Warning: Permanently added '10.128.10.22' (ED25519) to the list of known hosts.
2025/04/11 23:59:01 ignoring optional flag "sandboxArg"="0"
2025/04/11 23:59:02 parsed 1 programs
[ 51.758921][ T28] kauditd_printk_skb: 32 callbacks suppressed
[ 51.758937][ T28] audit: type=1400 audit(1744415943.085:108): avc: denied { unlink } for pid=415 comm="syz-executor" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 51.811315][ T415] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 52.721213][ T28] audit: type=1401 audit(1744415944.045:109): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
[ 52.780913][ T443] bridge0: port 1(bridge_slave_0) entered blocking state
[ 52.787774][ T443] bridge0: port 1(bridge_slave_0) entered disabled state
[ 52.795232][ T443] device bridge_slave_0 entered promiscuous mode
[ 52.802123][ T443] bridge0: port 2(bridge_slave_1) entered blocking state
[ 52.809012][ T443] bridge0: port 2(bridge_slave_1) entered disabled state
[ 52.816173][ T443] device bridge_slave_1 entered promiscuous mode
[ 52.866549][ T443] bridge0: port 2(bridge_slave_1) entered blocking state
[ 52.873417][ T443] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 52.880524][ T443] bridge0: port 1(bridge_slave_0) entered blocking state
[ 52.887282][ T443] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 52.908660][ T373] bridge0: port 1(bridge_slave_0) entered disabled state
[ 52.915736][ T373] bridge0: port 2(bridge_slave_1) entered disabled state
[ 52.923337][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 52.930910][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 52.939660][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 52.947667][ T373] bridge0: port 1(bridge_slave_0) entered blocking state
[ 52.954520][ T373] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 52.963485][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 52.971703][ T373] bridge0: port 2(bridge_slave_1) entered blocking state
[ 52.978571][ T373] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 52.990512][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 52.999848][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 53.014179][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 53.025255][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 53.033276][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 53.040782][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 53.051688][ T443] device veth0_vlan entered promiscuous mode
[ 53.062209][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 53.071604][ T443] device veth1_macvtap entered promiscuous mode
[ 53.081168][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 53.090899][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
2025/04/11 23:59:04 executed programs: 0
[ 53.628928][ T478] bridge0: port 1(bridge_slave_0) entered blocking state
[ 53.635787][ T478] bridge0: port 1(bridge_slave_0) entered disabled state
[ 53.643138][ T478] device bridge_slave_0 entered promiscuous mode
[ 53.649989][ T478] bridge0: port 2(bridge_slave_1) entered blocking state
[ 53.656820][ T478] bridge0: port 2(bridge_slave_1) entered disabled state
[ 53.664236][ T478] device bridge_slave_1 entered promiscuous mode
[ 53.713588][ T478] bridge0: port 2(bridge_slave_1) entered blocking state
[ 53.720452][ T478] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 53.727579][ T478] bridge0: port 1(bridge_slave_0) entered blocking state
[ 53.734359][ T478] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 53.756184][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 53.764049][ T43] bridge0: port 1(bridge_slave_0) entered disabled state
[ 53.771206][ T43] bridge0: port 2(bridge_slave_1) entered disabled state
[ 53.787764][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 53.795973][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 53.804335][ T43] bridge0: port 1(bridge_slave_0) entered blocking state
[ 53.811187][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 53.819799][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 53.827984][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 53.836461][ T43] bridge0: port 2(bridge_slave_1) entered blocking state
[ 53.843335][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 53.859614][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 53.867509][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 53.876643][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 53.884642][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 53.897750][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 53.906479][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 53.922996][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 53.930744][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 53.939259][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 53.946539][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 53.954236][ T478] device veth0_vlan entered promiscuous mode
[ 53.969951][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 53.977852][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 53.986227][ T478] device veth1_macvtap entered promiscuous mode
[ 53.995575][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 54.003370][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 54.011486][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 54.021945][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 54.029965][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 54.055404][ T483] loop2: detected capacity change from 0 to 512
[ 54.062787][ T483] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[ 54.080499][ T483] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[ 54.092739][ T483] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2809: Unable to expand inode 15. Delete some EAs or run e2fsck.
