Warning: Permanently added '10.128.0.254' (ED25519) to the list of known hosts. 2025/09/24 13:17:18 parsed 1 programs [ 46.945000][ T28] audit: type=1400 audit(1758719838.948:106): avc: denied { unlink } for pid=400 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 46.992660][ T400] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 48.085168][ T437] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.092725][ T437] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.100730][ T437] device bridge_slave_0 entered promiscuous mode [ 48.109242][ T437] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.116934][ T437] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.124682][ T437] device bridge_slave_1 entered promiscuous mode [ 48.166634][ T437] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.173940][ T437] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.181718][ T437] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.188944][ T437] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.207856][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 48.215815][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.223614][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.234098][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.244514][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.253408][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.265983][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.274801][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.282451][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.292936][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 48.302193][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 48.315904][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 48.329135][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 48.337696][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 48.345930][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 48.355450][ T437] device veth0_vlan entered promiscuous mode [ 48.365764][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 48.377235][ T437] device veth1_macvtap entered promiscuous mode [ 48.387545][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 48.398438][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 48.442853][ T28] audit: type=1401 audit(1758719840.438:107): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768" 2025/09/24 13:17:20 executed programs: 0 [ 48.787600][ T470] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.795037][ T470] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.802870][ T470] device bridge_slave_0 entered promiscuous mode [ 48.810482][ T470] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.817913][ T470] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.826898][ T470] device bridge_slave_1 entered promiscuous mode [ 48.873469][ T470] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.880995][ T470] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.888833][ T470] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.896691][ T470] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.915877][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 48.924561][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.932554][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.947139][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.956507][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.963805][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.974678][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.984199][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.992508][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.010078][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 49.019030][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 