832074][ T920] ? ext4_xattr_set_entry+0x979/0x21d0
[ 39.837555][ T920] memmove+0x2d/0x70
[ 39.841447][ T920] ext4_xattr_set_entry+0x979/0x21d0
[ 39.846742][ T920] ext4_xattr_block_set+0xad3/0x3260
[ 39.852033][ T920] ? __kasan_check_write+0x14/0x20
[ 39.857141][ T920] ? iput+0x620/0x670
[ 39.861122][ T920] ? ext4_xattr_block_find+0x310/0x310
[ 39.866584][ T920] ext4_xattr_set_handle+0xe3b/0x1570
[ 39.871960][ T920] ? __cfi_ext4_xattr_set_handle+0x10/0x10
[ 39.877789][ T920] ? __kasan_check_read+0x11/0x20
[ 39.882830][ T920] ? __ext4_journal_start_sb+0x2ed/0x4a0
[ 39.888474][ T920] ext4_xattr_set+0x242/0x320
[ 39.893240][ T920] ? ns_capable+0x8c/0xf0
[ 39.897578][ T920] ? __cfi_ext4_xattr_set+0x10/0x10
[ 39.902776][ T920] ? selinux_inode_setxattr+0x5cf/0xbf0
[ 39.908321][ T920] ext4_xattr_security_set+0x3c/0x50
[ 39.913612][ T920] ? __cfi_ext4_xattr_security_set+0x10/0x10
[ 39.919589][ T920] __vfs_setxattr+0x3f2/0x440
[ 39.924283][ T920] __vfs_setxattr_noperm+0x12a/0x5e0
[ 39.929586][ T920] __vfs_setxattr_locked+0x212/0x230
[ 39.934870][ T920] vfs_setxattr+0x167/0x2e0
[ 39.939382][ T920] ? __cfi_vfs_setxattr+0x10/0x10
[ 39.944407][ T920] ? copy_user_enhanced_fast_string+0xa/0x40
[ 39.950394][ T920] setxattr+0x346/0x360
[ 39.954552][ T920] ? path_setxattr+0x290/0x290
[ 39.959338][ T920] ? __mnt_want_write+0x1e6/0x260
[ 39.964374][ T920] ? mnt_want_write+0x220/0x300
[ 39.969243][ T920] path_setxattr+0x147/0x290
[ 39.973845][ T920] ? simple_xattr_list_add+0x120/0x120
[ 39.979314][ T920] __x64_sys_setxattr+0xc5/0xe0
[ 39.984165][ T920] x64_sys_call+0x633/0x9a0
[ 39.988665][ T920] do_syscall_64+0x4c/0xa0
[ 39.993073][ T920] ? clear_bhb_loop+0x30/0x80
[ 39.997748][ T920] ? clear_bhb_loop+0x30/0x80
[ 40.002424][ T920] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 40.008322][ T920] RIP: 0033:0x7f38a459c819
[ 40.012744][ T920] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 40.032349][ T920] RSP: 002b:00007ffc55133e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc
[ 40.040758][ T920] RAX: ffffffffffffffda RBX: 00007f38a4815fa0 RCX: 00007f38a459c819
[ 40.048815][ T920] RDX: 00002000000013c0 RSI: 0000200000000140 RDI: 0000200000000100
[ 40.056799][ T920] RBP: 00007f38a4632c91 R08: 0000000000000000 R09: 0000000000000000
[ 40.064766][ T920] R10: 0000000000000700 R11: 0000000000000246 R12: 0000000000000000
[ 40.072757][ T920] R13: 00007f38a4815fac R14: 00007f38a4815fa0 R15: 00007f38a4815fa0
[ 40.080753][ T920]
[ 40.083829][ T920]
[ 40.086165][ T920] Allocated by task 920:
[ 40.090412][ T920] kasan_set_track+0x4b/0x70
[ 40.095032][ T920] kasan_save_alloc_info+0x25/0x30
[ 40.100175][ T920] __kasan_kmalloc+0x95/0xb0
[ 40.104845][ T920] __kmalloc_node_track_caller+0xb1/0x1e0
[ 40.110576][ T920] kmemdup+0x2b/0x60
[ 40.114495][ T920] ext4_xattr_block_set+0x9d5/0x3260
[ 40.119798][ T920] ext4_xattr_set_handle+0xe3b/0x1570
[ 40.125209][ T920] ext4_xattr_set+0x242/0x320
[ 40.129900][ T920] ext4_xattr_security_set+0x3c/0x50
[ 40.135197][ T920] __vfs_setxattr+0x3f2/0x440
[ 40.139901][ T920] __vfs_setxattr_noperm+0x12a/0x5e0
[ 40.145219][ T920] __vfs_setxattr_locked+0x212/0x230
[ 40.150530][ T920] vfs_setxattr+0x167/0x2e0
[ 40.155057][ T920] setxattr+0x346/0x360
[ 40.159248][ T920] path_setxattr+0x147/0x290
[ 40.163856][ T920] __x64_sys_setxattr+0xc5/0xe0
[ 40.168722][ T920] x64_sys_call+0x633/0x9a0
[ 40.173255][ T920] do_syscall_64+0x4c/0xa0
[ 40.177709][ T920] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 40.183624][ T920]
[ 40.185973][ T920] The buggy address belongs to the object at ffff88810fe92800
[ 40.185973][ T920] which belongs to the cache kmalloc-1k of size 1024
