Warning: Permanently added '10.128.1.234' (ED25519) to the list of known hosts. 2025/09/27 14:06:01 parsed 1 programs [ 44.985749][ T24] kauditd_printk_skb: 30 callbacks suppressed [ 44.985761][ T24] audit: type=1400 audit(1758981962.260:104): avc: denied { unlink } for pid=426 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 45.090293][ T426] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 45.894706][ T24] audit: type=1401 audit(1758981963.170:105): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768" [ 45.942788][ T456] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.949834][ T456] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.957559][ T456] device bridge_slave_0 entered promiscuous mode [ 45.964503][ T456] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.971529][ T456] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.978910][ T456] device bridge_slave_1 entered promiscuous mode [ 46.009929][ T456] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.017025][ T456] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.024566][ T456] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.031626][ T456] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.047031][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 46.055390][ T332] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.062882][ T332] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.071897][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 46.080126][ T332] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.087171][ T332] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.097845][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 46.106242][ T332] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.113714][ T332] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.123766][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 46.132974][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 46.145608][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 46.156059][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 46.164262][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 46.171670][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 46.179816][ T456] device veth0_vlan entered promiscuous mode [ 46.189323][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 46.198483][ T456] device veth1_macvtap entered promiscuous mode [ 46.211173][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 46.220945][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 46.310881][ T24] audit: type=1400 audit(1758981963.580:106): avc: denied { create } for pid=471 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 2025/09/27 14:06:03 executed programs: 0 [ 46.572485][ T24] audit: type=1400 audit(1758981963.850:107): avc: denied { write } for pid=417 comm="syz-execprog" path="pipe:[14987]" dev="pipefs" ino=14987 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 46.634599][ T486] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.641842][ T486] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.649286][ T486] device bridge_slave_0 entered promiscuous mode [ 46.656746][ T486] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.664393][ T486] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.671956][ T486] device bridge_slave_1 entered promiscuous mode [ 46.704345][ T486] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.711393][ T486] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.718783][ T486] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.725947][ T486] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.734221][ T332] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.741468][ T332] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.757311][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 