Warning: Permanently added '10.128.0.92' (ED25519) to the list of known hosts.
2026/02/02 22:30:04 parsed 1 programs
[   30.409688][   T24] audit: type=1400 audit(1770071404.180:64): avc:  denied  { node_bind } for  pid=275 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[   30.430524][   T24] audit: type=1400 audit(1770071404.180:65): avc:  denied  { create } for  pid=275 comm="syz-execprog" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   30.450460][   T24] audit: type=1400 audit(1770071404.180:66): avc:  denied  { module_request } for  pid=275 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[   31.346135][   T24] audit: type=1400 audit(1770071405.120:67): avc:  denied  { mounton } for  pid=282 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   31.349489][  T282] cgroup: Unknown subsys name 'net'
[   31.368911][   T24] audit: type=1400 audit(1770071405.120:68): avc:  denied  { mount } for  pid=282 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   31.396413][   T24] audit: type=1400 audit(1770071405.150:69): avc:  denied  { unmount } for  pid=282 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   31.396901][  T282] cgroup: Unknown subsys name 'devices'
[   31.603626][  T282] cgroup: Unknown subsys name 'hugetlb'
[   31.609233][  T282] cgroup: Unknown subsys name 'rlimit'
[   31.788492][   T24] audit: type=1400 audit(1770071405.560:70): avc:  denied  { setattr } for  pid=282 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=253 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   31.811907][   T24] audit: type=1400 audit(1770071405.560:71): avc:  denied  { create } for  pid=282 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   31.832317][   T24] audit: type=1400 audit(1770071405.560:72): avc:  denied  { write } for  pid=282 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   31.858214][   T24] audit: type=1400 audit(1770071405.560:73): avc:  denied  { read } for  pid=282 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   31.880137][  T285] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
Setting up swapspace version 1, size = 127995904 bytes
[   31.933397][  T282] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   32.344490][  T288] request_module fs-gadgetfs succeeded, but still no fs?
[   32.355454][  T288] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation
[   32.794231][  T317] bridge0: port 1(bridge_slave_0) entered blocking state
[   32.801279][  T317] bridge0: port 1(bridge_slave_0) entered disabled state
[   32.808952][  T317] device bridge_slave_0 entered promiscuous mode
[   32.816772][  T317] bridge0: port 2(bridge_slave_1) entered blocking state
[   32.824206][  T317] bridge0: port 2(bridge_slave_1) entered disabled state
[   32.831540][  T317] device bridge_slave_1 entered promiscuous mode
[   32.871354][  T317] bridge0: port 2(bridge_slave_1) entered blocking state
[   32.878474][  T317] bridge0: port 2(bridge_slave_1) entered forwarding state
[   32.885881][  T317] bridge0: port 1(bridge_slave_0) entered blocking state
[   32.893084][  T317] bridge0: port 1(bridge_slave_0) entered forwarding state
[   32.911689][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[   32.920603][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[   32.928322][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   32.935934][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   32.949961][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   32.958303][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[   32.965364][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[   32.974210][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   32.982670][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[   32.989730][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[   33.002201][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   33.011586][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   33.026275][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   33.038761][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   33.047209][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   33.054845][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   33.063366][  T317] device veth0_vlan entered promiscuous mode
[   33.073456][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   33.082944][  T317] device veth1_macvtap entered promiscuous mode
[   33.092007][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   33.102080][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
2026/02/02 22:30:07 executed programs: 0
[   33.661439][  T353] bridge0: port 1(bridge_slave_0) entered blocking state
[   33.668607][  T353] bridge0: port 1(bridge_slave_0) entered disabled state
[   33.676368][  T353] device bridge_slave_0 entered promiscuous mode