[ 54.105892][ T483] EXT4-fs (loop2): 1 truncate cleaned up
[ 54.111529][ T483] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[ 54.120484][ T28] audit: type=1400 audit(1744415945.445:110): avc: denied { mount } for pid=482 comm="syz.2.16" name="/" dev="loop2" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 54.141848][ T28] audit: type=1400 audit(1744415945.445:111): avc: denied { setattr } for pid=482 comm="syz.2.16" name="file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[ 54.149318][ T483] ==================================================================
[ 54.164171][ T28] audit: type=1400 audit(1744415945.445:112): avc: denied { write } for pid=482 comm="syz.2.16" name="/" dev="loop2" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 54.171540][ T483] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x909/0x1fa0
[ 54.171581][ T483] Read of size 18446744073709551572 at addr ffff88811bfb4850 by task syz.2.16/483
[ 54.193351][ T28] audit: type=1400 audit(1744415945.445:113): avc: denied { add_name } for pid=482 comm="syz.2.16" name="file2" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 54.200458][ T483]
[ 54.200475][ T483] CPU: 1 PID: 483 Comm: syz.2.16 Not tainted 6.1.129-syzkaller-1168457-g37c227e873b7 #0
[ 54.200497][ T483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 54.200512][ T483] Call Trace:
[ 54.200519][ T483]
[ 54.210015][ T28] audit: type=1400 audit(1744415945.445:114): avc: denied { create } for pid=482 comm="syz.2.16" name="file2" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[ 54.229706][ T483] dump_stack_lvl+0x151/0x1b7
[ 54.229741][ T483] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 54.229769][ T483] ? _printk+0xd1/0x111
[ 54.229790][ T483] ? __virt_addr_valid+0x242/0x2f0
[ 54.232434][ T28] audit: type=1400 audit(1744415945.445:115): avc: denied { write } for pid=482 comm="syz.2.16" name="file2" dev="loop2" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[ 54.241516][ T483] print_report+0x158/0x4e0
[ 54.241552][ T483] ? __virt_addr_valid+0x242/0x2f0
[ 54.251805][ T28] audit: type=1400 audit(1744415945.445:116): avc: denied { open } for pid=482 comm="syz.2.16" path="/0/file2/file2" dev="loop2" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[ 54.254528][ T483] ? kasan_complete_mode_report_info+0x57/0x1b0
[ 54.257309][ T28] audit: type=1400 audit(1744415945.445:117): avc: denied { remove_name } for pid=482 comm="syz.2.16" name="file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 54.277008][ T483] ? ext4_xattr_set_entry+0x909/0x1fa0
[ 54.277038][ T483] kasan_report+0x13c/0x170
[ 54.277068][ T483] ? ext4_xattr_set_entry+0x909/0x1fa0
[ 54.277089][ T483] kasan_check_range+0x294/0x2a0
[ 54.397300][ T483] ? ext4_xattr_set_entry+0x909/0x1fa0
[ 54.402594][ T483] memmove+0x2d/0x70
[ 54.406327][ T483] ext4_xattr_set_entry+0x909/0x1fa0
[ 54.411449][ T483] ? ext4_xattr_inode_lookup_create+0x1a60/0x1a60
[ 54.417695][ T483] ? memcpy+0x56/0x70
[ 54.421515][ T483] ext4_xattr_block_set+0x99c/0x37f0
[ 54.426658][ T483] ? ext4_drop_inode+0x90/0x1a0
[ 54.431321][ T483] ? __getblk_gfp+0x3d/0x7d0
[ 54.435751][ T483] ? ext4_xattr_block_find+0x320/0x320
[ 54.441042][ T483] ? xattr_find_entry+0x23c/0x300
[ 54.445927][ T483] ? ext4_xattr_block_find+0x2ac/0x320
[ 54.451196][ T483] ext4_expand_extra_isize_ea+0x10eb/0x1c40
[ 54.456933][ T483] ? ext4_xattr_set+0x3d0/0x3d0
[ 54.461788][ T483] ? rwsem_write_trylock+0x153/0x340
[ 54.466907][ T483] ? dquot_initialize_needed+0x13d/0x370
[ 54.472375][ T483] __ext4_expand_extra_isize+0x31a/0x420
[ 54.477849][ T483] __ext4_mark_inode_dirty+0x4bb/0x7d0
