Warning: Permanently added '10.128.1.214' (ED25519) to the list of known hosts. 2026/02/09 16:43:39 parsed 1 programs Setting up swapspace version 1, size = 127995904 bytes [ 44.571850][ T24] kauditd_printk_skb: 31 callbacks suppressed [ 44.571862][ T24] audit: type=1400 audit(1770655420.540:105): avc: denied { unlink } for pid=410 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 44.610933][ T24] audit: type=1400 audit(1770655420.580:106): avc: denied { write } for pid=413 comm="mkswap" path="pipe:[15394]" dev="pipefs" ino=15394 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 44.633860][ T410] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 45.314912][ T24] audit: type=1400 audit(1770655421.280:107): avc: denied { create } for pid=432 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 45.344715][ T24] audit: type=1401 audit(1770655421.310:108): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768" [ 45.390080][ T435] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.397335][ T435] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.404720][ T435] device bridge_slave_0 entered promiscuous mode [ 45.411901][ T435] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.419527][ T435] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.427162][ T435] device bridge_slave_1 entered promiscuous mode [ 45.468237][ T435] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.475340][ T435] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.482782][ T435] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.489918][ T435] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.506166][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.513422][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.521063][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 45.528607][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 45.538394][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 45.547163][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.554281][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.563380][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 45.572412][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.579653][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.592009][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 45.601500][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 45.615015][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 45.626651][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 45.634864][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 45.642942][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 45.652870][ T435] device veth0_vlan entered promiscuous mode [ 45.662870][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 45.672200][ T435] device veth1_macvtap entered promiscuous mode [ 45.683261][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 45.700571][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 2026/02/09 16:43:42 executed programs: 0 [ 46.246110][ T475] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.253327][ T475] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.261048][ T475] device bridge_slave_0 entered promiscuous mode [ 46.268331][ T475] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.275480][ T475] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.282968][ T475] device bridge_slave_1 entered promiscuous mode [ 46.319179][ T475] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.326238][ T475] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.333484][ T475] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.340535][ T475] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.359691][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 46.367406][ T7] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.374795][ T7] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.384673][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 