Warning: Permanently added '10.128.0.84' (ED25519) to the list of known hosts. 2025/08/14 17:16:30 ignoring optional flag "sandboxArg"="0" 2025/08/14 17:16:31 parsed 1 programs [ 53.343455][ T24] kauditd_printk_skb: 27 callbacks suppressed [ 53.343473][ T24] audit: type=1400 audit(1755191792.290:101): avc: denied { create } for pid=407 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 53.370177][ T24] audit: type=1400 audit(1755191792.290:102): avc: denied { write } for pid=407 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 53.390524][ T24] audit: type=1400 audit(1755191792.290:103): avc: denied { read } for pid=407 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 53.410779][ T24] audit: type=1400 audit(1755191792.330:104): avc: denied { unlink } for pid=407 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 53.436710][ T407] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 53.870972][ T416] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.878240][ T416] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.885797][ T416] device bridge_slave_0 entered promiscuous mode [ 53.892695][ T416] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.899770][ T416] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.907038][ T416] device bridge_slave_1 entered promiscuous mode [ 53.935382][ T416] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.942426][ T416] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.949678][ T416] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.956712][ T416] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.971308][ T49] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.978527][ T49] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.985895][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 53.993352][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.003394][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.011676][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.018685][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.027187][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.035406][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.042407][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.053390][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 54.062296][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 54.074720][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 54.085332][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 54.093259][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 54.100770][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 54.108812][ T416] device veth0_vlan entered promiscuous mode [ 54.118391][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 54.127129][ T416] device veth1_macvtap entered promiscuous mode [ 54.135657][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 54.145139][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 54.316095][ T24] audit: type=1400 audit(1755191793.270:105): avc: denied { create } for pid=437 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 54.501284][ T24] audit: type=1401 audit(1755191793.450:106): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768" 2025/08/14 17:16:33 executed programs: 0 [ 54.819835][ T467] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.826968][ T467] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.834486][ T467] device bridge_slave_0 entered promiscuous mode [ 54.841297][ T467] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.848359][ T467] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.855871][ T467] device bridge_slave_1 entered promiscuous mode [ 