[ 54.483142][ T483] ? sb_end_intwrite+0x130/0x130
[ 54.487911][ T483] ? current_time+0x1ba/0x300
[ 54.492422][ T483] ? atime_needs_update+0x810/0x810
[ 54.497464][ T483] ? __kasan_check_write+0x14/0x20
[ 54.502403][ T483] ? drop_nlink+0xa9/0x110
[ 54.507013][ T483] __ext4_unlink+0x6ed/0xba0
[ 54.511435][ T483] ? __ext4_read_dirblock+0x8e0/0x8e0
[ 54.516651][ T483] ? rwsem_mark_wake+0x770/0x770
[ 54.521420][ T483] ext4_unlink+0x142/0x3f0
[ 54.525668][ T483] vfs_unlink+0x38c/0x630
[ 54.529835][ T483] do_unlinkat+0x483/0x920
[ 54.534087][ T483] ? fsnotify_link_count+0x100/0x100
[ 54.539552][ T483] ? strncpy_from_user+0x169/0x2b0
[ 54.544501][ T483] ? getname_flags+0x1fd/0x520
[ 54.549098][ T483] __x64_sys_unlink+0x49/0x50
[ 54.553612][ T483] x64_sys_call+0x289/0x9a0
[ 54.557948][ T483] do_syscall_64+0x3b/0xb0
[ 54.562205][ T483] ? clear_bhb_loop+0x55/0xb0
[ 54.566716][ T483] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 54.572460][ T483] RIP: 0033:0x7f379918d169
[ 54.576703][ T483] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 54.596143][ T483] RSP: 002b:00007f379a043038 EFLAGS: 00000246 ORIG_RAX: 0000000000000057
[ 54.604385][ T483] RAX: ffffffffffffffda RBX: 00007f37993a5fa0 RCX: 00007f379918d169
[ 54.612200][ T483] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000400000000180
[ 54.620039][ T483] RBP: 00007f379920e2a0 R08: 0000000000000000 R09: 0000000000000000
[ 54.627821][ T483] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 54.635629][ T483] R13: 0000000000000000 R14: 00007f37993a5fa0 R15: 00007ffffad8d478
[ 54.643573][ T483]
[ 54.646423][ T483]
[ 54.648593][ T483] Allocated by task 483:
[ 54.652673][ T483] kasan_set_track+0x4b/0x70
[ 54.657099][ T483] kasan_save_alloc_info+0x1f/0x30
[ 54.662317][ T483] __kasan_kmalloc+0x9c/0xb0
[ 54.666838][ T483] __kmalloc_node_track_caller+0xb3/0x1e0
[ 54.672386][ T483] kmemdup+0x29/0x60
[ 54.676116][ T483] ext4_xattr_block_set+0x80f/0x37f0
[ 54.681245][ T483] ext4_expand_extra_isize_ea+0x10eb/0x1c40
[ 54.686966][ T483] __ext4_expand_extra_isize+0x31a/0x420
[ 54.692520][ T483] __ext4_mark_inode_dirty+0x4bb/0x7d0
[ 54.697813][ T483] __ext4_unlink+0x6ed/0xba0
[ 54.702241][ T483] ext4_unlink+0x142/0x3f0
[ 54.706629][ T483] vfs_unlink+0x38c/0x630
[ 54.710775][ T483] do_unlinkat+0x483/0x920
[ 54.715024][ T483] __x64_sys_unlink+0x49/0x50
[ 54.719543][ T483] x64_sys_call+0x289/0x9a0
[ 54.723880][ T483] do_syscall_64+0x3b/0xb0
[ 54.728132][ T483] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 54.733859][ T483]
[ 54.736029][ T483] The buggy address belongs to the object at ffff88811bfb4800
[ 54.736029][ T483] which belongs to the cache kmalloc-1k of size 1024
[ 54.750001][ T483] The buggy address is located 80 bytes inside of
[ 54.750001][ T483] 1024-byte region [ffff88811bfb4800, ffff88811bfb4c00)
[ 54.763192][ T483]
[ 54.765363][ T483] The buggy address belongs to the physical page:
[ 54.771617][ T483] page:ffffea00046fec00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11bfb0
[ 54.781766][ T483] head:ffffea00046fec00 order:3 compound_mapcount:0 compound_pincount:0
[ 54.789928][ T483] flags: 0x4000000000010200(slab|head|zone=1)
[ 54.795839][ T483] raw: 4000000000010200 0000000000000000 dead000000000122 ffff888100043080
[ 54.804254][ T483] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 54.812664][ T483] page dumped because: kasan: bad access detected
[ 54.818927][ T483] page_owner tracks the page as allocated
[ 54.824469][ T483] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d2a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 40, tgid 40 (kworker/1:1), ts 54090262134, free_ts 54066303038
