Warning: Permanently added '10.128.1.152' (ED25519) to the list of known hosts.
2026/01/06 19:35:41 ignoring optional flag "type"="gce"
2026/01/06 19:35:41 parsed 1 programs
[ 42.177474][ T24] kauditd_printk_skb: 18 callbacks suppressed
[ 42.177487][ T24] audit: type=1400 audit(1767728141.530:92): avc: denied { unlink } for pid=318 comm="syz-executor" name="swap-file" dev="sda1" ino=2027 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
2026/01/06 19:35:41 executed programs: 0
[ 42.259730][ T318] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 42.312466][ T325] bridge0: port 1(bridge_slave_0) entered blocking state
[ 42.319860][ T325] bridge0: port 1(bridge_slave_0) entered disabled state
[ 42.327784][ T325] device bridge_slave_0 entered promiscuous mode
[ 42.334729][ T325] bridge0: port 2(bridge_slave_1) entered blocking state
[ 42.341938][ T325] bridge0: port 2(bridge_slave_1) entered disabled state
[ 42.349344][ T325] device bridge_slave_1 entered promiscuous mode
[ 42.384824][ T325] bridge0: port 2(bridge_slave_1) entered blocking state
[ 42.392184][ T325] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 42.399596][ T325] bridge0: port 1(bridge_slave_0) entered blocking state
[ 42.406729][ T325] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 42.424161][ T295] bridge0: port 1(bridge_slave_0) entered disabled state
[ 42.431663][ T295] bridge0: port 2(bridge_slave_1) entered disabled state
[ 42.438974][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 42.446564][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 42.455753][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 42.464060][ T295] bridge0: port 1(bridge_slave_0) entered blocking state
[ 42.471484][ T295] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 42.480682][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 42.489054][ T295] bridge0: port 2(bridge_slave_1) entered blocking state
[ 42.496647][ T295] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 42.509111][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 42.518818][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 42.532458][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 42.544008][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 42.552513][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 42.560303][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 42.569794][ T325] device veth0_vlan entered promiscuous mode
[ 42.580439][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 42.589772][ T325] device veth1_macvtap entered promiscuous mode
[ 42.599256][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 42.609675][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 42.636665][ T24] audit: type=1400 audit(1767728141.990:93): avc: denied { mounton } for pid=329 comm="syz-executor.0" path="/root/syzkaller-testdir3171245629/syzkaller.QcypSJ/0/file1" dev="sda1" ino=2036 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[ 42.673640][ T330] EXT4-fs (loop0): 1 orphan inode deleted
[ 42.679694][ T330] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,norecovery,dioread_lock,errors=remount-ro,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_alloc,max_dir_size_kb=0x00000000000004e1,
[ 42.701909][ T24] audit: type=1400 audit(1767728142.060:94): avc: denied { mount } for pid=329 comm="syz-executor.0" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 42.701929][ T330] ext4 filesystem being mounted at /root/syzkaller-testdir3171245629/syzkaller.QcypSJ/0/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 42.725491][ T335] EXT4-fs error (device loop0): ext4_ext_remove_space:2841: inode #16: comm syz-executor.0: path[1].p_hdr == NULL
[ 42.739317][ T24] audit: type=1400 audit(1767728142.060:95): avc: denied { write } for pid=329 comm="syz-executor.0" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 42.752333][ T335] EXT4-fs (loop0): Remounting filesystem read-only
[ 42.781509][ T24] audit: type=1400 audit(1767728142.060:96): avc: denied { add_name } for pid=329 comm="syz-executor.0" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 42.781520][ T335] EXT4-fs error (device loop0): __ext4_get_inode_loc:4444: comm syz-executor.0: Invalid inode table block 0 in block_group 0
[ 42.781700][ T335] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5947: Corrupt filesystem
