Warning: Permanently added '10.128.1.187' (ED25519) to the list of known hosts.
2025/11/16 20:19:01 parsed 1 programs
[ 45.372186][ T30] audit: type=1400 audit(1763324342.169:105): avc: denied { unlink } for pid=398 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 45.435951][ T398] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 46.206380][ T437] bridge0: port 1(bridge_slave_0) entered blocking state
[ 46.213485][ T437] bridge0: port 1(bridge_slave_0) entered disabled state
[ 46.220781][ T437] device bridge_slave_0 entered promiscuous mode
[ 46.227654][ T437] bridge0: port 2(bridge_slave_1) entered blocking state
[ 46.234722][ T437] bridge0: port 2(bridge_slave_1) entered disabled state
[ 46.242020][ T437] device bridge_slave_1 entered promiscuous mode
[ 46.276833][ T437] bridge0: port 2(bridge_slave_1) entered blocking state
[ 46.283898][ T437] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 46.291127][ T437] bridge0: port 1(bridge_slave_0) entered blocking state
[ 46.298268][ T437] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 46.314177][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 46.321955][ T10] bridge0: port 1(bridge_slave_0) entered disabled state
[ 46.329215][ T10] bridge0: port 2(bridge_slave_1) entered disabled state
[ 46.338614][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 46.346843][ T10] bridge0: port 1(bridge_slave_0) entered blocking state
[ 46.353893][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 46.362240][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 46.370362][ T10] bridge0: port 2(bridge_slave_1) entered blocking state
[ 46.377404][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 46.392433][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 46.400398][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 46.414144][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 46.424606][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 46.432773][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 46.440128][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 46.448732][ T437] device veth0_vlan entered promiscuous mode
[ 46.458938][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 46.467829][ T437] device veth1_macvtap entered promiscuous mode
[ 46.476795][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 46.486500][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 46.512368][ T437] syz-executor (437) used greatest stack depth: 21760 bytes left
[ 46.676703][ T30] audit: type=1401 audit(1763324343.469:106): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
2025/11/16 20:19:03 executed programs: 0
[ 46.943883][ T468] bridge0: port 1(bridge_slave_0) entered blocking state
[ 46.950922][ T468] bridge0: port 1(bridge_slave_0) entered disabled state
[ 46.958611][ T468] device bridge_slave_0 entered promiscuous mode
[ 46.965832][ T468] bridge0: port 2(bridge_slave_1) entered blocking state
[ 46.972922][ T468] bridge0: port 2(bridge_slave_1) entered disabled state
[ 46.980221][ T468] device bridge_slave_1 entered promiscuous mode
[ 47.020447][ T468] bridge0: port 2(bridge_slave_1) entered blocking state
[ 47.027512][ T468] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 47.034789][ T468] bridge0: port 1(bridge_slave_0) entered blocking state
[ 47.041920][ T468] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 47.062193][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 47.069952][ T10] bridge0: port 1(bridge_slave_0) entered disabled state
[ 47.077428][ T10] bridge0: port 2(bridge_slave_1) entered disabled state
[ 47.090358][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 47.098965][ T10] bridge0: port 1(bridge_slave_0) entered blocking state
[ 47.106017][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 47.114949][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 47.123291][ T10] bridge0: port 2(bridge_slave_1) entered blocking state
[ 47.130308][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 47.146245][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 47.155140][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 47.167630][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 47.178136][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 47.186144][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 47.193817][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 47.202422][ T468] device veth0_vlan entered promiscuous mode
[ 47.213589][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 47.221970][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 47.231087][ T468] device veth1_macvtap entered promiscuous mode
[ 47.256083][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 47.263837][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 47.272186][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 47.281415][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 47.289876][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 47.317151][ T480] loop2: detected capacity change from 0 to 1024
[ 47.383591][ T480] =======================================================
[ 47.383591][ T480] WARNING: The mand mount option has been deprecated and
[ 47.383591][ T480] and is ignored by this kernel. Remove the mand
[ 47.383591][ T480] option from the mount to silence this warning.