[ 40.200049][ T920] The buggy address is located 64 bytes inside of
[ 40.200049][ T920] 1024-byte region [ffff88810fe92800, ffff88810fe92c00)
[ 40.213346][ T920]
[ 40.215685][ T920] The buggy address belongs to the physical page:
[ 40.222192][ T920] page:ffffea00043fa400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10fe90
[ 40.232458][ T920] head:ffffea00043fa400 order:3 compound_mapcount:0 compound_pincount:0
[ 40.240796][ T920] flags: 0x4000000000010200(slab|head|zone=1)
[ 40.246897][ T920] raw: 4000000000010200 0000000000000000 dead000000000001 ffff888100043080
[ 40.255496][ T920] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 40.264097][ T920] page dumped because: kasan: bad access detected
[ 40.270528][ T920] page_owner tracks the page as allocated
[ 40.276256][ T920] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 334, tgid 334 (syz-executor), ts 33694026502, free_ts 33147001815
[ 40.298847][ T920] post_alloc_hook+0x1f5/0x210
[ 40.303657][ T920] prep_new_page+0x1c/0x110
[ 40.308176][ T920] get_page_from_freelist+0x2d12/0x2d80
[ 40.313739][ T920] __alloc_pages+0x1fa/0x610
[ 40.318353][ T920] alloc_slab_page+0x6e/0xf0
[ 40.322971][ T920] new_slab+0x98/0x3d0
[ 40.327062][ T920] ___slab_alloc+0x6bd/0xb20
[ 40.331680][ T920] __slab_alloc+0x5e/0xa0
[ 40.336038][ T920] __kmem_cache_alloc_node+0x203/0x2c0
[ 40.341517][ T920] __kmalloc_node_track_caller+0xa0/0x1e0
[ 40.347256][ T920] __alloc_skb+0x236/0x4b0
[ 40.351703][ T920] alloc_uevent_skb+0x85/0x240
[ 40.356492][ T920] kobject_uevent_net_broadcast+0x1b4/0x5b0
[ 40.362407][ T920] kobject_uevent_env+0x54f/0x730
[ 40.367450][ T920] kobject_uevent+0x1d/0x30
[ 40.371974][ T920] net_rx_queue_update_kobjects+0x249/0x4d0
[ 40.377919][ T920] page last free stack trace:
[ 40.382620][ T920] free_unref_page_prepare+0x742/0x750
[ 40.388108][ T920] free_unref_page+0x95/0x540
[ 40.392824][ T920] __free_pages+0x67/0x100
[ 40.397347][ T920] __free_slab+0xca/0x1a0
[ 40.401721][ T920] discard_slab+0x29/0x40
[ 40.406073][ T920] __slab_free+0x201/0x280
[ 40.410505][ T920] ___cache_free+0xbf/0xd0
[ 40.414948][ T920] qlist_free_all+0xc6/0x140
[ 40.419562][ T920] kasan_quarantine_reduce+0x14a/0x170
[ 40.425037][ T920] __kasan_slab_alloc+0x24/0x80
[ 40.429898][ T920] slab_post_alloc_hook+0x4f/0x2d0
[ 40.435023][ T920] __kmem_cache_alloc_node+0x192/0x2c0
[ 40.440493][ T920] kmalloc_trace+0x29/0xb0
[ 40.444914][ T920] ref_tracker_alloc+0x169/0x4a0
[ 40.449862][ T920] netdev_hold+0x80/0xc0
[ 40.454113][ T920] register_netdevice+0x102a/0x1530
[ 40.459322][ T920]
[ 40.461656][ T920] Memory state around the buggy address:
[ 40.467299][ T920] ffff88810fe92700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 40.475372][ T920] ffff88810fe92780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 40.483442][ T920] >ffff88810fe92800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 40.491530][ T920] ^
[ 40.497712][ T920] ffff88810fe92880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 40.505963][ T920] ffff88810fe92900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 40.514035][ T920] ==================================================================
[ 40.526220][ T920] Disabling lock debugging due to kernel taint
[ 40.531028][ T28] kauditd_printk_skb: 34 callbacks suppressed
