Warning: Permanently added '10.128.0.14' (ED25519) to the list of known hosts.
2025/10/13 17:04:25 parsed 1 programs
[ 47.433249][ T28] audit: type=1400 audit(1760375066.661:106): avc: denied { unlink } for pid=397 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 47.480716][ T397] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 48.520830][ T28] audit: type=1401 audit(1760375067.741:107): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
[ 48.671351][ T447] bridge0: port 1(bridge_slave_0) entered blocking state
[ 48.678533][ T447] bridge0: port 1(bridge_slave_0) entered disabled state
[ 48.686047][ T447] device bridge_slave_0 entered promiscuous mode
[ 48.693138][ T447] bridge0: port 2(bridge_slave_1) entered blocking state
[ 48.700252][ T447] bridge0: port 2(bridge_slave_1) entered disabled state
[ 48.707992][ T447] device bridge_slave_1 entered promiscuous mode
[ 48.751863][ T447] bridge0: port 2(bridge_slave_1) entered blocking state
[ 48.758944][ T447] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 48.766212][ T447] bridge0: port 1(bridge_slave_0) entered blocking state
[ 48.773236][ T447] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 48.791733][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 48.799304][ T8] bridge0: port 1(bridge_slave_0) entered disabled state
[ 48.806997][ T8] bridge0: port 2(bridge_slave_1) entered disabled state
[ 48.816750][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 48.824941][ T8] bridge0: port 1(bridge_slave_0) entered blocking state
[ 48.832059][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 48.840598][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 48.848905][ T8] bridge0: port 2(bridge_slave_1) entered blocking state
[ 48.856048][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 48.867528][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 48.879316][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 48.889085][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 48.899811][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 48.907986][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 48.915682][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 48.923837][ T447] device veth0_vlan entered promiscuous mode
[ 48.933211][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 48.942231][ T447] device veth1_macvtap entered promiscuous mode
[ 48.950963][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 48.960628][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
2025/10/13 17:04:28 executed programs: 0
[ 49.181948][ T463] bridge0: port 1(bridge_slave_0) entered blocking state
[ 49.189707][ T463] bridge0: port 1(bridge_slave_0) entered disabled state
[ 49.197698][ T463] device bridge_slave_0 entered promiscuous mode
[ 49.204746][ T463] bridge0: port 2(bridge_slave_1) entered blocking state
[ 49.211991][ T463] bridge0: port 2(bridge_slave_1) entered disabled state
[ 49.219517][ T463] device bridge_slave_1 entered promiscuous mode
[ 49.267959][ T463] bridge0: port 2(bridge_slave_1) entered blocking state
[ 49.275022][ T463] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 49.282423][ T463] bridge0: port 1(bridge_slave_0) entered blocking state
[ 49.289460][ T463] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 49.307151][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 49.314898][ T10] bridge0: port 1(bridge_slave_0) entered disabled state
[ 49.322129][ T10] bridge0: port 2(bridge_slave_1) entered disabled state
[ 49.336041][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 49.344256][ T10] bridge0: port 1(bridge_slave_0) entered blocking state
[ 49.351280][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 49.359856][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 49.368090][ T10] bridge0: port 2(bridge_slave_1) entered blocking state
[ 49.375228][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 49.391988][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 49.401154][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 49.414309][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 49.422642][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 49.440026][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 49.448783][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 49.457195][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 49.465010][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 49.480193][ T463] device veth0_vlan entered promiscuous mode
[ 49.489317][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 49.497720][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 49.506805][ T463] device veth1_macvtap entered promiscuous mode
[ 49.515225][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 49.523096][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 49.531356][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 49.540622][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 49.548852][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 49.575039][ T474] loop2: detected capacity change from 0 to 512
[ 49.582286][ T474] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[ 49.595680][ T474] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[ 49.608083][ T474] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2818: Unable to expand inode 15. Delete some EAs or run e2fsck.