[ 54.846087][ T483] post_alloc_hook+0x213/0x220
[ 54.850690][ T483] prep_new_page+0x1b/0x110
[ 54.855019][ T483] get_page_from_freelist+0x3a98/0x3b10
[ 54.860399][ T483] __alloc_pages+0x234/0x610
[ 54.864828][ T483] alloc_slab_page+0x6c/0xf0
[ 54.869253][ T483] new_slab+0x90/0x3e0
[ 54.873156][ T483] ___slab_alloc+0x6f9/0xb80
[ 54.877585][ T483] __slab_alloc+0x5d/0xa0
[ 54.881749][ T483] __kmem_cache_alloc_node+0x207/0x2a0
[ 54.887046][ T483] __kmalloc_node_track_caller+0xa2/0x1e0
[ 54.892602][ T483] __alloc_skb+0x125/0x2d0
[ 54.896865][ T483] inet6_rt_notify+0x308/0x550
[ 54.901452][ T483] fib6_add+0x23ac/0x3dd0
[ 54.905622][ T483] ip6_ins_rt+0x102/0x170
[ 54.909784][ T483] __ipv6_ifa_notify+0x5ab/0x11a0
[ 54.914735][ T483] addrconf_dad_completed+0x177/0xdb0
[ 54.919945][ T483] page last free stack trace:
[ 54.924453][ T483] free_unref_page_prepare+0x9f1/0xa00
[ 54.929749][ T483] free_unref_page+0xb2/0x5c0
[ 54.934380][ T483] __free_pages+0x61/0xf0
[ 54.938514][ T483] __free_slab+0xce/0x1a0
[ 54.942678][ T483] __unfreeze_partials+0x165/0x1a0
[ 54.947627][ T483] put_cpu_partial+0xa9/0x100
[ 54.952141][ T483] __slab_free+0x1c8/0x280
[ 54.956395][ T483] ___cache_free+0xc6/0xd0
[ 54.960649][ T483] qlist_free_all+0xc5/0x140
[ 54.965069][ T483] kasan_quarantine_reduce+0x15a/0x180
[ 54.970364][ T483] __kasan_slab_alloc+0x24/0x80
[ 54.975054][ T483] slab_post_alloc_hook+0x53/0x2c0
[ 54.980000][ T483] __kmem_cache_alloc_node+0x193/0x2a0
[ 54.985293][ T483] __kmalloc_node+0xa3/0x1e0
[ 54.989722][ T483] kvmalloc_node+0x221/0x640
[ 54.994148][ T483] seq_read_iter+0x1ff/0xd00
[ 54.998577][ T483]
[ 55.000744][ T483] Memory state around the buggy address:
[ 55.006215][ T483] ffff88811bfb4700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 55.014114][ T483] ffff88811bfb4780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 55.022011][ T483] >ffff88811bfb4800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 55.029908][ T483] ^
[ 55.036424][ T483] ffff88811bfb4880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 55.044319][ T483] ffff88811bfb4900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 55.052215][ T483] ==================================================================
[ 55.060799][ T483] Disabling lock debugging due to kernel taint
[ 55.080432][ T478] EXT4-fs (loop2): unmounting filesystem.
[ 55.100391][ T488] loop2: detected capacity change from 0 to 512
[ 55.106980][ T488] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[ 55.121791][ T488] EXT4-fs (loop2): 1 truncate cleaned up
[ 55.127381][ T488] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[ 55.158421][ T43] ------------[ cut here ]------------
[ 55.163814][ T43] WARNING: CPU: 0 PID: 43 at fs/notify/mark.c:302 fsnotify_mark_destroy_workfn+0x2e8/0x340
[ 55.168342][ C1] list_add corruption. prev->next should be next (ffff88812d462508), but was 0000000000000000. (prev=ffff88811c3fb800).
[ 55.173681][ T43] Modules linked in:
[ 55.186052][ C1] ------------[ cut here ]------------
[ 55.189677][ T43] CPU: 0 PID: 43 Comm: kworker/u4:2 Tainted: G B 6.1.129-syzkaller-1168457-g37c227e873b7 #0
[ 55.194947][ C1] kernel BUG at lib/list_debug.c:32!
[ 55.206252][ T43] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 55.211377][ C1] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[ 55.221276][ T43] Workqueue: events_unbound fsnotify_mark_destroy_workfn
[ 55.227154][ C1] CPU: 1 PID: 488 Comm: syz.2.17 Tainted: G B 6.1.129-syzkaller-1168457-g37c227e873b7 #0
[ 55.234019][ T43] RIP: 0010:fsnotify_mark_destroy_workfn+0x2e8/0x340
[ 55.245026][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 55.245040][ C1] RIP: 0010:__list_add_valid+0xe3/0xf0
