Warning: Permanently added '10.128.1.72' (ED25519) to the list of known hosts. 2026/01/23 00:50:53 parsed 1 programs [ 27.993947][ T30] audit: type=1400 audit(1769129453.646:64): avc: denied { node_bind } for pid=282 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 28.015941][ T30] audit: type=1400 audit(1769129453.646:65): avc: denied { module_request } for pid=282 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 28.987089][ T30] audit: type=1400 audit(1769129454.646:66): avc: denied { mounton } for pid=288 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 28.990789][ T288] cgroup: Unknown subsys name 'net' [ 29.010255][ T30] audit: type=1400 audit(1769129454.646:67): avc: denied { mount } for pid=288 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 29.037818][ T30] audit: type=1400 audit(1769129454.666:68): avc: denied { unmount } for pid=288 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 29.038402][ T288] cgroup: Unknown subsys name 'devices' [ 29.238619][ T288] cgroup: Unknown subsys name 'hugetlb' [ 29.244279][ T288] cgroup: Unknown subsys name 'rlimit' [ 29.392191][ T30] audit: type=1400 audit(1769129455.046:69): avc: denied { setattr } for pid=288 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 29.415928][ T30] audit: type=1400 audit(1769129455.046:70): avc: denied { create } for pid=288 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 29.436574][ T30] audit: type=1400 audit(1769129455.046:71): avc: denied { write } for pid=288 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 29.457396][ T30] audit: type=1400 audit(1769129455.046:72): avc: denied { read } for pid=288 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 29.476233][ T293] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 29.478263][ T30] audit: type=1400 audit(1769129455.056:73): avc: denied { mounton } for pid=288 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 29.536133][ T288] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 30.014816][ T297] request_module fs-gadgetfs succeeded, but still no fs? [ 30.348769][ T322] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.356348][ T322] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.363906][ T322] device bridge_slave_0 entered promiscuous mode [ 30.371174][ T322] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.378383][ T322] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.386676][ T322] device bridge_slave_1 entered promiscuous mode [ 30.432303][ T322] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.439517][ T322] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.447313][ T322] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.454548][ T322] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.475529][ T278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 30.484359][ T278] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.491699][ T278] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.501707][ T278] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 30.509958][ T278] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.517089][ T278] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.526031][ T278] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 30.534380][ T278] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.541615][ T278] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.554800][ T278] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 30.565245][ T278] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 30.579782][ T278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 30.593832][ T322] device veth0_vlan entered promiscuous mode [ 30.606281][ T278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 30.614824][ T278] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 30.622604][ T278] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 30.630243][ T278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 30.639810][ T322] device veth1_macvtap entered promiscuous mode [ 30.650573][ T278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 30.661338][ T278] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 30.692694][ T322] syz-executor (322) used greatest stack depth: 21536 bytes left 2026/01/23 00:50:56 executed programs: 0 [ 31.254959][ T361] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.262409][ T361] bridge0: port 1(bridge_slave_0) entered disabled state [ 31.269955][ T361] device bridge_slave_0 entered promiscuous mode [ 31.276769][ T361] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.283913][ T361] bridge0: port 2(bridge_slave_1) entered disabled state [ 31.291561][ T361] device bridge_slave_1 entered promiscuous mode [ 31.335495][ T8] device bridge_slave_1 left promiscuous mode [ 31.341730][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 