rocess permissive=1 [ 15.023697][ T24] audit: type=1400 audit(1768949999.999:63): avc: denied { siginh } for pid=232 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.0.45' (ED25519) to the list of known hosts. 2026/01/20 23:00:24 parsed 1 programs [ 39.393782][ T24] audit: type=1400 audit(1768950024.399:64): avc: denied { node_bind } for pid=275 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 39.414966][ T24] audit: type=1400 audit(1768950024.399:65): avc: denied { create } for pid=275 comm="syz-execprog" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 39.434704][ T24] audit: type=1400 audit(1768950024.399:66): avc: denied { module_request } for pid=275 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 40.004090][ T24] audit: type=1400 audit(1768950025.009:67): avc: denied { mounton } for pid=281 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 40.005063][ T281] cgroup: Unknown subsys name 'net' [ 40.026766][ T24] audit: type=1400 audit(1768950025.009:68): avc: denied { mount } for pid=281 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 40.054112][ T24] audit: type=1400 audit(1768950025.039:69): avc: denied { unmount } for pid=281 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 40.054344][ T281] cgroup: Unknown subsys name 'devices' [ 40.231582][ T281] cgroup: Unknown subsys name 'hugetlb' [ 40.237202][ T281] cgroup: Unknown subsys name 'rlimit' [ 40.409002][ T24] audit: type=1400 audit(1768950025.409:70): avc: denied { setattr } for pid=281 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=253 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 40.432425][ T24] audit: type=1400 audit(1768950025.409:71): avc: denied { create } for pid=281 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 40.436820][ T286] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 40.452828][ T24] audit: type=1400 audit(1768950025.409:72): avc: denied { write } for pid=281 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 40.481637][ T24] audit: type=1400 audit(1768950025.409:73): avc: denied { read } for pid=281 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 40.507714][ T281] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 40.959371][ T288] request_module fs-gadgetfs succeeded, but still no fs? [ 40.968734][ T288] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 41.386391][ T330] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.393841][ T330] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.401261][ T330] device bridge_slave_0 entered promiscuous mode [ 41.407968][ T330] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.415042][ T330] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.422317][ T330] device bridge_slave_1 entered promiscuous mode [ 41.458902][ T330] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.465950][ T330] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.473204][ T330] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.480220][ T330] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.494920][ T7] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.502385][ T7] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.509561][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 41.517082][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 41.526316][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 41.534506][ T7] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.541524][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.551363][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 41.559513][ T7] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.566543][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.577071][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 