[ 55.251576][ T43] Code: 0e ba e4 ff 4c 89 ff ff 13 4c 89 e7 e8 01 9f ff ff 4c 8b 7c 24 18 4d 39 ef 74 13 e8 e2 0c 9d ff e9 89 fe ff ff e8 d8 0c 9d ff <0f> 0b eb e3 e8 cf 0c 9d ff eb 05 e8 c8 0c 9d ff 48 c7 44 24 20 0e
[ 55.261427][ C1] Code: 9d 02 0f 0b 48 c7 c7 60 1c ea 85 4c 89 e6 4c 89 f1 e8 1c d6 9d 02 0f 0b 48 c7 c7 e0 1c ea 85 4c 89 f6 4c 89 e1 e8 08 d6 9d 02 <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 90 55 48 89 e5 41 57 41 56 41
[ 55.261447][ C1] RSP: 0018:ffffc900001b0a68 EFLAGS: 00010046
[ 55.266720][ T43] RSP: 0018:ffffc900002cfc60 EFLAGS: 00010293
[ 55.286433][ C1]
[ 55.286441][ C1] RAX: 0000000000000075 RBX: ffff88812d462510 RCX: a1c1534271e63800
[ 55.286458][ C1] RDX: 0000000000000100 RSI: 0000000080000101 RDI: 0000000000000000
[ 55.286469][ C1] RBP: ffffc900001b0a90 R08: ffffffff815b5dd5 R09: 0000000000000003
[ 55.286483][ C1] R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff88811c3fb800
[ 55.286499][ C1] R13: dffffc0000000000 R14: ffff88812d462508 R15: ffff88811bf2f2c0
[ 55.305909][ T43]
[ 55.311775][ C1] FS: 00007f379a0436c0(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 55.317676][ T43] RAX: ffffffff81d88b58 RBX: ffff88811c1333f8 RCX: ffff88810089a880
[ 55.319852][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 55.319870][ C1] CR2: 000040000000f000 CR3: 000000011bf06000 CR4: 00000000003506a0
[ 55.327755][ T43] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff88811c133408
[ 55.335566][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 55.335581][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 55.343403][ T43] RBP: ffffc900002cfd20 R08: dffffc0000000000 R09: 0000000000000003
[ 55.351269][ C1] Call Trace:
[ 55.351279][ C1]
[ 55.351289][ C1] ? __die_body+0x62/0xb0
[ 55.359181][ T43] R10: ffffffffffffffff R11: dffffc0000000001 R12: 0000000000000000
[ 55.361338][ C1] ? die+0x88/0xb0
[ 55.370118][ T43] R13: ffffc900002cfca0 R14: dffffc0000000000 R15: ffff88811c133400
[ 55.378001][ C1] ? do_trap+0x103/0x330
[ 55.384441][ T43] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 55.392234][ C1] ? __list_add_valid+0xe3/0xf0
[ 55.400072][ T43] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 55.407856][ C1] ? handle_invalid_op+0x95/0xc0
[ 55.415687][ T43] CR2: 00007f37991705a0 CR3: 000000012087a000 CR4: 00000000003506b0
[ 55.423476][ C1] ? __list_add_valid+0xe3/0xf0
[ 55.426619][ T43] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 55.429291][ C1] ? exc_invalid_op+0x32/0x50
[ 55.433462][ T43] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 55.441270][ C1] ? asm_exc_invalid_op+0x1b/0x20
[ 55.444917][ T43] Call Trace:
[ 55.444926][ T43]
[ 55.452726][ C1] ? __wake_up_klogd+0xd5/0x110
[ 55.456809][ T43] ? show_regs+0x58/0x60
[ 55.465575][ C1] ? __list_add_valid+0xe3/0xf0
[ 55.465604][ C1] ? __list_add_valid+0xe3/0xf0
[ 55.470272][ T43] ? __warn+0x160/0x3d0
[ 55.476684][ C1] ref_tracker_free+0x2b0/0x7d0
[ 55.481474][ T43] ? fsnotify_mark_destroy_workfn+0x2e8/0x340
[ 55.489270][ C1] ? refcount_inc+0x80/0x80
[ 55.489298][ C1] ? dst_destroy+0xf9/0x280
[ 55.494045][ T43] ? report_bug+0x4d5/0x7d0
[ 55.501866][ C1] ? dst_destroy_rcu+0x19/0x20
[ 55.506367][ T43] ? fsnotify_mark_destroy_workfn+0x2e8/0x340
[ 55.514178][ C1] ? rcu_do_batch+0x552/0xbe0
[ 55.519059][ T43] ? handle_bug+0x41/0x70
[ 55.522162][ C1] ? rcu_core+0x502/0xf40
[ 55.524937][ T43] ? exc_invalid_op+0x1b/0x50
[ 55.529623][ C1] ? rcu_core_si+0x9/0x10
[ 55.533704][ T43] ? asm_exc_invalid_op+0x1b/0x20
[ 55.538407][ C1] ? handle_softirqs+0x1db/0x650
[ 55.538443][ C1] ? __irq_exit_rcu+0x52/0xf0