[ 40.531058][ T28] audit: type=1400 audit(1776525937.318:108): avc: denied { read } for pid=84 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[ 40.561192][ T28] audit: type=1400 audit(1776525937.358:109): avc: denied { search } for pid=84 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 40.583375][ T28] audit: type=1400 audit(1776525937.358:110): avc: denied { write } for pid=84 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 40.604910][ T28] audit: type=1400 audit(1776525937.358:111): avc: denied { add_name } for pid=84 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 40.625616][ T28] audit: type=1400 audit(1776525937.358:112): avc: denied { create } for pid=84 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 40.651150][ T923] set_capacity_and_notify: 173 callbacks suppressed
[ 40.651166][ T923] loop2: detected capacity change from 0 to 1024
[ 40.654428][ T28] audit: type=1400 audit(1776525937.358:113): avc: denied { append open } for pid=84 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 40.687189][ T28] audit: type=1400 audit(1776525937.358:114): avc: denied { getattr } for pid=84 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 40.723604][ T926] loop2: detected capacity change from 0 to 1024
[ 40.752386][ T929] loop2: detected capacity change from 0 to 1024
[ 40.782122][ T932] loop2: detected capacity change from 0 to 1024
[ 40.811735][ T935] loop2: detected capacity change from 0 to 1024
[ 40.841403][ T938] loop2: detected capacity change from 0 to 1024
[ 40.872957][ T941] loop2: detected capacity change from 0 to 1024
[ 40.903217][ T944] loop2: detected capacity change from 0 to 1024
[ 40.942225][ T947] loop2: detected capacity change from 0 to 1024
[ 40.970584][ T950] loop2: detected capacity change from 0 to 1024
[ 42.245680][ T296] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
[ 42.257453][ T296] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[ 42.265883][ T296] CPU: 0 PID: 296 Comm: udevd Tainted: G B syzkaller #0
[ 42.274232][ T296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 42.284333][ T296] RIP: 0010:mas_ascend+0x228/0x740
[ 42.289494][ T296] Code: 89 c7 49 83 cf 04 48 8b 45 b0 42 80 3c 20 00 74 08 48 89 df e8 99 20 c7 fc 4c 89 3b 49 81 e6 00 ff ff ff 4c 89 f0 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 f7 e8 89 1f c7 fc 49 8b 1e 48 89 de 48
[ 42.309124][ T296] RSP: 0018:ffffc90001717568 EFLAGS: 00010246
[ 42.315222][ T296] RAX: 0000000000000000 RBX: ffffc90001717898 RCX: ffff8881212e1440
[ 42.323225][ T296] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 42.331216][ T296] RBP: ffffc900017175f0 R08: ffff8881212e1440 R09: 0000000000000003
[ 42.339220][ T296] R10: 0000000000000003 R11: 0000000000000000 R12: dffffc0000000000
[ 42.347206][ T296] R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000004
[ 42.355291][ T296] FS: 00007f5e90755880(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 42.364242][ T296] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 42.370843][ T296] CR2: 00007f5e8fe75000 CR3: 000000010d4e5000 CR4: 00000000003506b0
[ 42.378868][ T296] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 42.386869][ T296] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 42.394869][ T296] Call Trace:
[ 42.398180][ T296]
[ 42.401147][ T296] ? __stack_depot_save+0x36/0x480
[ 42.406290][ T296] ? kasan_set_track+0x60/0x70
[ 42.411105][ T296] mas_skip_node+0x107/0x6d0
[ 42.415723][ T296] ? kasan_record_aux_stack+0xe/0x10
[ 42.421010][ T296] ? __x64_sys_openat+0x136/0x160
[ 42.426037][ T296] ? x64_sys_call+0x783/0x9a0
[ 42.430739][ T296] mas_awalk+0x7fe/0xa60
[ 42.434989][ T296] mas_empty_area+0x3aa/0x7a0
[ 42.439672][ T296] vm_unmapped_area+0x315/0x9b0
[ 42.444533][ T296] ? mas_empty_area_rev+0x134f/0x1840
[ 42.449914][ T296] ? __cfi_vm_unmapped_area+0x10/0x10
[ 42.455299][ T296] ? vm_unmapped_area+0x843/0x9b0
[ 42.460322][ T296] arch_get_unmapped_area+0x4e7/0x660
[ 42.465692][ T296] ? kasan_record_aux_stack_noalloc+0xb/0x10