[ 42.802893][ T24] audit: type=1400 audit(1767728142.060:97): avc: denied { create } for pid=329 comm="syz-executor.0" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[ 42.816650][ T335] EXT4-fs error (device loop0): ext4_punch_hole:4236: inode #16: comm syz-executor.0: mark_inode_dirty error
[ 42.825794][ T24] audit: type=1400 audit(1767728142.060:98): avc: denied { read write open } for pid=329 comm="syz-executor.0" path="/root/syzkaller-testdir3171245629/syzkaller.QcypSJ/0/file1/bus" dev="loop0" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[ 42.887264][ T24] audit: type=1400 audit(1767728142.060:99): avc: denied { mounton } for pid=329 comm="syz-executor.0" path="/root/syzkaller-testdir3171245629/syzkaller.QcypSJ/0/file1/bus" dev="loop0" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[ 42.915940][ T24] audit: type=1400 audit(1767728142.090:100): avc: denied { ioctl } for pid=329 comm="syz-executor.0" path="/root/syzkaller-testdir3171245629/syzkaller.QcypSJ/0/file1/bus" dev="loop0" ino=16 ioctlcmd=0x582b scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[ 42.945827][ T24] audit: type=1400 audit(1767728142.210:101): avc: denied { unmount } for pid=325 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 42.983413][ T337] EXT4-fs (loop0): 1 orphan inode deleted
[ 42.989341][ T337] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,norecovery,dioread_lock,errors=remount-ro,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_alloc,max_dir_size_kb=0x00000000000004e1,
[ 43.011796][ T337] ext4 filesystem being mounted at /root/syzkaller-testdir3171245629/syzkaller.QcypSJ/1/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 43.034488][ T341] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:476: comm syz-executor.0: Invalid block bitmap block 0 in block_group 0
[ 43.048961][ T341] EXT4-fs (loop0): Remounting filesystem read-only
[ 43.056341][ T341] EXT4-fs error (device loop0) in ext4_mb_clear_bb:5645: Corrupt filesystem
[ 43.066206][ T341] ==================================================================
[ 43.074675][ T341] BUG: KASAN: out-of-bounds in ext4_ext_remove_space+0x258d/0x4920
[ 43.083093][ T341] Read of size 18446744073709551544 at addr ffff888121ee8054 by task syz-executor.0/341
[ 43.093178][ T341]
[ 43.095619][ T341] CPU: 1 PID: 341 Comm: syz-executor.0 Not tainted syzkaller #0
[ 43.103826][ T341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 43.114239][ T341] Call Trace:
[ 43.117562][ T341] __dump_stack+0x21/0x24
[ 43.122062][ T341] dump_stack_lvl+0x169/0x1d8
[ 43.126828][ T341] ? show_regs_print_info+0x18/0x18
[ 43.132285][ T341] ? thaw_kernel_threads+0x220/0x220
[ 43.137970][ T341] print_address_description+0x7f/0x2c0
[ 43.143626][ T341] ? ext4_ext_remove_space+0x258d/0x4920
[ 43.149327][ T341] kasan_report+0xe2/0x130
[ 43.153989][ T341] ? ext4_ext_remove_space+0x258d/0x4920
[ 43.159944][ T341] ? ext4_ext_remove_space+0x258d/0x4920
[ 43.166109][ T341] kasan_check_range+0x280/0x290
[ 43.171133][ T341] memmove+0x2d/0x70
[ 43.175120][ T341] ext4_ext_remove_space+0x258d/0x4920
[ 43.181052][ T341] ? __kasan_slab_free+0x11/0x20
[ 43.186212][ T341] ? ext4_ext_index_trans_blocks+0x100/0x100
[ 43.192216][ T341] ? ext4_es_remove_extent+0x1d9/0x330
[ 43.197929][ T341] ext4_punch_hole+0x6f8/0xad0
[ 43.202880][ T341] ext4_fallocate+0x271/0x1a70
[ 43.207657][ T341] ? selinux_file_permission+0x2a5/0x510
[ 43.213415][ T341] ? preempt_count_add+0x90/0x1b0
[ 43.218645][ T341] vfs_fallocate+0x4b4/0x590
[ 43.223329][ T341] do_vfs_ioctl+0x12e3/0x1510
[ 43.228086][ T341] ? __ia32_compat_sys_ioctl+0x7b0/0x7b0
[ 43.233939][ T341] ? has_cap_mac_admin+0x330/0x330
[ 43.239144][ T341] ? __kasan_check_write+0x14/0x20
[ 43.244907][ T341] ? _raw_spin_lock_irq+0x8f/0xe0
[ 43.250086][ T341] ? _raw_spin_lock_irqsave+0x110/0x110
[ 43.255640][ T341] ? selinux_file_ioctl+0x377/0x480
[ 43.261097][ T341] ? recalc_sigpending+0x1ac/0x230
[ 43.266203][ T341] ? selinux_file_alloc_security+0x120/0x120
[ 43.272170][ T341] ? __set_current_blocked+0x204/0x230
[ 43.278362][ T341] ? __fget_files+0x2c4/0x320
[ 43.283198][ T341] ? security_file_ioctl+0x84/0xa0
[ 43.288666][ T341] __se_sys_ioctl+0x9f/0x1a0
[ 43.293267][ T341] __x64_sys_ioctl+0x7b/0x90
[ 43.297965][ T341] do_syscall_64+0x31/0x40
[ 43.302596][ T341] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 43.308942][ T341] RIP: 0033:0x7f52f3eaeae9
[ 43.313526][ T341] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 43.333994][ T341] RSP: 002b:00007f52eb6500c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 43.342674][ T341] RAX: ffffffffffffffda RBX: 00007f52f3fce050 RCX: 00007f52f3eaeae9