46.393003][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 46.401129][ T7] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.408183][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.416789][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 46.425694][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 46.433798][ T7] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.440855][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.451199][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 46.459400][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 46.467916][ T329] device bridge_slave_1 left promiscuous mode [ 46.474208][ T329] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.481962][ T329] device bridge_slave_0 left promiscuous mode [ 46.488504][ T329] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.496756][ T329] device veth1_macvtap left promiscuous mode [ 46.502827][ T329] device veth0_vlan left promiscuous mode [ 46.589786][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 46.597906][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 46.610321][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 46.618651][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 46.629754][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 46.637734][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 46.645881][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 46.653254][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 46.661313][ T475] device veth0_vlan entered promiscuous mode [ 46.670174][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 46.678524][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 46.687765][ T475] device veth1_macvtap entered promiscuous mode [ 46.696832][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 46.704398][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 46.712625][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 46.721822][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 46.730189][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 46.889666][ T480] F2FS-fs (loop2): invalid crc value [ 46.896233][ T480] F2FS-fs (loop2): Found nat_bits in checkpoint [ 46.917701][ T480] F2FS-fs (loop2): Start checkpoint disabled! [ 46.924406][ T480] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 46.932345][ T24] audit: type=1400 audit(1770655422.900:109): avc: denied { mount } for pid=479 comm="syz.2.17" name="/" dev="loop2" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 46.955478][ T24] audit: type=1400 audit(1770655422.930:110): avc: denied { write } for pid=479 comm="syz.2.17" name="/" dev="loop2" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 46.977052][ T24] audit: type=1400 audit(1770655422.930:111): avc: denied { add_name } for pid=479 comm="syz.2.17" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 46.997847][ T24] audit: type=1400 audit(1770655422.930:112): avc: denied { create } for pid=479 comm="syz.2.17" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 47.018283][ T480] ------------[ cut here ]------------ [ 47.018427][ T24] audit: type=1400 audit(1770655422.930:113): avc: denied { write open } for pid=479 comm="syz.2.17" path="/0/file0/file0" dev="loop2" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 47.023775][ T480] WARNING: CPU: 1 PID: 480 at fs/f2fs/segment.c:2582 new_curseg+0xe4f/0x1880 [ 47.046770][ T24] audit: type=1400 audit(1770655422.930:114): avc: denied { ioctl } for pid=479 comm="syz.2.17" path="/0/file0/file0" dev="loop2" ino=10 ioctlcmd=0xf50d scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 47.055428][ T480] Modules linked in: [ 47.083057][ T480] CPU: 1 PID: 480 Comm: syz.2.17 Not tainted syzkaller #0 [ 47.090437][ T480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 47.100627][ T480] RIP: 