46.764883][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 46.773731][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 46.782034][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 46.790317][ T332] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.797355][ T332] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.806056][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 46.814731][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 46.822932][ T332] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.830219][ T332] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.840931][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 46.849058][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 46.857977][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 46.866366][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 46.878637][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 46.887375][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 46.897888][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 46.906419][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 46.914503][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 46.922094][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 46.936871][ T486] device veth0_vlan entered promiscuous mode [ 46.946452][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 46.954563][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 46.963675][ T486] device veth1_macvtap entered promiscuous mode [ 46.972210][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 46.979825][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 46.988355][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 46.997571][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 47.005958][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 47.051298][ T491] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 47.064748][ T491] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 47.076685][ T491] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2815: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 47.090575][ T491] EXT4-fs (loop2): 1 truncate cleaned up [ 47.096659][ T491] EXT4-fs (loop2): mounted filesystem without journal. Opts: nogrpid,min_batch_time=0x0000000000000000,debug_want_extra_isize=0x0000000000000068,nobarrier,nodiscard,quota,,errors=continue [ 47.116236][ T24] audit: type=1400 audit(1758981964.390:108): avc: denied { mount } for pid=490 comm="syz.2.16" name="/" dev="loop2" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 47.135357][ T491] ================================================================== [ 47.137850][ T24] audit: type=1400 audit(1758981964.410:109): avc: denied { write } for pid=490 comm="syz.2.16" name="file2" dev="loop2" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 47.145928][ T491] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x1339/0x36c0 [ 47.145940][ T491] Read of size 18446744073709551540 at addr ffff888112ad0870 by task syz.2.16/491 [ 47.145943][ T491] [ 47.145954][ T491] CPU: 0 PID: 491 Comm: syz.2.16 Not tainted syzkaller #0 [ 47.145960][ T491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 47.145963][ T491] Call Trace: [ 47.145987][ T491] __dump_stack+0x21/0x24 [ 47.168556][ T24] audit: type=1400 audit(1758981964.410:110): avc: denied { open } for pid=490 comm="syz.2.16" name="file2" dev="loop2" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 47.175852][ T491] dump_stack_lvl+0x169/0x1d8 [ 47.175864][ T491] ? show_regs_print_info+0x18/0x18 [ 47.175873][ T491] ? thaw_kernel_threads+0x220/0x220 [ 47.175890][ T491] print_address_description+0x7f/0x2c0 [ 47.185339][ T24] audit: type=1400 audit(1758981964.410:111): avc: denied { setattr } for pid=490 comm="syz.2.16" name="file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 47.187395][ T491] ? ext4_xattr_set_entry+0x1339/0x36c0 [ 47.283656][ T491] kasan_report+0xe2/0x130 [ 47.288055][ T491] ? ext4_xattr_set_entry+0x1339/0x36c0 [ 47.293592][ T491] ? ext4_xattr_set_entry+0x1339/0x36c0 [ 47.299211][ T491] kasan_check_range+0x280/0x290 [ 47.304339][ T491] memmove+0x2d/0x70 [ 47.308327][ T491] ext4_xattr_set_entry+0x1339/0x36c0 [ 47.313710][ T491] ? fscrypt_drop_inode+0xad/0x110 [ 47.319044][ T491] ? ext4_xattr_ibody_set+0x360/0x360 [ 47.324427][ T491] ? slab_post_alloc_hook+0x7d/0x2f0 [ 47.329701][ T491] ? ext4_xattr_block_set+0x847/0x2a50 [ 47.335144][ T491] ? ext4_xattr_block_set+0x847/0x2a50 [ 47.340586][ T491] ? __kmalloc_track_caller+0x181/0x320 [ 47.346306][ T491] ? memcpy+0x56/0x70 [ 47.350287][ T491] ext4_xattr_block_set+0x92f/0x2a50 [ 47.355567][ T491] ? __kasan_check_read+0x11/0x20 [ 47.360585][ T491] ? __ext4_xattr_check_block+0x265/0x8e0 [ 47.366286][ T491] ? ext4_xattr_block_find+0x4f0/0x4f0 [ 47.371760][ T491] ? __kasan_check_write+0x14/0x20 [ 47.377066][ T491] ext4_xattr_set_handle+0xba5/0x12a0 [ 47.382646][ T491] ? ext4_xattr_set_entry+0x36c0/0x36c0 [ 47.388353][ T491] ? __kasan_check_read+0x11/0x20 [ 47.393457][ T491] ? __ext4_journal_start_sb+0x2e2/0x490 [ 47.399364][ T491] ext4_xattr_set+0x1ec/0x320 [ 47.404139][ T491] ? ext4_xattr_set_credits+0x290/0x290 [ 47.409976][ T491] ext4_xattr_trusted_set+0x3b/0x50 [ 47.415252][ T491] ? ext4_xattr_trusted_get+0x40/0x40 [ 47.420770][ T491] __vfs_setxattr+0x42a/0x480 [ 47.425630][ T491] __vfs_setxattr_noperm+0x11e/0x4e0 [ 47.430909][ T491] __vfs_setxattr_locked+0x203/0x220 [ 47.436197][ T491] vfs_setxattr+0x8d/0x1c0 [ 47.440727][ T491] setxattr+0x1a9/0x370 [ 47.444897][ T491] ? path_setxattr+0x210/0x210 [ 47.449919][ T491] ? __mnt_want_write+0x1e6/0x260 [ 47.455014][ T491] ? mnt_want_write+0x19d/0x270 [ 47.459949][ T491] path_setxattr+0x110/0x210 [ 47.464632][ T491] ? simple_xattr_list_add+0x120/0x120 [ 47.470081][ T491] ? do_sys_truncate+0x12f/0x190 [ 47.475005][ T491] __x64_sys_lsetxattr+0xc2/0xe0 [ 47.479926][ T491] do_syscall_64+0x31/0x40 [ 47.484328][ T491] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 47.490216][ T491] RIP: 0033:0x7fdc0cb76969 [ 47.494712][ T491] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 47.514531][ T491] RSP: 002b:00007fdc0c5e7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 47.523050][ T491] RAX: ffffffffffffffda RBX: 00007fdc0cd9dfa0 RCX: 00007fdc0cb76969 [ 47.531093][ T491] RDX: 0000200000000040 RSI: 00002000000000c0 RDI: 0000200000000100 [ 47.539138][ T491] RBP: 00007fdc0cbf8ab1 R08: 0000000000000000 R09: 0000000000000000 [ 47.547107][ T491] R10: 000000000000fe37 R11: 0000000000000246 R12: 0000000000000000 [ 47.555078][ T491] R13: 0000000000000000 R14: 00007fdc0cd9dfa0 R15: 00007ffd3b1ada08 [ 47.563372][ T491] [ 47.565716][ T491] Allocated by task 0: [ 47.569757][ T491] (stack is not available) [ 47.574260][ T491] [ 47.576778][ T491] The buggy address belongs to the object at ffff888112ad0800 [ 47.576778][ T491] which belongs to the cache kmalloc-1k of size 1024 [ 47.590829][ T491] The buggy address is located 112 bytes inside of [ 47.590829][ T491] 1024-byte region [ffff888112ad0800, ffff888112ad0c00) [ 47.604252][ T491] The buggy address belongs to the page: [ 47.609976][ T491] page:ffffea00044ab400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x112ad0 [ 47.620601][ T491] head:ffffea00044ab400 order:3 compound_mapcount:0 compound_pincount:0 [ 47.629113][ T491] flags: 0x4000000000010200(slab|head) [ 47.634661][ T491] raw: 4000000000010200 ffffea00044a6600 0000000400000004 ffff888100042f00 [ 47.643337][ T491] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 47.651896][ T491] page dumped because: kasan: bad access detected [ 47.658564][ T491] page_owner tracks the page as allocated [ 47.664294][ T491] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 97, ts 4788929493, free_ts 0 [ 47.682424][ T491] prep_new_page+0x179/0x180 [ 47.687101][ T491] get_page_from_freelist+0x2235/0x23d0 [ 47.692715][ T491] __alloc_pages_nodemask+0x268/0x5f0 [ 47.698160][ T491] new_slab+0x84/0x3f0 [ 47.702224][ T491] ___slab_alloc+0x2a6/0x450 [ 47.706889][ T491] __slab_alloc+0x63/0xa0 [ 47.711213][ T491] __kmalloc_track_caller+0x1ef/0x320 [ 47.716671][ T491] __alloc_skb+0xdc/0x520 [ 47.721158][ T491] netlink_sendmsg+0x5f6/0xb30 [ 47.726152][ T491] ____sys_sendmsg+0x5a2/0x8c0 [ 47.730922][ T491] ___sys_sendmsg+0x1f0/0x260 [ 47.735686][ T491] __x64_sys_sendmsg+0x1e2/0x2a0 [ 47.740803][ T491] do_syscall_64+0x31/0x40 [ 47.745362][ T491] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 47.751352][ T491] page_owner free stack trace missing [ 47.756709][ T491] [ 47.759030][ T491] Memory state around the buggy address: [ 47.764811][ T491] ffff888112ad0700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.773246][ T491] ffff888112ad0780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.782234][ T491] >ffff888112ad0800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 47.790281][ T491] ^ [ 47.798107][ T491] ffff888112ad0880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 47.806334][ T491] ffff888112ad0900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 47.814941][ T491] ================================================================== [ 47.822994][ T491] Disabling lock debugging due to kernel taint [ 47.835300][ T24] audit: type=1400 audit(1758981965.110:112): avc: denied { read } for pid=76 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 47.857712][ T24] audit: type=1400 audit(1758981965.110:113): avc: denied { search } for pid=76 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 47.953253][ T495] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 47.964901][ T495] EXT4-fs (loop2): 1 truncate cleaned up [ 47.970713][ T495] EXT4-fs (loop2): mounted filesystem without journal. Opts: nogrpid,min_batch_time=0x0000000000000000,debug_want_extra_isize=0x0000000000000068,nobarrier,nodiscard,quota,,errors=continue [ 47.993593][ T433] general protection fault, probably for non-canonical address 0xf09a3652033aa5a6: 0000 [#1] PREEMPT SMP KASAN [ 48.005704][ T433] KASAN: maybe wild-memory-access in range [0x84d1d29019d52d30-0x84d1d29019d52d37] [ 48.015261][ T433] CPU: 0 PID: 433 Comm: udevd Tainted: G B syzkaller #0 [ 48.023477][ T433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 48.033632][ T433] RIP: 0010:kmem_cache_alloc_trace+0x10d/0x2e0 [ 48.039937][ T433] Code: 8b 38 48 85 ff 0f 84 b4 00 00 00 48 83 78 10 00 0f 84 a9 00 00 00 41 8b 44 24 28 48 8d 0c 07 49 8b 9c 24 d8 00 00 00 48 0f c9 <48> 33 1c 07 48 31 cb 48 89 d1 48 83 c1 08 4d 8b 04 24 48 89 f8 65 [ 48.060189][ T433] RSP: 0018:ffffc90000b87798 EFLAGS: 00010286 [ 48.066242][ T433] RAX: 0000000000000800 RBX: f0f2374a82b26259 RCX: a6a53a0352369af0 [ 48.074281][ T433] RDX: 0000000000010d78 RSI: 0000000000001000 RDI: f09a3652033a9da6 [ 48.082234][ T433] RBP: ffffc90000b877e0 R08: 0000000000000004 R09: 0000000000000003 [ 48.090353][ T433] R10: 0000000000000000 R11: 1ffff92000170ed4 R12: ffff888100042c00 [ 48.098498][ T433] R13: ffffffff81c59af6 R14: 0000000000000dc0 R15: 0000000000001000 [ 48.106903][ T433] FS: 00007fbf9d95c880(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 48.115994][ T433] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 48.122662][ T433] CR2: 00007fbf9d7ab000 CR3: 0000000111a6f000 CR4: 00000000003506b0 [ 48.130903][ T433] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 48.139046][ T433] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 48.147170][ T433] Call Trace: [ 48.150718][ T433] ? kernfs_iop_get_link+0x66/0x600 [ 48.156620][ T433] ? __kasan_check_write+0x14/0x20 [ 48.161820][ T433] kernfs_iop_get_link+0x66/0x600 [ 48.166825][ T433] ? security_inode_follow_link+0xc4/0x110 [ 48.172613][ T433] ? kernfs_create_link+0x200/0x200 [ 48.177893][ T433] pick_link+0x5b2/0xcc0 [ 48.182332][ T433] step_into+0xab6/0xcf0 [ 48.186641][ T433] ? lookup_fast+0x463/0x700 [ 48.191414][ T433] ? set_root+0x3f0/0x3f0 [ 48.195851][ T433] path_openat+0x1639/0x3160 [ 48.200718][ T433] ? memcpy+0x56/0x70 [ 48.204984][ T433] ? __kasan_slab_alloc+0xcf/0xf0 [ 48.210325][ T433] ? kmem_cache_alloc+0x165/0x2e0 [ 48.215461][ T433] ? getname+0x19/0x20 [ 48.219538][ T433] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 48.225602][ T433] ? do_filp_open+0x3e0/0x3e0 [ 48.230273][ T433] ? expand_files+0xde/0x8e0 [ 48.234862][ T433] do_filp_open+0x1b3/0x3e0 [ 48.239434][ T433] ? vfs_tmpfile+0x2c0/0x2c0 [ 48.244007][ T433] ? get_unused_fd_flags+0x92/0xa0 [ 48.249106][ T433] do_sys_openat2+0x14c/0x6d0 [ 48.253860][ T433] ? do_sys_open+0xe0/0xe0 [ 48.258270][ T433] __x64_sys_openat+0x136/0x160 [ 48.263214][ T433] do_syscall_64+0x31/0x40 [ 48.267704][ T433] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 48.273572][ T433] RIP: 0033:0x7fbf9da4a407 [ 48.277969][ T433] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff [ 48.298078][ T433] RSP: 002b:00007fffed902140 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 48.306692][ T433] RAX: ffffffffffffffda RBX: 00007fbf9d95c880 RCX: 00007fbf9da4a407 [ 48.314942][ T433] RDX: 0000000000080000 RSI: 000055f049ce9310 RDI: ffffffffffffff9c [ 48.322906][ T433] RBP: 000055f049ce9310 R08: 0000000000000000 R09: 0000000000000000 [ 48.330862][ T433] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 48.338902][ T433] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000009 [ 48.347172][ T433] Modules linked in: [ 48.351173][ T495] BUG: unable to handle page fault for address: ffff888118d36000 [ 48.359244][ T495] #PF: supervisor write access in kernel mode [ 48.365296][ T495] #PF: error_code(0x0003) - permissions violation [ 48.371803][ T495] PGD 6e01067 P4D 6e01067 PUD 1087e3063 PMD 10c2a3063 PTE 8000000118d36161 [ 48.380589][ T495] Oops: 0003 [#2] PREEMPT SMP KASAN [ 48.385770][ T495] CPU: 1 PID: 495 Comm: syz.2.17 Tainted: G B D syzkaller #0 [ 48.394353][ T495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 48.404745][ T495] RIP: 0010:__memmove+0x19c/0x1a0 [ 48.410020][ T495] Code: fa 02 72 16 66 44 8b 1e 66 44 8b 54 16 fe 66 44 89 1f 66 44 89 54 17 fe eb 0c 48 83 fa 01 72 06 44 8a 1e 44 88 1f c3 48 89 d1 a4 c3 00 eb 2e 0f 1f 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 [ 48.429604][ T495] RSP: 0018:ffffc90001107380 EFLAGS: 00010282 [ 48.435651][ T495] RAX: ffff888117ff0050 RBX: ffffffffffffffb4 RCX: ffffffffff2ba004 [ 48.443602][ T495] RDX: ffffffffffffffb4 RSI: ffff888118d36020 RDI: ffff888118d36000 [ 48.451914][ T495] RBP: ffffc900011073b0 R08: ffff888117ff0004 R09: ffffed1022ffe080 [ 48.459998][ T495] R10: 0000000000000000 R11: 0000000000000080 R12: 0000000000000000 [ 48.467958][ T495] R13: ffffffff81ddd5a9 R14: ffff888117ff0070 R15: ffff888117ff0050 [ 48.476016][ T495] FS: 00007fdc0c5e76c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 48.485121][ T495] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 48.491687][ T495] CR2: ffff888118d36000 CR3: 0000000112851000 CR4: 00000000003506a0 [ 48.499873][ T495] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 48.507891][ T495] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 48.516032][ T495] Call Trace: [ 48.519320][ T495] ? memmove+0x56/0x70 [ 48.523399][ T495] ext4_xattr_set_entry+0x1339/0x36c0 [ 48.528803][ T495] ? fscrypt_drop_inode+0xad/0x110 [ 48.534094][ T495] ? ext4_xattr_ibody_set+0x360/0x360 [ 48.539597][ T495] ? slab_post_alloc_hook+0x7d/0x2f0 [ 48.545232][ T495] ? ext4_xattr_block_set+0x847/0x2a50 [ 48.550873][ T495] ? ext4_xattr_block_set+0x847/0x2a50 [ 48.556504][ T495] ? __kmalloc_track_caller+0x181/0x320 [ 48.562029][ T495] ? memcpy+0x56/0x70 [ 48.566014][ T495] ext4_xattr_block_set+0x92f/0x2a50 [ 48.571367][ T495] ? __kasan_check_read+0x11/0x20 [ 48.576479][ T495] ? __ext4_xattr_check_block+0x265/0x8e0 [ 48.582223][ T495] ? ext4_xattr_block_find+0x4f0/0x4f0 [ 48.587678][ T495] ? __kasan_check_write+0x14/0x20 [ 48.592885][ T495] ext4_xattr_set_handle+0xba5/0x12a0 [ 48.598291][ T495] ? ext4_xattr_set_entry+0x36c0/0x36c0 [ 48.603904][ T495] ? __kasan_check_read+0x11/0x20 [ 48.608938][ T495] ? __ext4_journal_start_sb+0x2e2/0x490 [ 48.614651][ T495] ext4_xattr_set+0x1ec/0x320 [ 48.619336][ T495] ? ext4_xattr_set_credits+0x290/0x290 [ 48.624876][ T495] ext4_xattr_trusted_set+0x3b/0x50 [ 48.630273][ T495] ? ext4_xattr_trusted_get+0x40/0x40 [ 48.635635][ T495] __vfs_setxattr+0x42a/0x480 [ 48.640330][ T495] __vfs_setxattr_noperm+0x11e/0x4e0 [ 48.645601][ T495] __vfs_setxattr_locked+0x203/0x220 [ 48.650863][ T495] vfs_setxattr+0x8d/0x1c0 [ 48.655409][ T495] setxattr+0x1a9/0x370 [ 48.659647][ T495] ? path_setxattr+0x210/0x210 [ 48.664574][ T495] ? __mnt_want_write+0x1e6/0x260 [ 48.669592][ T495] ? mnt_want_write+0x19d/0x270 [ 48.674515][ T495] path_setxattr+0x110/0x210 [ 48.679434][ T495] ? simple_xattr_list_add+0x120/0x120 [ 48.684905][ T495] ? do_sys_truncate+0x12f/0x190 [ 48.689871][ T495] __x64_sys_lsetxattr+0xc2/0xe0 [ 48.694813][ T495] do_syscall_64+0x31/0x40 [ 48.699302][ T495] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 48.705613][ T495] RIP: 0033:0x7fdc0cb76969 [ 48.710391][ T495] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 48.730415][ T495] RSP: 002b:00007fdc0c5e7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 48.739131][ T495] RAX: ffffffffffffffda RBX: 00007fdc0cd9dfa0 RCX: 00007fdc0cb76969 [ 48.747117][ T495] RDX: 0000200000000040 RSI: 00002000000000c0 RDI: 0000200000000100 [ 48.755169][ T495] RBP: 00007fdc0cbf8ab1 R08: 0000000000000000 R09: 0000000000000000 [ 48.763896][ T495] R10: 000000000000fe37 R11: 0000000000000246 R12: 0000000000000000 [ 48.772291][ T495] R13: 0000000000000000 R14: 00007fdc0cd9dfa0 R15: 00007ffd3b1ada08 [ 48.780616][ T495] Modules linked in: [ 48.784505][ T495] CR2: ffff888118d36000 [ 48.788767][ T495] ---[ end trace d257e29e59277b74 ]--- [ 48.788817][ T396] general protection fault, probably for non-canonical address 0xaef979a4e358ad36: 0000 [#3] PREEMPT SMP KASAN [ 48.794283][ T495] RIP: 0010:kmem_cache_alloc_trace+0x10d/0x2e0 [ 48.806525][ T396] CPU: 0 PID: 396 Comm: kworker/0:8 Tainted: G B D syzkaller #0 [ 48.812661][ T495] Code: 8b 38 48 85 ff 0f 84 b4 00 00 00 48 83 78 10 00 0f 84 a9 00 00 00 41 8b 44 24 28 48 8d 0c 07 49 8b 9c 24 d8 00 00 00 48 0f c9 <48> 33 1c 07 48 31 cb 48 89 d1 48 83 c1 08 4d 8b 04 24 48 89 f8 65 [ 48.821599][ T396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 48.841280][ T495] RSP: 0018:ffffc90000b87798 EFLAGS: 00010286 [ 48.851325][ T396] Workqueue: ipv6_addrconf addrconf_dad_work [ 48.857498][ T495] RAX: 0000000000000800 RBX: f0f2374a82b26259 RCX: a6a53a0352369af0 [ 48.863721][ T396] RIP: 0010:__kmalloc_track_caller+0x12e/0x320 [ 48.871696][ T495] RDX: 0000000000010d78 RSI: 0000000000001000 RDI: f09a3652033a9da6 [ 48.877840][ T396] Code: e5 48 8b 38 48 85 ff 0f 84 cd 00 00 00 48 83 78 10 00 0f 84 c2 00 00 00 41 8b 45 28 48 8d 0c 07 49 8b 9d d8 00 00 00 48 0f c9 <48> 33 1c 07 48 