[ 55.543083][ T43] ? fsnotify_mark_destroy_workfn+0x2e8/0x340
[ 55.547073][ C1] ? irq_exit_rcu+0x9/0x10
[ 55.551797][ T43] ? fsnotify_mark_destroy_workfn+0x2e8/0x340
[ 55.557662][ C1] ? sysvec_apic_timer_interrupt+0xa9/0xc0
[ 55.562027][ T43] ? fsnotify_connector_destroy_workfn+0xa0/0xa0
[ 55.566339][ C1] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 55.570699][ T43] ? __kasan_check_read+0x11/0x20
[ 55.575277][ C1] ? __memmove+0x19c/0x1a0
[ 55.581229][ T43] ? read_word_at_a_time+0x12/0x20
[ 55.585691][ C1] ? ext4_xattr_set_entry+0x909/0x1fa0
[ 55.589876][ T43] ? strscpy+0x9c/0x260
[ 55.594024][ C1] ? ext4_xattr_block_set+0x99c/0x37f0
[ 55.598557][ T43] process_one_work+0x73d/0xcb0
[ 55.602703][ C1] ? ext4_expand_extra_isize_ea+0x10eb/0x1c40
[ 55.607569][ T43] worker_thread+0xa60/0x1260
[ 55.612338][ C1] ? __ext4_expand_extra_isize+0x31a/0x420
[ 55.616858][ T43] kthread+0x26d/0x300
[ 55.622760][ C1] ? __ext4_mark_inode_dirty+0x4bb/0x7d0
[ 55.627007][ T43] ? worker_clr_flags+0x1a0/0x1a0
[ 55.632909][ C1] ? ip6_dst_destroy+0x31c/0x390
[ 55.632937][ C1] ? ip6_default_advmss+0x100/0x100
[ 55.638576][ T43] ? kthread_blkcg+0xd0/0xd0
[ 55.644713][ C1] dst_destroy+0xf9/0x280
[ 55.650715][ T43] ret_from_fork+0x1f/0x30
[ 55.655565][ C1] ? dst_release+0x180/0x180
[ 55.659832][ T43]
[ 55.664762][ C1] dst_destroy_rcu+0x19/0x20
[ 55.670074][ T43] ---[ end trace 0000000000000000 ]---
[ 55.674046][ C1] rcu_do_batch+0x552/0xbe0
[ 55.758680][ C1] ? rcu_core+0xf40/0xf40
[ 55.762836][ C1] ? _raw_spin_unlock_irqrestore+0x5b/0x80
[ 55.768479][ C1] ? note_gp_changes+0x159/0x260
[ 55.773253][ C1] rcu_core+0x502/0xf40
[ 55.777244][ C1] ? sched_clock_cpu+0x71/0x2b0
[ 55.781932][ C1] ? rcu_cpu_kthread_park+0x90/0x90
[ 55.786963][ C1] ? kvm_sched_clock_read+0x18/0x40
[ 55.791997][ C1] ? sched_clock+0x9/0x10
[ 55.796166][ C1] ? sched_clock_cpu+0x71/0x2b0
[ 55.800851][ C1] ? irqtime_account_irq+0x79/0x260
[ 55.805897][ C1] rcu_core_si+0x9/0x10
[ 55.809881][ C1] handle_softirqs+0x1db/0x650
[ 55.814482][ C1] __irq_exit_rcu+0x52/0xf0
[ 55.818828][ C1] irq_exit_rcu+0x9/0x10
[ 55.822898][ C1] sysvec_apic_timer_interrupt+0xa9/0xc0
[ 55.828367][ C1]
[ 55.831140][ C1]
[ 55.833918][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 55.839734][ C1] RIP: 0010:__memmove+0x19c/0x1a0
[ 55.844595][ C1] Code: fa 02 72 16 66 44 8b 1e 66 44 8b 54 16 fe 66 44 89 1f 66 44 89 54 17 fe eb 0c 48 83 fa 01 72 06 44 8a 1e 44 88 1f c3 48 89 d1 a4 c3 cc eb 2e 0f 1f 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03
[ 55.864042][ C1] RSP: 0018:ffffc90000a37360 EFLAGS: 00010286
[ 55.869938][ C1] RAX: ffff88811bfda870 RBX: ffffffff8205c489 RCX: fffffffffd430955
[ 55.877749][ C1] RDX: ffffffffffffffd4 RSI: ffff88811eba9ecf RDI: ffff88811eba9eef
[ 55.885866][ C1] RBP: ffffc90000a37390 R08: ffff88811bfda824 R09: 0000000000000001
[ 55.893720][ C1] R10: 0000000000000000 R11: dffffc0000000001 R12: ffffffffffffffd4
[ 55.901533][ C1] R13: 0000000000000000 R14: ffff88811bfda850 R15: ffff88811bfda870
[ 55.909433][ C1] ? ext4_xattr_set_entry+0x909/0x1fa0
[ 55.914727][ C1] ? memmove+0x56/0x70
[ 55.918629][ C1] ext4_xattr_set_entry+0x909/0x1fa0
[ 55.923752][ C1] ? ext4_xattr_inode_lookup_create+0x1a60/0x1a60
[ 55.930010][ C1] ? memcpy+0x56/0x70
[ 55.933829][ C1] ext4_xattr_block_set+0x99c/0x37f0
[ 55.938948][ C1] ? ext4_drop_inode+0x90/0x1a0
[ 55.943627][ C1] ? __getblk_gfp+0x3d/0x7d0
[ 55.948051][ C1] ? ext4_xattr_block_find+0x320/0x320
[ 55.953346][ C1] ? xattr_find_entry+0x23c/0x300
[ 55.958206][ C1] ? ext4_xattr_block_find+0x2ac/0x320
[ 55.963500][ C1] ext4_expand_extra_isize_ea+0x10eb/0x1c40