[ 43.351044][ T341] RDX: 0000000020000080 RSI: 000000004030582b RDI: 0000000000000004
[ 43.359766][ T341] RBP: 00007f52f3efa47a R08: 0000000000000000 R09: 0000000000000000
[ 43.367732][ T341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 43.375809][ T341] R13: 000000000000000b R14: 00007f52f3fce050 R15: 00007fff8a7ef9d8
[ 43.384944][ T341]
[ 43.387284][ T341] The buggy address belongs to the page:
[ 43.393423][ T341] page:ffffea000487ba00 refcount:2 mapcount:0 mapping:ffff88810919be10 index:0x3a pfn:0x121ee8
[ 43.404535][ T341] aops:def_blk_aops ino:0
[ 43.408959][ T341] flags: 0x4000000000002036(referenced|uptodate|lru|active|private)
[ 43.417123][ T341] raw: 4000000000002036 ffffea000433ec08 ffff888106bc8030 ffff88810919be10
[ 43.426062][ T341] raw: 000000000000003a ffff88811c3e31f8 00000002ffffffff ffff888105594000
[ 43.434902][ T341] page dumped because: kasan: bad access detected
[ 43.441663][ T341] page->mem_cgroup:ffff888105594000
[ 43.447040][ T341] page_owner tracks the page as allocated
[ 43.453042][ T341] page last allocated via order 0, migratetype Movable, gfp_mask 0x108c48(GFP_NOFS|__GFP_NOFAIL|__GFP_HARDWALL|__GFP_MOVABLE), pid 337, ts 43031375332, free_ts 0
[ 43.469969][ T341] prep_new_page+0x179/0x180
[ 43.474575][ T341] get_page_from_freelist+0x2235/0x23d0
[ 43.480469][ T341] __alloc_pages_nodemask+0x268/0x5f0
[ 43.485848][ T341] pagecache_get_page+0x642/0x930
[ 43.490879][ T341] __getblk_gfp+0x212/0x780
[ 43.495561][ T341] ext4_ext_insert_extent+0x1084/0x4530
[ 43.501518][ T341] ext4_ext_map_blocks+0x17b5/0x5d80
[ 43.506901][ T341] ext4_map_blocks+0x978/0x1bc0
[ 43.511752][ T341] _ext4_get_block+0x1bb/0x4b0
[ 43.516769][ T341] ext4_get_block+0x39/0x50
[ 43.521453][ T341] ext4_block_write_begin+0x567/0x1330
[ 43.527042][ T341] ext4_write_begin+0x651/0x15a0
[ 43.532164][ T341] ext4_da_write_begin+0x455/0xe80
[ 43.537283][ T341] generic_perform_write+0x2be/0x510
[ 43.542737][ T341] ext4_buffered_write_iter+0x4b8/0x640
[ 43.548663][ T341] ext4_file_write_iter+0x536/0x1980
[ 43.553930][ T341] page_owner free stack trace missing
[ 43.559559][ T341]
[ 43.561887][ T341] Memory state around the buggy address:
[ 43.567594][ T341] ffff888121ee7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 43.575646][ T341] ffff888121ee7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 43.583787][ T341] >ffff888121ee8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 43.592102][ T341] ^
[ 43.598844][ T341] ffff888121ee8080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 43.607045][ T341] ffff888121ee8100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 43.615487][ T341] ==================================================================
[ 43.624151][ T341] Disabling lock debugging due to kernel taint
[ 43.633047][ T341] EXT4-fs error (device loop0): __ext4_get_inode_loc:4444: comm syz-executor.0: Invalid inode table block 0 in block_group 0
[ 43.646790][ T341] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5947: Corrupt filesystem
[ 43.657015][ T341] EXT4-fs error (device loop0): ext4_punch_hole:4236: inode #16: comm syz-executor.0: mark_inode_dirty error
[ 43.793576][ T343] EXT4-fs (loop0): 1 orphan inode deleted
[ 43.799419][ T343] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,norecovery,dioread_lock,errors=remount-ro,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_alloc,max_dir_size_kb=0x00000000000004e1,
[ 43.821737][ T343] ext4 filesystem being mounted at /root/syzkaller-testdir3171245629/syzkaller.QcypSJ/2/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 43.844512][ T347] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:476: comm syz-executor.0: Invalid block bitmap block 0 in block_group 0
[ 43.859160][ T347] EXT4-fs (loop0): Remounting filesystem read-only
[ 43.866083][ T347] EXT4-fs error (device loop0) in ext4_mb_clear_bb:5645: Corrupt filesystem
[ 43.891962][ C1] ------------[ cut here ]------------
[ 43.897785][ C1] refcount_t: underflow; use-after-free.
[ 43.903588][ C1] WARNING: CPU: 1 PID: 19 at lib/refcount.c:28 refcount_warn_saturate+0x120/0x1a0
[ 43.912922][ C1] Modules linked in:
[ 43.917039][ C1] CPU: 1 PID: 19 Comm: ksoftirqd/1 Tainted: G B syzkaller #0
[ 43.925816][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 43.931352][ T52] ------------[ cut here ]------------
[ 43.936183][ C1] RIP: 0010:refcount_warn_saturate+0x120/0x1a0
[ 43.942004][ T52] refcount_t: saturated; leaking memory.