[ 47.383591][ T480] =======================================================
[ 47.452562][ T480] EXT4-fs (loop2): Ignoring removed nobh option
[ 47.458854][ T480] EXT4-fs (loop2): Ignoring removed bh option
[ 47.465101][ T480] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 47.483308][ T480] EXT4-fs (loop2): mounted filesystem without journal. Opts: delalloc,data_err=abort,user_xattr,errors=continue,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue. Quota mode: writeback.
[ 47.508766][ T30] audit: type=1400 audit(1763324344.309:107): avc: denied { mount } for pid=479 comm="syz.2.17" name="/" dev="loop2" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 47.531002][ T30] audit: type=1400 audit(1763324344.319:108): avc: denied { read append } for pid=479 comm="syz.2.17" name="file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[ 47.553544][ T30] audit: type=1400 audit(1763324344.319:109): avc: denied { open } for pid=479 comm="syz.2.17" path="/0/file1/file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[ 47.576554][ T30] audit: type=1400 audit(1763324344.319:110): avc: denied { write } for pid=479 comm="syz.2.17" name="/" dev="loop2" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 47.578496][ T468] EXT4-fs error (device loop2): mb_free_blocks:1860: group 0, inode 20: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[ 47.598920][ T30] audit: type=1400 audit(1763324344.319:111): avc: denied { add_name } for pid=479 comm="syz.2.17" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 47.614435][ T468] ==================================================================
[ 47.654875][ T30] audit: type=1400 audit(1763324344.319:112): avc: denied { create } for pid=479 comm="syz.2.17" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1
[ 47.662380][ T468] BUG: KASAN: use-after-free in ext4_ext_remove_space+0x353c/0x4180
[ 47.704023][ T30] audit: type=1400 audit(1763324344.319:113): avc: denied { remove_name } for pid=479 comm="syz.2.17" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop2" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 47.711663][ T468] Read of size 4 at addr ffff888122cb2c18 by task syz-executor/468
[ 47.711679][ T468]
[ 47.711694][ T468] CPU: 0 PID: 468 Comm: syz-executor Not tainted syzkaller #0
[ 47.755482][ T30] audit: type=1400 audit(1763324344.319:114): avc: denied { unlink } for pid=479 comm="syz.2.17" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop2" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1
[ 47.763026][ T468] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 47.763050][ T468] Call Trace:
[ 47.763055][ T468]
[ 47.763061][ T468] __dump_stack+0x21/0x30
[ 47.763086][ T468] dump_stack_lvl+0xee/0x150
[ 47.763101][ T468] ? show_regs_print_info+0x20/0x20
[ 47.763118][ T468] ? load_image+0x3a0/0x3a0
[ 47.763134][ T468] print_address_description+0x7f/0x2c0
[ 47.763150][ T468] ? ext4_ext_remove_space+0x353c/0x4180
[ 47.763168][ T468] kasan_report+0xf1/0x140
[ 47.866263][ T468] ? __read_extent_tree_block+0x1e8/0x790
[ 47.871976][ T468] ? ext4_ext_remove_space+0x353c/0x4180
[ 47.877679][ T468] __asan_report_load4_noabort+0x14/0x20
[ 47.883295][ T468] ext4_ext_remove_space+0x353c/0x4180
[ 47.888827][ T468] ? ext4_da_release_space+0x1d6/0x480
[ 47.894267][ T468] ? ext4_ext_index_trans_blocks+0x100/0x100
[ 47.900234][ T468] ext4_ext_truncate+0x1a3/0x250
[ 47.905151][ T468] ext4_truncate+0x9a6/0xfa0