[ 55.969248][ C1] ? ext4_xattr_set+0x3d0/0x3d0
[ 55.974005][ C1] ? rwsem_write_trylock+0x153/0x340
[ 55.979124][ C1] ? dquot_initialize_needed+0x13d/0x370
[ 55.984591][ C1] __ext4_expand_extra_isize+0x31a/0x420
[ 55.990060][ C1] __ext4_mark_inode_dirty+0x4bb/0x7d0
[ 55.995363][ C1] ? sb_end_intwrite+0x130/0x130
[ 56.000128][ C1] ? current_time+0x1ba/0x300
[ 56.004641][ C1] ? atime_needs_update+0x810/0x810
[ 56.009675][ C1] ? __kasan_check_write+0x14/0x20
[ 56.014619][ C1] ? drop_nlink+0xa9/0x110
[ 56.018875][ C1] __ext4_unlink+0x6ed/0xba0
[ 56.023303][ C1] ? __ext4_read_dirblock+0x8e0/0x8e0
[ 56.028521][ C1] ? rwsem_mark_wake+0x770/0x770
[ 56.033281][ C1] ext4_unlink+0x142/0x3f0
[ 56.037538][ C1] vfs_unlink+0x38c/0x630
[ 56.041701][ C1] do_unlinkat+0x483/0x920
[ 56.045954][ C1] ? getname_flags+0xba/0x520
[ 56.050475][ C1] ? fsnotify_link_count+0x100/0x100
[ 56.055681][ C1] ? strncpy_from_user+0x169/0x2b0
[ 56.060622][ C1] ? getname_flags+0x1fd/0x520
[ 56.065338][ C1] __x64_sys_unlink+0x49/0x50
[ 56.069833][ C1] x64_sys_call+0x289/0x9a0
[ 56.074169][ C1] do_syscall_64+0x3b/0xb0
[ 56.078423][ C1] ? clear_bhb_loop+0x55/0xb0
[ 56.082934][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 56.088668][ C1] RIP: 0033:0x7f379918d169
[ 56.092920][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 56.112364][ C1] RSP: 002b:00007f379a043038 EFLAGS: 00000246 ORIG_RAX: 0000000000000057
[ 56.120604][ C1] RAX: ffffffffffffffda RBX: 00007f37993a5fa0 RCX: 00007f379918d169
[ 56.128415][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000400000000180
[ 56.136224][ C1] RBP: 00007f379920e2a0 R08: 0000000000000000 R09: 0000000000000000
[ 56.144040][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 56.151848][ C1] R13: 0000000000000000 R14: 00007f37993a5fa0 R15: 00007ffffad8d478
[ 56.159663][ C1]
[ 56.162527][ C1] Modules linked in:
[ 56.166267][ C1] ---[ end trace 0000000000000000 ]---
[ 56.166313][ T91] general protection fault, probably for non-canonical address 0x988516157e0bd54c: 0000 [#2] PREEMPT SMP KASAN
[ 56.171552][ C1] RIP: 0010:__list_add_valid+0xe3/0xf0
[ 56.183097][ T91] CPU: 0 PID: 91 Comm: klogd Tainted: G B D W 6.1.129-syzkaller-1168457-g37c227e873b7 #0
[ 56.188390][ C1] Code: 9d 02 0f 0b 48 c7 c7 60 1c ea 85 4c 89 e6 4c 89 f1 e8 1c d6 9d 02 0f 0b 48 c7 c7 e0 1c ea 85 4c 89 f6 4c 89 e1 e8 08 d6 9d 02 <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 90 55 48 89 e5 41 57 41 56 41
[ 56.199063][ T91] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 56.218507][ C1] RSP: 0018:ffffc900001b0a68 EFLAGS: 00010046
[ 56.228400][ T91] RIP: 0010:kmem_cache_alloc_node+0x10f/0x330
[ 56.234301][ C1] RAX: 0000000000000075 RBX: ffff88812d462510 RCX: a1c1534271e63800
[ 56.240206][ T91] Code: 8b 38 48 85 ff 0f 84 c8 00 00 00 48 83 78 10 00 0f 84 bd 00 00 00 41 8b 44 24 28 48 8d 0c 07 49 8b 9c 24 d8 00 00 00 48 0f c9 <48> 33 1c 07 48 31 cb 48 8d 4a 08 4d 8b 04 24 48 89 f8 65 49 0f c7
[ 56.248100][ C1] RDX: 0000000000000100 RSI: 0000000080000101 RDI: 0000000000000000
[ 56.267568][ T91] RSP: 0018:ffffc900009a7808 EFLAGS: 00010282
[ 56.275449][ C1] RBP: ffffc900001b0a90 R08: ffffffff815b5dd5 R09: 0000000000000003
[ 56.281398][ T91] RAX: 0000000000000080 RBX: 58136309ff832b33 RCX: 4cd50b7e15168598
[ 56.289153][ C1] R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff88811c3fb800
[ 56.296964][ T91] RDX: 000000000001e180 RSI: 0000000000000100 RDI: 988516157e0bd4cc
[ 56.304778][ C1] R13: dffffc0000000000 R14: ffff88812d462508 R15: ffff88811bf2f2c0
[ 56.312592][ T91] RBP: ffffc900009a7858 R08: ffffffff84058eb9 R09: ffffed1021ebac1b