[ 43.948426][ C1] Code: 04 01 48 c7 c7 20 17 20 85 e8 4c fc 34 02 0f 0b eb c3 e8 c3 1a 29 ff c6 05 af f2 65 04 01 48 c7 c7 80 17 20 85 e8 30 fc 34 02 <0f> 0b eb a7 e8 a7 1a 29 ff c6 05 90 f2 65 04 01 48 c7 c7 a0 16 20
[ 43.954283][ T52] WARNING: CPU: 0 PID: 52 at lib/refcount.c:22 refcount_warn_saturate+0x158/0x1a0
[ 43.974398][ C1] RSP: 0018:ffffc900001479f8 EFLAGS: 00010246
[ 43.983681][ T52] Modules linked in:
[ 43.983698][ C1]
[ 43.989833][ T52]
[ 43.994091][ C1] RAX: abce528793cdf300 RBX: 0000000000000003 RCX: ffff8881002e8000
[ 43.996424][ T52] CPU: 0 PID: 52 Comm: kworker/0:2 Tainted: G B syzkaller #0
[ 43.996429][ T52] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 43.996443][ T52] Workqueue: ipv6_addrconf addrconf_dad_work
[ 43.996461][ T52] RIP: 0010:refcount_warn_saturate+0x158/0x1a0
[ 43.996469][ T52] Code: 04 01 48 c7 c7 a0 16 20 85 e8 14 fc 34 02 0f 0b eb 8b e8 8b 1a 29 ff c6 05 75 f2 65 04 01 48 c7 c7 a0 16 20 85 e8 f8 fb 34 02 <0f> 0b e9 6c ff ff ff e8 6c 1a 29 ff c6 05 5a f2 65 04 01 48 c7 c7
[ 43.996476][ T52] RSP: 0018:ffffc90000a97600 EFLAGS: 00010246
[ 43.996485][ T52] RAX: 9bba7e0afeaecc00 RBX: 0000000000000001 RCX: ffff888101bb8000
[ 43.996491][ T52] RDX: 0000000000000000 RSI: 0000000000000401 RDI: 0000000000000000
[ 43.996497][ T52] RBP: ffffc90000a97610 R08: 0000000000000004 R09: 0000000000000003
[ 43.996504][ T52] R10: fffff52000152e04 R11: 1ffff92000152e04 R12: 1ffff110241fc4d0
[ 43.996510][ T52] R13: ffff888120fe2680 R14: 0000000000000001 R15: 0000000000000000
[ 43.996518][ T52] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 43.996533][ T52] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 43.998863][ C1] RDX: 0000000000000100 RSI: 0000000000000100 RDI: 0000000000000000
[ 44.007817][ T52] CR2: 00000000200400ff CR3: 000000010dca8000 CR4: 00000000003506b0
[ 44.016654][ C1] RBP: ffffc90000147a08 R08: dffffc0000000000 R09: fffff52000028e71
[ 44.016670][ C1] R10: fffff52000028e71 R11: 1ffff92000028e70 R12: 00000000ffffffff
[ 44.027214][ T52] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 44.033318][ C1] R13: ffff88810de1bdc0 R14: 0000000000000003 R15: ffff88812201b908
[ 44.039472][ T52] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 44.059588][ C1] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 44.065760][ T52] Call Trace:
[ 44.073923][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 44.082008][ T52] fib6_add+0x34b5/0x3bf0
[ 44.090148][ C1] CR2: 000000002002a2bf CR3: 000000010b1fa000 CR4: 00000000003506a0
[ 44.098334][ T52] ? remove_wait_queue+0x140/0x140
[ 44.106468][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 44.115426][ T52] ? kfree_skbmem+0x10c/0x180
[ 44.122023][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 44.130258][ T52] ? fib6_update_sernum_stub+0x190/0x190
[ 44.138406][ C1] Call Trace:
[ 44.146786][ T52] ? __kasan_check_write+0x14/0x20
[ 44.154981][ C1] ip6_dst_destroy+0x3e2/0x420
[ 44.163327][ T52] ? _raw_spin_lock_bh+0x8e/0xe0
[ 44.171492][ C1] ? ip6_default_advmss+0x100/0x100
[ 44.179824][ T52] ? _raw_spin_lock_irq+0xe0/0xe0
[ 44.189118][ C1] dst_destroy+0xc3/0x240
[ 44.192484][ T52] ip6_ins_rt+0xc5/0x110
[ 44.199790][ C1] dst_destroy_rcu+0x19/0x20
[ 44.204241][ T52] ? rt6_lookup+0x1d0/0x1d0
[ 44.212600][ C1] rcu_do_batch+0x4df/0xa80
[ 44.217750][ T52] ? rtnl_notify+0x9a/0xc0
[ 44.225795][ C1] ? local_bh_enable+0x20/0x20