[ 42.471673][ T296] ? call_rcu+0xcf/0xf90
[ 42.475920][ T296] ? __cfi_arch_get_unmapped_area+0x10/0x10
[ 42.481812][ T296] arch_get_unmapped_area_topdown+0x47f/0x5b0
[ 42.487877][ T296] ? __cfi_arch_get_unmapped_area_topdown+0x10/0x10
[ 42.494476][ T296] ? __cfi_arch_get_unmapped_area_topdown+0x10/0x10
[ 42.501076][ T296] get_unmapped_area+0x203/0x380
[ 42.506016][ T296] do_mmap+0x32c/0xdd0
[ 42.510094][ T296] ? __cfi_do_mmap+0x10/0x10
[ 42.514683][ T296] ? percpu_counter_add_batch+0x13c/0x160
[ 42.520406][ T296] vm_mmap_pgoff+0x224/0x410
[ 42.525000][ T296] ? __cfi_vm_mmap_pgoff+0x10/0x10
[ 42.530104][ T296] ? generic_file_llseek_size+0x1fa/0x3a0
[ 42.535828][ T296] ksys_mmap_pgoff+0xf6/0x1d0
[ 42.540502][ T296] __x64_sys_mmap+0xfa/0x110
[ 42.545084][ T296] x64_sys_call+0x8fd/0x9a0
[ 42.549587][ T296] do_syscall_64+0x4c/0xa0
[ 42.553997][ T296] ? clear_bhb_loop+0x30/0x80
[ 42.558700][ T296] ? clear_bhb_loop+0x30/0x80
[ 42.563375][ T296] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 42.569261][ T296] RIP: 0033:0x7f5e9011d822
[ 42.573669][ T296] Code: 00 00 00 0f 1f 44 00 00 41 f7 c1 ff 0f 00 00 75 27 55 89 cd 53 48 89 fb 48 85 ff 74 3b 41 89 ea 48 89 df b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 76 5b 5d c3 0f 1f 00 48 8b 05 a1 35 0d 00 64
[ 42.593273][ T296] RSP: 002b:00007fff41df6e18 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 42.601685][ T296] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5e9011d822
[ 42.609671][ T296] RDX: 0000000000000003 RSI: 0000000000000200 RDI: 0000000000000000
[ 42.617649][ T296] RBP: 0000000000000022 R08: 00000000ffffffff R09: 0000000000000000
[ 42.625648][ T296] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000000
[ 42.633613][ T296] R13: 0000000000000000 R14: 000055b6979a87f0 R15: 00007f5e908763d8
[ 42.641585][ T296]
[ 42.644600][ T296] Modules linked in:
[ 42.648555][ T358] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#2] PREEMPT SMP KASAN
[ 42.660319][ T358] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[ 42.668727][ T358] CPU: 1 PID: 358 Comm: syz-executor Tainted: G B D syzkaller #0
[ 42.677659][ T358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 42.687707][ T358] RIP: 0010:mas_state_walk+0x485/0xa60
[ 42.693206][ T358] Code: eb 1a e8 7e 03 83 fc 48 c7 45 c8 00 00 00 00 45 31 ff 48 ba 00 00 00 00 00 fc ff df 48 89 d8 48 c1 e8 03 48 89 85 50 ff ff ff <80> 3c 10 00 74 08 48 89 df e8 bd 5f c8 fc 48 8b 45 d0 48 8b 18 48
[ 42.712862][ T358] RSP: 0000:ffffc900009a7c38 EFLAGS: 00010246
[ 42.718947][ T358] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff88811388a880
[ 42.726919][ T358] RDX: dffffc0000000000 RSI: ffffffff878dc410 RDI: 0000000000000000
[ 42.734883][ T358] RBP: ffffc900009a7ce8 R08: ffff88811388a880 R09: 0000000000000003
[ 42.742849][ T358] R10: 0000000000000003 R11: 0000000000000000 R12: 0000000000000000
[ 42.750817][ T358] R13: 0000000000000000 R14: ffffc900009a7db8 R15: 0000000000000000
[ 42.758798][ T358] FS: 0000555585cce500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 42.767721][ T358] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 42.774316][ T358] CR2: 0000000000000000 CR3: 000000012c430000 CR4: 00000000003506a0
[ 42.782286][ T358] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 42.790249][ T358] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 42.798222][ T358] Call Trace:
[ 42.801520][ T358]
[ 42.804467][ T358] ? memset+0x35/0x40
[ 42.808447][ T358] mas_walk+0xac/0x260
[ 42.812518][ T358] lock_vma_under_rcu+0xe3/0x4f0
[ 42.817468][ T358] ? get_timespec64+0x116/0x1b0
[ 42.822323][ T358] ? __cfi_lock_vma_under_rcu+0x10/0x10