31 cb 48 89 d1 48 83 c1 08 4d 8b 45 00 48 89 f8 65 [ 48.886333][ T495] RBP: ffffc90000b877e0 R08: 0000000000000004 R09: 0000000000000003 [ 48.906114][ T396] RSP: 0018:ffffc90000fd7478 EFLAGS: 00010286 [ 48.914068][ T495] R10: 0000000000000000 R11: 1ffff92000170ed4 R12: ffff888100042c00 [ 48.914078][ T396] [ 48.920146][ T495] R13: ffffffff81c59af6 R14: 0000000000000dc0 R15: 0000000000001000 [ 48.928279][ T396] RAX: 0000000000000200 RBX: ae0371bc62d054c9 RCX: 36ad58e3a479f9ae [ 48.930691][ T495] FS: 00007fdc0c5e76c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 48.938731][ T396] RDX: 0000000000015080 RSI: 0000000000000400 RDI: aef979a4e358ab36 [ 48.946697][ T495] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 48.955780][ T396] RBP: ffffc90000fd74c8 R08: 0000000000000140 R09: ffff88811227ca00 [ 48.964029][ T495] CR2: ffff888118d36000 CR3: 0000000112851000 CR4: 00000000003506a0 [ 48.970686][ T396] R10: 0000000000000000 R11: 000000001f7d1ce8 R12: ffffffff83f6d767 [ 48.978645][ T495] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 48.986640][ T396] R13: ffff888100042f00 R14: 0000000000082a20 R15: 0000000000000300 [ 48.994604][ T495] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 49.002649][ T396] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 49.010781][ T495] Kernel panic - not syncing: Fatal exception [ 49.019176][ T396] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 49.041515][ T396] CR2: 00007fbf9d7ab000 CR3: 000000011635c000 CR4: 00000000003506b0 [ 49.049490][ T396] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 49.057727][ T396] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 49.065869][ T396] Call Trace: [ 49.069425][ T396] ? kmem_cache_alloc+0x165/0x2e0 [ 49.074458][ T396] ? inet6_rt_notify+0x287/0x470 [ 49.079478][ T396] ? inet6_rt_notify+0x287/0x470 [ 49.084411][ T396] __alloc_skb+0xdc/0x520 [ 49.089012][ T396] inet6_rt_notify+0x287/0x470 [ 49.094297][ T396] ? rt6_nh_dump_exceptions+0x690/0x690 [ 49.099845][ T396] ? call_fib_notifiers+0xa0/0xc0 [ 49.104866][ T396] fib6_add+0x214b/0x3bf0 [ 49.109196][ T396] ? remove_wait_queue+0x140/0x140 [ 49.114313][ T396] ? fib6_update_sernum_stub+0x190/0x190 [ 49.120110][ T396] ? __kasan_check_write+0x14/0x20 [ 49.125327][ T396] ? _raw_spin_lock_bh+0x8e/0xe0 [ 49.130260][ T396] ip6_ins_rt+0xc5/0x110 [ 49.134496][ T396] ? rt6_lookup+0x1d0/0x1d0 [ 49.138997][ T396] ? rtnl_notify+0x9a/0xc0 [ 49.143507][ T396] __ipv6_ifa_notify+0x4bf/0xdb0 [ 49.148635][ T396] ? _raw_write_lock_irq+0xe0/0xe0 [ 49.154024][ T396] ? inet6_fill_ifla6_attrs+0x2030/0x2030 [ 49.159932][ T396] ? __local_bh_enable_ip+0x53/0x80 [ 49.165234][ T396] ? __kasan_check_write+0x14/0x20 [ 49.170440][ T396] ? try_to_grab_pending+0x1a2/0x570 [ 49.175750][ T396] ? mod_delayed_work_on+0xd0/0xd0 [ 49.180963][ T396] ? mutex_unlock+0x1c/0x40 [ 49.185627][ T396] ? __kasan_check_write+0x14/0x20 [ 49.190874][ T396] ? __cancel_work+0x179/0x1e0 [ 49.195904][ T396] addrconf_dad_completed+0x183/0xe80 [ 49.201268][ T396] ? addrconf_dad_stop+0x460/0x460 [ 49.206371][ T396] addrconf_dad_work+0xc18/0x1410 [ 49.211828][ T396] ? ipv6_get_saddr_eval+0xf70/0xf70 [ 49.217196][ T396] ? pwq_activate_delayed_work+0x2dd/0x3f0 [ 49.223104][ T396] ? __kasan_check_read+0x11/0x20 [ 49.228151][ T396] ? read_word_at_a_time+0x12/0x20 [ 49.233281][ T396] ? strscpy+0x9b/0x290 [ 49.237524][ T396] process_one_work+0x6e1/0xba0 [ 49.242484][ T396] worker_thread+0xa6a/0x13b0 [ 49.247342][ T396] kthread+0x346/0x3d0 [ 49.251405][ T396] ? worker_clr_flags+0x190/0x190 [ 49.256437][ T396] ? kthread_blkcg+0xd0/0xd0 [ 49.261218][ T396] ret_from_fork+0x1f/0x30 [ 49.265743][ T396] Modules linked in: [ 49.270188][ T495] Kernel Offset: disabled [ 49.274692][ T495] Rebooting in 86400 seconds..