[ 44.230553][ T52] __ipv6_ifa_notify+0x4bf/0xdb0
[ 44.238733][ C1] ? compat_start_thread+0x80/0x80
[ 44.244571][ T52] ? inet6_fill_ifla6_attrs+0x2030/0x2030
[ 44.247859][ C1] rcu_core+0x55f/0xd60
[ 44.253166][ T52] ? __kasan_check_write+0x14/0x20
[ 44.258012][ C1] ? finish_task_switch+0x12e/0x5a0
[ 44.263039][ T52] ? try_to_grab_pending+0x1a2/0x570
[ 44.268742][ C1] ? rcu_cpu_kthread_park+0x90/0x90
[ 44.273947][ T52] ? update_load_avg+0x4dc/0x14f0
[ 44.278354][ C1] ? __this_cpu_preempt_check+0x13/0x20
[ 44.282598][ T52] ? mod_delayed_work_on+0xd0/0xd0
[ 44.287432][ C1] ? rcu_softirq_qs+0xd5/0x1c0
[ 44.292116][ T52] ? __kasan_check_write+0x14/0x20
[ 44.296689][ C1] ? rcu_get_gp_kthreads_prio+0x10/0x10
[ 44.301184][ T52] ? __cancel_work+0x179/0x1e0
[ 44.306088][ C1] rcu_core_si+0x9/0x10
[ 44.311031][ T52] addrconf_dad_completed+0x183/0xe80
[ 44.316326][ C1] __do_softirq+0x255/0x563
[ 44.322043][ T52] ? addrconf_dad_stop+0x460/0x460
[ 44.326196][ C1] ? ksoftirqd_should_run+0x20/0x20
[ 44.331307][ T52] addrconf_dad_work+0xc18/0x1410
[ 44.336893][ C1] run_ksoftirqd+0x23/0x30
[ 44.342480][ T52] ? ipv6_get_saddr_eval+0xf70/0xf70
[ 44.348034][ C1] smpboot_thread_fn+0x474/0x850
[ 44.353371][ T52] ? __schedule+0xb4f/0x1310
[ 44.358909][ C1] kthread+0x346/0x3d0
[ 44.364035][ T52] ? __kasan_check_read+0x11/0x20
[ 44.368784][ C1] ? cpu_report_death+0x190/0x190
[ 44.374368][ T52] ? read_word_at_a_time+0x12/0x20
[ 44.380279][ C1] ? kthread_blkcg+0xd0/0xd0
[ 44.385404][ T52] ? strscpy+0x9b/0x290
[ 44.389650][ C1] ret_from_fork+0x1f/0x30
[ 44.395039][ T52] process_one_work+0x6e1/0xba0
[ 44.399697][ C1] ---[ end trace c2a678152b70c9d9 ]---
[ 44.405200][ T52] worker_thread+0xa6a/0x13b0
[ 44.410981][ C1] BUG: unable to handle page fault for address: ffffef771ffff111
[ 44.415519][ T52] ? _raw_spin_lock_irqsave+0xb0/0x110
[ 44.419893][ C1] #PF: supervisor read access in kernel mode
[ 44.425191][ T52] ? __kasan_check_read+0x11/0x20
[ 44.430090][ C1] #PF: error_code(0x0000) - not-present page
[ 44.434890][ T52] kthread+0x346/0x3d0
[ 44.439019][ C1] PGD 0
[ 44.444231][ T52] ? worker_clr_flags+0x190/0x190
[ 44.449411][ C1] P4D 0
[ 44.454708][ T52] ? kthread_blkcg+0xd0/0xd0
[ 44.459345][ C1]
[ 44.463639][ T52] ret_from_fork+0x1f/0x30
[ 44.468533][ C1] Oops: 0000 [#1] PREEMPT SMP KASAN
[ 44.473588][ T52] ---[ end trace c2a678152b70c9da ]---
[ 44.479137][ C1] CPU: 1 PID: 76 Comm: syslogd Tainted: G B W syzkaller #0
[ 44.560994][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 44.571400][ C1] RIP: 0010:__run_timers+0x566/0x9a0
[ 44.576683][ C1] Code: 4c 89 ff e8 5c ff 48 00 4d 89 27 4d 85 e4 74 2e e8 0f 10 0f 00 49 83 c4 08 4c 89 e0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 4c 89 e7 e8 2c ff 48 00 4d 89 3c 24 eb 05 e8 e1
[ 44.596945][ C1] RSP: 0018:ffffc90000170dc0 EFLAGS: 00010806
[ 44.603109][ C1] RAX: 1ffff3771ffff111 RBX: 1ffff11024403719 RCX: dffffc0000000000
[ 44.612122][ C1] RDX: 0000000080000101 RSI: 0000000000000001 RDI: 000000000000000a
[ 44.620790][ C1] RBP: ffffc90000170f30 R08: dffffc0000000000 R09: ffffed103ee28f0e
[ 44.628874][ C1] R10: ffffed103ee28f0e R11: 1ffff1103ee28f0d R12: ffff9bb8ffff8889
[ 44.637062][ C1] R13: ffff88812201b8c8 R14: 1ffff11024403718 R15: ffffc90000170e80
[ 44.645030][ C1] FS: 00007faa25d1ac80(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 44.654220][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 44.660882][ C1] CR2: ffffef771ffff111 CR3: 000000010d48e000 CR4: 00000000003506a0