[ 49.621295][ T474] EXT4-fs (loop2): 1 truncate cleaned up
[ 49.627239][ T474] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[ 49.636358][ T28] audit: type=1400 audit(1760375068.861:108): avc: denied { mount } for pid=473 comm="syz.2.16" name="/" dev="loop2" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 49.657955][ T28] audit: type=1400 audit(1760375068.881:109): avc: denied { setattr } for pid=473 comm="syz.2.16" name="file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[ 49.659198][ T474] ==================================================================
[ 49.680584][ T28] audit: type=1400 audit(1760375068.881:110): avc: denied { write } for pid=473 comm="syz.2.16" name="/" dev="loop2" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 49.688140][ T474] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x979/0x21d0
[ 49.709785][ T28] audit: type=1400 audit(1760375068.881:111): avc: denied { add_name } for pid=473 comm="syz.2.16" name="file2" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 49.717382][ T474] Read of size 18446744073709551572 at addr ffff88811bde9850 by task syz.2.16/474
[ 49.717398][ T474]
[ 49.717402][ T474] CPU: 1 PID: 474 Comm: syz.2.16 Not tainted syzkaller #0
[ 49.717418][ T474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 49.739192][ T28] audit: type=1400 audit(1760375068.881:112): avc: denied { create } for pid=473 comm="syz.2.16" name="file2" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[ 49.747350][ T474] Call Trace:
[ 49.747360][ T474]
[ 49.747366][ T474] __dump_stack+0x21/0x24
[ 49.749962][ T28] audit: type=1400 audit(1760375068.881:113): avc: denied { write } for pid=473 comm="syz.2.16" name="file2" dev="loop2" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[ 49.756762][ T474] dump_stack_lvl+0xee/0x150
[ 49.756781][ T474] ? __cfi_dump_stack_lvl+0x8/0x8
[ 49.756796][ T474] ? ext4_xattr_block_set+0x9dc/0x3270
[ 49.767054][ T28] audit: type=1400 audit(1760375068.881:114): avc: denied { open } for pid=473 comm="syz.2.16" path="/0/file2/file2" dev="loop2" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[ 49.786677][ T474] ? __ext4_unlink+0x673/0xb00
[ 49.786703][ T474] ? ext4_xattr_set_entry+0x979/0x21d0
[ 49.790199][ T28] audit: type=1400 audit(1760375068.881:115): avc: denied { remove_name } for pid=473 comm="syz.2.16" name="file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 49.792881][ T474] print_address_description+0x71/0x200
[ 49.792907][ T474] print_report+0x4a/0x60
[ 49.792926][ T474] kasan_report+0x122/0x150
[ 49.792944][ T474] ? ext4_xattr_set_entry+0x979/0x21d0
[ 49.792963][ T474] ? ext4_xattr_set_entry+0x979/0x21d0
[ 49.918775][ T474] kasan_check_range+0x280/0x290
[ 49.923732][ T474] memmove+0x2d/0x70
[ 49.927616][ T474] ext4_xattr_set_entry+0x979/0x21d0
[ 49.932912][ T474] ext4_xattr_block_set+0xada/0x3270
[ 49.938183][ T474] ? __getblk_gfp+0x3b/0x7d0
[ 49.942770][ T474] ? xattr_find_entry+0x24c/0x300