0010:new_curseg+0xe4f/0x1880 [ 47.105904][ T480] Code: 0b 4c 8b bd 30 ff ff ff 4c 89 ff be 08 00 00 00 e8 a6 c7 91 ff f0 41 80 0f 04 41 b5 01 45 89 f7 e9 4d fb ff ff e8 f1 47 57 ff <0f> 0b 4c 8b a5 30 ff ff ff 4c 89 e7 be 08 00 00 00 e8 7b c7 91 ff [ 47.125564][ T480] RSP: 0018:ffffc90000c77718 EFLAGS: 00010293 [ 47.131637][ T480] RAX: ffffffff820d6ddf RBX: ffff888118329c58 RCX: ffff888111972780 [ 47.139627][ T480] RDX: 0000000000000000 RSI: 0000000000000018 RDI: 0000000000000018 [ 47.147632][ T480] RBP: ffffc90000c77808 R08: 0000000000000003 R09: 0000000000000004 [ 47.155712][ T480] R10: dffffc0000000000 R11: fffff5200018eed4 R12: 0000000000000018 [ 47.163775][ T480] R13: 1ffff1102306538b R14: 0000000000000018 R15: 0000000000000003 [ 47.171758][ T480] FS: 00007f890fccf6c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 47.180718][ T480] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 47.187341][ T480] CR2: 00007f310b362000 CR3: 0000000117ac3000 CR4: 00000000003506a0 [ 47.195345][ T480] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 47.203309][ T480] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 47.211425][ T480] Call Trace: [ 47.214717][ T480] __allocate_new_segment+0x13d/0x810 [ 47.220109][ T480] f2fs_allocate_new_section+0x1f3/0x290 [ 47.225927][ T480] ? new_curseg+0x1880/0x1880 [ 47.230776][ T480] ? __kasan_check_write+0x14/0x20 [ 47.236020][ T480] ? down_read_trylock+0x106/0x160 [ 47.241159][ T480] ? __init_rwsem+0x1c0/0x1c0 [ 47.245953][ T480] ? has_not_enough_free_secs+0x3d7/0x8a0 [ 47.251680][ T480] expand_inode_data+0x5f7/0x9a0 [ 47.256648][ T480] ? f2fs_insert_range+0x5d0/0x5d0 [ 47.261854][ T480] ? inode_dio_wait+0x25a/0x2d0 [ 47.266724][ T480] ? file_update_time+0x3d7/0x440 [ 47.271752][ T480] ? inode_owner_or_capable+0x140/0x140 [ 47.277304][ T480] f2fs_fallocate+0x42b/0x7e0 [ 47.282082][ T480] vfs_fallocate+0x4b4/0x590 [ 47.286731][ T480] do_vfs_ioctl+0x1154/0x14c0 [ 47.291494][ T480] ? __ia32_compat_sys_ioctl+0x8e0/0x8e0 [ 47.297146][ T480] ? has_cap_mac_admin+0x370/0x370 [ 47.302291][ T480] ? kmem_cache_free+0x100/0x2d0 [ 47.307274][ T480] ? selinux_file_ioctl+0x3a0/0x4d0 [ 47.312480][ T480] ? putname+0xfe/0x150 [ 47.316663][ T480] ? selinux_file_alloc_security+0x120/0x120 [ 47.322646][ T480] ? do_sys_openat2+0x68e/0x750 [ 47.327524][ T480] ? __fget_files+0x2c4/0x320 [ 47.332202][ T480] ? security_file_ioctl+0x84/0xa0 [ 47.337330][ T480] __se_sys_ioctl+0x9f/0x1a0 [ 47.341934][ T480] __x64_sys_ioctl+0x7b/0x90 [ 47.346778][ T480] do_syscall_64+0x31/0x40 [ 47.351241][ T480] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 47.357235][ T480] RIP: 0033:0x7f890fe6acb9 [ 47.361660][ T480] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 47.381481][ T480] RSP: 002b:00007f890fccf028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 47.390063][ T480] RAX: ffffffffffffffda RBX: 00007f89100e5fa0 RCX: 00007f890fe6acb9 [ 47.398103][ T480] RDX: 00002000000000c0 RSI: 0000000040305828 RDI: 0000000000000005 [ 47.406216][ T480] RBP: 00007f890fed8bf7 R08: 0000000000000000 R09: 0000000000000000 [ 47.414272][ T480] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 47.422373][ T480] R13: 00007f89100e6038 R14: 00007f89100e5fa0 R15: 00007ffcad188ad8 [ 47.430368][ T480] ---[ end trace bc3144f712e64fce ]--- [ 47.436010][ T480] ------------[ cut here ]------------ [ 47.441466][ T480] WARNING: CPU: 1 PID: 480 at fs/f2fs/segment.c:2636 new_curseg+0x14a6/0x1880 [ 47.450417][ T480] Modules linked in: [ 47.454335][ T480] CPU: 1 PID: 480 Comm: syz.2.17 Tainted: G W syzkaller #0 [ 47.462856][ T480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 47.473165][ T480] RIP: 0010:new_curseg+0x14a6/0x1880 [ 47.478720][ T480] Code: ff e8 be 41 57 ff 0f 0b 4c 8b 75 d0 49 8d 7e 78 be 08 00 00 00 e8 4a c1 91 ff f0 41 80 4e 78 04 e9 d4 ed ff ff e8 9a 41 57 ff <0f> 0b 48 8b 5d d0 48 8d 7b 78 be 08 00 00 00 e8 26 c1 