[ 47.909720][ T468] ? __ext4_mark_inode_dirty+0x610/0x610
[ 47.915365][ T468] ext4_evict_inode+0xcb9/0x1450
[ 47.920281][ T468] ? _raw_spin_unlock+0x4d/0x70
[ 47.925110][ T468] ? ext4_inode_is_fast_symlink+0x3a0/0x3a0
[ 47.930981][ T468] ? _raw_spin_unlock+0x4d/0x70
[ 47.935813][ T468] ? inode_io_list_del+0x19b/0x1b0
[ 47.940926][ T468] ? ext4_inode_is_fast_symlink+0x3a0/0x3a0
[ 47.946800][ T468] evict+0x485/0x870
[ 47.950678][ T468] ? iput+0x28e/0x7c0
[ 47.954639][ T468] ? proc_nr_inodes+0x310/0x310
[ 47.959479][ T468] ? _raw_spin_lock+0x8e/0xe0
[ 47.964137][ T468] ? _raw_spin_trylock_bh+0x130/0x130
[ 47.969488][ T468] ? iput+0x28e/0x7c0
[ 47.973449][ T468] ? __kasan_check_write+0x14/0x20
[ 47.978631][ T468] iput+0x635/0x7c0
[ 47.982507][ T468] do_unlinkat+0x375/0x6b0
[ 47.986904][ T468] ? fsnotify_link_count+0x100/0x100
[ 47.992176][ T468] ? getname_flags+0x206/0x500
[ 47.996942][ T468] __x64_sys_unlink+0x49/0x50
[ 48.001602][ T468] x64_sys_call+0x878/0x9a0
[ 48.006088][ T468] do_syscall_64+0x4c/0xa0
[ 48.010483][ T468] ? clear_bhb_loop+0x50/0xa0
[ 48.015140][ T468] ? clear_bhb_loop+0x50/0xa0
[ 48.019800][ T468] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 48.025694][ T468] RIP: 0033:0x7f9a28398577
[ 48.030094][ T468] Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 57 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 48.049707][ T468] RSP: 002b:00007ffda15c8d98 EFLAGS: 00000206 ORIG_RAX: 0000000000000057
[ 48.058104][ T468] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f9a28398577
[ 48.066062][ T468] RDX: 00007ffda15c8dc0 RSI: 00007ffda15c8e50 RDI: 00007ffda15c8e50
[ 48.074017][ T468] RBP: 00007ffda15c8e50 R08: 0000000000000000 R09: 0000000000000000
[ 48.081970][ T468] R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffda15c9f40
[ 48.089925][ T468] R13: 00007f9a2841bd7d R14: 000000000000b994 R15: 00007ffda15cb010
[ 48.097879][ T468]
[ 48.100881][ T468]
[ 48.103184][ T468] Allocated by task 305:
[ 48.107405][ T468] __kasan_kmalloc+0xda/0x110
[ 48.112069][ T468] __kmalloc_track_caller+0x13c/0x2c0
[ 48.117421][ T468] kmemdup+0x26/0x60
[ 48.121384][ T468] __devinet_sysctl_register+0xad/0x390
[ 48.127002][ T468] devinet_sysctl_register+0x169/0x1e0
[ 48.132528][ T468] inetdev_init+0x2b9/0x500
[ 48.137105][ T468] inetdev_event+0x1f8/0x10a0
[ 48.141845][ T468] raw_notifier_call_chain+0x90/0x100
[ 48.147194][ T468] call_netdevice_notifiers+0x111/0x190
[ 48.152810][ T468] register_netdevice+0x1039/0x13a0
[ 48.157991][ T468] register_netdev+0x3e/0x50
[ 48.162562][ T468] vti6_init_net+0x2c0/0x380
[ 48.167135][ T468] ops_init+0x1ba/0x4a0
[ 48.171266][ T468] setup_net+0x344/0xa90
[ 48.175484][ T468] copy_net_ns+0x355/0x5c0
[ 48.179887][ T468] create_new_namespaces+0x3a2/0x660
[ 48.185152][ T468] unshare_nsproxy_namespaces+0x120/0x170
[ 48.190854][ T468] ksys_unshare+0x4ac/0x7b0
[ 48.195333][ T468] __x64_sys_unshare+0x38/0x40
[ 48.200164][ T468] x64_sys_call+0x442/0x9a0
[ 48.204731][ T468] do_syscall_64+0x4c/0xa0
[ 48.209129][ T468] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 48.215002][ T468]
[ 48.217303][ T468] Freed by task 8:
[ 48.221002][ T468] kasan_set_track+0x4a/0x70
[ 48.225577][ T468] kasan_set_free_info+0x23/0x40
[ 48.230489][ T468] ____kasan_slab_free+0x125/0x160
[ 48.235582][ T468] __kasan_slab_free+0x11/0x20
[ 48.240325][ T468] slab_free_freelist_hook+0xc2/0x190
[ 48.245672][ T468] kfree+0xc4/0x270
[ 48.249458][ T468] inetdev_event+0x7a5/0x10a0