[ 49.947795][ T474] ? ext4_xattr_block_find+0x310/0x310
[ 49.953240][ T474] ? ext4_xattr_block_find+0x295/0x310
[ 49.958862][ T474] ext4_expand_extra_isize_ea+0xf30/0x1990
[ 49.964654][ T474] __ext4_expand_extra_isize+0x2fe/0x3e0
[ 49.970277][ T474] __ext4_mark_inode_dirty+0x3cf/0x600
[ 49.975721][ T474] __ext4_unlink+0x673/0xb00
[ 49.980285][ T474] ? memcpy+0x56/0x70
[ 49.984275][ T474] ? __cfi___ext4_unlink+0x10/0x10
[ 49.989361][ T474] ? dquot_initialize+0x20/0x20
[ 49.994187][ T474] ? clear_nonspinnable+0x60/0x60
[ 49.999212][ T474] ext4_unlink+0x13a/0x3a0
[ 50.003637][ T474] vfs_unlink+0x39f/0x630
[ 50.007944][ T474] do_unlinkat+0x31f/0x6b0
[ 50.012349][ T474] ? __cfi_do_unlinkat+0x10/0x10
[ 50.017267][ T474] ? getname_flags+0x206/0x500
[ 50.022103][ T474] __x64_sys_unlink+0x49/0x50
[ 50.026860][ T474] x64_sys_call+0x958/0x9a0
[ 50.031459][ T474] do_syscall_64+0x4c/0xa0
[ 50.035861][ T474] ? clear_bhb_loop+0x30/0x80
[ 50.040607][ T474] ? clear_bhb_loop+0x30/0x80
[ 50.045267][ T474] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 50.051228][ T474] RIP: 0033:0x7f465258e9a9
[ 50.055644][ T474] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 50.075244][ T474] RSP: 002b:00007f4653364038 EFLAGS: 00000246 ORIG_RAX: 0000000000000057
[ 50.083647][ T474] RAX: ffffffffffffffda RBX: 00007f46527b5fa0 RCX: 00007f465258e9a9
[ 50.091605][ T474] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000180
[ 50.099552][ T474] RBP: 00007f4652610ca1 R08: 0000000000000000 R09: 0000000000000000
[ 50.107508][ T474] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 50.115469][ T474] R13: 0000000000000000 R14: 00007f46527b5fa0 R15: 00007ffda3f9f8e8
[ 50.123459][ T474]
[ 50.126460][ T474]
[ 50.128767][ T474] Allocated by task 474:
[ 50.133167][ T474] kasan_set_track+0x4b/0x70
[ 50.137738][ T474] kasan_save_alloc_info+0x25/0x30
[ 50.142830][ T474] __kasan_kmalloc+0x95/0xb0
[ 50.147408][ T474] __kmalloc_node_track_caller+0xb1/0x1e0
[ 50.153129][ T474] kmemdup+0x2b/0x60
[ 50.157013][ T474] ext4_xattr_block_set+0x9dc/0x3270
[ 50.162281][ T474] ext4_expand_extra_isize_ea+0xf30/0x1990
[ 50.168240][ T474] __ext4_expand_extra_isize+0x2fe/0x3e0
[ 50.173851][ T474] __ext4_mark_inode_dirty+0x3cf/0x600
[ 50.179308][ T474] __ext4_unlink+0x673/0xb00
[ 50.183917][ T474] ext4_unlink+0x13a/0x3a0
[ 50.188501][ T474] vfs_unlink+0x39f/0x630
[ 50.192826][ T474] do_unlinkat+0x31f/0x6b0
[ 50.197277][ T474] __x64_sys_unlink+0x49/0x50
[ 50.202039][ T474] x64_sys_call+0x958/0x9a0
[ 50.206527][ T474] do_syscall_64+0x4c/0xa0
[ 50.210931][ T474] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 50.216800][ T474]
[ 50.219102][ T474] The buggy address belongs to the object at ffff88811bde9800
[ 50.219102][ T474] which belongs to the cache kmalloc-1k of size 1024
[ 50.233150][ T474] The buggy address is located 80 bytes inside of
[ 50.233150][ T474] 1024-byte region [ffff88811bde9800, ffff88811bde9c00)