49.029614][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 49.043707][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 49.062497][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 49.072808][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 49.085042][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 49.094525][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 49.105695][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 49.117134][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 49.132800][ T470] device veth0_vlan entered promiscuous mode [ 49.144093][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 49.155355][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 49.167599][ T470] device veth1_macvtap entered promiscuous mode [ 49.178022][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 49.187752][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 49.197864][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 49.217583][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 49.228439][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 49.254509][ T483] loop2: detected capacity change from 0 to 512 [ 49.264033][ T483] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 49.279402][ T483] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 49.291843][ T483] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2818: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 49.307302][ T483] EXT4-fs (loop2): 1 truncate cleaned up [ 49.313217][ T483] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 49.323562][ T28] audit: type=1400 audit(1758719841.328:108): avc: denied { mount } for pid=482 comm="syz.2.17" name="/" dev="loop2" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 49.340388][ T483] ================================================================== [ 49.348117][ T28] audit: type=1400 audit(1758719841.338:109): avc: denied { setattr } for pid=482 comm="syz.2.17" name="file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 49.356722][ T483] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x979/0x21d0 [ 49.356765][ T483] Read of size 18446744073709551572 at addr ffff888117e90050 by task syz.2.17/483 [ 49.380577][ T28] audit: type=1400 audit(1758719841.338:110): avc: denied { write } for pid=482 comm="syz.2.17" name="/" dev="loop2" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 49.390176][ T483] [ 49.390184][ T483] CPU: 1 PID: 483 Comm: syz.2.17 Not tainted syzkaller #0 [ 49.390201][ T483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 49.390224][ T483] Call Trace: [ 49.400511][ T28] audit: type=1400 audit(1758719841.338:111): avc: denied { add_name } for pid=482 comm="syz.2.17" name="file2" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 49.423190][ T483] [ 49.423200][ T483] __dump_stack+0x21/0x24 [ 49.423221][ T483] dump_stack_lvl+0xee/0x150 [ 49.423235][ T483] ? __cfi_dump_stack_lvl+0x8/0x8 [ 49.423249][ T483] ? ext4_xattr_block_set+0x9dc/0x3270 [ 49.423270][ T483] ? __ext4_unlink+0x673/0xb00 [ 49.423288][ T483] ? ext4_xattr_set_entry+0x979/0x21d0 [ 49.423306][ T483] print_address_description+0x71/0x200 [ 49.423326][ T483] print_report+0x4a/0x60 [ 49.423343][ T483] kasan_report+0x122/0x150 [ 49.423360][ T483] ? ext4_xattr_set_entry+0x979/0x21d0 [ 49.423379][ T483] ? ext4_xattr_set_entry+0x979/0x21d0 [ 49.423397][ T483] kasan_check_range+0x280/0x290 [ 49.423413][ T483] memmove+0x2d/0x70 [ 49.423427][ T483] ext4_xattr_set_entry+0x979/0x21d0 [ 49.426713][ T28] audit: type=1400 audit(1758719841.338:112): avc: denied { create } for pid=482 comm="syz.2.17" name="file2" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 49.433367][ T483] ext4_xattr_block_set+0xada/0x3270 [ 49.444454][ T28] audit: type=1400 audit(1758719841.338:113): avc: denied { write } for pid=482 comm="syz.2.17" name="file2" dev="loop2" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 49.447462][ T483] ? __getblk_gfp+0x3b/0x7d0 [ 49.469697][ T28] audit: type=1400 audit(1758719841.338:114): avc: denied { open } for pid=482 comm="syz.2.17" path="/0/file2/file2" dev="loop2" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 49.472332][ T483] ? xattr_find_entry+0x24c/0x300 [ 49.477315][ T28] audit: type=1400 audit(1758719841.338:115): avc: denied { remove_name } for pid=482 comm="syz.2.17" name="file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 49.481826][ T483] ? ext4_xattr_block_find+0x310/0x310 [ 49.661018][ T483] ? ext4_xattr_block_find+0x295/0x310 [ 49.666647][ T483] ext4_expand_extra_isize_ea+0xf30/0x1990 [ 49.672636][ T483] __ext4_expand_extra_isize+0x2fe/0x3e0 [ 49.678730][ T483] __ext4_mark_inode_dirty+0x3cf/0x600 [ 49.684647][ T483] __ext4_unlink+0x673/0xb00 [ 49.689792][ T483] ? memcpy+0x56/0x70 [ 49.694453][ T483] ? __cfi___ext4_unlink+0x10/0x10 [ 49.700151][ T483] ? dquot_initialize+0x20/0x20 [ 49.705437][ T483] ? clear_nonspinnable+0x60/0x60 [ 49.711158][ T483] ext4_unlink+0x13a/0x3a0 [ 49.715837][ T483] vfs_unlink+0x39f/0x630 [ 49.720247][ T483] do_unlinkat+0x31f/0x6b0 [ 49.725172][ T483] ? __cfi_do_unlinkat+0x10/0x10 [ 49.730544][ T483] ? getname_flags+0x206/0x500 [ 49.735426][ T483] __x64_sys_unlink+0x49/0x50 [ 49.740389][ T483] x64_sys_call+0x958/0x9a0 [ 49.745427][ T483] do_syscall_64+0x4c/0xa0 [ 49.750103][ T483] ? clear_bhb_loop+0x30/0x80 [ 49.755234][ T483] ? clear_bhb_loop+0x30/0x80 [ 49.760209][ T483] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 49.767017][ T483] RIP: 0033:0x7f3a6c58eba9 [ 49.771957][ T483] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 49.792941][ T483] RSP: 002b:00007f3a6d42a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 49.801458][ T483] RAX: ffffffffffffffda RBX: 00007f3a6c7d5fa0 RCX: 00007f3a6c58eba9 [ 49.810426][ T483] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000180 [ 49.819004][ T483] RBP: 00007f3a6c611e19 R08: 0000000000000000 R09: 0000000000000000 [ 49.828351][ T483] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 49.837798][ T483] R13: 00007f3a6c7d6038 R14: 00007f3a6c7d5fa0 R15: 00007ffd8c749d48 [ 49.846547][ T483] [ 49.849967][ T483] [ 49.852694][ T483] Allocated by task 483: [ 49.857147][ T483] kasan_set_track+0x4b/0x70 [ 49.861960][ T483] kasan_save_alloc_info+0x25/0x30 [ 49.867607][ T483] __kasan_kmalloc+0x95/0xb0 [ 49.872477][ T483] __kmalloc_node_track_caller+0xb1/0x1e0 [ 49.878274][ T483] kmemdup+0x2b/0x60 [ 49.882341][ T483] ext4_xattr_block_set+0x9dc/0x3270 [ 49.887996][ T483] ext4_expand_extra_isize_ea+0xf30/0x1990 [ 49.894151][ T483] __ext4_expand_extra_isize+0x2fe/0x3e0 [ 49.899965][ T483] __ext4_mark_inode_dirty+0x3cf/0x600 [ 49.905586][ T483] __ext4_unlink+0x673/0xb00 [ 49.910246][ T483] ext4_unlink+0x13a/0x3a0 [ 49.914738][ T483] vfs_unlink+0x39f/0x630 [ 49.919202][ T483] do_unlinkat+0x31f/0x6b0 [ 49.923693][ T483] __x64_sys_unlink+0x49/0x50 [ 49.928436][ T483] x64_sys_call+0x958/0x9a0 [ 49.933023][ T483] do_syscall_64+0x4c/0xa0 [ 49.937776][ T483] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 49.943912][ T483] [ 49.946399][ T483] The buggy address belongs to the object at ffff888117e90000 [ 49.946399][ T483] which belongs to the cache kmalloc-1k of size 1024 [ 49.962150][ T483] The buggy address is located 80 bytes inside of [ 49.962150][ T483] 1024-byte region [ffff888117e90000, ffff888117e90400) [ 49.975970][ T483] [ 49.978376][ T483] The buggy address belongs to the physical page: [ 49.985468][ T483] page:ffffea00045fa400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x117e90 [ 49.996334][ T483] head:ffffea00045fa400 order:3 compound_mapcount:0 compound_pincount:0 [ 50.005017][ T483] flags: 