[ 44.669540][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 44.678187][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 44.686425][ C1] Call Trace:
[ 44.689705][ C1]
[ 44.692733][ C1] ? calc_index+0x200/0x200
[ 44.697492][ C1] ? sched_clock_cpu+0x1b/0x3d0
[ 44.702509][ C1] run_timer_softirq+0x6a/0xf0
[ 44.707650][ C1] __do_softirq+0x255/0x563
[ 44.712256][ C1] asm_call_irq_on_stack+0xf/0x20
[ 44.717550][ C1]
[ 44.720582][ C1] do_softirq_own_stack+0x60/0x80
[ 44.725701][ C1] __irq_exit_rcu+0x128/0x150
[ 44.730987][ C1] irq_exit_rcu+0x9/0x10
[ 44.735236][ C1] sysvec_apic_timer_interrupt+0xbf/0xe0
[ 44.741056][ C1] asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 44.747217][ C1] RIP: 0010:unwind_next_frame+0x5c2/0x700
[ 44.753210][ C1] Code: 00 fc ff df 48 8b 45 90 0f b6 04 10 84 c0 0f 85 b0 00 00 00 c7 03 00 00 00 00 31 c0 48 83 c4 48 5b 41 5c 41 5d 41 5e 41 5f 5d c6 05 be c6 71 05 01 48 b9 00 00 00 00 00 fc ff df 48 8b 45 b0
[ 44.773614][ C1] RSP: 0018:ffffc90000b274c0 EFLAGS: 00000296
[ 44.780476][ C1] RAX: 1ffff92000164e01 RBX: ffffc90000b27580 RCX: 0000000000b27501
[ 44.788770][ C1] RDX: dffffc0000000000 RSI: ffffffff848000c5 RDI: ffffc90000b27f48
[ 44.797008][ C1] RBP: ffffc90000b27550 R08: ffffc90000b27590 R09: ffffc90000b27588
[ 44.805175][ C1] R10: 000000000000000f R11: 1ffff92000164e99 R12: ffff88810cf313c0
[ 44.813410][ C1] R13: 0000000000000000 R14: ffffffff8153a810 R15: ffffc90000b274c8
[ 44.821560][ C1] ? stack_trace_save+0xe0/0xe0
[ 44.826419][ C1] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 44.832575][ C1] ? arch_stack_walk+0x108/0x140
[ 44.837589][ C1] stack_trace_save+0x98/0xe0
[ 44.842374][ C1] ? stack_trace_snprint+0xf0/0xf0
[ 44.847674][ C1] ? kasan_set_track+0x5b/0x70
[ 44.852430][ C1] ? kasan_set_track+0x4a/0x70
[ 44.857182][ C1] ? kasan_set_free_info+0x23/0x40
[ 44.862374][ C1] ? memset+0x35/0x40
[ 44.866470][ C1] kasan_set_track+0x4a/0x70
[ 44.871447][ C1] ? kasan_set_track+0x4a/0x70
[ 44.877436][ C1] ? kasan_set_free_info+0x23/0x40
[ 44.882762][ C1] ? ____kasan_slab_free+0x125/0x160
[ 44.888265][ C1] ? __kasan_slab_free+0x11/0x20
[ 44.893387][ C1] ? slab_free_freelist_hook+0xc5/0x190
[ 44.899016][ C1] ? kmem_cache_free+0x100/0x2d0
[ 44.904123][ C1] ? kfree_skbmem+0x10c/0x180
[ 44.909093][ C1] ? consume_skb+0xb3/0x1f0
[ 44.913768][ C1] ? skb_free_datagram+0x28/0xe0
[ 44.918781][ C1] ? unix_dgram_recvmsg+0x9c0/0xd40
[ 44.924672][ C1] ? sock_read_iter+0x2a2/0x340
[ 44.930345][ C1] ? vfs_read+0x874/0xa10
[ 44.934751][ C1] ? ksys_read+0x140/0x240
[ 44.939163][ C1] ? __x64_sys_read+0x7b/0x90
[ 44.944415][ C1] ? do_syscall_64+0x31/0x40
[ 44.949013][ C1] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 44.955195][ C1] ? kmem_cache_free+0x100/0x2d0
[ 44.960654][ C1] kasan_set_free_info+0x23/0x40
[ 44.965667][ C1] ____kasan_slab_free+0x125/0x160
[ 44.971028][ C1] __kasan_slab_free+0x11/0x20
[ 44.975918][ C1] slab_free_freelist_hook+0xc5/0x190
[ 44.981469][ C1] ? kfree_skbmem+0x10c/0x180
[ 44.986697][ C1] kmem_cache_free+0x100/0x2d0
[ 44.991553][ C1] kfree_skbmem+0x10c/0x180
[ 44.996086][ C1] consume_skb+0xb3/0x1f0
[ 45.000594][ C1] skb_free_datagram+0x28/0xe0
[ 45.005439][ C1] unix_dgram_recvmsg+0x9c0/0xd40
[ 45.010558][ C1] ? unix_dgram_sendmsg+0x17d0/0x17d0
[ 45.016013][ C1] ? generic_perform_write+0x483/0x510