31.349870][ T8] device bridge_slave_0 left promiscuous mode [ 31.356073][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 31.364225][ T8] device veth1_macvtap left promiscuous mode [ 31.370328][ T8] device veth0_vlan left promiscuous mode [ 31.454647][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 31.462180][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 31.471773][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 31.480289][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 31.488519][ T10] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.495676][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state [ 31.503333][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 31.513169][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 31.521693][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 31.530082][ T10] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.537170][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state [ 31.549102][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 31.557276][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 31.567399][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 31.581286][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 31.592726][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 31.601013][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 31.608977][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 31.617703][ T361] device veth0_vlan entered promiscuous mode [ 31.627866][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 31.637053][ T361] device veth1_macvtap entered promiscuous mode [ 31.646667][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 31.655372][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 31.665995][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 31.674423][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 31.722572][ T371] loop2: detected capacity change from 0 to 1024 [ 31.731152][ T371] ======================================================= [ 31.731152][ T371] WARNING: The mand mount option has been deprecated and [ 31.731152][ T371] and is ignored by this kernel. Remove the mand [ 31.731152][ T371] option from the mount to silence this warning. [ 31.731152][ T371] ======================================================= [ 31.772243][ T371] EXT4-fs (loop2): Ignoring removed nobh option [ 31.778965][ T371] EXT4-fs (loop2): Ignoring removed bh option [ 31.785092][ T371] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 31.808261][ T371] EXT4-fs (loop2): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue. Quota mode: writeback. [ 31.916200][ T10] ================================================================== [ 31.924859][ T10] BUG: KASAN: use-after-free in ext4_find_extent+0xbeb/0xe20 [ 31.932820][ T10] Read of size 4 at addr ffff88812ee42ec4 by task kworker/u4:1/10 [ 31.940778][ T10] [ 31.943394][ T10] CPU: 1 PID: 10 Comm: kworker/u4:1 Not tainted syzkaller #0 [ 31.950812][ T10] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 31.961110][ T10] Workqueue: writeback wb_workfn (flush-7:2) [ 31.967389][ T10] Call Trace: [ 31.970768][ T10] [ 31.973810][ T10] __dump_stack+0x21/0x30 [ 31.978426][ T10] dump_stack_lvl+0x110/0x170 [ 31.983417][ T10] ? show_regs_print_info+0x20/0x20 [ 31.988956][ T10] ? load_image+0x3e0/0x3e0 [ 31.993740][ T10] print_address_description+0x7f/0x2c0 [ 31.999643][ T10] ? ext4_find_extent+0xbeb/0xe20 [ 32.004681][ T10] kasan_report+0xf1/0x140 [ 32.009126][ T10] ? __read_extent_tree_block+0x1e8/0x790 [ 32.015389][ T10] ? ext4_find_extent+0xbeb/0xe20 [ 32.020432][ T10] __asan_report_load4_noabort+0x14/0x20 [ 32.026512][ T10] ext4_find_extent+0xbeb/0xe20 [ 32.031478][ T10] ext4_ext_map_blocks+0x207/0x61e0 [ 32.036679][ T10] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 32.042491][ T10] ? __stack_depot_save+0x442/0x480 [ 32.047701][ T10] ? __kasan_slab_alloc+0xcf/0xf0 [ 32.052734][ T10] ? __kasan_slab_alloc+0xbd/0xf0 [ 32.057772][ T10] ? slab_post_alloc_hook+0x4f/0x2b0 [ 32.063072][ T10] ? kmem_cache_alloc+0xf7/0x260 [ 32.068160][ T10] ? ext4_alloc_io_end_vec+0x2a/0x160 [ 32.073659][ T10] ? ext4_writepages+0xf20/0x3090 [ 32.078782][ T10] ? do_writepages+0x473/0x6c0 [ 32.084123][ T10] ? wb_workfn+0x3ac/0xf30 [ 32.088962][ T10] ? process_one_work+0x6be/0xba0 [ 32.094200][ T10] ? worker_thread+0xa59/0x1200 [ 32.099265][ T10] ? ext4_ext_release+0x10/0x10 [ 32.104241][ T10] ? ext4_es_lookup_extent+0x54c/0x900 [ 32.109873][ T10] ext4_map_blocks+0x988/0x1b30 [ 32.114750][ T10] ? slab_post_alloc_hook+0x6d/0x2b0 [ 32.120238][ T10] ? should_failslab+0x9/0x20 [ 32.125032][ T10] ? ext4_issue_zeroout+0x250/0x250 [ 32.130414][ T10] ? ext4_inode_journal_mode+0x19a/0x480 [ 32.136195][ T10] ext4_writepages+0x123f/0x3090 [ 32.141295][ T10] ? update_load_avg+0x40d/0x1110 [ 32.146351][ T10] ? ext4_readpage+0x220/0x220 [ 32.151254][ T10] ? enqueue_task_fair+0xb22/0x2160 [ 32.156847][ T10] ? enqueue_task+0x17f/0x1040 [ 32.161775][ T10] ? ext4_readpage+0x220/0x220 [ 32.166674][ T10] do_writepages+0x473/0x6c0 [ 32.171563][ T10] ? yield_to_task_fair+0x1a0/0x1a0 [ 32.176785][ T10] ? sched_clock_cpu+0x18/0x3c0 [ 32.181835][ T10] ? _raw_spin_trylock_bh+0x70/0x150 [ 32.187224][ T10] ? __writepage+0x130/0x130 [ 32.191926][ T10] ? check_preempt_curr+0xd4/0x190 [ 32.197055][ T10] ? __kasan_check_write+0x14/0x20 [ 32.202189][ T10] ? _raw_spin_lock+0x94/0xf0 [ 32.206982][ T10] __writeback_single_inode+0xd5/0x9c0 [ 32.212573][ T10] ? wbc_attach_and_unlock_inode+0x194/0x5f0 [ 32.218569][ T10] writeback_sb_inodes+0xa10/0x1610 [ 32.224028][ T10] ? unwind_next_frame+0x3d5/0x700 [ 32.229160][ T10] ? queue_io+0x4c0/0x4c0 [ 32.233709][ T10] ? __kasan_check_read+0x11/0x20 [ 32.238751][ T10] ? queue_io+0x382/0x4c0 [ 32.243190][ T10] wb_writeback+0x40b/0x9d0 [ 32.247718][ T10] ? inode_cgwb_move_to_attached+0x3e0/0x3e0 [ 32.253838][ T10] ? set_worker_desc+0x1ba/0x1f0 [ 32.258897][ T10] ? sched_clock+0x9/0x10 [ 32.263278][ T10] ? sched_clock_cpu+0x18/0x3c0 [ 32.268531][ T10] ? __kasan_check_write+0x14/0x20 [ 32.273661][ T10] wb_workfn+0x3ac/0xf30 [ 32.278050][ T10] ? inode_wait_for_writeback+0x220/0x220 [ 32.283796][ T10] ? compat_start_thread+0x20/0x20 [ 32.288925][ T10] ? _raw_spin_unlock+0x4d/0x70 [ 32.293793][ T10] ? finish_task_switch+0x16b/0x780 [ 32.299287][ T10] ? __switch_to_asm+0x3a/0x60 [ 32.304064][ T10] ? __schedule+0xb76/0x14c0 [ 32.308772][ T10] process_one_work+0x6be/0xba0 [ 32.313639][ T10] worker_thread+0xa59/0x1200 [ 32.318352][ T10] kthread+0x411/0x500 [ 32.322437][ T10] ? worker_clr_flags+0x190/0x190 [ 32.327563][ T10] ? kthread_blkcg+0xd0/0xd0 [ 32.332275][ T10] ret_from_fork+0x1f/0x30 [ 32.336704][ T10] [ 32.339741][ T10] [ 32.342099][ T10] The buggy address belongs to the page: [ 32.347834][ T10] page:ffffea0004bb9080 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x12ee42 [ 32.358182][ T10] flags: 0x4000000000000000(zone=1) [ 32.363422][ T10] raw: 4000000000000000 ffffea0004bb90c8 ffffea0004bb9048 0000000000000000 [ 32.372217][ T10] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 32.380817][ T10] page dumped because: kasan: bad access detected [ 32.387342][ T10] page_owner info is not present (never set?) [ 32.393424][ T10] [ 32.395809][ T10] Memory state around the buggy address: [ 32.401447][ T10] ffff88812ee42d80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.409522][ T10] ffff88812ee42e00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.417598][ T10] >ffff88812ee42e80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.425673][ T10] ^ [ 32.431832][ T10] ffff88812ee42f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.439902][ T10] ffff88812ee42f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.447975][ T10] ================================================================== [ 32.456035][ T10] Disabling lock debugging due to kernel taint [ 32.465033][ T10] EXT4-fs error (device loop2): __ext4_get_inode_loc:4358: comm kworker/u4:1: Invalid inode table block 8391460049216894068 in block_group 0 [ 32.481419][ T10] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5881: Corrupt filesystem [ 32.491125][ T10] EXT4-fs error (device loop2): ext4_dirty_inode:6085: inode #15: comm kworker/u4:1: mark_inode_dirty error [ 32.506383][ T10] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:476: comm kworker/u4:1: Invalid block bitmap block 8391460049216894068 in block_group 0 [ 32.522480][ T10] EXT4-fs error (device loop2): __ext4_get_inode_loc:4358: comm kworker/u4:1: Invalid inode table block 8391460049216894068 in block_group 0 [ 32.537617][ T10] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5881: Corrupt filesystem [ 32.547765][ T10] EXT4-fs error (device loop2): ext4_dirty_inode:6085: inode #15: comm kworker/u4:1: mark_inode_dirty error [ 32.561721][ T10] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 3 with error 117 [ 32.577183][ T10] EXT4-fs (loop2): This should not happen!! Data will be lost [ 32.577183][ T10] [ 32.588529][ T10] EXT4-fs error (device loop2): __ext4_get_inode_loc:4358: comm kworker/u4:1: Invalid inode table block 8391460049216894068 in block_group 0 [ 32.603724][ T10] EXT4-fs error (device loop2): __ext4_get_inode_loc:4358: comm kworker/u4:1: Invalid inode table block 8391460049216894068 in block_group 0 [ 32.618597][ T10] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5881: Corrupt filesystem [ 32.628930][ T10] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 1 with error 117 [ 32.641690][ T10] EXT4-fs (loop2): This should not happen!! Data will be lost [ 32.641690][ T10]