[ 42.827861][ T358] ? common_nsleep+0x8f/0xb0
[ 42.832447][ T358] ? __se_sys_clock_nanosleep+0x31c/0x3b0
[ 42.838184][ T358] do_user_addr_fault+0x2fc/0x1050
[ 42.843296][ T358] exc_page_fault+0x51/0xb0
[ 42.847795][ T358] asm_exc_page_fault+0x27/0x30
[ 42.852666][ T358] RIP: 0033:0x7f38a446a7bf
[ 42.857079][ T358] Code: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <00> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 42.876681][ T358] RSP: 002b:00007ffc55134130 EFLAGS: 00010206
[ 42.882740][ T358] RAX: 0000000000000000 RBX: 00000000000000fb RCX: 00007f38a4557997
[ 42.890719][ T358] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 42.898686][ T358] RBP: 00007ffc5513416c R08: 0000000000000000 R09: 0000000000000000
[ 42.906651][ T358] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000001388
[ 42.914623][ T358] R13: 00000000000927c0 R14: 000000000000a4f8 R15: 00007ffc551341c0
[ 42.922597][ T358]
[ 42.925630][ T358] Modules linked in:
[ 42.929562][ C0] BUG: kernel NULL pointer dereference, address: 0000000000000904
[ 42.937416][ C0] #PF: supervisor write access in kernel mode
[ 42.943505][ C0] #PF: error_code(0x0002) - not-present page
[ 42.949494][ C0] PGD 0 P4D 0
[ 42.952883][ C0] Oops: 0002 [#3] PREEMPT SMP KASAN
[ 42.958074][ C0] CPU: 0 PID: 296 Comm: udevd Tainted: G B D syzkaller #0
[ 42.966413][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 42.976465][ C0] RIP: 0010:_raw_spin_lock_irqsave+0xcb/0x130
[ 42.982532][ C0] Code: 44 24 20 00 00 00 00 48 89 df be 04 00 00 00 e8 7b 69 b5 fc 4c 89 ff be 04 00 00 00 e8 6e 69 b5 fc 8b 44 24 20 b9 01 00 00 00 0f b1 0b 75 41 43 c6 44 2c 04 f8 48 c7 04 24 0e 36 e0 45 4b c7
[ 43.002141][ C0] RSP: 0018:ffffc90000007ae0 EFLAGS: 00010097
[ 43.008203][ C0] RAX: 0000000000000000 RBX: 0000000000000904 RCX: 0000000000000001
[ 43.016183][ C0] RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffffc90000007b00
[ 43.024234][ C0] RBP: ffffc90000007ba0 R08: 0000000000000003 R09: 0000000000000004
[ 43.032202][ C0] R10: dffffc0000000000 R11: fffff52000000f60 R12: 1ffff92000000f5c
[ 43.040169][ C0] R13: dffffc0000000000 R14: 0000000000000806 R15: ffffc90000007b00
[ 43.048134][ C0] FS: 00007f5e90755880(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 43.057076][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 43.063658][ C0] CR2: 0000000000000904 CR3: 000000010d4e5000 CR4: 00000000003506b0
[ 43.071645][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 43.079627][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 43.087598][ C0] Call Trace:
[ 43.090871][ C0]
[ 43.093710][ C0] ? __cfi__raw_spin_lock_irqsave+0x10/0x10
[ 43.099601][ C0] ? raise_softirq+0x7d/0xf0
[ 43.104186][ C0] try_to_wake_up+0x4d/0x1220
[ 43.108860][ C0] wake_up_process+0x10/0x20
[ 43.113461][ C0] insert_work+0x271/0x300
[ 43.117870][ C0] __queue_work+0x9b1/0xd30
[ 43.122380][ C0] delayed_work_timer_fn+0x61/0x80
[ 43.127576][ C0] ? __cfi_delayed_work_timer_fn+0x10/0x10
[ 43.133380][ C0] call_timer_fn+0x46/0x2a0
[ 43.137886][ C0] ? __cfi_delayed_work_timer_fn+0x10/0x10
[ 43.143689][ C0] __run_timers+0x689/0x9f0
[ 43.148247][ C0] ? calc_index+0x200/0x200
[ 43.152766][ C0] ? kvm_sched_clock_read+0x18/0x40
[ 43.157972][ C0] run_timer_softirq+0x6a/0xf0
[ 43.162747][ C0] handle_softirqs+0x1d7/0x600
[ 43.167530][ C0] __irq_exit_rcu+0x52/0xf0
[ 43.172075][ C0] irq_exit_rcu+0x9/0x10
[ 43.176330][ C0] sysvec_apic_timer_interrupt+0xa9/0xc0
[ 43.181965][ C0]
[ 43.184893][ C0]
[ 43.187821][ C0] asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 43.193809][ C0] RIP: 0010:oops_exit+0x0/0x30
