Warning: Permanently added '10.128.1.22' (ED25519) to the list of known hosts. 2025/10/14 02:55:19 parsed 1 programs [ 23.998828][ T30] audit: type=1400 audit(1760410519.734:64): avc: denied { node_bind } for pid=281 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 24.020821][ T30] audit: type=1400 audit(1760410519.734:65): avc: denied { module_request } for pid=281 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 24.980088][ T30] audit: type=1400 audit(1760410520.714:66): avc: denied { mounton } for pid=289 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 24.981648][ T289] cgroup: Unknown subsys name 'net' [ 25.003471][ T30] audit: type=1400 audit(1760410520.714:67): avc: denied { mount } for pid=289 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 25.031956][ T30] audit: type=1400 audit(1760410520.744:68): avc: denied { unmount } for pid=289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 25.032208][ T289] cgroup: Unknown subsys name 'devices' [ 25.178481][ T289] cgroup: Unknown subsys name 'hugetlb' [ 25.184744][ T289] cgroup: Unknown subsys name 'rlimit' [ 25.392480][ T30] audit: type=1400 audit(1760410521.124:69): avc: denied { setattr } for pid=289 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 25.415670][ T30] audit: type=1400 audit(1760410521.124:70): avc: denied { create } for pid=289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 25.436230][ T30] audit: type=1400 audit(1760410521.124:71): avc: denied { write } for pid=289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 25.444482][ T292] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 25.457041][ T30] audit: type=1400 audit(1760410521.124:72): avc: denied { read } for pid=289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 25.486419][ T30] audit: type=1400 audit(1760410521.124:73): avc: denied { mounton } for pid=289 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 25.519326][ T289] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 26.026864][ T294] request_module fs-gadgetfs succeeded, but still no fs? [ 26.485555][ T321] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.493078][ T321] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.500705][ T321] device bridge_slave_0 entered promiscuous mode [ 26.508017][ T321] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.515059][ T321] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.522845][ T321] device bridge_slave_1 entered promiscuous mode [ 26.573910][ T321] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.581250][ T321] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.588810][ T321] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.596035][ T321] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.614784][ T310] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.622542][ T310] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.630525][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 26.638267][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 26.653395][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 26.662066][ T310] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.669231][ T310] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.677223][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 26.685407][ T310] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.693023][ T310] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.708450][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 26.717065][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 26.728975][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 26.741266][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 26.749554][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 26.757088][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 26.765701][ T321] device veth0_vlan entered promiscuous mode [ 26.777891][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 26.787691][ T321] device veth1_macvtap entered promiscuous mode [ 26.797071][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 26.808207][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 26.838875][ T321] syz-executor (321) used greatest stack depth: 21376 bytes left 2025/10/14 02:55:22 executed programs: 0 [ 27.295431][ T363] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.302942][ T363] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.310461][ T363] device bridge_slave_0 entered promiscuous mode [ 27.317582][ T363] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.324704][ T363] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.332417][ T363] device bridge_slave_1 entered promiscuous mode [ 27.410570][ T363] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.417922][ T363] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.425249][ T363] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.432511][ T363] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.451185][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 