54.894525][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.901870][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.913072][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.921622][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.929992][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.937030][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.944610][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 54.953098][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 54.961477][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.969614][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.976636][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.990288][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 54.999435][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 55.011691][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 55.024898][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 55.032840][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 55.040696][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 55.049054][ T467] device veth0_vlan entered promiscuous mode [ 55.061050][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 55.070154][ T467] device veth1_macvtap entered promiscuous mode [ 55.078937][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 55.088978][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 55.097645][ T7] device bridge_slave_1 left promiscuous mode [ 55.103726][ T7] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.111156][ T7] device bridge_slave_0 left promiscuous mode [ 55.117523][ T7] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.125226][ T7] device veth1_macvtap left promiscuous mode [ 55.131199][ T7] device veth0_vlan left promiscuous mode [ 55.345049][ T472] F2FS-fs (loop2): fault_injection options not supported [ 55.353108][ T472] F2FS-fs (loop2): invalid crc value [ 55.359700][ T472] F2FS-fs (loop2): Found nat_bits in checkpoint [ 55.379706][ T472] F2FS-fs (loop2): Start checkpoint disabled! [ 55.386659][ T472] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 55.395425][ T24] audit: type=1400 audit(1755191794.350:107): avc: denied { mount } for pid=471 comm="syz.2.16" name="/" dev="loop2" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 55.423289][ T24] audit: type=1400 audit(1755191794.350:108): avc: denied { write } for pid=471 comm="syz.2.16" name="/" dev="loop2" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 55.444712][ T24] audit: type=1400 audit(1755191794.350:109): avc: denied { add_name } for pid=471 comm="syz.2.16" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 55.478467][ T49] attempt to access beyond end of device [ 55.478467][ T49] loop2: rw=2049, want=40968, limit=40427 [ 55.481193][ T24] audit: type=1400 audit(1755191794.350:110): avc: denied { create } for pid=471 comm="syz.2.16" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 55.744648][ T477] F2FS-fs (loop2): fault_injection options not supported [ 55.753185][ T477] F2FS-fs (loop2): invalid crc value [ 55.760006][ T477] F2FS-fs (loop2): Found nat_bits in checkpoint [ 55.784166][ T477] F2FS-fs (loop2): Start checkpoint disabled! [ 55.790900][ T477] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 55.831885][ T49] attempt to access beyond end of device [ 55.831885][ T49] loop2: rw=2049, want=45104, limit=40427 [ 56.106152][ T482] F2FS-fs (loop2): fault_injection options not supported [ 56.114106][ T482] F2FS-fs (loop2): invalid crc value [ 56.120198][ T482] F2FS-fs (loop2): Found nat_bits in checkpoint [ 56.142298][ T482] F2FS-fs (loop2): Start checkpoint disabled! [ 56.149355][ T482] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 56.192468][ T9] attempt to access beyond end of device [ 56.192468][ T9] loop2: rw=2049, want=45104, limit=40427 [ 56.465781][ T487] F2FS-fs (loop2): fault_injection options not supported [ 56.473670][ T487] F2FS-fs (loop2): invalid crc value [ 56.479926][ T487] F2FS-fs (loop2): Found nat_bits in checkpoint [ 56.499484][ T487] F2FS-fs (loop2): Start checkpoint disabled! [ 56.506130][ T487] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 56.537490][ T487] ------------[ cut here ]------------ [ 56.542974][ T487] WARNING: CPU: 1 PID: 487 at fs/f2fs/segment.c:2582 new_curseg+0xe5d/0x18a0 [ 56.551847][ T487] Modules linked in: [ 56.555820][ T487] CPU: 1 PID: 487 Comm: syz.2.19 Not tainted 5.10.240-syzkaller-1008085-g1154f779f3f3 #0 [ 56.565656][ T487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 56.575809][ T487] RIP: 0010:new_curseg+0xe5d/0x18a0 [ 56.581045][ T487] Code: 0b 4c 8b bd 30 ff ff ff 4c 89 ff be 08 00 00 00 e8 78 c2 93 ff f0 41 80 0f 04 41 b5 01 45 89 f7 e9 4d fb ff ff e8 e3 d0 59 ff <0f> 0b 4c 8b a5 30 ff ff ff 4c 89 e7 be 08 00 00 00 e8 4d c2 93 ff [ 56.600731][ T487] RSP: 0018:ffffc90002357738 EFLAGS: 00010293 [ 56.606862][ T487] RAX: ffffffff8209cf8d RBX: ffff8881180aa518 RCX: ffff888119344f00 [ 56.614936][ T487] RDX: 0000000000000000 RSI: 0000000000000018 RDI: 0000000000000018 [ 56.622908][ T487] RBP: ffffc90002357828 R08: 0000000000000004 R09: 0000000000000003 [ 56.630939][ T487] R10: fffff5200046aed8 R11: 1ffff9200046aed8 R12: 0000000000000018 [ 56.638946][ T487] R13: 1ffff110230154a3 R14: 0000000000000018 R15: 0000000000000002 [ 56.646964][ T487] FS: 00007f6e1855b6c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 56.655911][ T487] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 56.662475][ T487] CR2: 00007f1d48c34000 CR3: 0000000118a32000 CR4: 00000000003506a0 [ 56.670471][ T487] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 56.678524][ T487] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 56.686506][ T487] Call Trace: [ 56.689787][ T487] __allocate_new_segment+0x13d/0x810 [ 56.695179][ T487] f2fs_allocate_new_section+0x1d5/0x280 [ 56.700816][ T487] ? new_curseg+0x18a0/0x18a0 [ 56.705625][ T487] ? __kasan_check_write+0x14/0x20 [ 56.710750][ T487] ? down_read_trylock+0x100/0x150 [ 56.715959][ T487] ? __init_rwsem+0x1c0/0x1c0 [ 56.720636][ T487] ? has_not_enough_free_secs+0x3d7/0x8a0 [ 56.726397][ T487] expand_inode_data+0x5a8/0x930 [ 56.731331][ T487] ? f2fs_insert_range+0x5b0/0x5b0 [ 56.736637][ T487] ? inode_dio_wait+0x226/0x290 [ 56.741486][ T487] ? file_update_time+0x2c6/0x400 [ 56.746522][ T487] ? inode_owner_or_capable+0x140/0x140 [ 56.752057][ T487] f2fs_fallocate+0x42b/0x7e0 [ 56.756760][ T487] vfs_fallocate+0x4b4/0x590 [ 56.761349][ T487] do_vfs_ioctl+0x12e3/0x1510 [ 56.766032][ T487] ? __ia32_compat_sys_ioctl+0x7b0/0x7b0 [ 56.771657][ T487] ? has_cap_mac_admin+0x330/0x330 [ 56.776778][ T487] ? __kasan_slab_free+0x11/0x20 [ 56.781709][ T487] ? slab_free_freelist_hook+0xc5/0x190 [ 56.787287][ T487] ? putname+0xfe/0x150 [ 56.791422][ T487] ? selinux_file_ioctl+0x377/0x480 [ 56.796627][ T487] ? selinux_file_alloc_security+0x120/0x120 [ 56.802604][ T487] ? __fget_files+0x2c4/0x320 [ 56.807291][ T487] ? security_file_ioctl+0x84/0xa0 [ 56.812394][ T487] __se_sys_ioctl+0x9f/0x1a0 [ 56.816997][ T487] __x64_sys_ioctl+0x7b/0x90 [ 56.821574][ T487] do_syscall_64+0x31/0x40 [ 56.826099][ T487] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 56.831984][ T487] RIP: 0033:0x7f6e18aea969 [ 56.836399][ T487] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 56.856034][ T487] RSP: 002b:00007f6e1855b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 56.864483][ T487] RAX: ffffffffffffffda RBX: 00007f6e18d11fa0 RCX: 00007f6e18aea969 [ 56.872468][ T487] RDX: 00002000000000c0 RSI: 0000000040305828 RDI: 0000000000000005 [ 56.880479][ T487] RBP: 00007f6e18b6cab1 R08: 0000000000000000 R09: 0000000000000000 [ 56.888913][ T487] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 56.896994][ T487] R13: 0000000000000000 R14: 00007f6e18d11fa0 R15: 00007ffff257d7b8 [ 56.905450][ T487] ---[ end trace 6a6beda168ae3a61 ]--- [ 56.911067][ T487] ------------[ cut here ]------------ [ 56.916560][ T487] WARNING: CPU: 1 PID: 487 at fs/f2fs/segment.c:2636 new_curseg+0x14c0/0x18a0 [ 56.925416][ T487] Modules linked in: [ 56.929307][ T487] CPU: 1 PID: 487 Comm: syz.2.19 Tainted: G W 5.10.240-syzkaller-1008085-g1154f779f3f3 #0 [ 56.940509][ T487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 56.950626][ T487] RIP: 0010:new_curseg+0x14c0/0x18a0 [ 56.955921][ T487] Code: ff e8 a4 ca 59 ff 0f 0b 4c 8b 75 d0 49 8d 7e 78 be 08 00 00 00 e8 10 bc 93 ff f0 41 80 4e 78 04 e9 ba ed ff ff e8 80 ca 59 ff <0f> 0b 48 8b 5d d0 48 8d 7b 78 be 08 00 00 00 e8 ec bb 93 ff f0 80 [ 56.975672][ T487] RSP: 0018:ffffc90002357738 EFLAGS: 00010293 [ 56.981730][ T487] RAX: ffffffff8209d5f0 RBX: ffff88810c8ad801 RCX: ffff888119344f00 [ 56.989717][ T487] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002 [ 56.997725][ T487] RBP: ffffc90002357828 R08: dffffc0000000000 R09: ffffed1021915b05 [ 57.005716][ T487] R10: ffffed1021915b05 R11: 1ffff11021915b04 R12: 0000000000000000 [ 57.013685][ T487] R13: 0000000000000018 R14: 0000000000000001 R15: 0000000000000018 [ 57.021685][ T487] FS: 00007f6e1855b6c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 57.030662][ T487] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 57.037262][ T487] CR2: 00007f1d48c34000 CR3: 0000000118a32000 CR4: 00000000003506a0 [ 57.045260][ T487] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 57.053227][ T487] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 57.061394][ T487] Call Trace: [ 57.064949][ T487] __allocate_new_segment+0x13d/0x810 [ 57.070310][ T487] f2fs_allocate_new_section+0x1d5/0x280 [ 57.075961][ T487] ? new_curseg+0x18a0/0x18a0 [ 57.080637][ T487] ? __kasan_check_write+0x14/0x20 [ 57.085833][ T487] ? down_read_trylock+0x100/0x150 [ 57.090926][ T487] ? __init_rwsem+0x1c0/0x1c0 [ 57.095665][ T487] ? has_not_enough_free_secs+0x3d7/0x8a0 [ 57.101369][ T487] expand_inode_data+0x5a8/0x930 [ 57.106311][ T487] ? f2fs_insert_range+0x5b0/0x5b0 [ 57.111417][ T487] ? inode_dio_wait+0x226/0x290 [ 57.116283][ T487] ? file_update_time+0x2c6/0x400 [ 57.121302][ T487] ? inode_owner_or_capable+0x140/0x140 [ 57.126945][ T487] f2fs_fallocate+0x42b/0x7e0 [ 57.131620][ T487] vfs_fallocate+0x4b4/0x590 [ 57.136234][ T487] do_vfs_ioctl+0x12e3/0x1510 [ 57.140902][ T487] ? __ia32_compat_sys_ioctl+0x7b0/0x7b0 [ 57.146545][ T487] ? has_cap_mac_admin+0x330/0x330 [ 57.151673][ T487] ? __kasan_slab_free+0x11/0x20 [ 57.156620][ T487] ? slab_free_freelist_hook+0xc5/0x190 [ 57.162167][ T487] ? putname+0xfe/0x150 [ 57.166696][ T487] ? selinux_file_ioctl+0x377/0x480 [ 57.171887][ T487] ? selinux_file_alloc_security+0x120/0x120 [ 57.177891][ T487] ? __fget_files+0x2c4/0x320 [ 57.182557][ T487] ? security_file_ioctl+0x84/0xa0 [ 57.187759][ T487] __se_sys_ioctl+0x9f/0x1a0 [ 57.192393][ T487] __x64_sys_ioctl+0x7b/0x90 [ 57.196999][ T487] do_syscall_64+0x31/0x40 [ 57.201406][ T487] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 57.207313][ T487] RIP: 0033:0x7f6e18aea969 [ 57.211711][ T487] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 57.231411][ T487] RSP: 002b:00007f6e1855b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 57.239855][ T487] RAX: ffffffffffffffda RBX: 00007f6e18d11fa0 RCX: 00007f6e18aea969 [ 57.247835][ T487] RDX: 00002000000000c0 RSI: 0000000040305828 RDI: 0000000000000005 [ 57.255817][ T487] RBP: 00007f6e18b6cab1 R08: 0000000000000000 R09: 0000000000000000 [ 57.263885][ T487] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 57.272108][ T487] R13: 0000000000000000 R14: 00007f6e18d11fa0 R15: 00007ffff257d7b8 [ 57.280182][ T487] ---[ end trace 6a6beda168ae3a62 ]--- [ 57.285726][ T487] ================================================================== [ 57.293797][ T487] BUG: KASAN: slab-out-of-bounds in reset_curseg+0x4dd/0x560 [ 57.301146][ T487] Read