[ 50.246402][ T474]
[ 50.248704][ T474] The buggy address belongs to the physical page:
[ 50.255089][ T474] page:ffffea00046f7a00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11bde8
[ 50.265326][ T474] head:ffffea00046f7a00 order:3 compound_mapcount:0 compound_pincount:0
[ 50.273809][ T474] flags: 0x4000000000010200(slab|head|zone=1)
[ 50.279872][ T474] raw: 4000000000010200 ffffea00046dd200 dead000000000003 ffff888100043080
[ 50.288515][ T474] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 50.297096][ T474] page dumped because: kasan: bad access detected
[ 50.303591][ T474] page_owner tracks the page as allocated
[ 50.309283][ T474] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 120, tgid 120 (udevd), ts 4918375586, free_ts 0
[ 50.328970][ T474] post_alloc_hook+0x1f5/0x210
[ 50.333727][ T474] prep_new_page+0x1c/0x110
[ 50.338293][ T474] get_page_from_freelist+0x2c7b/0x2cf0
[ 50.343903][ T474] __alloc_pages+0x1c3/0x450
[ 50.348480][ T474] alloc_slab_page+0x6e/0xf0
[ 50.353050][ T474] new_slab+0x98/0x3d0
[ 50.357106][ T474] ___slab_alloc+0x6bd/0xb20
[ 50.361689][ T474] __slab_alloc+0x5e/0xa0
[ 50.366010][ T474] __kmem_cache_alloc_node+0x203/0x2c0
[ 50.371533][ T474] __kmalloc+0xa1/0x1e0
[ 50.375695][ T474] load_elf_phdrs+0x132/0x230
[ 50.380366][ T474] load_elf_binary+0x955/0x26d0
[ 50.385244][ T474] bprm_execve+0x787/0x1440
[ 50.389728][ T474] do_execveat_common+0x915/0xa70
[ 50.394739][ T474] __x64_sys_execve+0x92/0xb0
[ 50.399402][ T474] x64_sys_call+0x98/0x9a0
[ 50.403803][ T474] page_owner free stack trace missing
[ 50.409151][ T474]
[ 50.411464][ T474] Memory state around the buggy address:
[ 50.417266][ T474] ffff88811bde9700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 50.425311][ T474] ffff88811bde9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 50.433402][ T474] >ffff88811bde9800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 50.441455][ T474] ^
[ 50.448196][ T474] ffff88811bde9880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 50.456318][ T474] ffff88811bde9900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 50.464456][ T474] ==================================================================
[ 50.475462][ T474] Disabling lock debugging due to kernel taint
[ 50.500064][ T463] EXT4-fs (loop2): unmounting filesystem.
[ 50.540122][ T479] loop2: detected capacity change from 0 to 512
[ 50.551254][ T479] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[ 50.562879][ T479] EXT4-fs (loop2): 1 truncate cleaned up
[ 50.568650][ T479] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[ 50.594137][ T43] general protection fault, probably for non-canonical address 0xdffffc0000000062: 0000 [#1] PREEMPT SMP KASAN
[ 50.602820][ C1] slab cred_jar
[ 50.605874][ T43] KASAN: null-ptr-deref in range [0x0000000000000310-0x0000000000000317]
[ 50.605889][ T43] CPU: 0 PID: 43 Comm: kworker/u4:2 Tainted: G B syzkaller #0
