Warning: Permanently added '10.128.1.222' (ED25519) to the list of known hosts. 2026/01/25 04:43:20 parsed 1 programs Setting up swapspace version 1, size = 127995904 bytes [ 49.372497][ T23] audit: type=1400 audit(1769316201.020:109): avc: denied { unlink } for pid=398 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 49.402391][ T398] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 49.772634][ T23] audit: type=1401 audit(1769316201.420:110): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768" [ 49.947675][ T431] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.955198][ T431] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.962699][ T431] device bridge_slave_0 entered promiscuous mode [ 49.970111][ T431] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.977322][ T431] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.984773][ T431] device bridge_slave_1 entered promiscuous mode [ 50.007817][ T431] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.015186][ T431] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.022659][ T431] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.029748][ T431] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.043974][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 50.051563][ T46] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.058818][ T46] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.068690][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 50.077173][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.084515][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.092885][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 50.101206][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.108390][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.118792][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 50.127869][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 50.139362][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 50.149431][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 50.157444][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 50.165092][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 50.172999][ T431] device veth0_vlan entered promiscuous mode [ 50.182230][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 50.191536][ T431] device veth1_macvtap entered promiscuous mode [ 50.200582][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 50.209768][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 2026/01/25 04:43:22 executed programs: 0 [ 50.481093][ T450] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.488301][ T450] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.496008][ T450] device bridge_slave_0 entered promiscuous mode [ 50.502786][ T450] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.510048][ T450] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.517376][ T450] device bridge_slave_1 entered promiscuous mode [ 50.541272][ T450] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.548427][ T450] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.555716][ T450] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.562741][ T450] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.576874][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 50.584370][ T46] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.591554][ T46] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.599835][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 50.608176][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.615417][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.627050][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 50.635265][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.642260][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.655961][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 50.665044][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 50.680001][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 50.689732][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 50.697951][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 50.705503][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 50.716746][ T450] device veth0_vlan entered promiscuous mode [ 50.725034][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 50.733559][ T450] device veth1_macvtap entered promiscuous mode [ 50.741694][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 50.753327][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 50.887183][ T455] F2FS-fs (loop2): Fix alignment : internally, start(4096) end(16896) block(12288) [ 50.897523][ T455] F2FS-fs (loop2): invalid crc value [ 50.903758][ T455] F2FS-fs (loop2): Found nat_bits in checkpoint [ 50.925121][ T455] F2FS-fs (loop2): recover fsync data on readonly fs [ 