91 ff f0 80 [ 47.498620][ T480] RSP: 0018:ffffc90000c77718 EFLAGS: 00010293 [ 47.504682][ T480] RAX: ffffffff820d7436 RBX: ffff8881067b9001 RCX: ffff888111972780 [ 47.512662][ T480] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002 [ 47.520688][ T480] RBP: ffffc90000c77808 R08: ffff8881067b90f7 R09: 1ffff11020cf721e [ 47.528726][ T480] R10: dffffc0000000000 R11: ffffed1020cf721f R12: 0000000000000000 [ 47.536765][ T480] R13: 0000000000000018 R14: 0000000000000001 R15: 0000000000000018 [ 47.544735][ T480] FS: 00007f890fccf6c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 47.553883][ T480] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 47.560648][ T480] CR2: 00007f310b362000 CR3: 0000000117ac3000 CR4: 00000000003506a0 [ 47.568768][ T480] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 47.576786][ T480] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 47.584950][ T480] Call Trace: [ 47.588348][ T480] __allocate_new_segment+0x13d/0x810 [ 47.593734][ T480] f2fs_allocate_new_section+0x1f3/0x290 [ 47.599393][ T480] ? new_curseg+0x1880/0x1880 [ 47.604078][ T480] ? __kasan_check_write+0x14/0x20 [ 47.609295][ T480] ? down_read_trylock+0x106/0x160 [ 47.614633][ T480] ? __init_rwsem+0x1c0/0x1c0 [ 47.619355][ T480] ? has_not_enough_free_secs+0x3d7/0x8a0 [ 47.625091][ T480] expand_inode_data+0x5f7/0x9a0 [ 47.630074][ T480] ? f2fs_insert_range+0x5d0/0x5d0 [ 47.635297][ T480] ? inode_dio_wait+0x25a/0x2d0 [ 47.640168][ T480] ? file_update_time+0x3d7/0x440 [ 47.645309][ T480] ? inode_owner_or_capable+0x140/0x140 [ 47.651043][ T480] f2fs_fallocate+0x42b/0x7e0 [ 47.655850][ T480] vfs_fallocate+0x4b4/0x590 [ 47.660439][ T480] do_vfs_ioctl+0x1154/0x14c0 [ 47.665215][ T480] ? __ia32_compat_sys_ioctl+0x8e0/0x8e0 [ 47.670869][ T480] ? has_cap_mac_admin+0x370/0x370 [ 47.676026][ T480] ? kmem_cache_free+0x100/0x2d0 [ 47.681042][ T480] ? selinux_file_ioctl+0x3a0/0x4d0 [ 47.686421][ T480] ? putname+0xfe/0x150 [ 47.690579][ T480] ? selinux_file_alloc_security+0x120/0x120 [ 47.696673][ T480] ? do_sys_openat2+0x68e/0x750 [ 47.701695][ T480] ? __fget_files+0x2c4/0x320 [ 47.706417][ T480] ? security_file_ioctl+0x84/0xa0 [ 47.711522][ T480] __se_sys_ioctl+0x9f/0x1a0 [ 47.716217][ T480] __x64_sys_ioctl+0x7b/0x90 [ 47.720812][ T480] do_syscall_64+0x31/0x40 [ 47.725275][ T480] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 47.731245][ T480] RIP: 0033:0x7f890fe6acb9 [ 47.735695][ T480] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 47.755362][ T480] RSP: 002b:00007f890fccf028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 47.763788][ T480] RAX: ffffffffffffffda RBX: 00007f89100e5fa0 RCX: 00007f890fe6acb9 [ 47.771999][ T480] RDX: 00002000000000c0 RSI: 0000000040305828 RDI: 0000000000000005 [ 47.780406][ T480] RBP: 00007f890fed8bf7 R08: 0000000000000000 R09: 0000000000000000 [ 47.788498][ T480] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 47.796774][ T480] R13: 00007f89100e6038 R14: 00007f89100e5fa0 R15: 00007ffcad188ad8 [ 47.804743][ T480] ---[ end trace bc3144f712e64fcf ]--- [ 47.810369][ T480] ================================================================== [ 47.818462][ T480] BUG: KASAN: slab-out-of-bounds in reset_curseg+0x4dd/0x560 [ 47.825813][ T480] Read of size 4 at addr ffff888118164bc0 by task syz.2.17/480 [ 47.833333][ T480] [ 47.835662][ T480] CPU: 0 PID: 480 Comm: syz.2.17 Tainted: G W syzkaller #0 [ 47.844320][ T480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 47.854446][ T480] Call Trace: [ 47.857735][ T480] __dump_stack+0x21/0x24 [ 47.862165][ T480] dump_stack_lvl+0x1a7/0x208 [ 47.866885][ T480] ? show_regs_print_info+0x18/0x18 [ 47.872154][ T480] ? thaw_kernel_threads+0x220/0x220 [ 47.877509][ T480] print_address_description+0x7f/0x2c0 [ 47.883037][ T480] ? reset_curseg+0x4dd/0x560 [ 47.887704][ T480] kasan_report+0xe2/0x130 [ 47.892195][ T480] ? reset_curseg+0x4dd/0x560 [ 