[ 48.254113][ T468] raw_notifier_call_chain+0x90/0x100
[ 48.259464][ T468] unregister_netdevice_many+0xfb8/0x1990
[ 48.265176][ T468] vti6_exit_batch_net+0x26a/0x2b0
[ 48.270282][ T468] cleanup_net+0x602/0xad0
[ 48.274697][ T468] process_one_work+0x6be/0xba0
[ 48.279542][ T468] worker_thread+0xa59/0x1200
[ 48.284208][ T468] kthread+0x411/0x500
[ 48.288259][ T468] ret_from_fork+0x1f/0x30
[ 48.292657][ T468]
[ 48.294959][ T468] The buggy address belongs to the object at ffff888122cb2000
[ 48.294959][ T468] which belongs to the cache kmalloc-4k of size 4096
[ 48.308988][ T468] The buggy address is located 3096 bytes inside of
[ 48.308988][ T468] 4096-byte region [ffff888122cb2000, ffff888122cb3000)
[ 48.322414][ T468] The buggy address belongs to the page:
[ 48.328038][ T468] page:ffffea00048b2c00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x122cb0
[ 48.338273][ T468] head:ffffea00048b2c00 order:3 compound_mapcount:0 compound_pincount:0
[ 48.346586][ T468] flags: 0x4000000000010200(slab|head|zone=1)
[ 48.352655][ T468] raw: 4000000000010200 0000000000000000 dead000000000122 ffff888100043380
[ 48.361225][ T468] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000
[ 48.369783][ T468] page dumped because: kasan: bad access detected
[ 48.376268][ T468] page_owner tracks the page as allocated
[ 48.381953][ T468] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 305, ts 24843504223, free_ts 15796115459
[ 48.402491][ T468] post_alloc_hook+0x192/0x1b0
[ 48.407269][ T468] prep_new_page+0x1c/0x110
[ 48.411752][ T468] get_page_from_freelist+0x2cc5/0x2d50
[ 48.417280][ T468] __alloc_pages+0x18f/0x440
[ 48.421854][ T468] new_slab+0xa1/0x4d0
[ 48.425902][ T468] ___slab_alloc+0x381/0x810
[ 48.430467][ T468] __slab_alloc+0x49/0x90
[ 48.434776][ T468] kmem_cache_alloc_trace+0x146/0x270
[ 48.440127][ T468] kobject_uevent_env+0x272/0x700
[ 48.445254][ T468] kobject_uevent+0x1d/0x30
[ 48.449769][ T468] device_add+0xa40/0xed0
[ 48.454086][ T468] netdev_register_kobject+0x179/0x320
[ 48.459688][ T468] register_netdevice+0xdfa/0x13a0
[ 48.464803][ T468] register_netdev+0x3e/0x50
[ 48.469375][ T468] vti6_init_net+0x2c0/0x380
[ 48.473944][ T468] ops_init+0x1ba/0x4a0
[ 48.478088][ T468] page last free stack trace:
[ 48.482734][ T468] free_unref_page_prepare+0x542/0x550
[ 48.488174][ T468] free_unref_page+0xa2/0x550
[ 48.492832][ T468] free_compound_page+0x78/0xa0
[ 48.497687][ T468] __put_compound_page+0x77/0xb0
[ 48.502662][ T468] __put_page+0xbc/0xe0
[ 48.506809][ T468] skb_release_data+0x3d3/0xa10
[ 48.511641][ T468] __kfree_skb+0x50/0x70
[ 48.515866][ T468] tcp_recvmsg_locked+0x14ac/0x2640
[ 48.521044][ T468] tcp_recvmsg+0x21b/0x720
[ 48.525436][ T468] inet_recvmsg+0x134/0x470
[ 48.530003][ T468] sock_read_iter+0x2a2/0x340
[ 48.534654][ T468] vfs_read+0x68b/0xbe0
[ 48.538789][ T468] ksys_read+0x140/0x240
[ 48.543007][ T468] __x64_sys_read+0x7b/0x90
[ 48.547483][ T468] x64_sys_call+0x96d/0x9a0
[ 48.551962][ T468] do_syscall_64+0x4c/0xa0
[ 48.556370][ T468]
[ 48.558675][ T468] Memory state around the buggy address:
[ 48.564281][ T468] ffff888122cb2b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 48.572319][ T468] ffff888122cb2b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 48.580360][ T468] >ffff888122cb2c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 48.588397][ T468] ^