of size 4 at addr ffff88811971a3c0 by task syz.2.19/487 [ 57.308670][ T487] [ 57.310998][ T487] CPU: 0 PID: 487 Comm: syz.2.19 Tainted: G W 5.10.240-syzkaller-1008085-g1154f779f3f3 #0 [ 57.322153][ T487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 57.332172][ T487] Call Trace: [ 57.335445][ T487] __dump_stack+0x21/0x24 [ 57.339742][ T487] dump_stack_lvl+0x169/0x1d8 [ 57.344491][ T487] ? show_regs_print_info+0x18/0x18 [ 57.349657][ T487] ? thaw_kernel_threads+0x220/0x220 [ 57.354911][ T487] print_address_description+0x7f/0x2c0 [ 57.360427][ T487] ? reset_curseg+0x4dd/0x560 [ 57.365072][ T487] kasan_report+0xe2/0x130 [ 57.369474][ T487] ? reset_curseg+0x4dd/0x560 [ 57.374141][ T487] __asan_report_load4_noabort+0x14/0x20 [ 57.379740][ T487] reset_curseg+0x4dd/0x560 [ 57.384296][ T487] new_curseg+0x12f6/0x18a0 [ 57.388851][ T487] __allocate_new_segment+0x13d/0x810 [ 57.394192][ T487] f2fs_allocate_new_section+0x1d5/0x280 [ 57.399791][ T487] ? new_curseg+0x18a0/0x18a0 [ 57.404437][ T487] ? __kasan_check_write+0x14/0x20 [ 57.409518][ T487] ? down_read_trylock+0x100/0x150 [ 57.414597][ T487] ? __init_rwsem+0x1c0/0x1c0 [ 57.419240][ T487] ? has_not_enough_free_secs+0x3d7/0x8a0 [ 57.424940][ T487] expand_inode_data+0x5a8/0x930 [ 57.429969][ T487] ? f2fs_insert_range+0x5b0/0x5b0 [ 57.435408][ T487] ? inode_dio_wait+0x226/0x290 [ 57.440384][ T487] ? file_update_time+0x2c6/0x400 [ 57.445386][ T487] ? inode_owner_or_capable+0x140/0x140 [ 57.451171][ T487] f2fs_fallocate+0x42b/0x7e0 [ 57.455823][ T487] vfs_fallocate+0x4b4/0x590 [ 57.460386][ T487] do_vfs_ioctl+0x12e3/0x1510 [ 57.465028][ T487] ? __ia32_compat_sys_ioctl+0x7b0/0x7b0 [ 57.470885][ T487] ? has_cap_mac_admin+0x330/0x330 [ 57.476005][ T487] ? __kasan_slab_free+0x11/0x20 [ 57.480908][ T487] ? slab_free_freelist_hook+0xc5/0x190 [ 57.486419][ T487] ? putname+0xfe/0x150 [ 57.490543][ T487] ? selinux_file_ioctl+0x377/0x480 [ 57.495711][ T487] ? selinux_file_alloc_security+0x120/0x120 [ 57.501656][ T487] ? __fget_files+0x2c4/0x320 [ 57.506307][ T487] ? security_file_ioctl+0x84/0xa0 [ 57.511387][ T487] __se_sys_ioctl+0x9f/0x1a0 [ 57.515945][ T487] __x64_sys_ioctl+0x7b/0x90 [ 57.520502][ T487] do_syscall_64+0x31/0x40 [ 57.524882][ T487] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 57.530746][ T487] RIP: 0033:0x7f6e18aea969 [ 57.535130][ T487] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 57.554704][ T487] RSP: 002b:00007f6e1855b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 57.563086][ T487] RAX: ffffffffffffffda RBX: 00007f6e18d11fa0 RCX: 00007f6e18aea969 [ 57.571042][ T487] RDX: 00002000000000c0 RSI: 0000000040305828 RDI: 0000000000000005 [ 57.578986][ T487] RBP: 00007f6e18b6cab1 R08: 0000000000000000 R09: 0000000000000000 [ 57.586925][ T487] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 57.594864][ T487] R13: 0000000000000000 R14: 00007f6e18d11fa0 R15: 00007ffff257d7b8 [ 57.602812][ T487] [ 57.605107][ T487] Allocated by task 487: [ 57.609322][ T487] __kasan_kmalloc+0xda/0x110 [ 57.613972][ T487] __kmalloc+0x1a7/0x330 [ 57.618281][ T487] kvmalloc_node+0x88/0x130 [ 57.622762][ T487] f2fs_build_segment_manager+0xdba/0x48f0 [ 57.628533][ T487] f2fs_fill_super+0x42d1/0x6c70 [ 57.633437][ T487] mount_bdev+0x28b/0x3a0 [ 57.637735][ T487] f2fs_mount+0x34/0x40 [ 57.641856][ T487] legacy_get_tree+0xed/0x190 [ 57.646495][ T487] vfs_get_tree+0x89/0x260 [ 57.650927][ T487] do_new_mount+0x25a/0xa20 [ 57.655395][ T487] path_mount+0x572/0xc80 [ 57.659691][ T487] __se_sys_mount+0x318/0x380 [ 57.664331][ T487] __x64_sys_mount+0xbf/0xd0 [ 57.668919][ T487] do_syscall_64+0x31/0x40 [ 57.673306][ T487] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 57.679421][ T487] [ 57.681810][ T487] The buggy address belongs to the object at ffff88811971a000 [ 57.681810][ T487] which belongs to the cache kmalloc-1k of size 