47.896859][ T480] __asan_report_load4_noabort+0x14/0x20 [ 47.902482][ T480] reset_curseg+0x4dd/0x560 [ 47.906974][ T480] new_curseg+0x12e8/0x1880 [ 47.911478][ T480] __allocate_new_segment+0x13d/0x810 [ 47.916939][ T480] f2fs_allocate_new_section+0x1f3/0x290 [ 47.922558][ T480] ? new_curseg+0x1880/0x1880 [ 47.927224][ T480] ? __kasan_check_write+0x14/0x20 [ 47.932348][ T480] ? down_read_trylock+0x106/0x160 [ 47.937445][ T480] ? __init_rwsem+0x1c0/0x1c0 [ 47.942114][ T480] ? has_not_enough_free_secs+0x3d7/0x8a0 [ 47.947873][ T480] expand_inode_data+0x5f7/0x9a0 [ 47.952801][ T480] ? f2fs_insert_range+0x5d0/0x5d0 [ 47.958005][ T480] ? inode_dio_wait+0x25a/0x2d0 [ 47.962848][ T480] ? file_update_time+0x3d7/0x440 [ 47.967862][ T480] ? inode_owner_or_capable+0x140/0x140 [ 47.973407][ T480] f2fs_fallocate+0x42b/0x7e0 [ 47.978085][ T480] vfs_fallocate+0x4b4/0x590 [ 47.982667][ T480] do_vfs_ioctl+0x1154/0x14c0 [ 47.987332][ T480] ? __ia32_compat_sys_ioctl+0x8e0/0x8e0 [ 47.992950][ T480] ? has_cap_mac_admin+0x370/0x370 [ 47.998059][ T480] ? kmem_cache_free+0x100/0x2d0 [ 48.003331][ T480] ? selinux_file_ioctl+0x3a0/0x4d0 [ 48.008522][ T480] ? putname+0xfe/0x150 [ 48.012758][ T480] ? selinux_file_alloc_security+0x120/0x120 [ 48.018755][ T480] ? do_sys_openat2+0x68e/0x750 [ 48.023608][ T480] ? __fget_files+0x2c4/0x320 [ 48.028297][ T480] ? security_file_ioctl+0x84/0xa0 [ 48.033407][ T480] __se_sys_ioctl+0x9f/0x1a0 [ 48.038000][ T480] __x64_sys_ioctl+0x7b/0x90 [ 48.042671][ T480] do_syscall_64+0x31/0x40 [ 48.047175][ T480] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 48.053166][ T480] RIP: 0033:0x7f890fe6acb9 [ 48.057663][ T480] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 48.077520][ T480] RSP: 002b:00007f890fccf028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 48.085925][ T480] RAX: ffffffffffffffda RBX: 00007f89100e5fa0 RCX: 00007f890fe6acb9 [ 48.093897][ T480] RDX: 00002000000000c0 RSI: 0000000040305828 RDI: 0000000000000005 [ 48.101886][ T480] RBP: 00007f890fed8bf7 R08: 0000000000000000 R09: 0000000000000000 [ 48.109845][ T480] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 48.117817][ T480] R13: 00007f89100e6038 R14: 00007f89100e5fa0 R15: 00007ffcad188ad8 [ 48.125968][ T480] [ 48.128283][ T480] Allocated by task 480: [ 48.132513][ T480] __kasan_kmalloc+0xda/0x110 [ 48.137267][ T480] __kmalloc+0x1a4/0x330 [ 48.141670][ T480] kvmalloc_node+0x88/0x130 [ 48.146252][ T480] f2fs_build_segment_manager+0xdba/0x4900 [ 48.152129][ T480] f2fs_fill_super+0x4a3a/0x73f0 [ 48.157148][ T480] mount_bdev+0x28b/0x3a0 [ 48.161560][ T480] f2fs_mount+0x34/0x40 [ 48.165715][ T480] legacy_get_tree+0xed/0x190 [ 48.170462][ T480] vfs_get_tree+0x89/0x260 [ 48.174890][ T480] do_new_mount+0x25a/0xa20 [ 48.179394][ T480] path_mount+0x585/0xc90 [ 48.183725][ T480] __se_sys_mount+0x320/0x390 [ 48.188412][ T480] __x64_sys_mount+0xbf/0xd0 [ 48.193094][ T480] do_syscall_64+0x31/0x40 [ 48.197512][ T480] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 48.203735][ T480] [ 48.206073][ T480] The buggy address belongs to the object at ffff888118164800 [ 48.206073][ T480] which belongs to the cache kmalloc-1k of size 1024 [ 48.220396][ T480] The buggy address is located 960 bytes inside of [ 48.220396][ T480] 1024-byte region [ffff888118164800, ffff888118164c00) [ 48.234360][ T480] The buggy address belongs to the page: [ 48.240172][ T480] page:ffffea0004605800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x118160 [ 48.250502][ T480] head:ffffea0004605800 order:3 compound_mapcount:0 compound_pincount:0 [ 48.258926][ T480] flags: 0x4000000000010200(slab|head) [ 48.264379][ T480] raw: 4000000000010200 dead000000000100 dead000000000122 ffff888100042f00 [ 48.272968][ T480] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 48.281539][ T480] page dumped because: kasan: bad access detected [ 48.287934][ T480] page_owner tracks