41.586812][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 41.598309][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 41.608875][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 41.616877][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 41.624388][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 41.632498][ T330] device veth0_vlan entered promiscuous mode [ 41.642098][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 41.650823][ T330] device veth1_macvtap entered promiscuous mode [ 41.658981][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 41.668420][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 2026/01/20 23:00:26 executed programs: 0 [ 41.893833][ T354] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.901089][ T354] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.908419][ T354] device bridge_slave_0 entered promiscuous mode [ 41.918787][ T354] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.925829][ T354] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.933176][ T354] device bridge_slave_1 entered promiscuous mode [ 41.970651][ T354] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.977762][ T354] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.985008][ T354] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.992018][ T354] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.012952][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 42.020431][ T342] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.027512][ T342] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.036663][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 42.044843][ T342] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.051877][ T342] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.064104][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 42.072247][ T342] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.079246][ T342] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.090424][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 42.108590][ T354] device veth0_vlan entered promiscuous mode [ 42.115249][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 42.123578][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 42.131918][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 42.139206][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 42.146582][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 42.161252][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 42.170216][ T354] device veth1_macvtap entered promiscuous mode [ 42.178617][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 42.188069][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 42.331873][ T359] F2FS-fs (loop2): invalid crc value [ 42.341638][ T359] F2FS-fs (loop2): Found nat_bits in checkpoint [ 42.373929][ T359] F2FS-fs (loop2): Start checkpoint disabled! [ 42.381773][ T359] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 42.429538][ T359] ------------[ cut here ]------------ [ 42.435046][ T359] WARNING: CPU: 0 PID: 359 at fs/f2fs/segment.c:2582 new_curseg+0xe4f/0x1880 [ 42.443798][ T359] Modules linked in: [ 42.447691][ T359] CPU: 0 PID: 359 Comm: syz.2.17 Not tainted syzkaller #0 [ 42.454815][ T359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 42.464944][ T359] RIP: 0010:new_curseg+0xe4f/0x1880 [ 42.470174][ T359] Code: 0b 4c 8b bd 30 ff ff ff 4c 89 ff be 08 00 00 00 e8 66 d0 91 ff f0 41 80 0f 04 41 b5 01 45 89 f7 e9 4d fb ff ff e8 f1 51 57 ff <0f> 0b 4c 8b a5 30 ff ff ff 4c 89 e7 be 08 00 00 00 e8 3b d0 91 ff [ 42.489804][ T359] RSP: 0018:ffffc90000d67718 EFLAGS: 00010293 [ 42.495870][ T359] RAX: ffffffff820d625f RBX: ffff88810f53df98 