[ 50.609424][ C1] start ffff888118b93a00
[ 50.617883][ T43] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 50.617893][ T43] Workqueue: netns cleanup_net
[ 50.617915][ T43] RIP: 0010:tcp_twsk_purge+0x5b/0x120
[ 50.617931][ T43] Code: 8c 86 fd 4d 8b 75 00 4d 39 ee 0f 84 cf 00 00 00 31 db 4d 8d be 10 03 00 00 4c 89 f8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 4c 89 ff e8 27 8c 86 fd 4d 8b 3f 4d 8d 67 48 4c
[ 50.617942][ T43] RSP: 0018:ffffc900002cfbf0 EFLAGS: 00010202
[ 50.617955][ T43] RAX: 0000000000000062 RBX: 0000000000000001 RCX: dffffc0000000000
[ 50.626878][ C1] pointer offset 160
[ 50.631154][ T43] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[ 50.631169][ T43] RBP: ffffc900002cfc18 R08: dffffc0000000000 R09: fffffbfff0f43e02
[ 50.641424][ C1]
[ 50.646285][ T43] R10: fffffbfff0f43e02 R11: 1ffffffff0f43e01 R12: 0000000000000001
[ 50.646297][ T43] R13: ffffc900002cfca0 R14: 0000000000000000 R15: 0000000000000310
[ 50.646308][ T43] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 50.646321][ T43] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 50.740012][ T43] CR2: 000020000000f000 CR3: 000000011e421000 CR4: 00000000003506b0
[ 50.748252][ T43] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 50.756288][ T43] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 50.764249][ T43] Call Trace:
[ 50.767540][ T43]
[ 50.770509][ T43] tcp_sk_exit_batch+0x33/0x140
[ 50.775337][ T43] ? __cfi_tcp_sk_exit_batch+0x10/0x10
[ 50.780788][ T43] cleanup_net+0x62d/0xb00
[ 50.785286][ T43] ? __cfi_cleanup_net+0x10/0x10
[ 50.790311][ T43] ? pwq_dec_nr_in_flight+0x18c/0x3c0
[ 50.795749][ T43] process_one_work+0x71f/0xc40
[ 50.800577][ T43] worker_thread+0xa29/0x11f0
[ 50.805313][ T43] ? _raw_spin_lock_irqsave+0xb0/0x110
[ 50.810771][ T43] kthread+0x281/0x320
[ 50.814829][ T43] ? __cfi_worker_thread+0x10/0x10
[ 50.819909][ T43] ? __cfi_kthread+0x10/0x10
[ 50.824479][ T43] ret_from_fork+0x1f/0x30
[ 50.828890][ T43]
[ 50.831884][ T43] Modules linked in:
[ 50.835932][ C1] BUG: unable to handle page fault for address: fffffffffffffffc
[ 50.843658][ C1] #PF: supervisor read access in kernel mode
[ 50.849609][ C1] #PF: error_code(0x0000) - not-present page
[ 50.855642][ C1] PGD 6e12067 P4D 6e12067 PUD 6e14067 PMD 0
[ 50.861609][ C1] Oops: 0000 [#2] PREEMPT SMP KASAN
[ 50.866776][ C1] CPU: 1 PID: 479 Comm: syz.2.17 Tainted: G B D syzkaller #0
[ 50.875345][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 50.885466][ C1] RIP: 0010:rcu_do_batch+0x509/0xb90
[ 50.890736][ C1] Code: 00 48 b8 00 00 00 00 00 fc ff df 80 3c 03 00 74 08 4c 89 ef e8 28 09 57 00 49 c7 47 08 00 00 00 00 4c 89 ff 41 ba c8 6a 43 52 <45> 03 54 24 fc 74 02 0f 0b 41 ff d4 65 8b 05 ec e9 a4 7e a9 00 01
[ 50.910405][ C1] RSP: 0018:ffffc900001b0c20 EFLAGS: 00010246
[ 50.916463][ C1] RAX: dffffc0000000000 RBX: 1ffff11023172755 RCX: b06d62a980e03400
[ 50.924435][ C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: ffff888118b93aa0