[ 43.198579][ C0] Code: 0f 8c 0f ff ff ff 48 89 df e8 2c 8d c0 fc e9 02 ff ff ff 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 b8 0c 67 40 a5 <55> 48 89 e5 e8 27 31 7b fc e8 82 c9 4b fc 48 c7 c7 a0 e6 68 85 31
[ 43.218185][ C0] RSP: 0018:ffffc900017173a0 EFLAGS: 00000206
[ 43.224250][ C0] RAX: 0000000000000000 RBX: 000000000000000b RCX: ffff8881212e1440
[ 43.232217][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff87b5ff60
[ 43.240182][ C0] RBP: ffffc900017173b8 R08: ffffffff87b747e7 R09: 1ffffffff0f6e8fc
[ 43.248153][ C0] R10: dffffc0000000000 R11: fffffbfff0f6e8fd R12: ffffc90001717410
[ 43.256121][ C0] R13: dffffc0000000000 R14: 0000000000000293 R15: 0000000000000000
[ 43.264092][ C0] ? oops_end+0x46/0xd0
[ 43.268260][ C0] die_addr+0x61/0x70
[ 43.272239][ C0] exc_general_protection+0x13a/0x1e0
[ 43.277609][ C0] ? unwind_get_return_address+0x4d/0x90
[ 43.283259][ C0] asm_exc_general_protection+0x27/0x30
[ 43.288799][ C0] RIP: 0010:mas_ascend+0x228/0x740
[ 43.293898][ C0] Code: 89 c7 49 83 cf 04 48 8b 45 b0 42 80 3c 20 00 74 08 48 89 df e8 99 20 c7 fc 4c 89 3b 49 81 e6 00 ff ff ff 4c 89 f0 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 f7 e8 89 1f c7 fc 49 8b 1e 48 89 de 48
[ 43.313492][ C0] RSP: 0018:ffffc90001717568 EFLAGS: 00010246
[ 43.319553][ C0] RAX: 0000000000000000 RBX: ffffc90001717898 RCX: ffff8881212e1440
[ 43.327519][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 43.335497][ C0] RBP: ffffc900017175f0 R08: ffff8881212e1440 R09: 0000000000000003
[ 43.343468][ C0] R10: 0000000000000003 R11: 0000000000000000 R12: dffffc0000000000
[ 43.351440][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000004
[ 43.359436][ C0] ? mas_ascend+0x1e6/0x740
[ 43.363943][ C0] ? __stack_depot_save+0x36/0x480
[ 43.369059][ C0] ? kasan_set_track+0x60/0x70
[ 43.373819][ C0] mas_skip_node+0x107/0x6d0
[ 43.378429][ C0] ? kasan_record_aux_stack+0xe/0x10
[ 43.383715][ C0] ? __x64_sys_openat+0x136/0x160
[ 43.388739][ C0] ? x64_sys_call+0x783/0x9a0
[ 43.393414][ C0] mas_awalk+0x7fe/0xa60
[ 43.397662][ C0] mas_empty_area+0x3aa/0x7a0
[ 43.402337][ C0] vm_unmapped_area+0x315/0x9b0
[ 43.407191][ C0] ? mas_empty_area_rev+0x134f/0x1840
[ 43.412572][ C0] ? __cfi_vm_unmapped_area+0x10/0x10
[ 43.417945][ C0] ? vm_unmapped_area+0x843/0x9b0
[ 43.422968][ C0] arch_get_unmapped_area+0x4e7/0x660
[ 43.428341][ C0] ? kasan_record_aux_stack_noalloc+0xb/0x10
[ 43.434357][ C0] ? call_rcu+0xcf/0xf90
[ 43.438608][ C0] ? __cfi_arch_get_unmapped_area+0x10/0x10
[ 43.444519][ C0] arch_get_unmapped_area_topdown+0x47f/0x5b0
[ 43.450604][ C0] ? __cfi_arch_get_unmapped_area_topdown+0x10/0x10
[ 43.457188][ C0] ? __cfi_arch_get_unmapped_area_topdown+0x10/0x10
[ 43.463798][ C0] get_unmapped_area+0x203/0x380
[ 43.468736][ C0] do_mmap+0x32c/0xdd0
[ 43.472823][ C0] ? __cfi_do_mmap+0x10/0x10
[ 43.477413][ C0] ? percpu_counter_add_batch+0x13c/0x160
[ 43.483134][ C0] vm_mmap_pgoff+0x224/0x410
[ 43.487733][ C0] ? __cfi_vm_mmap_pgoff+0x10/0x10
[ 43.492851][ C0] ? generic_file_llseek_size+0x1fa/0x3a0
[ 43.498612][ C0] ksys_mmap_pgoff+0xf6/0x1d0
[ 43.503309][ C0] __x64_sys_mmap+0xfa/0x110
[ 43.507898][ C0] x64_sys_call+0x8fd/0x9a0
[ 43.512472][ C0] do_syscall_64+0x4c/0xa0
[ 43.516880][ C0] ? clear_bhb_loop+0x30/0x80
[ 43.521583][ C0] ? clear_bhb_loop+0x30/0x80
[ 43.526279][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 43.532177][ C0] RIP: 0033:0x7f5e9011d822
[ 43.536588][ C0] Code: 00 00 00 0f 1f 44 00 00 41 f7 c1 ff 0f 00 00 75 27 55 89 cd 53 48 89 fb 48 85 ff 74 3b 41 89 ea 48 89 df b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 76 5b 5d c3 0f 1f 00 48 8b 05 a1 35 0d 00 64