50.931945][ T455] F2FS-fs (loop2): Cannot turn on quotas: -2 on 1 [ 50.938586][ T455] F2FS-fs (loop2): Cannot turn on quotas: -2 on 2 [ 50.945571][ T455] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 50.953229][ T23] audit: type=1400 audit(1769316202.600:111): avc: denied { mount } for pid=454 comm="syz.2.17" name="/" dev="loop2" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 50.974797][ T455] ====================================================== [ 50.974797][ T455] WARNING: the mand mount option is being deprecated and [ 50.974797][ T455] will be removed in v5.15! [ 50.974797][ T455] ====================================================== [ 50.974826][ T23] audit: type=1400 audit(1769316202.630:112): avc: denied { remount } for pid=454 comm="syz.2.17" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 51.001368][ T455] F2FS-fs (loop2): Try to recover all the superblocks, ret: 0 [ 51.029683][ T455] ================================================================== [ 51.033308][ T23] audit: type=1400 audit(1769316202.690:113): avc: denied { write } for pid=454 comm="syz.2.17" name="/" dev="loop2" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 51.037755][ T455] BUG: KASAN: null-ptr-deref in f2fs_issue_flush+0x19a/0x450 [ 51.037759][ T455] Write of size 4 at addr 0000000000000024 by task syz.2.17/455 [ 51.037761][ T455] [ 51.037766][ T455] CPU: 1 PID: 455 Comm: syz.2.17 Not tainted syzkaller #0 [ 51.037769][ T455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 51.037771][ T455] Call Trace: [ 51.037778][ T455] dump_stack_lvl+0x81/0xac [ 51.037782][ T455] ? f2fs_issue_flush+0x19a/0x450 [ 51.037787][ T455] kasan_report.cold+0x64/0xdb [ 51.037792][ T455] ? f2fs_issue_flush+0x19a/0x450 [ 51.037797][ T455] kasan_check_range+0x148/0x190 [ 51.037801][ T455] __kasan_check_write+0x14/0x20 [ 51.037804][ T455] f2fs_issue_flush+0x19a/0x450 [ 51.037808][ T455] ? f2fs_balance_fs+0x650/0x650 [ 51.037814][ T455] ? _raw_spin_unlock+0x41/0x70 [ 51.037820][ T455] ? __remove_ino_entry+0x1b5/0x290 [ 51.037823][ T455] ? f2fs_wait_on_node_pages_writeback+0x2a0/0x3f0 [ 51.037830][ T455] f2fs_do_sync_file+0x1009/0x1ab0 [ 51.037835][ T455] ? f2fs_llseek+0x19a0/0x19a0 [ 51.037845][ T455] ? f2fs_balance_fs+0x126/0x650 [ 51.059361][ T23] audit: type=1400 audit(1769316202.690:114): avc: denied { add_name } for pid=454 comm="syz.2.17" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 51.066911][ T455] ? mnt_clone_write+0xbb/0x110 [ 51.066919][ T455] __f2fs_ioctl+0x4cfe/0x9070 [ 51.066924][ T455] ? do_futex+0x1ed/0x1320 [ 51.066930][ T455] ? kmem_cache_free+0x106/0x440 [ 51.066934][ T455] ? __kasan_slab_free+0x11c/0x150 [ 51.066945][ T455] ? slab_free_freelist_hook+0x9b/0x1a0 [ 51.075509][ T23] audit: type=1400 audit(1769316202.690:115): avc: denied { create } for pid=454 comm="syz.2.17" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 51.076979][ T455] ? futex_exit_release+0x200/0x200 [ 51.084064][ T23] audit: type=1400 audit(1769316202.690:116): avc: denied { read write open } for pid=454 comm="syz.2.17" path="/0/file0/file1" dev="loop2" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 51.094185][ T455] ? kmem_cache_free+0x106/0x440 [ 51.094191][ T455] ? f2fs_precache_extents+0x200/0x200 [ 51.094198][ T455] ? ioctl_has_perm.constprop.0.isra.0+0x25c/0x3e0 [ 51.094204][ T455] ? generic_block_fiemap+0x70/0x70 [ 51.094208][ T455] ? slab_free_freelist_hook+0x9b/0x1a0 [ 51.094214][ T455] f2fs_ioctl+0x162/0x4c0 [ 51.094221][ T455] __x64_sys_ioctl+0x129/0x1a0 [ 51.304276][ T455] do_syscall_64+0x32/0x50 [ 51.308676][ T455] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 51.314547][ T455] RIP: 0033:0x7fc99c826e79 [ 51.319054][ T455] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 51.338812][ T455] RSP: 002b:00007fc99c68b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 51.347212][ T455] RAX: ffffffffffffffda RBX: 00007fc99ca91fa0 RCX: 00007fc99c826e79 [ 51.355185][ T455] RDX: 0000000000000000 RSI: 000000000000f502 RDI: 0000000000000005 [ 51.363490][ T455] RBP: 00007fc99c8b9ee0 R08: 0000000000000000 R09: 0000000000000000 [ 51.371453][ T455] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 51.379434][ T455] R13: 00007fc99ca92038 R14: 00007fc99ca91fa0 R15: 00007ffc5a8e0d68 [ 51.387833][ T455] ================================================================== [ 51.395891][ T455] Disabling lock debugging due to kernel taint [ 51.402509][ T23] audit: type=1400 audit(1769316202.690:117): avc: denied { ioctl } for pid=454 comm="syz.2.17" path="/0/file0/file1" dev="loop2" ino=10 ioctlcmd=0xf502 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 51.403595][ T455] BUG: kernel NULL pointer dereference, address: 0000000000000024 [ 51.434009][ T455] #PF: supervisor write access in kernel mode [ 51.440211][ T455] #PF: error_code(0x0002) - not-present page [ 51.446263][ T455] PGD 110692067 P4D 110692067 PUD 0 [ 51.451631][ T455] Oops: 0002 [#1] PREEMPT SMP KASAN [ 51.456819][ T455] CPU: 1 PID: 455 Comm: syz.2.17 Tainted: G B syzkaller #0 [ 51.465298][ T455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 51.475351][ T455] RIP: 0010:f2fs_issue_flush+0x19a/0x450 [ 51.480976][ T455] Code: 00 00 8b b5 30 ff ff ff 4c 89 e7 e8 e0 df fe ff 49 8d 7e 24 be 04 00 00 00 41 89 c7 eb 2a 4d 8d 6e 24 4c 89 ef e8 d6 d3 97 ff 41 ff 46 24 8b b5 30 ff ff ff 4c 89 e7 e8 b3 df fe ff be 04 00 [ 51.500960][ T455] RSP: 0018:ffffc90000817968 EFLAGS: 00010246 [ 51.507033][ T455] RAX: 0000000000000000 RBX: 1ffff92000102f30 RCX: ffffffff81326ef1 [ 51.514988][ T455] RDX: fffffbfff0ad873c RSI: 0000000000000004 RDI: ffffffff856c39e0 [ 51.522946][ T455] RBP: ffffc90000817a48 R08: 0000000000000001 R09: 0000000000000003 [ 51.530995][ T455] R10: fffffbfff0ad873c R11: 0000000000000001 R12: ffff8881126e4000 [ 51.539037][ T455] R13: 0000000000000024 R14: 0000000000000000 R15: 0000000000000000 [ 51.547173][ T455] FS: 00007fc99c68b6c0(0000) GS:ffff8881f7500000(0000) knlGS:0000000000000000 [ 51.556171][ T455] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 51.562741][ T455] CR2: 0000000000000024 CR3: 00000001119b9000 CR4: 00000000003506a0 [ 51.570701][ T455] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 51.578826][ T455] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 51.586891][ T455] Call Trace: [ 51.590165][ T455] ? f2fs_balance_fs+0x650/0x650 [ 51.595085][ T455] ? _raw_spin_unlock+0x41/0x70 [ 51.600011][ T455] ? __remove_ino_entry+0x1b5/0x290 [ 51.605211][ T455] ? f2fs_wait_on_node_pages_writeback+0x2a0/0x3f0 [ 51.611808][ T455] f2fs_do_sync_file+0x1009/0x1ab0 [ 51.616991][ T455] ? f2fs_llseek+0x19a0/0x19a0 [ 51.621734][ T455] ? f2fs_balance_fs+0x126/0x650 [ 51.626657][ T455] ? mnt_clone_write+0xbb/0x110 [ 51.631499][ T455] __f2fs_ioctl+0x4cfe/0x9070 [ 51.636158][ T455] ? do_futex+0x1ed/0x1320 [ 51.640670][ T455] ? kmem_cache_free+0x106/0x440 [ 51.645600][ T455] ? __kasan_slab_free+0x11c/0x150 [ 51.650719][ T455] ? slab_free_freelist_hook+0x9b/0x1a0 [ 51.656246][ T455] ? futex_exit_release+0x200/0x200 [ 51.661438][ T455] ? kmem_cache_free+0x106/0x440 [ 51.666355][ T455] ? f2fs_precache_extents+0x200/0x200 [ 51.671897][ T455] ? ioctl_has_perm.constprop.0.isra.0+0x25c/0x3e0 [ 51.678373][ T455] ? generic_block_fiemap+0x70/0x70 [ 51.683551][ T455] ? slab_free_freelist_hook+0x9b/0x1a0 [ 51.689167][ T455] f2fs_ioctl+0x162/0x4c0 [ 51.693475][ T455] __x64_sys_ioctl+0x129/0x1a0 [ 51.698309][ T455] do_syscall_64+0x32/0x50 [ 51.702708][ T455] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 51.708581][ T455] RIP: 0033:0x7fc99c826e79 [ 51.712987][ T455] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 51.732586][ T455] RSP: 002b:00007fc99c68b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 51.741006][ T455] RAX: ffffffffffffffda RBX: 00007fc99ca91fa0 RCX: 00007fc99c826e79 [ 51.748977][ T455] RDX: 0000000000000000 RSI: 000000000000f502 RDI: 0000000000000005 [ 51.757117][ T455] RBP: 00007fc99c8b9ee0 R08: 0000000000000000 R09: 0000000000000000 [ 51.765085][ T455] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 51.773128][ T455] R13: 00007fc99ca92038 R14: 00007fc99ca91fa0 R15: 00007ffc5a8e0d68 [ 51.781084][ T455] Modules linked in: [ 51.784967][ T455] CR2: 0000000000000024 [ 51.789363][ T455] ---[ end trace aef0ceb31a03b909 ]--- [ 51.794822][ T455] RIP: 0010:f2fs_issue_flush+0x19a/0x450 [ 51.800454][ T455] Code: 00 00 8b b5 30 ff ff ff 4c 89 e7 e8 e0 df fe ff 49 8d 7e 24 be 04 00 00 00 41 89 c7 eb 2a 4d 8d 6e 24 4c 89 ef e8 d6 d3 97 ff 41 ff 46 24 8b b5 30 ff ff ff 4c 89 e7 e8 b3 df fe ff be 04 00 [ 51.820059][ T455] RSP: 0018:ffffc90000817968 EFLAGS: 00010246 [ 51.826210][ T455] RAX: 0000000000000000 RBX: 1ffff92000102f30 RCX: ffffffff81326ef1 [ 51.834254][ T455] RDX: fffffbfff0ad873c RSI: 0000000000000004 RDI: ffffffff856c39e0 [ 51.842340][ T455] RBP: ffffc90000817a48 R08: 0000000000000001 R09: 0000000000000003 [ 51.850400][ T455] R10: fffffbfff0ad873c R11: 0000000000000001 R12: ffff8881126e4000 [ 51.858349][ T455] R13: 0000000000000024 R14: 0000000000000000 R15: 0000000000000000 [ 51.866413][ T455] FS: 00007fc99c68b6c0(0000) GS:ffff8881f7500000(0000) knlGS:0000000000000000 [ 51.875420][ T455] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 51.881988][ T455] CR2: 0000000000000024 CR3: 00000001119b9000 CR4: 00000000003506a0 [ 51.890686][ T455] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 51.898637][ T455] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 51.907055][ T455] Kernel panic - not syncing: Fatal exception [ 51.913529][ T455] Kernel Offset: disabled [ 51.917833][ T455] Rebooting in 86400 seconds..