0x4000000000010200(slab|head|zone=1) [ 50.011428][ T483] raw: 4000000000010200 ffffea000479c800 dead000000000003 ffff888100043080 [ 50.020289][ T483] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 50.029164][ T483] page dumped because: kasan: bad access detected [ 50.035572][ T483] page_owner tracks the page as allocated [ 50.041616][ T483] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 112, tgid 112 (udevadm), ts 6271974468, free_ts 0 [ 50.062979][ T483] post_alloc_hook+0x1f5/0x210 [ 50.067916][ T483] prep_new_page+0x1c/0x110 [ 50.073273][ T483] get_page_from_freelist+0x2c7b/0x2cf0 [ 50.079040][ T483] __alloc_pages+0x1c3/0x450 [ 50.083910][ T483] alloc_slab_page+0x6e/0xf0 [ 50.088876][ T483] new_slab+0x98/0x3d0 [ 50.093173][ T483] ___slab_alloc+0x6bd/0xb20 [ 50.097929][ T483] __slab_alloc+0x5e/0xa0 [ 50.102548][ T483] __kmem_cache_alloc_node+0x203/0x2c0 [ 50.108012][ T483] __kmalloc_node_track_caller+0xa0/0x1e0 [ 50.114312][ T483] __alloc_skb+0x236/0x4b0 [ 50.118925][ T483] alloc_uevent_skb+0x85/0x240 [ 50.125360][ T483] kobject_uevent_net_broadcast+0x343/0x5b0 [ 50.131514][ T483] kobject_uevent_env+0x54f/0x730 [ 50.136883][ T483] kobject_synth_uevent+0x520/0xaf0 [ 50.142270][ T483] uevent_store+0x25/0x70 [ 50.146681][ T483] page_owner free stack trace missing [ 50.152292][ T483] [ 50.154708][ T483] Memory state around the buggy address: [ 50.161326][ T483] ffff888117e8ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 50.169811][ T483] ffff888117e8ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 50.178424][ T483] >ffff888117e90000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 50.186748][ T483] ^ [ 50.193946][ T483] ffff888117e90080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 50.202710][ T483] ffff888117e90100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 50.211160][ T483] ================================================================== [ 50.223304][ T483] Disabling lock debugging due to kernel taint [ 50.243253][ T470] EXT4-fs (loop2): unmounting filesystem. [ 50.258529][ T487] loop2: detected capacity change from 0 to 512 [ 50.266103][ T487] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 50.279605][ T487] EXT4-fs (loop2): 1 truncate cleaned up [ 50.286168][ T487] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 50.304314][ C1] slab vm_area_struct start ffff88811f0f0d68 pointer offset 0 [ 50.304457][ C0] slab maple_node start ffff88811f11ca00 pointer offset 8 [ 50.311961][ C1] BUG: unable to handle page fault for address: fffffffffffffffc [ 50.327832][ C1] #PF: supervisor read access in kernel mode [ 50.333975][ C1] #PF: error_code(0x0000) - not-present page [ 50.340489][ C1] PGD 6e12067 P4D 6e12067 PUD 6e14067 PMD 0 [ 50.346665][ C1] Oops: 0000 [#1] PREEMPT SMP KASAN [ 50.352058][ C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G B syzkaller #0 [ 50.361337][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 50.372107][ C1] RIP: 0010:rcu_do_batch+0x509/0xb90 [ 50.377581][ C1] Code: 00 48 b8 00 00 00 00 00 fc ff df 80 3c 03 00 74 08 4c 89 ef e8 98 04 57 00 49 c7 47 08 00 00 00 00 4c 89 ff 41 ba c8 6a 43 52 <45> 03 54 24 fc 74 02 0f 0b 41 ff d4 65 8b 05 ec e9 a4 7e a9 00 01 [ 50.398239][ C1] RSP: 0018:ffffc900001b0c20 EFLAGS: 00010246 [ 50.404553][ C1] RAX: dffffc0000000000 RBX: 1ffff11023e1e1ae RCX: 1d22d52443569f00 [ 50.412772][ C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: ffff88811f0f0d68 [ 50.421280][ C1] RBP: ffffc900001b0dd0 R08: dffffc0000000000 R09: ffffed103ee24eb4 [ 50.429718][ C1] R10: 0000000052436ac8 R11: 1ffff1103ee24eb3 R12: 0000000000000000 [ 50.438322][ C1] R13: ffff88811f0f0d70 R14: 0000000000000003 R15: ffff88811f0f0d68 [ 50.446573][ C1] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 50.456280][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 