the page as allocated [ 48.293659][ T480] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 416, ts 46752694168, free_ts 46606307917 [ 48.314216][ T480] prep_new_page+0x179/0x180 [ 48.318806][ T480] get_page_from_freelist+0x223b/0x23d0 [ 48.324349][ T480] __alloc_pages_nodemask+0x290/0x620 [ 48.329805][ T480] new_slab+0x84/0x3f0 [ 48.333904][ T480] ___slab_alloc+0x2a6/0x450 [ 48.338485][ T480] __slab_alloc+0x63/0xa0 [ 48.342924][ T480] __kmalloc_track_caller+0x1ec/0x320 [ 48.348282][ T480] __alloc_skb+0xdc/0x520 [ 48.352601][ T480] netlink_sendmsg+0x605/0xb50 [ 48.357526][ T480] ____sys_sendmsg+0x5b7/0x8f0 [ 48.362370][ T480] ___sys_sendmsg+0x236/0x2e0 [ 48.367136][ T480] __x64_sys_sendmsg+0x1f9/0x2c0 [ 48.372238][ T480] do_syscall_64+0x31/0x40 [ 48.377070][ T480] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 48.382959][ T480] page last free stack trace: [ 48.387658][ T480] __free_pages_ok+0x80b/0x830 [ 48.392415][ T480] __free_pages+0xd8/0x3b0 [ 48.396848][ T480] __free_slab+0xcf/0x190 [ 48.401189][ T480] discard_slab+0x29/0x40 [ 48.405522][ T480] __slab_free+0x313/0x3a0 [ 48.409938][ T480] ___cache_free+0x10e/0x130 [ 48.415040][ T480] qlink_free+0x50/0x90 [ 48.419193][ T480] qlist_free_all+0x5f/0xb0 [ 48.423686][ T480] kasan_quarantine_reduce+0x14a/0x160 [ 48.429145][ T480] __kasan_slab_alloc+0x2f/0xf0 [ 48.433989][ T480] slab_post_alloc_hook+0x5d/0x2f0 [ 48.439099][ T480] kmem_cache_alloc+0x162/0x2d0 [ 48.443937][ T480] __alloc_skb+0x9e/0x520 [ 48.448255][ T480] netlink_sendmsg+0x605/0xb50 [ 48.453006][ T480] __sys_sendto+0x467/0x620 [ 48.457495][ T480] __x64_sys_sendto+0xe5/0x100 [ 48.462239][ T480] [ 48.464555][ T480] Memory state around the buggy address: [ 48.470173][ T480] ffff888118164a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 48.478311][ T480] ffff888118164b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 48.486363][ T480] >ffff888118164b80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 48.494410][ T480] ^ [ 48.500547][ T480] ffff888118164c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 48.508683][ T480] ffff888118164c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 48.516731][ T480] ================================================================== [ 48.524952][ T480] Disabling lock debugging due to kernel taint [ 48.532501][ T480] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN [ 48.544517][ T480] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 48.553588][ T480] CPU: 1 PID: 480 Comm: syz.2.17 Tainted: G B W syzkaller #0 [ 48.562181][ T480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 48.572334][ T480] RIP: 0010:update_sit_entry+0x3eb/0xf50 [ 48.578134][ T480] Code: 89 45 a8 49 01 c5 41 f6 d7 41 80 e7 07 44 89 f9 41 bf 01 00 00 00 41 d3 e7 4d 89 ee 49 c1 ee 03 48 b8 00 00 00 00 00 fc ff df <41> 0f b6 04 06 84 c0 0f 85 a5 08 00 00 41 0f b6 5d 00 44 89 f8 41 [ 48.597845][ T480] RSP: 0018:ffffc90000c77330 EFLAGS: 00010246 [ 48.603917][ T480] RAX: dffffc0000000000 RBX: ffff888118164bc8 RCX: 0000000000000007 [ 48.611966][ T480] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff888118164bc8 [ 48.620048][ T480] RBP: ffffc90000c773b0 R08: ffff888111972780 R09: 0000000000000003 [ 48.628291][ T480] R10: 00000000ffffffff R11: 0000000000000000 R12: 0000000000004000 [ 48.636791][ T480] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000080 [ 48.644761][ T480] FS: 00007f890fccf6c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 48.653936][ T480] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 48.660517][ T480] CR2: 00007f310b362000 CR3: 0000000117ac3000 CR4: 00000000003506a0 [ 48.668604][ T480] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 48.676580][ T480] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 48.684782][ T480] Call Trace: [ 48.688159][ T480] ? __asan_report_store8_noabort+0x17/0x20 [ 48.694054][ T480] f2fs_allocate_data_block+0x159c/0x3a20 [ 48.700198][ T480] ? _raw_spin_trylock_bh+0x150/0x150 [ 48.705746][ T480] ? __dquot_alloc_space+0x2bd/0xb80 [ 48.711036][ T480] ? _raw_spin_unlock+0x4d/0x70 [ 48.716082][ T480] ? f2fs_inode_dirtied+0x26b/0x2a0 [ 48.721604][ T480] ? f2fs_io_type_to_rw_hint+0x1e0/0x1e0 [ 48.727240][ T480] ? f2fs_mark_inode_dirty_sync+0x110/0x140 [ 48.733139][ T480] ? inc_valid_block_count+0x562/0xa90 [ 48.738698][ T480] __allocate_data_block+0x553/0x9d0 [ 48.744000][ T480] ? f2fs_map_blocks+0x35a0/0x35a0 [ 48.749186][ T480] f2fs_map_blocks+0xda4/0x35a0 [ 48.754310][ T480] ? __kasan_check_write+0x14/0x20 [ 48.759953][ T480] ? f2fs_do_map_lock+0x2e0/0x2e0 [ 48.764995][ T480] ? __kasan_check_write+0x14/0x20 [ 48.770113][ T480] ? down_read_trylock+0x106/0x160 [ 48.775311][ T480] expand_inode_data+0x626/0x9a0 [ 48.780606][ T480] ? f2fs_insert_range+0x5d0/0x5d0 [ 48.785818][ T480] ? inode_dio_wait+0x25a/0x2d0 [ 48.790675][ T480] ? file_update_time+0x3d7/0x440 [ 48.795783][ T480] ? inode_owner_or_capable+0x140/0x140 [ 48.801345][ T480] f2fs_fallocate+0x42b/0x7e0 [ 48.806043][ T480] vfs_fallocate+0x4b4/0x590 [ 48.810621][ T480] do_vfs_ioctl+0x1154/0x14c0 [ 48.815287][ T480] ? __ia32_compat_sys_ioctl+0x8e0/0x8e0 [ 48.820973][ T480] ? has_cap_mac_admin+0x370/0x370 [ 48.826179][ T480] ? kmem_cache_free+0x100/0x2d0 [ 48.831123][ T480] ? selinux_file_ioctl+0x3a0/0x4d0 [ 48.836324][ T480] ? putname+0xfe/0x150 [ 48.840482][ T480] ? selinux_file_alloc_security+0x120/0x120 [ 48.846551][ T480] ? do_sys_openat2+0x68e/0x750 [ 48.851479][ T480] ? __fget_files+0x2c4/0x320 [ 48.856236][ T480] ? security_file_ioctl+0x84/0xa0 [ 48.861332][ T480] __se_sys_ioctl+0x9f/0x1a0 [ 48.865911][ T480] __x64_sys_ioctl+0x7b/0x90 [ 48.870492][ T480] do_syscall_64+0x31/0x40 [ 48.874896][ T480] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 48.880802][ T480] RIP: 0033:0x7f890fe6acb9 [ 48.885211][ T480] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 48.904814][ T480] RSP: 002b:00007f890fccf028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 48.913434][ T480] RAX: ffffffffffffffda RBX: 00007f89100e5fa0 RCX: 00007f890fe6acb9 [ 48.921493][ T480] RDX: 00002000000000c0 RSI: 0000000040305828 RDI: 0000000000000005 [ 48.929543][ T480] RBP: 00007f890fed8bf7 R08: 0000000000000000 R09: 0000000000000000 [ 48.937511][ T480] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 48.945481][ T480] R13: 00007f89100e6038 R14: 00007f89100e5fa0 R15: 00007ffcad188ad8 [ 48.953441][ T480] Modules linked in: [ 48.958511][ T480] ---[ end trace bc3144f712e64fd0 ]--- [ 48.964080][ T480] RIP: 0010:update_sit_entry+0x3eb/0xf50 [ 48.970259][ T480] Code: 89 45 a8 49 01 c5 41 f6 d7 41 80 e7 07 44 89 f9 41 bf 01 00 00 00 41 d3 e7 4d 89 ee 49 c1 ee 03 48 b8 00 00 00 00 00 fc ff df <41> 0f b6 04 06 84 c0 0f 85 a5 08 00 00 41 0f b6 5d 00 44 89 f8 41 [ 48.990268][ T480] RSP: 0018:ffffc90000c77330 EFLAGS: 00010246 [ 48.996660][ T480] RAX: dffffc0000000000 RBX: ffff888118164bc8 RCX: 0000000000000007 [ 49.004630][ T480] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff888118164bc8 [ 49.012639][ T480] RBP: ffffc90000c773b0 R08: ffff888111972780 R09: 0000000000000003 [ 49.020661][ T480] R10: 00000000ffffffff R11: 0000000000000000 R12: 0000000000004000 [ 49.028657][ T480] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000080 [ 49.036692][ T480] FS: 00007f890fccf6c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 49.045641][ T480] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 49.052305][ T480] CR2: 00007f890feb8400 CR3: 0000000117ac3000 CR4: 00000000003506b0 [ 49.060331][ T480] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 49.068338][ T480] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 49.076632][ T480] Kernel panic - not syncing: Fatal exception [ 49.083203][ T480] Kernel Offset: disabled [ 49.087639][ T480] Rebooting in 86400 seconds..