[ 50.932394][ C1] RBP: ffffc900001b0dd0 R08: 0000000000000004 R09: 0000000000000003
[ 50.940349][ C1] R10: 0000000052436ac8 R11: 1ffff920000360a4 R12: 0000000000000000
[ 50.948299][ C1] R13: ffff888118b93aa8 R14: 0000000000000004 R15: ffff888118b93aa0
[ 50.956255][ C1] FS: 00007f46533646c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 50.965155][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 50.971972][ C1] CR2: fffffffffffffffc CR3: 000000011e421000 CR4: 00000000003506a0
[ 50.979939][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 50.987977][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 50.995924][ C1] Call Trace:
[ 50.999278][ C1]
[ 51.002133][ C1] ? rcu_core+0xe70/0xe70
[ 51.006480][ C1] ? _raw_spin_unlock_irqrestore+0x5a/0x80
[ 51.012286][ C1] ? swake_up_one+0x140/0x150
[ 51.017028][ C1] ? swake_up_one_online+0x66/0x110
[ 51.022548][ C1] ? rcu_report_qs_rnp+0x384/0x390
[ 51.027633][ C1] rcu_core+0x5a5/0xe70
[ 51.031769][ C1] ? rcu_cpu_kthread_park+0x90/0x90
[ 51.036948][ C1] ? kvm_sched_clock_read+0x18/0x40
[ 51.042141][ C1] ? run_rebalance_domains+0xf7/0x1c0
[ 51.047517][ C1] rcu_core_si+0x9/0x10
[ 51.051648][ C1] handle_softirqs+0x1d7/0x600
[ 51.056396][ C1] __irq_exit_rcu+0x52/0xf0
[ 51.060872][ C1] irq_exit_rcu+0x9/0x10
[ 51.065097][ C1] sysvec_apic_timer_interrupt+0xa9/0xc0
[ 51.070978][ C1]
[ 51.073884][ C1]
[ 51.076790][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 51.082842][ C1] RIP: 0010:__memmove+0x19c/0x1a0
[ 51.087871][ C1] Code: fa 02 72 16 66 44 8b 1e 66 44 8b 54 16 fe 66 44 89 1f 66 44 89 54 17 fe eb 0c 48 83 fa 01 72 06 44 8a 1e 44 88 1f c3 48 89 d1 a4 c3 00 eb 2e 0f 1f 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03
[ 51.107454][ C1] RSP: 0018:ffffc90000ad7640 EFLAGS: 00010286
[ 51.113523][ C1] RAX: ffff888118119070 RBX: ffffffffffffffd4 RCX: fffffffffef2451c
[ 51.121488][ C1] RDX: ffffffffffffffd4 RSI: ffff8881191f4b08 RDI: ffff8881191f4b28
[ 51.129627][ C1] RBP: ffffc90000ad7670 R08: ffff888118119024 R09: 0000000000000001
[ 51.137619][ C1] R10: 0000000000000000 R11: 0000000000000080 R12: 0000000000000000
[ 51.145598][ C1] R13: ffffffff81f8ada9 R14: ffff888118119050 R15: ffff888118119070
[ 51.154167][ C1] ? ext4_xattr_set_entry+0x979/0x21d0
[ 51.159653][ C1] ? memmove+0x56/0x70
[ 51.163723][ C1] ext4_xattr_set_entry+0x979/0x21d0
[ 51.169025][ C1] ext4_xattr_block_set+0xada/0x3270
[ 51.174304][ C1] ? __getblk_gfp+0x3b/0x7d0
[ 51.178876][ C1] ? xattr_find_entry+0x24c/0x300
[ 51.183880][ C1] ? ext4_xattr_block_find+0x310/0x310
[ 51.189317][ C1] ? ext4_xattr_block_find+0x295/0x310
[ 51.194763][ C1] ext4_expand_extra_isize_ea+0xf30/0x1990
[ 51.200546][ C1] __ext4_expand_extra_isize+0x2fe/0x3e0
[ 51.206244][ C1] __ext4_mark_inode_dirty+0x3cf/0x600
[ 51.211781][ C1] __ext4_unlink+0x673/0xb00
[ 51.216369][ C1] ? memcpy+0x56/0x70
[ 51.220327][ C1] ? __cfi___ext4_unlink+0x10/0x10