27.460224][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.468268][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.478429][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 27.487152][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 27.497617][ T10] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.506517][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.523067][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 27.532481][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 27.541805][ T10] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.549207][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.558810][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 27.567196][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 27.575510][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 27.584312][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 27.598271][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 27.606784][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 27.618003][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 27.626669][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 27.634965][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 27.642948][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 27.651376][ T363] device veth0_vlan entered promiscuous mode [ 27.661955][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 27.670206][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 27.679813][ T363] device veth1_macvtap entered promiscuous mode [ 27.689479][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 27.697924][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 27.707099][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 27.717828][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 27.726766][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 27.754085][ T373] loop2: detected capacity change from 0 to 512 [ 27.763750][ T373] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 27.777765][ T373] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 27.790191][ T373] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2825: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 27.804161][ T373] EXT4-fs (loop2): 1 truncate cleaned up [ 27.810073][ T373] EXT4-fs (loop2): mounted filesystem without journal. Opts: nogrpid,min_batch_time=0x0000000000000000,debug_want_extra_isize=0x0000000000000068,nobarrier,nodiscard,quota,,errors=continue. Quota mode: writeback. [ 27.837409][ T373] ================================================================== [ 27.846150][ T373] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x13a3/0x37d0 [ 27.854233][ T373] Read of size 18446744073709551540 at addr ffff888110661870 by task syz.2.17/373 [ 27.863569][ T373] [ 27.866104][ T373] CPU: 1 PID: 373 Comm: syz.2.17 Not tainted syzkaller #0 [ 27.873324][ T373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 27.883647][ T373] Call Trace: [ 27.886934][ T373] [ 27.889880][ T373] __dump_stack+0x21/0x30 [ 27.894223][ T373] dump_stack_lvl+0xee/0x150 [ 27.898829][ T373] ? show_regs_print_info+0x20/0x20 [ 27.904301][ T373] ? load_image+0x3a0/0x3a0 [ 27.908899][ T373] ? unwind_get_return_address+0x4d/0x90 [ 27.914711][ T373] print_address_description+0x7f/0x2c0 [ 27.920376][ T373] ? ext4_xattr_set_entry+0x13a3/0x37d0 [ 27.926566][ T373] kasan_report+0xf1/0x140 [ 27.931136][ T373] ? ext4_xattr_set_entry+0x13a3/0x37d0 [ 27.937328][ T373] ? ext4_xattr_set_entry+0x13a3/0x37d0 [ 27.943208][ T373] kasan_check_range+0x280/0x290 [ 27.948274][ T373] memmove+0x2d/0x70 [ 27.952284][ T373] ext4_xattr_set_entry+0x13a3/0x37d0 [ 27.957813][ T373] ? __kasan_kmalloc+0xda/0x110 [ 27.962989][ T373] ? __kmalloc_track_caller+0x13c/0x2c0 [ 27.969155][ T373] ? kmemdup+0x26/0x60 [ 27.973356][ T373] ? setxattr+0x241/0x300 [ 27.978050][ T373] ? x64_sys_call+0x8cc/0x9a0 [ 27.982747][ T373] ? do_syscall_64+0x4c/0xa0 [ 27.987528][ T373] ? ext4_xattr_ibody_set+0x360/0x360 [ 27.993039][ T373] ? ext4_xattr_block_set+0x7e2/0x2cb0 [ 27.998912][ T373] ? ext4_xattr_block_set+0x7e2/0x2cb0 [ 28.004566][ T373] ? __kmalloc_track_caller+0x13c/0x2c0 [ 28.011096][ T373] ? memcpy+0x56/0x70 [ 28.015111][ T373] ext4_xattr_block_set+0x8cd/0x2cb0 [ 28.020519][ T373] ? errseq_check+0x41/0x80 [ 28.025179][ T373] ? ext4_xattr_block_find+0x4f0/0x4f0 [ 28.030841][ T373] ? __kasan_check_write+0x14/0x20 [ 28.035968][ T373] ext4_xattr_set_handle+0xba5/0x12b0 [ 28.041463][ T373] ? ext4_xattr_set_entry+0x37d0/0x37d0 [ 28.047052][ T373] ? ext4_xattr_set+0x1f6/0x320 [ 28.052173][ T373] ? __ext4_journal_start_sb+0x154/0x2b0 [ 28.058031][ T373] ext4_xattr_set+0x22a/0x320 [ 28.062945][ T373] ? ext4_xattr_set_credits+0x290/0x290 [ 28.068592][ T373] ? selinux_inode_setxattr+0x5b4/0xbb0 [ 28.074498][ T373] ext4_xattr_trusted_set+0x3c/0x50 [ 28.079731][ T373] ? ext4_xattr_trusted_get+0x40/0x40 [ 28.085430][ T373] __vfs_setxattr+0x3e1/0x430 [ 28.090587][ T373] __vfs_setxattr_noperm+0x12a/0x5e0 [ 28.095995][ T373] __vfs_setxattr_locked+0x212/0x230 [ 28.101425][ T373] vfs_setxattr+0x168/0x2f0 [ 28.106399][ T373] ? xattr_permission+0x550/0x550 [ 28.112082][ T373] ? _copy_from_user+0x95/0xd0 [ 28.116997][ T373] setxattr+0x2da/0x300 [ 28.121443][ T373] ? path_setxattr+0x280/0x280 [ 28.126974][ T373] ? debug_smp_processor_id+0x17/0x20 [ 28.132701][ T373] ? __mnt_want_write+0x1e6/0x260 [ 28.138486][ T373] ? mnt_want_write+0x20b/0x2e0 [ 28.143454][ T373] path_setxattr+0x142/0x280 [ 28.148069][ T373] ? simple_xattr_list_add+0x120/0x120 [ 28.153535][ T373] ? do_sys_truncate+0x12f/0x190 [ 28.158482][ T373] __x64_sys_lsetxattr+0xc2/0xe0 [ 28.163641][ T373] x64_sys_call+0x8cc/0x9a0 [ 28.168163][ T373] do_syscall_64+0x4c/0xa0 [ 28.172690][ T373] ? clear_bhb_loop+0x50/0xa0 [ 28.177379][ T373] ? clear_bhb_loop+0x50/0xa0 [ 28.182462][ T373] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 28.188662][ T373] RIP: 0033:0x7f4d16921ec9 [ 28.193454][ T373] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 28.213826][ T373] RSP: 002b:00007fff7d594be8 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 28.222255][ T373] RAX: ffffffffffffffda RBX: 00007f4d16b78fa0 RCX: 00007f4d16921ec9 [ 28.230243][ T373] RDX: 0000200000000040 RSI: 00002000000000c0 RDI: 0000200000000100 [ 28.238332][ T373] RBP: 00007f4d169a4f91 R08: 0000000000000000 R09: 0000000000000000 [ 28.246518][ T373] R10: 000000000000fe37 R11: 0000000000000246 R12: 0000000000000000 [ 28.254772][ T373] R13: 00007f4d16b78fa0 R14: 00007f4d16b78fa0 R15: 0000000000000005 [ 28.263082][ T373] [ 28.266227][ T373] [ 28.268651][ T373] Allocated by task 373: [ 28.273260][ T373] __kasan_kmalloc+0xda/0x110 [ 28.278761][ T373] __kmalloc_track_caller+0x13c/0x2c0 [ 28.284231][ T373] kmemdup+0x26/0x60 [ 28.288551][ T373] ext4_xattr_block_set+0x7e2/0x2cb0 [ 28.294498][ T373] ext4_xattr_set_handle+0xba5/0x12b0 [ 28.300676][ T373] ext4_xattr_set+0x22a/0x320 [ 28.306490][ T373] ext4_xattr_trusted_set+0x3c/0x50 [ 28.311943][ T373] __vfs_setxattr+0x3e1/0x430 [ 28.317025][ T373] __vfs_setxattr_noperm+0x12a/0x5e0 [ 28.322939][ T373] __vfs_setxattr_locked+0x212/0x230 [ 28.329220][ T373] vfs_setxattr+0x168/0x2f0 [ 28.334691][ T373] setxattr+0x2da/0x300 [ 28.338868][ T373] path_setxattr+0x142/0x280 [ 28.343490][ T373] __x64_sys_lsetxattr+0xc2/0xe0 [ 28.348639][ T373] x64_sys_call+0x8cc/0x9a0 [ 28.353185][ T373] do_syscall_64+0x4c/0xa0 [ 28.357607][ T373] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 28.363510][ T373] [ 28.365836][ T373] The buggy address belongs to the object at ffff888110661800 [ 28.365836][ T373] which belongs to the cache kmalloc-1k of size 1024 [ 28.380885][ T373] The buggy address is located 112 bytes inside of [ 28.380885][ T373] 1024-byte region [ffff888110661800, ffff888110661c00) [ 28.394463][ T373] The buggy address belongs to the page: [ 28.400375][ T373] page:ffffea0004419800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x110660 [ 28.410910][ T373] head:ffffea0004419800 order:3 compound_mapcount:0 compound_pincount:0 [ 28.419437][ T373] flags: 0x4000000000010200(slab|head|zone=1) [ 28.425763][ T373] raw: 4000000000010200 ffffea00043d2600 0000000400000004 ffff888100043080 [ 28.434639][ T373] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 28.443494][ T373] page dumped because: kasan: bad access detected [ 28.450078][ T373] page_owner tracks the page as allocated [ 28.456182][ T373] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 101, ts 6285309053, free_ts 0 [ 28.475466][ T373] post_alloc_hook+0x192/0x1b0 [ 28.480648][ T373] prep_new_page+0x1c/0x110 [ 28.485174][ T373] get_page_from_freelist+0x2cc5/0x2d50 [ 28.491085][ T373] __alloc_pages+0x18f/0x440 [ 28.495788][ T373] new_slab+0xa1/0x4d0 [ 28.500110][ T373] ___slab_alloc+0x381/0x810 [ 28.505022][ T373] __slab_alloc+0x49/0x90 [ 28.509985][ T373] __kmalloc_track_caller+0x169/0x2c0 [ 28.515554][ T373] __alloc_skb+0x21a/0x740 [ 28.520075][ T373] netlink_sendmsg+0x602/0xb70 [ 28.525120][ T373] ____sys_sendmsg+0x5a2/0x8c0 [ 28.530151][ T373] ___sys_sendmsg+0x1f0/0x260 [ 28.534862][ T373] __x64_sys_sendmsg+0x1e2/0x2a0 [ 28.539920][ T373] x64_sys_call+0x4b/0x9a0 [ 28.544447][ T373] do_syscall_64+0x4c/0xa0 [ 28.548882][ T373] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 28.554894][ T373] page_owner free stack trace missing [ 28.560439][ T373] [ 28.562891][ T373] Memory state around the buggy address: [ 28.568791][ T373] ffff888110661700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.577278][ T373] ffff888110661780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.586214][ T373] >ffff888110661800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.594799][ T373] ^ [ 28.602778][ T373] ffff888110661880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.611109][ T373] ffff888110661900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.622065][ T373] ================================================================== [ 28.630701][ T373] Disabling lock debugging due to kernel taint