[ 43.556279][ C0] RSP: 002b:00007fff41df6e18 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 43.564685][ C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5e9011d822
[ 43.572657][ C0] RDX: 0000000000000003 RSI: 0000000000000200 RDI: 0000000000000000
[ 43.580621][ C0] RBP: 0000000000000022 R08: 00000000ffffffff R09: 0000000000000000
[ 43.588586][ C0] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000000
[ 43.596572][ C0] R13: 0000000000000000 R14: 000055b6979a87f0 R15: 00007f5e908763d8
[ 43.604544][ C0]
[ 43.607571][ C0] Modules linked in:
[ 43.611452][ C0] CR2: 0000000000000904
[ 43.615750][ C0] ---[ end trace 0000000000000000 ]---
[ 43.615754][ C1] general protection fault, probably for non-canonical address 0xbb87b96000a0f80d: 0000 [#4] PREEMPT SMP KASAN
[ 43.621212][ C0] RIP: 0010:mas_ascend+0x228/0x740
[ 43.632929][ C1] CPU: 1 PID: 358 Comm: syz-executor Tainted: G B D syzkaller #0
[ 43.638044][ C0] Code: 89 c7 49 83 cf 04 48 8b 45 b0 42 80 3c 20 00 74 08 48 89 df e8 99 20 c7 fc 4c 89 3b 49 81 e6 00 ff ff ff 4c 89 f0 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 f7 e8 89 1f c7 fc 49 8b 1e 48 89 de 48
[ 43.646975][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 43.666573][ C0] RSP: 0018:ffffc90001717568 EFLAGS: 00010246
[ 43.676651][ C1] RIP: 0010:__kmem_cache_alloc_node+0x123/0x2c0
[ 43.682755][ C0] RAX: 0000000000000000 RBX: ffffc90001717898 RCX: ffff8881212e1440
[ 43.689006][ C1] Code: 08 48 8b 38 48 85 ff 0f 84 e8 00 00 00 48 83 78 10 00 0f 84 dd 00 00 00 41 8b 47 28 48 8d 0c 07 49 8b 9f d8 00 00 00 48 0f c9 <48> 33 1c 07 48 31 cb 48 8d 4a 08 4d 8b 07 48 89 f8 65 49 0f c7 08
[ 43.696980][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 43.716586][ C1] RSP: 0000:ffffc900001b0be0 EFLAGS: 00010286
[ 43.724567][ C0] RBP: ffffc900017175f0 R08: ffff8881212e1440 R09: 0000000000000003
[ 43.724583][ C0] R10: 0000000000000003 R11: 0000000000000000 R12: dffffc0000000000
[ 43.730637][ C1] RAX: 0000000000000200 RBX: bbbd4973812809f2 RCX: 0df8a00060b987bb
[ 43.738608][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000004
[ 43.746605][ C1] RDX: 0000000000012cb1 RSI: 0000000000000400 RDI: bb87b96000a0f60d
[ 43.754586][ C0] FS: 00007f5e90755880(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 43.762573][ C1] RBP: ffffc900001b0c30 R08: ffffffff8304e002 R09: ffffffff8304e002
[ 43.770550][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 43.779492][ C1] R10: 00000000e3543993 R11: 00000000ffffffff R12: 0000000000082a20
[ 43.787461][ C0] CR2: 0000000000000904 CR3: 000000010d4e5000 CR4: 00000000003506b0
[ 43.794051][ C1] R13: 0000000000000000 R14: ffffffff8304e002 R15: ffff888100043080
[ 43.802029][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 43.809999][ C1] FS: 0000555585cce500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 43.817973][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 43.825953][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 43.834893][ C0] Kernel panic - not syncing: Fatal exception in interrupt
[ 43.842864][ C1] CR2: 0000000000000000 CR3: 000000012c430000 CR4: 00000000003506a0
[ 43.842880][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 43.842890][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 43.842901][ C1] Call Trace:
[ 43.842907][ C1]
[ 43.842914][ C1] ? wg_packet_send_keepalive+0x62/0x1d0
[ 43.842943][ C1] ? wg_packet_send_keepalive+0x62/0x1d0
[ 43.842966][ C1] __kmalloc_node_track_caller+0xa0/0x1e0
[ 43.842984][ C1] ? wg_packet_send_keepalive+0x62/0x1d0
[ 43.843006][ C1] __alloc_skb+0x236/0x4b0
[ 43.843030][ C1] wg_packet_send_keepalive+0x62/0x1d0
[ 43.843052][ C1] ? wg_expired_send_persistent_keepalive+0x44/0x80
[ 43.843076][ C1] wg_expired_send_persistent_keepalive+0x53/0x80