[   33.683596][  T353] bridge0: port 2(bridge_slave_1) entered blocking state
[   33.690987][  T353] bridge0: port 2(bridge_slave_1) entered disabled state
[   33.698478][  T353] device bridge_slave_1 entered promiscuous mode
[   33.741277][  T353] bridge0: port 2(bridge_slave_1) entered blocking state
[   33.748445][  T353] bridge0: port 2(bridge_slave_1) entered forwarding state
[   33.755998][  T353] bridge0: port 1(bridge_slave_0) entered blocking state
[   33.763044][  T353] bridge0: port 1(bridge_slave_0) entered forwarding state
[   33.785242][  T298] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   33.795283][  T298] bridge0: port 1(bridge_slave_0) entered disabled state
[   33.802989][  T298] bridge0: port 2(bridge_slave_1) entered disabled state
[   33.812095][  T298] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   33.820373][  T298] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   33.829425][  T298] bridge0: port 1(bridge_slave_0) entered blocking state
[   33.836508][  T298] bridge0: port 1(bridge_slave_0) entered forwarding state
[   33.845354][  T298] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   33.853706][  T298] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   33.861988][  T298] bridge0: port 2(bridge_slave_1) entered blocking state
[   33.869028][  T298] bridge0: port 2(bridge_slave_1) entered forwarding state
[   33.882715][  T298] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   33.890785][  T298] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   33.900186][  T298] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   33.908911][  T298] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   33.924045][  T298] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   33.932442][  T298] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   33.943485][  T298] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   33.951390][  T298] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   33.960262][  T298] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   33.967862][  T298] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   33.976246][  T353] device veth0_vlan entered promiscuous mode
[   33.985781][  T298] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   33.994409][  T298] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   34.003467][  T353] device veth1_macvtap entered promiscuous mode
[   34.012792][  T298] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   34.020535][  T298] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   34.029217][  T298] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   34.038930][  T298] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   34.047678][  T298] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   34.113336][  T371] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[   34.122561][  T371] ext4 filesystem being mounted at /0/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   34.163622][  T298] ==================================================================
[   34.171737][  T298] BUG: KASAN: use-after-free in ext4_find_extent+0xbeb/0xe20
[   34.179138][  T298] Read of size 4 at addr ffff88812b9628c8 by task kworker/u4:3/298
[   34.187033][  T298] 
[   34.189379][  T298] CPU: 0 PID: 298 Comm: kworker/u4:3 Not tainted syzkaller #0
[   34.196839][  T298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   34.206922][  T298] Workqueue: writeback wb_workfn (flush-7:2)
[   34.212923][  T298] Call Trace:
[   34.216225][  T298]  __dump_stack+0x21/0x24
[   34.220652][  T298]  dump_stack_lvl+0x1a7/0x208
[   34.225342][  T298]  ? show_regs_print_info+0x18/0x18
[   34.230551][  T298]  ? thaw_kernel_threads+0x220/0x220
[   34.235872][  T298]  print_address_description+0x7f/0x2c0
[   34.241513][  T298]  ? ext4_find_extent+0xbeb/0xe20
[   34.246544][  T298]  kasan_report+0xe2/0x130
[   34.250978][  T298]  ? __read_extent_tree_block+0x1e8/0x790
[   34.256708][  T298]  ? ext4_find_extent+0xbeb/0xe20
[   34.261743][  T298]  __asan_report_load4_noabort+0x14/0x20
[   34.267387][  T298]  ext4_find_extent+0xbeb/0xe20
[   34.272250][  T298]  ext4_ext_map_blocks+0x20b/0x5dd0
[   34.277463][  T298]  ? _raw_spin_unlock_irqrestore+0x5b/0x80
[   34.283282][  T298]  ? __kasan_slab_alloc+0xcf/0xf0
[   34.288320][  T298]  ? __kasan_slab_alloc+0xbd/0xf0
[   34.293356][  T298]  ? slab_post_alloc_hook+0x5d/0x2f0
[   34.298653][  T298]  ? kmem_cache_alloc+0x162/0x2d0
[   34.303693][  T298]  ? ext4_alloc_io_end_vec+0x2a/0x160
[   34.309074][  T298]  ? ext4_writepages+0x1057/0x2eb0
[   34.314192][  T298]  ? do_writepages+0x128/0x280
[   34.319055][  T298]  ? __writeback_single_inode+0xd5/0xa20
[   34.324699][  T298]  ? writeback_sb_inodes+0x8ca/0x1480
[   34.330167][  T298]  ? worker_thread+0xa6a/0x13c0