[ 45.021676][ C1] ? file_has_perm+0x4a1/0x640
[ 45.026531][ C1] ? security_socket_recvmsg+0x87/0xb0
[ 45.032077][ C1] sock_read_iter+0x2a2/0x340
[ 45.036840][ C1] ? kernel_sock_ip_overhead+0x240/0x240
[ 45.042463][ C1] ? security_file_permission+0x83/0xa0
[ 45.047998][ C1] ? iov_iter_init+0x3f/0x120
[ 45.052663][ C1] vfs_read+0x874/0xa10
[ 45.056806][ C1] ? kernel_read+0x70/0x70
[ 45.061262][ C1] ? do_sys_openat2+0x207/0x6d0
[ 45.066186][ C1] ? __kasan_check_read+0x11/0x20
[ 45.071195][ C1] ? __fdget_pos+0x1f7/0x380
[ 45.075871][ C1] ksys_read+0x140/0x240
[ 45.080474][ C1] ? vfs_write+0xd60/0xd60
[ 45.085335][ C1] ? __kasan_check_read+0x11/0x20
[ 45.090449][ C1] __x64_sys_read+0x7b/0x90
[ 45.094967][ C1] do_syscall_64+0x31/0x40
[ 45.099577][ C1] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 45.105659][ C1] RIP: 0033:0x7faa25e6a407
[ 45.110154][ C1] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[ 45.130486][ C1] RSP: 002b:00007fff486321a0 EFLAGS: 00000202 ORIG_RAX: 0000000000000000
[ 45.139158][ C1] RAX: ffffffffffffffda RBX: 00007faa25d1ac80 RCX: 00007faa25e6a407
[ 45.147343][ C1] RDX: 00000000000000ff RSI: 000055fd0fafc300 RDI: 0000000000000000
[ 45.155779][ C1] RBP: 000055fd0fafc2c0 R08: 0000000000000000 R09: 0000000000000000
[ 45.163845][ C1] R10: 0000000000000000 R11: 0000000000000202 R12: 000055fd0fafc356
[ 45.172474][ C1] R13: 0000000000000000 R14: 000055fd0fafc300 R15: 000055fcdefe4d98
[ 45.180788][ C1] Modules linked in:
[ 45.184863][ C1] CR2: ffffef771ffff111
[ 45.189293][ C1] ---[ end trace c2a678152b70c9db ]---
[ 45.189491][ C0] general protection fault, probably for non-canonical address 0xe16881802000002c: 0000 [#2] PREEMPT SMP KASAN
[ 45.194944][ C1] RIP: 0010:__run_timers+0x566/0x9a0
[ 45.207171][ C0] KASAN: maybe wild-memory-access in range [0x0b442c0100000160-0x0b442c0100000167]
[ 45.212458][ C1] Code: 4c 89 ff e8 5c ff 48 00 4d 89 27 4d 85 e4 74 2e e8 0f 10 0f 00 49 83 c4 08 4c 89 e0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 4c 89 e7 e8 2c ff 48 00 4d 89 3c 24 eb 05 e8 e1
[ 45.222082][ C0] CPU: 0 PID: 52 Comm: kworker/0:2 Tainted: G B D W syzkaller #0
[ 45.242298][ C1] RSP: 0018:ffffc90000170dc0 EFLAGS: 00010806
[ 45.251259][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 45.251278][ C1]
[ 45.257346][ C0] Workqueue: ipv6_addrconf addrconf_dad_work
[ 45.267495][ C1] RAX: 1ffff3771ffff111 RBX: 1ffff11024403719 RCX: dffffc0000000000
[ 45.269896][ C0]
[ 45.275981][ C1] RDX: 0000000080000101 RSI: 0000000000000001 RDI: 000000000000000a
[ 45.283959][ C0] RIP: 0010:ip6_finish_output2+0x705/0x1500
[ 45.286269][ C1] RBP: ffffc90000170f30 R08: dffffc0000000000 R09: ffffed103ee28f0e
[ 45.294373][ C0] Code: 00 4c 8b 7c 24 40 74 08 48 89 df e8 45 2c ab fd 4c 8b 2b 4d 85 ed 0f 84 bf 01 00 00 49 8d 9d 68 01 00 00 48 89 d8 48 c1 e8 03 <42> 80 3c 30 00 74 08 48 89 df e8 1c 2c ab fd 4c 39 3b 74 0a e8 72
[ 45.300245][ C1] R10: ffffed103ee28f0e R11: 1ffff1103ee28f0d R12: ffff9bb8ffff8889
[ 45.308957][ C0] RSP: 0018:ffffc900000077e0 EFLAGS: 00010203
[ 45.329164][ C1] R13: ffff88812201b8c8 R14: 1ffff11024403718 R15: ffffc90000170e80
[ 45.337217][ C0]
[ 45.343281][ C1] FS: 00007faa25d1ac80(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 45.351342][ C0] RAX: 016885802000002c RBX: 0b442c0100000167 RCX: ffff888101bb8000
[ 45.353666][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 45.362570][ C0] RDX: 0000000000000301 RSI: 0000000000000000 RDI: ffff88811f4c8308