[ 56.320401][ C1] FS: 00007f379a0436c0(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 56.328213][ T91] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881002b2d80
[ 56.336975][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 56.344786][ T91] R13: 0000000000000100 R14: 00000000ffffffff R15: 0000000000400cc0
[ 56.351211][ C1] CR2: 000040000000f000 CR3: 000000011bf06000 CR4: 00000000003506a0
[ 56.359025][ T91] FS: 00007efefc316380(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 56.366835][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 56.375600][ T91] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 56.383410][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 56.389832][ T91] CR2: 0000000000000000 CR3: 00000001103d7000 CR4: 00000000003506b0
[ 56.397648][ C1] Kernel panic - not syncing: Fatal exception in interrupt
[ 56.405460][ T91] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 56.405473][ T91] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 56.405484][ T91] Call Trace:
[ 56.405490][ T91]
[ 56.405499][ T91] ? __die_body+0x62/0xb0
[ 56.405521][ T91] ? die_addr+0x9f/0xd0
[ 56.405539][ T91] ? exc_general_protection+0x317/0x4c0
[ 56.405571][ T91] ? memcpy+0x56/0x70
[ 56.405594][ T91] ? asm_exc_general_protection+0x27/0x30
[ 56.405622][ T91] ? __alloc_skb+0x89/0x2d0
[ 56.405639][ T91] ? kmem_cache_alloc_node+0x10f/0x330
[ 56.405660][ T91] ? kmem_cache_alloc_node+0x42/0x330
[ 56.405679][ T91] ? __kasan_check_write+0x14/0x20
[ 56.405696][ T91] ? __alloc_skb+0xcc/0x2d0
[ 56.405710][ T91] ? __build_skb_around+0x23f/0x3d0
[ 56.405727][ T91] __alloc_skb+0xcc/0x2d0
[ 56.405743][ T91] ? avc_has_perm+0x16f/0x260
[ 56.405770][ T91] alloc_skb_with_frags+0xa6/0x680
[ 56.405793][ T91] ? memcpy+0x56/0x70
[ 56.405811][ T91] sock_alloc_send_pskb+0x915/0xa50
[ 56.405841][ T91] ? sock_kzfree_s+0x60/0x60
[ 56.405864][ T91] ? __kasan_check_write+0x14/0x20
[ 56.405882][ T91] ? _raw_spin_lock+0xa4/0x1b0
[ 56.405904][ T91] ? _raw_spin_trylock_bh+0x190/0x190
[ 56.405930][ T91] unix_dgram_sendmsg+0x5b1/0x2050
[ 56.405950][ T91] ? selinux_socket_sendmsg+0x243/0x340
[ 56.405976][ T91] ? unix_dgram_poll+0x690/0x690
[ 56.405994][ T91] ? avc_has_perm_noaudit+0x430/0x430
[ 56.406022][ T91] ? security_socket_sendmsg+0x82/0xb0
[ 56.406045][ T91] ? unix_dgram_poll+0x690/0x690
[ 56.406062][ T91] __sys_sendto+0x480/0x600
[ 56.406080][ T91] ? __ia32_sys_getpeername+0x90/0x90
[ 56.406104][ T91] ? debug_smp_processor_id+0x17/0x20
[ 56.406123][ T91] __x64_sys_sendto+0xe5/0x100
[ 56.406140][ T91] x64_sys_call+0x15c/0x9a0
[ 56.406160][ T91] do_syscall_64+0x3b/0xb0
[ 56.406183][ T91] ? clear_bhb_loop+0x55/0xb0
[ 56.406199][ T91] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 56.406225][ T91] RIP: 0033:0x7efefc4789b5
[ 56.406240][ T91] Code: 8b 44 24 08 48 83 c4 28 48 98 c3 48 98 c3 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 26 45 31 c9 45 31 c0 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 7a 48 8b 15 44 c4 0c 00 f7 d8 64 89 02 48 83
[ 56.406253][ T91] RSP: 002b:00007ffdc2a6bb88 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ 56.406272][ T91] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007efefc4789b5
[ 56.406284][ T91] RDX: 000000000000009b RSI: 0000560a6cc2e650 RDI: 0000000000000003
[ 56.406295][ T91] RBP: 0000560a6cc282c0 R08: 0000000000000000 R09: 0000000000000000
[ 56.406305][ T91] R10: 0000000000004000 R11: 0000000000000246 R12: 0000000000000013
[ 56.406316][ T91] R13: 00007efefc606212 R14: 00007ffdc2a6bc88 R15: 0000000000000000
[ 56.406331][ T91]
[ 56.406336][ T91] Modules linked in:
[ 56.413590][ C1] Kernel Offset: disabled
[ 56.680027][ C1] Rebooting in 86400 seconds..