[ 51.225412][ C1] ? dquot_initialize+0x20/0x20
[ 51.230262][ C1] ? clear_nonspinnable+0x60/0x60
[ 51.235291][ C1] ext4_unlink+0x13a/0x3a0
[ 51.239895][ C1] vfs_unlink+0x39f/0x630
[ 51.244211][ C1] do_unlinkat+0x31f/0x6b0
[ 51.248602][ C1] ? __cfi_do_unlinkat+0x10/0x10
[ 51.253514][ C1] ? getname_flags+0x206/0x500
[ 51.258270][ C1] __x64_sys_unlink+0x49/0x50
[ 51.262941][ C1] x64_sys_call+0x958/0x9a0
[ 51.267439][ C1] do_syscall_64+0x4c/0xa0
[ 51.271836][ C1] ? clear_bhb_loop+0x30/0x80
[ 51.276609][ C1] ? clear_bhb_loop+0x30/0x80
[ 51.281279][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 51.287251][ C1] RIP: 0033:0x7f465258e9a9
[ 51.291749][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 51.311366][ C1] RSP: 002b:00007f4653364038 EFLAGS: 00000246 ORIG_RAX: 0000000000000057
[ 51.319769][ C1] RAX: ffffffffffffffda RBX: 00007f46527b5fa0 RCX: 00007f465258e9a9
[ 51.327728][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000180
[ 51.335675][ C1] RBP: 00007f4652610ca1 R08: 0000000000000000 R09: 0000000000000000
[ 51.343709][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 51.351845][ C1] R13: 0000000000000000 R14: 00007f46527b5fa0 R15: 00007ffda3f9f8e8
[ 51.359977][ C1]
[ 51.362979][ C1] Modules linked in:
[ 51.366852][ C1] CR2: fffffffffffffffc
[ 51.371044][ C1] ---[ end trace 0000000000000000 ]---
[ 51.371076][ T19] general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#3] PREEMPT SMP KASAN
[ 51.376503][ C1] RIP: 0010:tcp_twsk_purge+0x5b/0x120
[ 51.388193][ T19] KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]
[ 51.393546][ C1] Code: 8c 86 fd 4d 8b 75 00 4d 39 ee 0f 84 cf 00 00 00 31 db 4d 8d be 10 03 00 00 4c 89 f8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 4c 89 ff e8 27 8c 86 fd 4d 8b 3f 4d 8d 67 48 4c
[ 51.401925][ T19] CPU: 0 PID: 19 Comm: kworker/0:1 Tainted: G B D syzkaller #0
[ 51.421783][ C1] RSP: 0018:ffffc900002cfbf0 EFLAGS: 00010202
[ 51.430526][ T19] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 51.430538][ T19] Workqueue: ipv6_addrconf addrconf_dad_work
[ 51.436580][ C1] RAX: 0000000000000062 RBX: 0000000000000001 RCX: dffffc0000000000
[ 51.446625][ T19]
[ 51.446635][ T19] RIP: 0010:atomic_notifier_call_chain+0x37/0x120
[ 51.452593][ C1] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[ 51.460557][ T19] Code: 50 48 89 55 d0 49 89 f6 49 89 ff 49 bd 00 00 00 00 00 fc ff df e8 d9 17 26 00 e8 a4 c5 12 00 49 83 c7 08 4c 89 f8 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 ff e8 aa 85 6a 00 4d 8b 27 4d 85 e4 0f
[ 51.462864][ C1] RBP: ffffc900002cfc18 R08: dffffc0000000000 R09: fffffbfff0f43e02
[ 51.469265][ T19] RSP: 0018:ffffc90000137540 EFLAGS: 00010206
[ 51.477222][ C1] R10: fffffbfff0f43e02 R11: 1ffffffff0f43e01 R12: 0000000000000001
[ 51.496807][ T19]
[ 51.496813][ T19] RAX: 0000000000000003 RBX: ffffc90000137760 RCX: dffffc0000000000
[ 51.504759][ C1] R13: ffffc900002cfca0 R14: 0000000000000000 R15: 0000000000000310