50.463030][ C1] CR2: fffffffffffffffc CR3: 00000001078b3000 CR4: 00000000003506a0 [ 50.471193][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 50.479694][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 50.488529][ C1] Call Trace: [ 50.492369][ C1] [ 50.495402][ C1] ? rcu_core+0xe70/0xe70 [ 50.499979][ C1] ? _raw_spin_unlock_irqrestore+0x5a/0x80 [ 50.506627][ C1] ? note_gp_changes+0x129/0x220 [ 50.511831][ C1] ? _raw_spin_unlock+0x4c/0x70 [ 50.517493][ C1] rcu_core+0x5a5/0xe70 [ 50.522429][ C1] ? rcu_cpu_kthread_park+0x90/0x90 [ 50.527949][ C1] ? kvm_sched_clock_read+0x18/0x40 [ 50.533595][ C1] ? run_rebalance_domains+0xf7/0x1c0 [ 50.539248][ C1] rcu_core_si+0x9/0x10 [ 50.543655][ C1] handle_softirqs+0x1d7/0x600 [ 50.548715][ C1] ? irqtime_account_irq+0xc4/0x240 [ 50.554072][ C1] __irq_exit_rcu+0x52/0xf0 [ 50.558904][ C1] irq_exit_rcu+0x9/0x10 [ 50.563576][ C1] sysvec_apic_timer_interrupt+0xa9/0xc0 [ 50.569913][ C1] [ 50.572836][ C1] [ 50.575877][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 50.582495][ C1] RIP: 0010:default_idle+0xf/0x20 [ 50.587868][ C1] Code: e9 47 ff ff ff 00 00 cc cc 00 00 90 90 90 90 90 90 90 90 90 90 90 b8 0c 67 40 a5 55 48 89 e5 66 90 0f 00 2d d3 3f 52 00 fb f4 <5d> c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 90 90 90 90 90 [ 50.608858][ C1] RSP: 0018:ffffc90000147dd8 EFLAGS: 00000257 [ 50.615605][ C1] RAX: ffff8881f7100000 RBX: ffff8881003b5100 RCX: 1d22d52443569f00 [ 50.624366][ C1] RDX: 0000000000000001 RSI: ffffffff85aa0c80 RDI: ffffffff85aa0c40 [ 50.632776][ C1] RBP: ffffc90000147dd8 R08: dffffc0000000000 R09: ffffed103ee26917 [ 50.641086][ C1] R10: 0000000000000000 R11: ffffffff84f3f260 R12: 0000000000000000 [ 50.649661][ C1] R13: 0000000000000000 R14: ffff8881003b5100 R15: dffffc0000000000 [ 50.658005][ C1] ? __cfi_default_idle+0x10/0x10 [ 50.663211][ C1] arch_cpu_idle+0x1c/0x20 [ 50.667797][ C1] default_idle_call+0x71/0x1d0 [ 50.672831][ C1] do_idle+0x1a7/0x520 [ 50.677310][ C1] ? try_to_wake_up+0x613/0x1220 [ 50.682718][ C1] ? idle_inject_timer_fn+0x60/0x60 [ 50.688540][ C1] ? _raw_spin_unlock_irqrestore+0x5a/0x80 [ 50.695067][ C1] ? complete+0x167/0x1c0 [ 50.699585][ C1] cpu_startup_entry+0x43/0x60 [ 50.704620][ C1] start_secondary+0x119/0x120 [ 50.709986][ C1] secondary_startup_64_no_verify+0xce/0xdb [ 50.716406][ C1] [ 50.719720][ C1] Modules linked in: [ 50.724040][ C1] CR2: fffffffffffffffc [ 50.728769][ C1] ---[ end trace 0000000000000000 ]--- [ 50.728796][ C0] BUG: unable to handle page fault for address: fffffffffffffffc [ 50.734413][ C1] RIP: 0010:rcu_do_batch+0x509/0xb90 [ 50.742497][ C0] #PF: supervisor read access in kernel mode [ 50.748038][ C1] Code: 00 48 b8 00 00 00 00 00 fc ff df 80 3c 03 00 74 08 4c 89 ef e8 98 04 57 00 49 c7 47 08 00 00 00 00 4c 89 ff 41 ba c8 6a 43 52 <45> 03 54 24 fc 74 02 0f 0b 41 ff d4 65 8b 05 ec e9 a4 7e a9 00 01 [ 50.754534][ C0] #PF: error_code(0x0000) - not-present page [ 50.774917][ C1] RSP: 0018:ffffc900001b0c20 EFLAGS: 00010246 [ 50.781065][ C0] PGD 6e12067 P4D 6e12067 PUD 6e14067 PMD 0 [ 50.787381][ C1] RAX: dffffc0000000000 RBX: 1ffff11023e1e1ae RCX: 1d22d52443569f00 [ 50.787400][ C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: ffff88811f0f0d68 [ 50.793748][ C0] [ 50.793758][ C0] Oops: 0000 [#2] PREEMPT SMP KASAN [ 50.802245][ C1] RBP: ffffc900001b0dd0 R08: dffffc0000000000 R09: ffffed103ee24eb4 [ 50.810818][ C0] CPU: 0 PID: 13 Comm: ksoftirqd/0 Tainted: G B D syzkaller #0 [ 50.813159][ C1] R10: 0000000052436ac8 R11: 1ffff1103ee24eb3 R12: 0000000000000000 [ 50.818875][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 50.827976][ C1] R13: ffff88811f0f0d70 R14: 0000000000000003 R15: ffff88811f0f0d68 [ 50.837774][ C0] RIP: 0010:rcu_do_batch+0x509/0xb90 [ 50.846879][ C1] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 