[ 48.593220][ T468] ffff888122cb2c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 48.601256][ T468] ffff888122cb2d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 48.609295][ T468] ==================================================================
[ 48.617327][ T468] Disabling lock debugging due to kernel taint
[ 48.688938][ T485] loop2: detected capacity change from 0 to 1024
[ 48.787827][ T485] EXT4-fs (loop2): Ignoring removed nobh option
[ 48.794532][ T485] EXT4-fs (loop2): Ignoring removed bh option
[ 48.800608][ T485] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 48.823036][ T485] EXT4-fs (loop2): mounted filesystem without journal. Opts: delalloc,data_err=abort,user_xattr,errors=continue,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue. Quota mode: writeback.
[ 48.859950][ T468] EXT4-fs error (device loop2): mb_free_blocks:1860: group 0, inode 20: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[ 48.915169][ T490] loop2: detected capacity change from 0 to 1024
[ 48.963503][ T490] EXT4-fs (loop2): Ignoring removed nobh option
[ 48.969808][ T490] EXT4-fs (loop2): Ignoring removed bh option
[ 48.975923][ T490] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 49.003063][ T490] EXT4-fs (loop2): mounted filesystem without journal. Opts: delalloc,data_err=abort,user_xattr,errors=continue,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue. Quota mode: writeback.
[ 49.036304][ T468] EXT4-fs error (device loop2): mb_free_blocks:1860: group 0, inode 20: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[ 49.051502][ T468] EXT4-fs error (device loop2): ext4_free_blocks:6218: comm syz-executor: Freeing blocks not in datazone - block = 281470681817008, count = 16
[ 49.066677][ T468] EXT4-fs error (device loop2): ext4_free_blocks:6218: comm syz-executor: Freeing blocks not in datazone - block = 281470681814844, count = 2177
[ 49.081606][ T468] EXT4-fs error (device loop2): ext4_free_blocks:6218: comm syz-executor: Freeing blocks not in datazone - block = 281470681814832, count = 16
[ 49.096353][ T468] EXT4-fs error (device loop2): ext4_free_blocks:6218: comm syz-executor: Freeing blocks not in datazone - block = 0, count = 38
[ 49.109964][ T468] EXT4-fs error (device loop2): ext4_free_blocks:6218: comm syz-executor: Freeing blocks not in datazone - block = 0, count = 16
[ 49.123595][ T468] EXT4-fs error (device loop2): ext4_free_blocks:6218: comm syz-executor: Freeing blocks not in datazone - block = 281470682112896, count = 16
[ 49.138316][ T468] EXT4-fs error (device loop2): ext4_free_blocks:6218: comm syz-executor: Freeing blocks not in datazone - block = 281470682110720, count = 2177
[ 49.153332][ T468] EXT4-fs error (device loop2): ext4_free_blocks:6218: comm syz-executor: Freeing blocks not in datazone - block = 0, count = 16
[ 49.166970][ T468] EXT4-fs error (device loop2): ext4_free_blocks:6218: comm syz-executor: Freeing blocks not in datazone - block = 0, count = 3
[ 49.267134][ T494] loop2: detected capacity change from 0 to 1024
[ 49.354942][ T494] EXT4-fs (loop2): Ignoring removed nobh option
[ 49.361237][ T494] EXT4-fs (loop2): Ignoring removed bh option
[ 49.367574][ T494] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 49.380394][ T8] device bridge_slave_1 left promiscuous mode
[ 49.386555][ T8] bridge0: port 2(bridge_slave_1) entered disabled state
[ 49.387746][ T494] EXT4-fs (loop2): mounted filesystem without journal. Opts: delalloc,data_err=abort,user_xattr,errors=continue,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue. Quota mode: writeback.