RCX: ffff88810d74a780 [ 42.503941][ T359] RDX: 0000000000000000 RSI: 0000000000000018 RDI: 0000000000000018 [ 42.511947][ T359] RBP: ffffc90000d67808 R08: 0000000000000003 R09: 0000000000000004 [ 42.519971][ T359] R10: dffffc0000000000 R11: fffff520001aced4 R12: 0000000000000018 [ 42.527916][ T359] R13: 1ffff11021ea7bf3 R14: 0000000000000018 R15: 0000000000000004 [ 42.535942][ T359] FS: 000055556d1c1500(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 42.544938][ T359] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 42.551523][ T359] CR2: 0000001b32d63fff CR3: 000000010fc19000 CR4: 00000000003506b0 [ 42.559481][ T359] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 42.567461][ T359] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 42.575446][ T359] Call Trace: [ 42.578716][ T359] __allocate_new_segment+0x13d/0x810 [ 42.584089][ T359] f2fs_allocate_new_section+0x1f3/0x290 [ 42.589709][ T359] ? new_curseg+0x1880/0x1880 [ 42.594407][ T359] ? __kasan_check_write+0x14/0x20 [ 42.599497][ T359] ? down_read_trylock+0x106/0x160 [ 42.604609][ T359] ? __init_rwsem+0x1c0/0x1c0 [ 42.609271][ T359] ? has_not_enough_free_secs+0x3d7/0x8a0 [ 42.614990][ T359] expand_inode_data+0x5f7/0x9a0 [ 42.619963][ T359] ? f2fs_insert_range+0x5d0/0x5d0 [ 42.625046][ T359] ? inode_dio_wait+0x25a/0x2d0 [ 42.629902][ T359] ? file_update_time+0x2f1/0x440 [ 42.634907][ T359] ? inode_owner_or_capable+0x140/0x140 [ 42.640453][ T359] f2fs_fallocate+0x42b/0x7e0 [ 42.645115][ T359] vfs_fallocate+0x4b4/0x590 [ 42.649671][ T359] do_vfs_ioctl+0x1154/0x14c0 [ 42.654353][ T359] ? __ia32_compat_sys_ioctl+0x8e0/0x8e0 [ 42.660002][ T359] ? has_cap_mac_admin+0x370/0x370 [ 42.665092][ T359] ? kmem_cache_free+0x100/0x2d0 [ 42.670032][ T359] ? selinux_file_ioctl+0x3a0/0x4d0 [ 42.675215][ T359] ? putname+0xfe/0x150 [ 42.679339][ T359] ? selinux_file_alloc_security+0x120/0x120 [ 42.685313][ T359] ? do_sys_openat2+0x68e/0x750 [ 42.690239][ T359] ? __se_sys_futex+0x2ba/0x370 [ 42.695065][ T359] ? __kasan_check_write+0x14/0x20 [ 42.700349][ T359] ? security_file_ioctl+0x84/0xa0 [ 42.705435][ T359] __se_sys_ioctl+0x9f/0x1a0 [ 42.710030][ T359] __x64_sys_ioctl+0x7b/0x90 [ 42.714600][ T359] do_syscall_64+0x31/0x40 [ 42.718989][ T359] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 42.724884][ T359] RIP: 0033:0x7f65486f5cb9 [ 42.729278][ T359] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 42.748967][ T359] RSP: 002b:00007fff1a439548 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 42.757390][ T359] RAX: ffffffffffffffda RBX: 00007f6548970fa0 RCX: 00007f65486f5cb9 [ 42.765554][ T359] RDX: 00002000000000c0 RSI: 0000000040305828 RDI: 0000000000000005 [ 42.773545][ T359] RBP: 00007f6548763bf7 R08: 0000000000000000 R09: 0000000000000000 [ 42.781551][ T359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 42.789500][ T359] R13: 00007f6548970fac R14: 00007f6548970fa0 R15: 00007f6548970fa0 [ 42.797477][ T359] ---[ end trace 57b5eb8178693fa7 ]--- [ 42.802980][ T359] ------------[ cut here ]------------ [ 42.808412][ T359] WARNING: CPU: 0 PID: 359 at fs/f2fs/segment.c:2636 new_curseg+0x14a6/0x1880 [ 42.817243][ T359] Modules linked in: [ 42.821137][ T359] CPU: 0 PID: 359 Comm: syz.2.17 Tainted: G W syzkaller #0 [ 42.829597][ T359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 42.839672][ T359] RIP: 0010:new_curseg+0x14a6/0x1880 [ 42.844966][ T359] Code: ff e8 be 4b 57 ff 0f 0b 4c 8b 75 d0 49 8d 7e 78 be 08 00 00 00 e8 0a ca 91 ff f0 41 80 4e 78 04 e9 d4 ed ff ff e8 9a 4b 57 ff <0f> 0b 48 8b 5d d0 48 8d 7b 78 be 08 00 00 00 e8 e6 c9 91 ff f0 80 [ 42.864727][ T359] RSP: 0018:ffffc90000d67718 EFLAGS: 00010293 [ 42.870873][ T359] RAX: ffffffff820d68b6 RBX: ffff88810f544501 RCX: ffff88810d74a780 [ 42.878832][ T359] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002 [ 42.886820][ T359] RBP: ffffc90000d67808 R08: ffff88810f54457f R09: 1ffff11021ea88af [ 42.894807][ T359] R10: dffffc0000000000 R11: ffffed1021ea88b0 R12: 0000000000000000 [ 42.902780][ T359] R13: 0000000000000018 R14: 0000000000000001 R15: 0000000000000018 [ 42.910758][ T359] FS: 000055556d1c1500(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 42.919664][ T359] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 42.926242][ T359] CR2: 0000001b32d63fff CR3: 000000010fc19000 CR4: 00000000003506b0 [ 42.934222][ T359] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 42.942304][ T359] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 42.950391][ T359] Call Trace: [ 42.953672][ T359] __allocate_new_segment+0x13d/0x810 [ 42.959016][ T359] f2fs_allocate_new_section+0x1f3/0x290 [ 42.964666][ T359] ? new_curseg+0x1880/0x1880 [ 42.969328][ T359] ? __kasan_check_write+0x14/0x20 [ 42.974447][ T359] ? down_read_trylock+0x106/0x160 [ 42.979548][ T359] ? __init_rwsem+0x1c0/0x1c0 [ 42.984257][ T359] ? has_not_enough_free_secs+0x3d7/0x8a0 [ 42.989992][ T359] expand_inode_data+0x5f7/0x9a0 [ 42.994926][ T359] ? f2fs_insert_range+0x5d0/0x5d0 [ 43.000103][ T359] ? inode_dio_wait+0x25a/0x2d0 [ 43.004946][ T359] ? file_update_time+0x2f1/0x440 [ 43.009976][ T359] ? inode_owner_or_capable+0x140/0x140 [ 43.015609][ T359] f2fs_fallocate+0x42b/0x7e0 [ 43.020375][ T359] vfs_fallocate+0x4b4/0x590 [ 43.024949][ T359] do_vfs_ioctl+0x1154/0x14c0 [ 43.029594][ T359] ? __ia32_compat_sys_ioctl+0x8e0/0x8e0 [ 43.035277][ T359] ? has_cap_mac_admin+0x370/0x370 [ 43.040406][ T359] ? kmem_cache_free+0x100/0x2d0 [ 43.045323][ T359] ? selinux_file_ioctl+0x3a0/0x4d0 [ 43.050512][ T359] ? putname+0xfe/0x150 [ 43.054652][ T359] ? selinux_file_alloc_security+0x120/0x120 [ 43.060713][ T359] ? do_sys_openat2+0x68e/0x750 [ 43.065559][ T359] ? __se_sys_futex+0x2ba/0x370 [ 43.070446][ T359] ? __kasan_check_write+0x14/0x20 [ 43.075561][ T359] ? security_file_ioctl+0x84/0xa0 [ 43.080673][ T359] __se_sys_ioctl+0x9f/0x1a0 [ 43.085249][ T359] __x64_sys_ioctl+0x7b/0x90 [ 43.089810][ T359] do_syscall_64+0x31/0x40 [ 43.094231][ T359] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 43.100225][ T359] RIP: 0033:0x7f65486f5cb9 [ 43.104611][ T359] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 43.124224][ T359] RSP: 002b:00007fff1a439548 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 43.132670][ T359] RAX: ffffffffffffffda RBX: 00007f6548970fa0 RCX: 00007f65486f5cb9 [ 43.140641][ T359] RDX: 00002000000000c0 RSI: 0000000040305828 RDI: 0000000000000005 [ 43.148590][ T359] RBP: 00007f6548763bf7 R08: 0000000000000000 R09: 0000000000000000 [ 43.156557][ T359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 43.164528][ T359] R13: 00007f6548970fac R14: 00007f6548970fa0 R15: 00007f6548970fa0 [ 43.172501][ T359] ---[ end trace 57b5eb8178693fa8 ]--- [ 43.177982][ T359] ================================================================== [ 43.186033][ T359] BUG: KASAN: slab-out-of-bounds in reset_curseg+0x4dd/0x560 [ 43.193367][ T359] Read of size 4 at addr ffff888110609bc0 by task syz.2.17/359 [ 43.200872][ T359] [ 43.203170][ T359] CPU: 1 PID: 359 Comm: syz.2.17 Tainted: G W syzkaller #0 [ 43.211626][ T359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 43.221654][ T359] Call Trace: [ 43.224912][ T359] __dump_stack+0x21/0x24 [ 43.229204][ T359] dump_stack_lvl+0x1a7/0x208 [ 43.233846][ T359] ? show_regs_print_info+0x18/0x18 [ 43.239007][ T359] ? thaw_kernel_threads+0x220/0x220 [ 43.244261][ T359] print_address_description+0x7f/0x2c0 [ 43.249770][ T359] ? reset_curseg+0x4dd/0x560 [ 43.254413][ T359] kasan_report+0xe2/0x130 [ 43.258799][ T359] ? reset_curseg+0x4dd/0x560 [ 43.263445][ T359] __asan_report_load4_noabort+0x14/0x20 [ 43.269042][ T359] reset_curseg+0x4dd/0x560 [ 43.273518][ T359] new_curseg+0x12e8/0x1880 [ 43.277993][ T359] __allocate_new_segment+0x13d/0x810 [ 43.283332][ T359] f2fs_allocate_new_section+0x1f3/0x290 [ 43.288930][ T359] ? new_curseg+0x1880/0x1880 [ 43.293571][ T359] ? __kasan_check_write+0x14/0x20 [ 43.298645][ T359] ? down_read_trylock+0x106/0x160 [ 43.303723][ T359] ? __init_rwsem+0x1c0/0x1c0 [ 43.308365][ T359] ? has_not_enough_free_secs+0x3d7/0x8a0 [ 43.314049][ T359] expand_inode_data+0x5f7/0x9a0 [ 43.318949][ T359] ? f2fs_insert_range+0x5d0/0x5d0 [ 43.324027][ T359] ? inode_dio_wait+0x25a/0x2d0 [ 43.328844][ T359] ? file_update_time+0x2f1/0x440 [ 43.333842][ T359] ? inode_owner_or_capable+0x140/0x140 [ 43.339450][ T359] f2fs_fallocate+0x42b/0x7e0 [ 43.344104][ T359] vfs_fallocate+0x4b4/0x590 [ 43.348664][ T359] do_vfs_ioctl+0x1154/0x14c0 [ 43.353306][ T359] ? __ia32_compat_sys_ioctl+0x8e0/0x8e0 [ 43.358904][ T359] ? has_cap_mac_admin+0x370/0x370 [ 43.363984][ T359] ? kmem_cache_free+0x100/0x2d0 [ 43.368890][ T359] ? selinux_file_ioctl+0x3a0/0x4d0 [ 43.374060][ T359] ? putname+0xfe/0x150 [ 43.378188][ T359] ? selinux_file_alloc_security+0x120/0x120 [ 43.384157][ T359] ? do_sys_openat2+0x68e/0x750 [ 43.388976][ T359] ? __se_sys_futex+0x2ba/0x370 [ 43.393795][ T359] ? __kasan_check_write+0x14/0x20 [ 43.398872][ T359] ? security_file_ioctl+0x84/0xa0 [ 43.404089][ T359] __se_sys_ioctl+0x9f/0x1a0 [ 43.408654][ T359] __x64_sys_ioctl+0x7b/0x90 [ 43.413215][ T359] do_syscall_64+0x31/0x40 [ 43.417619][ T359] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 43.423484][ T359] RIP: 0033:0x7f65486f5cb9 [ 43.427870][ T359] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 43.447542][ T359] RSP: 002b:00007fff1a439548 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 43.455924][ T359] RAX: ffffffffffffffda RBX: 00007f6548970fa0 RCX: 00007f65486f5cb9 [ 43.463868][ T359] RDX: 00002000000000c0 RSI: 0000000040305828 RDI: 0000000000000005 [ 43.471811][ T359] RBP: 00007f6548763bf7 R08: 0000000000000000 R09: 0000000000000000 [ 43.479748][ T359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 43.487690][ T359] R13: 00007f6548970fac R14: 00007f6548970fa0 R15: 00007f6548970fa0 [ 43.495631][ T359] [ 43.497925][ T359] Allocated by task 359: [ 43.502139][ T359] __kasan_kmalloc+0xda/0x110 [ 43.506780][ T359] __kmalloc+0x1a4/0x330 [ 43.510987][ T359] kvmalloc_node+0x88/0x130 [ 43.515456][ T359] f2fs_build_segment_manager+0xdba/0x4900 [ 43.521234][ T359] f2fs_fill_super+0x4a4a/0x72e0 [ 43.526138][ T359] mount_bdev+0x28b/0x3a0 [ 43.530431][ T359] f2fs_mount+0x34/0x40 [ 43.534551][ T359] legacy_get_tree+0xed/0x190 [ 43.539194][ T359] vfs_get_tree+0x89/0x260 [ 43.543578][ T359] do_new_mount+0x25a/0xa20 [ 43.548047][ T359] path_mount+0x585/0xc90 [ 43.552340][ T359] __se_sys_mount+0x320/0x390 [ 43.556980][ T359] __x64_sys_mount+0xbf/0xd0 [ 43.561538][ T359] do_syscall_64+0x31/0x40 [ 43.565921][ T359] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 43.571773][ T359] [ 43.574072][ T359] The buggy address belongs to the object at ffff888110609800 [ 43.574072][ T359] which belongs to the cache kmalloc-1k of size 1024 [ 43.588090][ T359] The buggy address is located 960 bytes inside of [ 43.588090][ T359] 1024-byte region [ffff888110609800, ffff888110609c00) [ 43.601430][ T359] The buggy address belongs to the page: [ 43.607048][ T359] page:ffffea0004418200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x110608 [ 43.617332][ T359] head:ffffea0004418200 order:3 compound_mapcount:0 