[ 43.843098][ C1] ? __cfi_wg_expired_send_persistent_keepalive+0x10/0x10
[ 43.843121][ C1] call_timer_fn+0x46/0x2a0
[ 43.843143][ C1] ? __cfi_wg_expired_send_persistent_keepalive+0x10/0x10
[ 43.843167][ C1] __run_timers+0x65b/0x9f0
[ 43.843191][ C1] ? calc_index+0x200/0x200
[ 43.843213][ C1] ? kvm_sched_clock_read+0x18/0x40
[ 43.843240][ C1] run_timer_softirq+0x6a/0xf0
[ 43.843270][ C1] handle_softirqs+0x1d7/0x600
[ 43.843289][ C1] __irq_exit_rcu+0x52/0xf0
[ 43.843305][ C1] irq_exit_rcu+0x9/0x10
[ 43.843320][ C1] sysvec_apic_timer_interrupt+0xa9/0xc0
[ 43.843340][ C1]
[ 43.843345][ C1]
[ 43.843350][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 43.843370][ C1] RIP: 0010:oops_exit+0x0/0x30
[ 43.843410][ C1] Code: 0f 8c 0f ff ff ff 48 89 df e8 2c 8d c0 fc e9 02 ff ff ff 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 b8 0c 67 40 a5 <55> 48 89 e5 e8 27 31 7b fc e8 82 c9 4b fc 48 c7 c7 a0 e6 68 85 31
[ 43.843423][ C1] RSP: 0000:ffffc900009a7a70 EFLAGS: 00000206
[ 43.843438][ C1] RAX: 0000000000000000 RBX: 000000000000000b RCX: ffff88811388a880
[ 43.843448][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff87b5ff60
[ 43.843459][ C1] RBP: ffffc900009a7a88 R08: ffffffff87b747e7 R09: 1ffffffff0f6e8fc
[ 43.843472][ C1] R10: dffffc0000000000 R11: fffffbfff0f6e8fd R12: ffffc900009a7ae0
[ 43.843484][ C1] R13: dffffc0000000000 R14: 0000000000000293 R15: 0000000000000000
[ 43.843499][ C1] ? oops_end+0x46/0xd0
[ 43.843517][ C1] die_addr+0x61/0x70
[ 43.843535][ C1] exc_general_protection+0x13a/0x1e0
[ 43.843560][ C1] asm_exc_general_protection+0x27/0x30
[ 43.843580][ C1] RIP: 0010:mas_state_walk+0x485/0xa60
[ 43.843604][ C1] Code: eb 1a e8 7e 03 83 fc 48 c7 45 c8 00 00 00 00 45 31 ff 48 ba 00 00 00 00 00 fc ff df 48 89 d8 48 c1 e8 03 48 89 85 50 ff ff ff <80> 3c 10 00 74 08 48 89 df e8 bd 5f c8 fc 48 8b 45 d0 48 8b 18 48
[ 43.843617][ C1] RSP: 0000:ffffc900009a7c38 EFLAGS: 00010246
[ 43.843630][ C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff88811388a880
[ 43.843641][ C1] RDX: dffffc0000000000 RSI: ffffffff878dc410 RDI: 0000000000000000
[ 43.843653][ C1] RBP: ffffc900009a7ce8 R08: ffff88811388a880 R09: 0000000000000003
[ 43.843664][ C1] R10: 0000000000000003 R11: 0000000000000000 R12: 0000000000000000
[ 43.843674][ C1] R13: 0000000000000000 R14: ffffc900009a7db8 R15: 0000000000000000
[ 43.843687][ C1] ? mas_state_walk+0x462/0xa60
[ 43.843709][ C1] ? memset+0x35/0x40
[ 43.843727][ C1] mas_walk+0xac/0x260
[ 43.843749][ C1] lock_vma_under_rcu+0xe3/0x4f0
[ 43.843765][ C1] ? get_timespec64+0x116/0x1b0
[ 43.843796][ C1] ? __cfi_lock_vma_under_rcu+0x10/0x10
[ 43.843812][ C1] ? common_nsleep+0x8f/0xb0
[ 43.843831][ C1] ? __se_sys_clock_nanosleep+0x31c/0x3b0
[ 43.843850][ C1] do_user_addr_fault+0x2fc/0x1050
[ 43.843876][ C1] exc_page_fault+0x51/0xb0
[ 43.843897][ C1] asm_exc_page_fault+0x27/0x30
[ 43.843916][ C1] RIP: 0033:0x7f38a446a7bf
[ 43.843929][ C1] Code: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <00> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 43.843942][ C1] RSP: 002b:00007ffc55134130 EFLAGS: 00010206
[ 43.843955][ C1] RAX: 0000000000000000 RBX: 00000000000000fb RCX: 00007f38a4557997
[ 43.843966][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 43.843975][ C1] RBP: 00007ffc5513416c R08: 0000000000000000 R09: 0000000000000000
[ 43.843986][ C1] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000001388
[ 43.843996][ C1] R13: 00000000000927c0 R14: 000000000000a4f8 R15: 00007ffc551341c0
[ 43.844010][ C1]
[ 43.844015][ C1] Modules linked in:
[ 43.851159][ C0] Kernel Offset: disabled
[ 44.296329][ C0] Rebooting in 86400 seconds..