[ 49.420050][ T8] device bridge_slave_0 left promiscuous mode
[ 49.426354][ T8] bridge0: port 1(bridge_slave_0) entered disabled state
[ 49.434751][ T8] device veth1_macvtap left promiscuous mode
[ 49.443325][ T8] device veth0_vlan left promiscuous mode
[ 49.457655][ T468] EXT4-fs error (device loop2): mb_free_blocks:1860: group 0, inode 20: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[ 49.483767][ T8] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
[ 49.495510][ T8] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[ 49.503902][ T8] CPU: 0 PID: 8 Comm: kworker/u4:0 Tainted: G B syzkaller #0
[ 49.512545][ T8] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 49.522587][ T8] Workqueue: netns cleanup_net
[ 49.527337][ T8] RIP: 0010:rb_erase+0x5f4/0xeb0
[ 49.532258][ T8] Code: 5f 10 48 89 d8 48 c1 e8 03 48 89 45 c8 42 80 3c 28 00 74 08 48 89 df e8 5a ab 3a ff 48 89 5d b8 4c 8b 23 4c 89 e3 48 c1 eb 03 <42> 80 3c 2b 00 74 08 4c 89 e7 e8 3d ab 3a ff 41 f6 04 24 01 0f 85
[ 49.551838][ T8] RSP: 0018:ffffc90000087618 EFLAGS: 00010246
[ 49.557890][ T8] RAX: 1ffff11025a1b97c RBX: 0000000000000000 RCX: 0000000000000000
[ 49.565835][ T8] RDX: 0000000000000000 RSI: ffff8881059c4110 RDI: ffff88811052b728
[ 49.573891][ T8] RBP: ffffc90000087670 R08: dffffc0000000000 R09: ffffed102000b36f
[ 49.581848][ T8] R10: ffffed102000b36f R11: 1ffff1102000b36e R12: 0000000000000000
[ 49.589794][ T8] R13: dffffc0000000000 R14: ffff88812d0dcbd0 R15: ffff88812d0dcbd0
[ 49.598016][ T8] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 49.606952][ T8] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 49.613530][ T8] CR2: 000055558c9fd568 CR3: 0000000125119000 CR4: 00000000003506b0
[ 49.621528][ T8] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 49.629503][ T8] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 49.637542][ T8] Call Trace:
[ 49.640817][ T8]
[ 49.643740][ T8] __kernfs_remove+0x75f/0x9a0
[ 49.648506][ T8] ? kernfs_iop_rename+0x530/0x530
[ 49.653635][ T8] ? clear_nonspinnable+0x60/0x60
[ 49.658652][ T8] ? __kasan_check_write+0x14/0x20
[ 49.663937][ T8] ? _raw_spin_lock+0x8e/0xe0
[ 49.668610][ T8] ? _raw_spin_trylock_bh+0x130/0x130
[ 49.673976][ T8] ? __kasan_check_write+0x14/0x20
[ 49.679160][ T8] kernfs_remove+0x78/0x90
[ 49.683562][ T8] sysfs_remove_dir+0xa9/0xe0
[ 49.688234][ T8] __kobject_del+0xf0/0x2f0
[ 49.692734][ T8] kobject_del+0x45/0x60