[ 51.510799][ T19] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000010
[ 51.518843][ C1] FS: 00007f46533646c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 51.521176][ T19] RBP: ffffc90000137570 R08: dffffc0000000000 R09: ffffed1022aec406
[ 51.529120][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 51.537279][ T19] R10: ffffed1022aec406 R11: 1ffff11022aec405 R12: ffff8881149a0b20
[ 51.545447][ C1] CR2: fffffffffffffffc CR3: 000000011e421000 CR4: 00000000003506a0
[ 51.554448][ T19] R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000018
[ 51.562575][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 51.569135][ T19] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 51.577088][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 51.585134][ T19] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 51.593261][ C1] Kernel panic - not syncing: Fatal exception in interrupt
[ 51.601308][ T19] CR2: 000020000000f000 CR3: 000000011e421000 CR4: 00000000003506b0
[ 51.601324][ T19] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 51.601333][ T19] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 51.601342][ T19] Call Trace:
[ 51.601348][ T19]
[ 51.601356][ T19] call_fib_notifiers+0x86/0xc0
[ 51.601380][ T19] call_fib6_notifiers+0x43/0x70
[ 51.601396][ T19] fib6_add+0x202c/0x3dc0
[ 51.601418][ T19] ? ____kasan_slab_free+0x13d/0x180
[ 51.601440][ T19] ? __cfi_fib6_add+0x10/0x10
[ 51.601455][ T19] ? consume_skb+0xc1/0x1f0
[ 51.601468][ T19] ? __kasan_check_write+0x14/0x20
[ 51.601482][ T19] ? _raw_spin_lock_bh+0x8e/0xe0
[ 51.601498][ T19] ip6_ins_rt+0xc5/0x110
[ 51.601514][ T19] ? __cfi_ip6_ins_rt+0x10/0x10
[ 51.601531][ T19] ? rtnl_notify+0x9a/0xc0
[ 51.601544][ T19] __ipv6_ifa_notify+0x4c4/0xdc0
[ 51.601559][ T19] ? snmp6_fill_stats+0x6c0/0x6c0
[ 51.601574][ T19] ? __kasan_check_write+0x14/0x20
[ 51.601587][ T19] ? try_to_grab_pending+0x1a2/0x580
[ 51.601605][ T19] ? mod_delayed_work_on+0xe0/0xe0
[ 51.601622][ T19] ? kvm_sched_clock_read+0x18/0x40
[ 51.601642][ T19] ? __kasan_check_write+0x14/0x20
[ 51.601654][ T19] ? __cancel_work+0x198/0x200
[ 51.601672][ T19] addrconf_dad_completed+0x175/0xe80
[ 51.601692][ T19] ? __kasan_check_write+0x14/0x20
[ 51.601705][ T19] ? addrconf_dad_stop+0x450/0x450
[ 51.601725][ T19] addrconf_dad_work+0xc25/0x14b0
[ 51.601745][ T19] ? __cfi_addrconf_dad_work+0x10/0x10
[ 51.601763][ T19] ? __schedule+0xb8f/0x14e0
[ 51.601778][ T19] ? __cfi__raw_spin_lock_irq+0x10/0x10
[ 51.601794][ T19] process_one_work+0x71f/0xc40
[ 51.601809][ T19] worker_thread+0xa29/0x11f0
[ 51.601822][ T19] ? _raw_spin_lock_irqsave+0xb0/0x110
[ 51.601840][ T19] kthread+0x281/0x320
[ 51.601854][ T19] ? __cfi_worker_thread+0x10/0x10
[ 51.601867][ T19] ? __cfi_kthread+0x10/0x10
[ 51.601881][ T19] ret_from_fork+0x1f/0x30
[ 51.601898][ T19]
[ 51.601903][ T19] Modules linked in:
[ 51.611139][ C1] Kernel Offset: disabled
[ 51.840260][ C1] Rebooting in 86400 seconds..