50.857781][ C0] Code: 00 48 b8 00 00 00 00 00 fc ff df 80 3c 03 00 74 08 4c 89 ef e8 98 04 57 00 49 c7 47 08 00 00 00 00 4c 89 ff 41 ba c8 6a 43 52 <45> 03 54 24 fc 74 02 0f 0b 41 ff d4 65 8b 05 ec e9 a4 7e a9 00 01 [ 50.866170][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 50.871778][ C0] RSP: 0018:ffffc900000d7ac0 EFLAGS: 00010246 [ 50.880791][ C1] CR2: fffffffffffffffc CR3: 00000001078b3000 CR4: 00000000003506a0 [ 50.901248][ C0] [ 50.901256][ C0] RAX: dffffc0000000000 RBX: 1ffff11023e23942 RCX: c210455610e0e200 [ 50.908259][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 50.914479][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: ffff88811f11ca08 [ 50.923644][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 50.926222][ C0] RBP: ffffc900000d7c70 R08: 0000000000000004 R09: 0000000000000003 [ 50.934576][ C1] Kernel panic - not syncing: Fatal exception in interrupt [ 50.942888][ C0] R10: 0000000052436ac8 R11: 1ffff9200001ae78 R12: 0000000000000000 [ 50.942900][ C0] R13: ffff88811f11ca10 R14: 0000000000000002 R15: ffff88811f11ca08 [ 50.942911][ C0] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 50.942925][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 50.942935][ C0] CR2: fffffffffffffffc CR3: 000000011490e000 CR4: 00000000003506b0 [ 50.942949][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 50.942958][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 50.942968][ C0] Call Trace: [ 50.942973][ C0] [ 50.942984][ C0] ? rcu_core+0xe70/0xe70 [ 50.943002][ C0] ? __kasan_check_write+0x14/0x20 [ 50.943017][ C0] ? _raw_spin_lock_irqsave+0xb0/0x110 [ 50.943034][ C0] ? __cfi__raw_spin_lock_irqsave+0x10/0x10 [ 50.943051][ C0] ? _raw_spin_unlock_irqrestore+0x5a/0x80 [ 50.943067][ C0] ? rcu_report_qs_rnp+0x2bc/0x390 [ 50.943088][ C0] rcu_core+0x5a5/0xe70 [ 50.943103][ C0] ? rcu_cpu_kthread_park+0x90/0x90 [ 50.943118][ C0] ? __switch_to_asm+0x3a/0x60 [ 50.943136][ C0] ? __schedule+0xb8f/0x14e0 [ 50.943153][ C0] ? irqtime_account_irq+0x75/0x240 [ 50.943175][ C0] rcu_core_si+0x9/0x10 [ 50.943194][ C0] handle_softirqs+0x1d7/0x600 [ 50.943218][ C0] ? __cfi_run_ksoftirqd+0x10/0x10 [ 50.943236][ C0] run_ksoftirqd+0x28/0x30 [ 50.943253][ C0] smpboot_thread_fn+0x4a0/0x910 [ 50.943277][ C0] kthread+0x281/0x320 [ 50.943292][ C0] ? __cfi_smpboot_thread_fn+0x10/0x10 [ 50.943314][ C0] ? __cfi_kthread+0x10/0x10 [ 50.943330][ C0] ret_from_fork+0x1f/0x30 [ 50.943349][ C0] [ 50.943354][ C0] Modules linked in: [ 50.943364][ C0] CR2: fffffffffffffffc [ 50.951662][ C0] ---[ end trace 0000000000000000 ]--- [ 50.951674][ C0] RIP: 0010:rcu_do_batch+0x509/0xb90 [ 50.951695][ C0] Code: 00 48 b8 00 00 00 00 00 fc ff df 80 3c 03 00 74 08 4c 89 ef e8 98 04 57 00 49 c7 47 08 00 00 00 00 4c 89 ff 41 ba c8 6a 43 52 <45> 03 54 24 fc 74 02 0f 0b 41 ff d4 65 8b 05 ec e9 a4 7e a9 00 01 [ 50.951708][ C0] RSP: 0018:ffffc900001b0c20 EFLAGS: 00010246 [ 50.951722][ C0] RAX: dffffc0000000000 RBX: 1ffff11023e1e1ae RCX: 1d22d52443569f00 [ 50.951733][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: ffff88811f0f0d68 [ 50.951744][ C0] RBP: ffffc900001b0dd0 R08: dffffc0000000000 R09: ffffed103ee24eb4 [ 50.951755][ C0] R10: 0000000052436ac8 R11: 1ffff1103ee24eb3 R12: 0000000000000000 [ 50.951765][ C0] R13: ffff88811f0f0d70 R14: 0000000000000003 R15: ffff88811f0f0d68 [ 50.951776][ C0] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 50.951789][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 50.951800][ C0] CR2: fffffffffffffffc CR3: 000000011490e000 CR4: 00000000003506b0 [ 50.951814][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 50.951823][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 52.074405][ C1] Shutting down cpus with NMI [ 52.402896][ C1] Kernel Offset: disabled [ 52.407203][ C1] Rebooting in 86400 seconds..