[ 49.696963][ T8] device_del+0xd50/0xe90
[ 49.701374][ T8] ? kill_device+0xd0/0xd0
[ 49.705774][ T8] netdev_unregister_kobject+0x186/0x250
[ 49.711389][ T8] unregister_netdevice_many+0x1486/0x1990
[ 49.717176][ T8] ? alloc_netdev_mqs+0xc90/0xc90
[ 49.722179][ T8] ? unregister_netdevice_queue+0x1aa/0x360
[ 49.728053][ T8] ? list_netdevice+0x4c0/0x4c0
[ 49.732892][ T8] ? br_dev_delete+0xfc/0x110
[ 49.737559][ T8] default_device_exit_batch+0x330/0x390
[ 49.743262][ T8] ? default_device_exit+0x360/0x360
[ 49.748555][ T8] ? wait_woken+0x170/0x170
[ 49.753072][ T8] ? rtnl_unlock+0xe/0x10
[ 49.757585][ T8] ? default_device_exit+0x360/0x360
[ 49.762872][ T8] cleanup_net+0x602/0xad0
[ 49.767277][ T8] ? ops_init+0x4a0/0x4a0
[ 49.771591][ T8] ? pwq_dec_nr_in_flight+0x18c/0x3c0
[ 49.776962][ T8] process_one_work+0x6be/0xba0
[ 49.781819][ T8] worker_thread+0xa59/0x1200
[ 49.786640][ T8] kthread+0x411/0x500
[ 49.790690][ T8] ? worker_clr_flags+0x190/0x190
[ 49.795695][ T8] ? kthread_blkcg+0xd0/0xd0
[ 49.800263][ T8] ret_from_fork+0x1f/0x30
[ 49.804749][ T8]
[ 49.807744][ T8] Modules linked in:
[ 49.813035][ T8] ---[ end trace a4d5dea2d3ed4079 ]---
[ 49.818504][ T8] RIP: 0010:rb_erase+0x5f4/0xeb0
[ 49.823892][ T8] Code: 5f 10 48 89 d8 48 c1 e8 03 48 89 45 c8 42 80 3c 28 00 74 08 48 89 df e8 5a ab 3a ff 48 89 5d b8 4c 8b 23 4c 89 e3 48 c1 eb 03 <42> 80 3c 2b 00 74 08 4c 89 e7 e8 3d ab 3a ff 41 f6 04 24 01 0f 85
[ 49.844816][ T8] RSP: 0018:ffffc90000087618 EFLAGS: 00010246
[ 49.850897][ T8] RAX: 1ffff11025a1b97c RBX: 0000000000000000 RCX: 0000000000000000
[ 49.858947][ T8] RDX: 0000000000000000 RSI: ffff8881059c4110 RDI: ffff88811052b728
[ 49.866934][ T8] RBP: ffffc90000087670 R08: dffffc0000000000 R09: ffffed102000b36f
[ 49.874915][ T8] R10: ffffed102000b36f R11: 1ffff1102000b36e R12: 0000000000000000
[ 49.882894][ T8] R13: dffffc0000000000 R14: ffff88812d0dcbd0 R15: ffff88812d0dcbd0
[ 49.890952][ T8] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 49.900224][ T8] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 49.906810][ T8] CR2: 0000200000001000 CR3: 000000010d8f3000 CR4: 00000000003506a0
[ 49.914784][ T8] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 49.922759][ T8] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 49.930968][ T8] Kernel panic - not syncing: Fatal exception
[ 49.937197][ T8] Kernel Offset: disabled
[ 49.941516][ T8] Rebooting in 86400 seconds..