Warning: Permanently added '10.128.1.188' (ED25519) to the list of known hosts. 2026/04/20 16:47:41 parsed 1 programs [ 21.825335][ T30] audit: type=1400 audit(1776703661.953:64): avc: denied { node_bind } for pid=281 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 21.846619][ T30] audit: type=1400 audit(1776703661.953:65): avc: denied { module_request } for pid=281 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 22.449714][ T30] audit: type=1400 audit(1776703662.583:66): avc: denied { mounton } for pid=287 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 22.450868][ T287] cgroup: Unknown subsys name 'net' [ 22.472387][ T30] audit: type=1400 audit(1776703662.583:67): avc: denied { mount } for pid=287 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 22.499685][ T30] audit: type=1400 audit(1776703662.613:68): avc: denied { unmount } for pid=287 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 22.499848][ T287] cgroup: Unknown subsys name 'devices' [ 22.698847][ T287] cgroup: Unknown subsys name 'hugetlb' [ 22.704504][ T287] cgroup: Unknown subsys name 'rlimit' [ 22.845150][ T30] audit: type=1400 audit(1776703662.973:69): avc: denied { setattr } for pid=287 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 22.868538][ T30] audit: type=1400 audit(1776703662.973:70): avc: denied { create } for pid=287 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 22.889062][ T30] audit: type=1400 audit(1776703662.973:71): avc: denied { write } for pid=287 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 22.898627][ T292] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 22.909413][ T30] audit: type=1400 audit(1776703662.973:72): avc: denied { read } for pid=287 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 22.938255][ T30] audit: type=1400 audit(1776703662.983:73): avc: denied { mounton } for pid=287 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 22.991511][ T287] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 23.411974][ T294] request_module fs-gadgetfs succeeded, but still no fs? [ 23.570251][ T310] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.577319][ T310] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.584624][ T310] device bridge_slave_0 entered promiscuous mode [ 23.591509][ T310] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.598583][ T310] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.605855][ T310] device bridge_slave_1 entered promiscuous mode [ 23.640198][ T310] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.647291][ T310] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.654556][ T310] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.661630][ T310] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.677641][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.685440][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.692728][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.702371][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.710836][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.717924][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.726648][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.734796][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.741838][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.753998][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.763136][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.775390][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.786255][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.794445][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 23.802082][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 23.811499][ T310] device veth0_vlan entered promiscuous mode [ 23.820847][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.829749][ T310] device veth1_macvtap entered promiscuous mode [ 23.839405][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.848911][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 2026/04/20 16:47:44 executed programs: 0 [ 24.489958][ T10] device bridge_slave_1 left promiscuous mode [ 24.496080][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.503787][ T10] device bridge_slave_0 left promiscuous mode [ 24.510075][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.518435][ T10] device veth1_macvtap left promiscuous mode [ 24.524607][ T10] device veth0_vlan left promiscuous mode [ 24.600149][ T356] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.607249][ T356] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.614691][ T356] device bridge_slave_0 entered promiscuous mode [ 24.621776][ T356] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.628920][ T356] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.636374][ T356] device bridge_slave_1 entered promiscuous mode [ 24.668938][ T356] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.675995][ T356] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.683549][ T356] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.690606][ T356] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.708012][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.715708][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.723000][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.732219][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.740558][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.747702][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.757127][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.765358][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.772775][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.784295][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.793427][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.806035][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.819251][ T356] device veth0_vlan entered promiscuous mode [ 24.826928][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.835044][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.843041][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.855509][ T356] device veth1_macvtap entered promiscuous mode [ 24.862909][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.876778][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.885239][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.910059][ T361] loop2: detected capacity change from 0 to 1024 [ 24.937669][ T361] ======================================================= [ 24.937669][ T361] WARNING: The mand mount option has been deprecated and [ 24.937669][ T361] and is ignored by this kernel. Remove the mand [ 24.937669][ T361] option from the mount to silence this warning. [ 24.937669][ T361] ======================================================= [ 25.008059][ T361] EXT4-fs (loop2): mounted filesystem without journal. Opts: auto_da_alloc,minixdf,,errors=continue. Quota mode: none. [ 25.023526][ T361] ================================================================== [ 25.031699][ T361] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x1e04/0x3940 [ 25.039519][ T361] Read of size 18446744073709550624 at addr ffff88812add37e0 by task syz.2.17/361 [ 25.048710][ T361] [ 25.051022][ T361] CPU: 0 PID: 361 Comm: syz.2.17 Not tainted syzkaller #0 [ 25.058136][ T361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 25.068185][ T361] Call Trace: [ 25.071449][ T361] [ 25.074377][ T361] __dump_stack+0x21/0x30 [ 25.078710][ T361] dump_stack_lvl+0x110/0x170 [ 25.083492][ T361] ? show_regs_print_info+0x20/0x20 [ 25.088777][ T361] ? load_image+0x3e0/0x3e0 [ 25.093276][ T361] print_address_description+0x7f/0x2c0 [ 25.098901][ T361] ? ext4_xattr_set_entry+0x1e04/0x3940 [ 25.104446][ T361] kasan_report+0xf1/0x140 [ 25.108849][ T361] ? ext4_xattr_set_entry+0x1e04/0x3940 [ 25.114394][ T361] ? ext4_xattr_set_entry+0x1e04/0x3940 [ 25.120021][ T361] kasan_check_range+0x249/0x2a0 [ 25.125119][ T361] ? ext4_xattr_set_entry+0x1e04/0x3940 [ 25.130647][ T361] memmove+0x2d/0x70 [ 25.134611][ T361] ext4_xattr_set_entry+0x1e04/0x3940 [ 25.139968][ T361] ? ext4_xattr_ibody_set+0x360/0x360 [ 25.145348][ T361] ? __mb_cache_entry_free+0x253/0x390 [ 25.150782][ T361] ? kmem_cache_free+0x100/0x320 [ 25.155698][ T361] ? mb_cache_entry_delete_or_get+0x203/0x220 [ 25.161750][ T361] ext4_xattr_block_set+0x4f8/0x2d10 [ 25.167135][ T361] ? __kasan_check_read+0x11/0x20 [ 25.172151][ T361] ? __ext4_xattr_check_block+0x265/0x8e0 [ 25.177875][ T361] ? ext4_xattr_block_find+0x4f0/0x4f0 [ 25.183411][ T361] ext4_xattr_set_handle+0xbc4/0x12b0 [ 25.188770][ T361] ? ext4_xattr_set_entry+0x3940/0x3940 [ 25.194348][ T361] ? ext4_xattr_set+0x20c/0x320 [ 25.199278][ T361] ? __ext4_journal_start_sb+0x154/0x2b0 [ 25.204898][ T361] ext4_xattr_set+0x242/0x320 [ 25.209557][ T361] ? ext4_xattr_set_credits+0x290/0x290 [ 25.215181][ T361] ? selinux_inode_setxattr+0x5d9/0xc00 [ 25.220943][ T361] ext4_xattr_trusted_set+0x3c/0x50 [ 25.226141][ T361] ? ext4_xattr_trusted_get+0x40/0x40 [ 25.231593][ T361] __vfs_setxattr+0x3e1/0x430 [ 25.236282][ T361] __vfs_setxattr_noperm+0x12a/0x5e0 [ 25.241600][ T361] __vfs_setxattr_locked+0x212/0x230 [ 25.247135][ T361] vfs_setxattr+0x167/0x2e0 [ 25.251642][ T361] ? xattr_permission+0x550/0x550 [ 25.256783][ T361] ? _copy_from_user+0x95/0xd0 [ 25.261528][ T361] setxattr+0x36c/0x390 [ 25.265663][ T361] ? path_setxattr+0x290/0x290 [ 25.270416][ T361] ? debug_smp_processor_id+0x17/0x20 [ 25.275777][ T361] ? __mnt_want_write+0x1e6/0x260 [ 25.280893][ T361] ? mnt_want_write+0x20b/0x2e0 [ 25.285847][ T361] path_setxattr+0x147/0x290 [ 25.290424][ T361] ? simple_xattr_list_add+0x120/0x120 [ 25.295864][ T361] __x64_sys_lsetxattr+0xc2/0xe0 [ 25.300784][ T361] x64_sys_call+0x8cc/0x9a0 [ 25.305286][ T361] do_syscall_64+0x4c/0xa0 [ 25.309795][ T361] ? clear_bhb_loop+0x50/0xa0 [ 25.314547][ T361] ? clear_bhb_loop+0x50/0xa0 [ 25.319205][ T361] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 25.325091][ T361] RIP: 0033:0x7fe77cfb7819 [ 25.329497][ T361] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 25.349088][ T361] RSP: 002b:00007ffe72ae18b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 25.357601][ T361] RAX: ffffffffffffffda RBX: 00007fe77d230fa0 RCX: 00007fe77cfb7819 [ 25.365589][ T361] RDX: 0000200000000440 RSI: 00002000000000c0 RDI: 0000200000000100 [ 25.373879][ T361] RBP: 00007fe77d04dc91 R08: 0000000000000000 R09: 0000000000000000 [ 25.381963][ T361] R10: 000000000000fe37 R11: 0000000000000246 R12: 0000000000000000 [ 25.390107][ T361] R13: 00007fe77d230fac R14: 00007fe77d230fa0 R15: 00007fe77d230fa0 [ 25.398163][ T361] [ 25.401260][ T361] [ 25.403572][ T361] The buggy address belongs to the page: [ 25.409206][ T361] page:ffffea0004ab74c0 refcount:2 mapcount:0 mapping:ffff888109309558 index:0x1c pfn:0x12add3 [ 25.419535][ T361] memcg:ffff888100252280 [ 25.423763][ T361] aops:def_blk_aops ino:700002 [ 25.428525][ T361] flags: 0x400000000000203a(referenced|dirty|lru|active|private|zone=1) [ 25.436852][ T361] raw: 400000000000203a ffffea0004b94508 ffffea0004ab7508 ffff888109309558 [ 25.445432][ T361] raw: 000000000000001c ffff888109bac348 00000002ffffffff ffff888100252280 [ 25.454124][ T361] page dumped because: kasan: bad access detected [ 25.460630][ T361] page_owner tracks the page as allocated [ 25.466340][ T361] page last allocated via order 0, migratetype Movable, gfp_mask 0x108c48(GFP_NOFS|__GFP_NOFAIL|__GFP_HARDWALL|__GFP_MOVABLE), pid 361, ts 25021807899, free_ts 24909854463 [ 25.483826][ T361] post_alloc_hook+0x192/0x1b0 [ 25.488695][ T361] prep_new_page+0x1c/0x110 [ 25.493195][ T361] get_page_from_freelist+0x2d3a/0x2dc0 [ 25.498734][ T361] __alloc_pages+0x1a2/0x460 [ 25.503507][ T361] pagecache_get_page+0xac6/0xde0 [ 25.508514][ T361] __getblk_gfp+0x238/0x7d0 [ 25.513011][ T361] ext4_xattr_block_set+0x1d7c/0x2d10 [ 25.518530][ T361] ext4_xattr_set_handle+0xbc4/0x12b0 [ 25.524065][ T361] ext4_xattr_set+0x242/0x320 [ 25.528921][ T361] ext4_xattr_user_set+0xc4/0xf0 [ 25.533872][ T361] __vfs_setxattr+0x3e1/0x430 [ 25.538664][ T361] __vfs_setxattr_noperm+0x12a/0x5e0 [ 25.544070][ T361] __vfs_setxattr_locked+0x212/0x230 [ 25.549770][ T361] vfs_setxattr+0x167/0x2e0 [ 25.554343][ T361] setxattr+0x36c/0x390 [ 25.558670][ T361] path_setxattr+0x147/0x290 [ 25.563346][ T361] page last free stack trace: [ 25.568242][ T361] free_unref_page_prepare+0x542/0x550 [ 25.574029][ T361] free_unref_page_list+0x13a/0x9d0 [ 25.579358][ T361] release_pages+0x1006/0x1060 [ 25.584137][ T361] free_pages_and_swap_cache+0x86/0xa0 [ 25.589937][ T361] tlb_finish_mmu+0x17e/0x310 [ 25.595228][ T361] unmap_region+0x344/0x3b0 [ 25.600063][ T361] __do_munmap+0xa24/0x1020 [ 25.604872][ T361] __vm_munmap+0x163/0x2b0 [ 25.609551][ T361] __x64_sys_munmap+0x6b/0x80 [ 25.614567][ T361] x64_sys_call+0xc9/0x9a0 [ 25.619307][ T361] do_syscall_64+0x4c/0xa0 [ 25.624061][ T361] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 25.630209][ T361] [ 25.632767][ T361] Memory state around the buggy address: [ 25.638759][ T361] ffff88812add3680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.646838][ T361] ffff88812add3700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.655630][ T361] >ffff88812add3780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.664093][ T361] ^ [ 25.671811][ T361] ffff88812add3800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.680645][ T361] ffff88812add3880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.688784][ T361] ================================================================== [ 25.696967][ T361] Disabling lock debugging due to kernel taint