[ 45.362585][ C0] RBP: ffffc90000007940 R08: dffffc0000000000 R09: ffffed1023f12521
[ 45.370636][ C1] CR2: ffffef771ffff111 CR3: 000000010d48e000 CR4: 00000000003506a0
[ 45.370653][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 45.377422][ C0] R10: ffffed1023f12521 R11: 1ffff11023f12520 R12: ffff88811f4c8300
[ 45.385655][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 45.393705][ C0] R13: 0b442c00ffffffff R14: dffffc0000000000 R15: ffff88810b3ca000
[ 45.401961][ C1] Kernel panic - not syncing: Fatal exception in interrupt
[ 45.410137][ C0] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 45.451228][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 45.458336][ C0] CR2: 00000000200400ff CR3: 000000010dca8000 CR4: 00000000003506b0
[ 45.466491][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 45.474725][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 45.482906][ C0] Call Trace:
[ 45.486463][ C0]
[ 45.489329][ C0] ? __ip6_finish_output+0x790/0x790
[ 45.494914][ C0] ? ip6t_do_table+0x1348/0x14e0
[ 45.500219][ C0] ? ip6table_mangle_hook+0x2c4/0x730
[ 45.505611][ C0] __ip6_finish_output+0x5ff/0x790
[ 45.510905][ C0] ip6_finish_output+0x33/0x1f0
[ 45.515761][ C0] ip6_output+0x1d1/0x3b0
[ 45.520649][ C0] ? ip6table_mangle_hook+0x48f/0x730
[ 45.526108][ C0] ? ac6_seq_show+0xf0/0xf0
[ 45.530698][ C0] ? ip6_output+0x3b0/0x3b0
[ 45.535547][ C0] ? ip6table_filter_table_init+0xf0/0xf0
[ 45.541614][ C0] mld_sendpack+0x5e6/0xa80
[ 45.546212][ C0] ? add_grec+0x1100/0x1100
[ 45.550982][ C0] ? mld_send_report+0x1f0/0x1f0
[ 45.555915][ C0] ? add_grec+0x11a/0x1100
[ 45.560421][ C0] ? _raw_spin_lock_irq+0xe0/0xe0
[ 45.565757][ C0] mld_send_initial_cr+0x246/0x2b0
[ 45.570988][ C0] mld_dad_timer_expire+0x30/0x410
[ 45.576276][ C0] ? mld_ifc_timer_expire+0xc50/0xc50
[ 45.581758][ C0] call_timer_fn+0x38/0x290
[ 45.586525][ C0] ? mld_ifc_timer_expire+0xc50/0xc50
[ 45.592311][ C0] __run_timers+0x639/0x9a0
[ 45.597191][ C0] ? calc_index+0x200/0x200
[ 45.601790][ C0] ? sched_clock_cpu+0x1b/0x3d0
[ 45.606824][ C0] run_timer_softirq+0x6a/0xf0
[ 45.611770][ C0] __do_softirq+0x255/0x563
[ 45.616536][ C0] asm_call_irq_on_stack+0xf/0x20
[ 45.621641][ C0]
[ 45.624588][ C0] do_softirq_own_stack+0x60/0x80
[ 45.629982][ C0] do_softirq+0x9e/0xe0
[ 45.634146][ C0] ? __local_bh_enable_ip+0x80/0x80
[ 45.639526][ C0] ? __kasan_check_write+0x14/0x20
[ 45.644730][ C0] __local_bh_enable_ip+0x70/0x80
[ 45.649849][ C0] local_bh_enable+0x1f/0x30
[ 45.654646][ C0] addrconf_dad_completed+0x188/0xe80
[ 45.660368][ C0] ? addrconf_dad_stop+0x460/0x460
[ 45.665664][ C0] addrconf_dad_work+0xc18/0x1410
[ 45.670889][ C0] ? ipv6_get_saddr_eval+0xf70/0xf70
[ 45.676257][ C0] ? __schedule+0xb4f/0x1310
[ 45.680942][ C0] ? __kasan_check_read+0x11/0x20
[ 45.686453][ C0] ? read_word_at_a_time+0x12/0x20
[ 45.692330][ C0] ? strscpy+0x9b/0x290
[ 45.696587][ C0] process_one_work+0x6e1/0xba0
[ 45.701443][ C0] worker_thread+0xa6a/0x13b0
[ 45.706137][ C0] ? _raw_spin_lock_irqsave+0xb0/0x110
[ 45.711779][ C0] ? __kasan_check_read+0x11/0x20
[ 45.717063][ C0] kthread+0x346/0x3d0
[ 45.721378][ C0] ? worker_clr_flags+0x190/0x190
[ 45.726594][ C0] ? kthread_blkcg+0xd0/0xd0
[ 45.731407][ C0] ret_from_fork+0x1f/0x30
[ 45.735996][ C0] Modules linked in:
[ 45.740407][ C1] Kernel Offset: disabled
[ 45.744748][ C1] Rebooting in 86400 seconds..