[   34.335024][  T298]  ? kthread+0x346/0x3d0
[   34.339281][  T298]  ? ret_from_fork+0x1f/0x30
[   34.343902][  T298]  ? ext4_ext_release+0x10/0x10
[   34.348768][  T298]  ? ext4_es_lookup_extent+0x54c/0x900
[   34.354241][  T298]  ext4_map_blocks+0x985/0x1bd0
[   34.359209][  T298]  ? ext4_issue_zeroout+0x1a0/0x1a0
[   34.364508][  T298]  ? ext4_inode_journal_mode+0x19a/0x480
[   34.370147][  T298]  ext4_writepages+0x136a/0x2eb0
[   34.375104][  T298]  ? ext4_readpage+0x220/0x220
[   34.379886][  T298]  ? update_blocked_averages+0xf50/0xf50
[   34.385536][  T298]  ? __update_load_avg_cfs_rq+0xaf/0x2f0
[   34.391186][  T298]  ? ext4_readpage+0x220/0x220
[   34.395960][  T298]  do_writepages+0x128/0x280
[   34.400572][  T298]  ? __writepage+0x130/0x130
[   34.405193][  T298]  ? __kasan_check_write+0x14/0x20
[   34.410312][  T298]  ? __kasan_check_write+0x14/0x20
[   34.415433][  T298]  ? _raw_spin_lock+0x94/0xf0
[   34.420118][  T298]  __writeback_single_inode+0xd5/0xa20
[   34.425600][  T298]  ? wbc_attach_and_unlock_inode+0x171/0x590
[   34.431597][  T298]  writeback_sb_inodes+0x8ca/0x1480
[   34.436801][  T298]  ? __kasan_check_write+0x14/0x20
[   34.441921][  T298]  ? queue_io+0x4c0/0x4c0
[   34.446261][  T298]  ? __kasan_check_read+0x11/0x20
[   34.451291][  T298]  ? queue_io+0x385/0x4c0
[   34.455631][  T298]  wb_writeback+0x403/0xbe0
[   34.460143][  T298]  ? wb_io_lists_depopulated+0x180/0x180
[   34.465791][  T298]  ? set_worker_desc+0x1ba/0x1f0
[   34.470741][  T298]  ? update_load_avg+0x4dc/0x14f0
[   34.476128][  T298]  ? __kasan_check_write+0x14/0x20
[   34.481253][  T298]  wb_workfn+0x3ac/0xf30
[   34.485510][  T298]  ? inode_wait_for_writeback+0x220/0x220
[   34.491244][  T298]  ? _raw_spin_unlock_irq+0x4e/0x70
[   34.496558][  T298]  ? finish_task_switch+0x12e/0x5a0
[   34.501769][  T298]  ? switch_mm_irqs_off+0x75f/0x990
[   34.506983][  T298]  ? __switch_to_asm+0x34/0x60
[   34.511765][  T298]  ? __kasan_check_read+0x11/0x20
[   34.516800][  T298]  ? read_word_at_a_time+0x12/0x20
[   34.521923][  T298]  ? strscpy+0x9b/0x290
[   34.526087][  T298]  process_one_work+0x6e1/0xba0
[   34.530946][  T298]  worker_thread+0xa6a/0x13c0
[   34.535639][  T298]  ? _raw_spin_lock_irqsave+0xc2/0x130
[   34.541123][  T298]  ? __kasan_check_read+0x11/0x20
[   34.546162][  T298]  kthread+0x346/0x3d0
[   34.550254][  T298]  ? worker_clr_flags+0x190/0x190
[   34.555291][  T298]  ? kthread_blkcg+0xd0/0xd0
[   34.559891][  T298]  ret_from_fork+0x1f/0x30
[   34.564317][  T298] 
[   34.566650][  T298] The buggy address belongs to the page:
[   34.572388][  T298] page:ffffea0004ae5880 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x12b962
[   34.582739][  T298] flags: 0x4000000000000000()
[   34.587434][  T298] raw: 4000000000000000 ffffea0004ae58c8 ffffea0004ae5848 0000000000000000
[   34.596036][  T298] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[   34.604622][  T298] page dumped because: kasan: bad access detected
[   34.611045][  T298] page_owner info is not present (never set?)
[   34.617108][  T298] 
[   34.619442][  T298] Memory state around the buggy address:
[   34.625083][  T298]  ffff88812b962780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   34.633152][  T298]  ffff88812b962800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   34.641471][  T298] >ffff88812b962880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   34.649516][  T298]                                               ^
[   34.656009][  T298]  ffff88812b962900: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   34.664142][  T298]  ffff88812b962980: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   34.672199][  T298] ==================================================================
[   34.680275][  T298] Disabling lock debugging due to kernel taint
[   34.692774][  T298] EXT4-fs error (device loop2): __ext4_get_inode_loc:4444: comm kworker/u4:3: Invalid inode table block 14347017931200276878 in block_group 0
[   35.472762][    T7] device bridge_slave_1 left promiscuous mode
[   35.478896][    T7] bridge0: port 2(bridge_slave_1) entered disabled state
[   35.486664][    T7] device bridge_slave_0 left promiscuous mode
[   35.492960][    T7] bridge0: port 1(bridge_slave_0) entered disabled state
[   35.500733][    T7] device veth1_macvtap left promiscuous mode
[   35.506825][    T7] device veth0_vlan left promiscuous mode
[   36.792548][    T7] device bridge_slave_1 left promiscuous mode
[   36.798690][    T7] bridge0: port 2(bridge_slave_1) entered disabled state
[   36.806151][    T7] device bridge_slave_0 left promiscuous mode
[   36.812345][    T7] bridge0: port 1(bridge_slave_0) entered disabled state
[   36.820042][    T7] device veth1_macvtap left promiscuous mode
[   36.826113][    T7] device veth0_vlan left promiscuous mode