compound_pincount:0 [ 43.625625][ T359] flags: 0x4000000000010200(slab|head) [ 43.631054][ T359] raw: 4000000000010200 ffffea0004417600 0000000300000003 ffff888100042f00 [ 43.639600][ T359] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 43.648146][ T359] page dumped because: kasan: bad access detected [ 43.654522][ T359] page_owner tracks the page as allocated [ 43.660210][ T359] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 100, ts 3419606301, free_ts 0 [ 43.678243][ T359] prep_new_page+0x179/0x180 [ 43.682802][ T359] get_page_from_freelist+0x223b/0x23d0 [ 43.688311][ T359] __alloc_pages_nodemask+0x290/0x620 [ 43.693648][ T359] new_slab+0x84/0x3f0 [ 43.697686][ T359] ___slab_alloc+0x2a6/0x450 [ 43.702240][ T359] __slab_alloc+0x63/0xa0 [ 43.706536][ T359] __kmalloc_track_caller+0x1ec/0x320 [ 43.711872][ T359] __alloc_skb+0xdc/0x520 [ 43.716165][ T359] netlink_sendmsg+0x605/0xb50 [ 43.720896][ T359] ____sys_sendmsg+0x5b7/0x8f0 [ 43.725625][ T359] ___sys_sendmsg+0x236/0x2e0 [ 43.730267][ T359] __x64_sys_sendmsg+0x1f9/0x2c0 [ 43.735169][ T359] do_syscall_64+0x31/0x40 [ 43.739554][ T359] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 43.745406][ T359] page_owner free stack trace missing [ 43.750742][ T359] [ 43.753035][ T359] Memory state around the buggy address: [ 43.758630][ T359] ffff888110609a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 43.766660][ T359] ffff888110609b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 43.774687][ T359] >ffff888110609b80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 43.782891][ T359] ^ [ 43.789007][ T359] ffff888110609c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.797032][ T359] ffff888110609c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.805063][ T359] ================================================================== [ 43.813088][ T359] Disabling lock debugging due to kernel taint [ 43.825041][ T359] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN [ 43.836761][ T359] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 43.845160][ T359] CPU: 0 PID: 359 Comm: syz.2.17 Tainted: G B W syzkaller #0 [ 43.853624][ T359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 43.863660][ T359] RIP: 0010:update_sit_entry+0x3eb/0xf50 [ 43.869264][ T359] Code: 89 45 a8 49 01 c5 41 f6 d7 41 80 e7 07 44 89 f9 41 bf 01 00 00 00 41 d3 e7 4d 89 ee 49 c1 ee 03 48 b8 00 00 00 00 00 fc ff df <41> 0f b6 04 06 84 c0 0f 85 a5 08 00 00 41 0f b6 5d 00 44 89 f8 41 [ 43.888842][ T359] RSP: 0018:ffffc90000d67330 EFLAGS: 00010246 [ 43.894887][ T359] RAX: dffffc0000000000 RBX: ffff888110609bc8 RCX: 0000000000000007 [ 43.902830][ T359] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff888110609bc8 [ 43.910775][ T359] RBP: ffffc90000d673b0 R08: ffff88810d74a780 R09: 0000000000000003 [ 43.918721][ T359] R10: 00000000ffffffff R11: 0000000000000000 R12: 0000000000004000 [ 43.926663][ T359] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000080 [ 43.934607][ T359] FS: 000055556d1c1500(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 43.943513][ T359] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 43.950073][ T359] CR2: 0000001b32d63fff CR3: 000000010fc19000 CR4: 00000000003506b0 [ 43.958018][ T359] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 43.965960][ T359] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 43.973909][ T359] Call Trace: [ 43.977177][ T359] ? __asan_report_store8_noabort+0x17/0x20 [ 43.983042][ T359] f2fs_allocate_data_block+0x159c/0x3a20 [ 43.988731][ T359] ? _raw_spin_trylock_bh+0x150/0x150 [ 43.994071][ T359] ? __dquot_alloc_space+0x2bd/0xb80 [ 43.999327][ T359] ? _raw_spin_unlock+0x4d/0x70 [ 44.004152][ T359] ? f2fs_inode_dirtied+0x26b/0x2a0 [ 44.009319][ T359] ? f2fs_io_type_to_rw_hint+0x1e0/0x1e0 [ 44.014924][ T359] ? f2fs_mark_inode_dirty_sync+0x110/0x140 [ 44.020804][ T359] ? inc_valid_block_count+0x562/0xa90 [ 44.026254][ T359] __allocate_data_block+0x553/0x9d0 [ 44.031517][ T359] ? f2fs_map_blocks+0x35a0/0x35a0 [ 44.036608][ T359] f2fs_map_blocks+0xda4/0x35a0 [ 44.041435][ T359] ? __kasan_check_write+0x14/0x20 [ 44.046520][ T359] ? f2fs_do_map_lock+0x2e0/0x2e0 [ 44.051516][ T359] ? __kasan_check_write+0x14/0x20 [ 44.056599][ T359] ? down_read_trylock+0x106/0x160 [ 44.061691][ T359] expand_inode_data+0x626/0x9a0 [ 44.066600][ T359] ? f2fs_insert_range+0x5d0/0x5d0 [ 44.071682][ T359] ? inode_dio_wait+0x25a/0x2d0 [ 44.076511][ T359] ? file_update_time+0x2f1/0x440 [ 44.081594][ T359] ? inode_owner_or_capable+0x140/0x140 [ 44.087110][ T359] f2fs_fallocate+0x42b/0x7e0 [ 44.091761][ T359] vfs_fallocate+0x4b4/0x590 [ 44.096324][ T359] do_vfs_ioctl+0x1154/0x14c0 [ 44.100971][ T359] ? __ia32_compat_sys_ioctl+0x8e0/0x8e0 [ 44.106574][ T359] ? has_cap_mac_admin+0x370/0x370 [ 44.111655][ T359] ? kmem_cache_free+0x100/0x2d0 [ 44.116562][ T359] ? selinux_file_ioctl+0x3a0/0x4d0 [ 44.121819][ T359] ? putname+0xfe/0x150 [ 44.125946][ T359] ? selinux_file_alloc_security+0x120/0x120 [ 44.131892][ T359] ? do_sys_openat2+0x68e/0x750 [ 44.136714][ T359] ? __se_sys_futex+0x2ba/0x370 [ 44.141536][ T359] ? __kasan_check_write+0x14/0x20 [ 44.146704][ T359] ? security_file_ioctl+0x84/0xa0 [ 44.151794][ T359] __se_sys_ioctl+0x9f/0x1a0 [ 44.156363][ T359] __x64_sys_ioctl+0x7b/0x90 [ 44.160924][ T359] do_syscall_64+0x31/0x40 [ 44.165313][ T359] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 44.171263][ T359] RIP: 0033:0x7f65486f5cb9 [ 44.175650][ T359] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 44.195397][ T359] RSP: 002b:00007fff1a439548 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 44.203780][ T359] RAX: ffffffffffffffda RBX: 00007f6548970fa0 RCX: 00007f65486f5cb9 [ 44.211730][ T359] RDX: 00002000000000c0 RSI: 0000000040305828 RDI: 0000000000000005 [ 44.219672][ T359] RBP: 00007f6548763bf7 R08: 0000000000000000 R09: 0000000000000000 [ 44.227613][ T359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 44.235556][ T359] R13: 00007f6548970fac R14: 00007f6548970fa0 R15: 00007f6548970fa0 [ 44.243500][ T359] Modules linked in: [ 44.249070][ T359] ---[ end trace 57b5eb8178693fa9 ]--- [ 44.254663][ T359] RIP: 0010:update_sit_entry+0x3eb/0xf50 [ 44.260340][ T359] Code: 89 45 a8 49 01 c5 41 f6 d7 41 80 e7 07 44 89 f9 41 bf 01 00 00 00 41 d3 e7 4d 89 ee 49 c1 ee 03 48 b8 00 00 00 00 00 fc ff df <41> 0f b6 04 06 84 c0 0f 85 a5 08 00 00 41 0f b6 5d 00 44 89 f8 41 [ 44.280005][ T359] RSP: 0018:ffffc90000d67330 EFLAGS: 00010246 [ 44.286140][ T359] RAX: dffffc0000000000 RBX: ffff888110609bc8 RCX: 0000000000000007 [ 44.294107][ T359] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff888110609bc8 [ 44.302075][ T359] RBP: ffffc90000d673b0 R08: ffff88810d74a780 R09: 0000000000000003 [ 44.310054][ T359] R10: 00000000ffffffff R11: 0000000000000000 R12: 0000000000004000 [ 44.318009][ T359] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000080 [ 44.325982][ T359] FS: 000055556d1c1500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 44.334918][ T359] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 44.341510][ T359] CR2: 00007efbfeeba000 CR3: 000000010fc19000 CR4: 00000000003506a0 [ 44.349469][ T359] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 44.357565][ T359] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 44.365538][ T359] Kernel panic - not syncing: Fatal exception [ 44.371838][ T359] Kernel Offset: disabled [ 44.376140][ T359] Rebooting in 86400 seconds..