1024 [ 57.695838][ T487] The buggy address is located 960 bytes inside of [ 57.695838][ T487] 1024-byte region [ffff88811971a000, ffff88811971a400) [ 57.709166][ T487] The buggy address belongs to the page: [ 57.714790][ T487] page:ffffea000465c600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x119718 [ 57.725116][ T487] head:ffffea000465c600 order:3 compound_mapcount:0 compound_pincount:0 [ 57.733426][ T487] flags: 0x4000000000010200(slab|head) [ 57.738857][ T487] raw: 4000000000010200 0000000000000000 0000000100000001 ffff888100042f00 [ 57.747493][ T487] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 57.756038][ T487] page dumped because: kasan: bad access detected [ 57.762415][ T487] page_owner tracks the page as allocated [ 57.768109][ T487] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 103, ts 4126603880, free_ts 0 [ 57.786448][ T487] prep_new_page+0x179/0x180 [ 57.791016][ T487] get_page_from_freelist+0x2235/0x23d0 [ 57.796618][ T487] __alloc_pages_nodemask+0x268/0x5f0 [ 57.801967][ T487] new_slab+0x84/0x3f0 [ 57.806012][ T487] ___slab_alloc+0x2a6/0x450 [ 57.810567][ T487] __slab_alloc+0x63/0xa0 [ 57.814863][ T487] __kmalloc_track_caller+0x1ef/0x320 [ 57.820251][ T487] __alloc_skb+0xdc/0x520 [ 57.824546][ T487] netlink_sendmsg+0x5f6/0xb30 [ 57.829274][ T487] ____sys_sendmsg+0x5a2/0x8c0 [ 57.834006][ T487] ___sys_sendmsg+0x1f0/0x260 [ 57.838648][ T487] __x64_sys_sendmsg+0x1e2/0x2a0 [ 57.843553][ T487] do_syscall_64+0x31/0x40 [ 57.847937][ T487] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 57.853793][ T487] page_owner free stack trace missing [ 57.859130][ T487] [ 57.861424][ T487] Memory state around the buggy address: [ 57.867021][ T487] ffff88811971a280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 57.875062][ T487] ffff88811971a300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 57.883097][ T487] >ffff88811971a380: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 57.891212][ T487] ^ [ 57.897336][ T487] ffff88811971a400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 57.905364][ T487] ffff88811971a480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 57.913401][ T487] ================================================================== [ 57.921431][ T487] Disabling lock debugging due to kernel taint [ 57.928534][ T487] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN [ 57.940708][ T487] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 57.949095][ T487] CPU: 0 PID: 487 Comm: syz.2.19 Tainted: G B W 5.10.240-syzkaller-1008085-g1154f779f3f3 #0 [ 57.960261][ T487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 57.970313][ T487] RIP: 0010:update_sit_entry+0x3eb/0xf50 [ 57.975919][ T487] Code: 89 45 a8 49 01 c5 41 f6 d7 41 80 e7 07 44 89 f9 41 bf 01 00 00 00 41 d3 e7 4d 89 ee 49 c1 ee 03 48 b8 00 00 00 00 00 fc ff df <41> 0f b6 04 06 84 c0 0f 85 a5 08 00 00 41 0f b6 5d 00 44 89 f8 41 [ 57.995496][ T487] RSP: 0018:ffffc90002357350 EFLAGS: 00010246 [ 58.001547][ T487] RAX: dffffc0000000000 RBX: ffff88811971a3c8 RCX: 0000000000000007 [ 58.009593][ T487] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff88811971a3c8 [ 58.017537][ T487] RBP: ffffc900023573d0 R08: ffff888119344f00 R09: 0000000000000003 [ 58.025476][ T487] R10: 00000000ffffffff R11: 0000000000000000 R12: 0000000000004000 [ 58.033589][ T487] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000080 [ 58.041529][ T487] FS: 00007f6e1855b6c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 58.050424][ T487] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 58.056975][ T487] CR2: 0000001b30e5ffff CR3: 0000000118a32000 CR4: 00000000003506b0 [ 58.064918][ T487] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 58.072855][ T487] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 58.080792][ T487] Call Trace: [ 58.084064][ T487] ? __asan_report_store8_noabort+0x17/0x20 [ 58.089925][ T487] f2fs_allocate_data_block+0x156b/0x3a10 [ 58.095617][ T487] ? _raw_spin_unlock+0x4d/0x70 [ 58.100437][ T487] ? f2fs_inode_dirtied+0x26b/0x2a0 [ 58.105606][ T487] ? f2fs_io_type_to_rw_hint+0x1e0/0x1e0 [ 58.111223][ T487] ? f2fs_mark_inode_dirty_sync+0x110/0x140 [ 58.117088][ T487] ? inc_valid_block_count+0x562/0xa90 [ 58.122520][ T487] __allocate_data_block+0x52a/0x980 [ 58.127865][ T487] ? f2fs_map_blocks+0x35c0/0x35c0 [ 58.132958][ T487] f2fs_map_blocks+0xdc8/0x35c0 [ 58.137790][ T487] ? __kasan_check_write+0x14/0x20 [ 58.142867][ T487] ? f2fs_do_map_lock+0x290/0x290 [ 58.147955][ T487] ? __kasan_check_write+0x14/0x20 [ 58.153032][ T487] ? down_read_trylock+0x100/0x150 [ 58.158112][ T487] expand_inode_data+0x5d7/0x930 [ 58.163018][ T487] ? f2fs_insert_range+0x5b0/0x5b0 [ 58.168097][ T487] ? inode_dio_wait+0x226/0x290 [ 58.172913][ T487] ? file_update_time+0x2c6/0x400 [ 58.177905][ T487] ? inode_owner_or_capable+0x140/0x140 [ 58.183420][ T487] f2fs_fallocate+0x42b/0x7e0 [ 58.188066][ T487] vfs_fallocate+0x4b4/0x590 [ 58.192620][ T487] do_vfs_ioctl+0x12e3/0x1510 [ 58.197266][ T487] ? __ia32_compat_sys_ioctl+0x7b0/0x7b0 [ 58.203026][ T487] ? has_cap_mac_admin+0x330/0x330 [ 58.208108][ T487] ? __kasan_slab_free+0x11/0x20 [ 58.213012][ T487] ? slab_free_freelist_hook+0xc5/0x190 [ 58.218532][ T487] ? putname+0xfe/0x150 [ 58.222657][ T487] ? selinux_file_ioctl+0x377/0x480 [ 58.227840][ T487] ? selinux_file_alloc_security+0x120/0x120 [ 58.233796][ T487] ? __fget_files+0x2c4/0x320 [ 58.238446][ T487] ? security_file_ioctl+0x84/0xa0 [ 58.243625][ T487] __se_sys_ioctl+0x9f/0x1a0 [ 58.248193][ T487] __x64_sys_ioctl+0x7b/0x90 [ 58.253535][ T487] do_syscall_64+0x31/0x40 [ 58.257922][ T487] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 58.263791][ T487] RIP: 0033:0x7f6e18aea969 [ 58.268181][ T487] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 58.287844][ T487] RSP: 002b:00007f6e1855b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 58.296233][ T487] RAX: ffffffffffffffda RBX: 00007f6e18d11fa0 RCX: 00007f6e18aea969 [ 58.304175][ T487] RDX: 00002000000000c0 RSI: 0000000040305828 RDI: 0000000000000005 [ 58.312115][ T487] RBP: 00007f6e18b6cab1 R08: 0000000000000000 R09: 0000000000000000 [ 58.320056][ T487] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 58.327996][ T487] R13: 0000000000000000 R14: 00007f6e18d11fa0 R15: 00007ffff257d7b8 [ 58.335937][ T487] Modules linked in: [ 58.340947][ T487] ---[ end trace 6a6beda168ae3a63 ]--- [ 58.346619][ T487] RIP: 0010:update_sit_entry+0x3eb/0xf50 [ 58.352220][ T487] Code: 89 45 a8 49 01 c5 41 f6 d7 41 80 e7 07 44 89 f9 41 bf 01 00 00 00 41 d3 e7 4d 89 ee 49 c1 ee 03 48 b8 00 00 00 00 00 fc ff df <41> 0f b6 04 06 84 c0 0f 85 a5 08 00 00 41 0f b6 5d 00 44 89 f8 41 [ 58.371827][ T487] RSP: 0018:ffffc90002357350 EFLAGS: 00010246 [ 58.377893][ T487] RAX: dffffc0000000000 RBX: ffff88811971a3c8 RCX: 0000000000000007 [ 58.385864][ T487] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff88811971a3c8 [ 58.393846][ T487] RBP: ffffc900023573d0 R08: ffff888119344f00 R09: 0000000000000003 [ 58.401834][ T487] R10: 00000000ffffffff R11: 0000000000000000 R12: 0000000000004000 [ 58.409803][ T487] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000080 [ 58.417786][ T487] FS: 00007f6e1855b6c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 58.426719][ T487] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 58.433284][ T487] CR2: 0000001b30e5ffff CR3: 0000000118a32000 CR4: 00000000003506b0 [ 58.441359][ T487] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 58.449357][ T487] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 58.457487][ T487] Kernel panic - not syncing: Fatal exception [ 58.463732][ T487] Kernel Offset: disabled [ 58.468042][ T487] Rebooting in 86400 seconds..