Warning: Permanently added '10.128.0.139' (ED25519) to the list of known hosts. 2026/04/16 09:25:44 parsed 1 programs [ 22.455051][ T30] audit: type=1400 audit(1776331544.063:64): avc: denied { node_bind } for pid=281 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 22.476395][ T30] audit: type=1400 audit(1776331544.063:65): avc: denied { module_request } for pid=281 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 23.310117][ T30] audit: type=1400 audit(1776331544.923:66): avc: denied { mounton } for pid=287 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 23.313121][ T287] cgroup: Unknown subsys name 'net' [ 23.332930][ T30] audit: type=1400 audit(1776331544.923:67): avc: denied { mount } for pid=287 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 23.360125][ T30] audit: type=1400 audit(1776331544.943:68): avc: denied { unmount } for pid=287 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 23.360488][ T287] cgroup: Unknown subsys name 'devices' [ 23.561643][ T287] cgroup: Unknown subsys name 'hugetlb' [ 23.567337][ T287] cgroup: Unknown subsys name 'rlimit' [ 23.712811][ T30] audit: type=1400 audit(1776331545.323:69): avc: denied { setattr } for pid=287 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 23.736120][ T30] audit: type=1400 audit(1776331545.323:70): avc: denied { create } for pid=287 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 23.756673][ T30] audit: type=1400 audit(1776331545.323:71): avc: denied { write } for pid=287 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 23.764158][ T291] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 23.777607][ T30] audit: type=1400 audit(1776331545.323:72): avc: denied { read } for pid=287 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 23.805731][ T30] audit: type=1400 audit(1776331545.323:73): avc: denied { mounton } for pid=287 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 23.842433][ T287] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 24.233856][ T294] request_module fs-gadgetfs succeeded, but still no fs? [ 24.301967][ T299] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.309038][ T299] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.316636][ T299] device bridge_slave_0 entered promiscuous mode [ 24.323542][ T299] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.330602][ T299] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.338071][ T299] device bridge_slave_1 entered promiscuous mode [ 24.387585][ T299] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.394641][ T299] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.401958][ T299] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.408989][ T299] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.427073][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.434333][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.441717][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 24.449120][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.459092][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.467308][ T10] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.474350][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.482723][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.490898][ T10] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.497907][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.509321][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.518458][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.532494][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.543338][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.551577][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.558981][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.568264][ T299] device veth0_vlan entered promiscuous mode [ 24.577772][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.586799][ T299] device veth1_macvtap entered promiscuous mode [ 24.596624][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.606190][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 2026/04/16 09:25:46 executed programs: 0 [ 25.411225][ T356] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.418271][ T356] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.425640][ T356] device bridge_slave_0 entered promiscuous mode [ 25.432394][ T356] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.439408][ T356] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.446821][ T356] device bridge_slave_1 entered promiscuous mode [ 25.484840][ T356] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.491968][ T356] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.499220][ T356] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.506264][ T356] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.514684][ T45] device bridge_slave_1 left promiscuous mode [ 25.520832][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.528288][ T45] device bridge_slave_0 left promiscuous mode [ 25.534522][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.542426][ T45] device veth1_macvtap left promiscuous mode [ 25.548411][ T45] device veth0_vlan left promiscuous mode [ 25.621068][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 25.628554][ T304] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.635767][ T304] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.644715][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 25.652891][ T304] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.659941][ T304] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.668658][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 25.676907][ T304] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.683974][ T304] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.695871][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 25.704665][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 25.717073][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.727888][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.735958][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 25.743437][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 25.751674][ T356] device veth0_vlan entered promiscuous mode [ 25.761359][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.770365][ T356] device veth1_macvtap entered promiscuous mode [ 25.778984][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.788645][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.822101][ T360] loop2: detected capacity change from 0 to 1024 [ 25.850070][ T360] ======================================================= [ 25.850070][ T360] WARNING: The mand mount option has been deprecated and [ 25.850070][ T360] and is ignored by this kernel. Remove the mand [ 25.850070][ T360] option from the mount to silence this warning. [ 25.850070][ T360] ======================================================= [ 25.911036][ T360] EXT4-fs (loop2): mounted filesystem without journal. Opts: auto_da_alloc,i_version,,errors=continue. Quota mode: none. [ 25.929279][ T360] ================================================================== [ 25.937477][ T360] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x1e04/0x3940 [ 25.945281][ T360] Read of size 18446744073709550624 at addr ffff88812a6b07e0 by task syz.2.17/360 [ 25.954459][ T360] [ 25.956774][ T360] CPU: 1 PID: 360 Comm: syz.2.17 Not tainted syzkaller #0 [ 25.963868][ T360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 25.973927][ T360] Call Trace: [ 25.977204][ T360] [ 25.980140][ T360] __dump_stack+0x21/0x30 [ 25.984462][ T360] dump_stack_lvl+0x110/0x170 [ 25.989140][ T360] ? show_regs_print_info+0x20/0x20 [ 25.994340][ T360] ? load_image+0x3e0/0x3e0 [ 25.998836][ T360] print_address_description+0x7f/0x2c0 [ 26.004378][ T360] ? ext4_xattr_set_entry+0x1e04/0x3940 [ 26.009921][ T360] kasan_report+0xf1/0x140 [ 26.014330][ T360] ? ext4_xattr_set_entry+0x1e04/0x3940 [ 26.019871][ T360] ? ext4_xattr_set_entry+0x1e04/0x3940 [ 26.025431][ T360] kasan_check_range+0x249/0x2a0 [ 26.030361][ T360] ? ext4_xattr_set_entry+0x1e04/0x3940 [ 26.035898][ T360] memmove+0x2d/0x70 [ 26.039833][ T360] ext4_xattr_set_entry+0x1e04/0x3940 [ 26.045225][ T360] ? ext4_xattr_ibody_set+0x360/0x360 [ 26.050597][ T360] ? __mb_cache_entry_free+0x253/0x390 [ 26.056047][ T360] ? kmem_cache_free+0x100/0x320 [ 26.060977][ T360] ? mb_cache_entry_delete_or_get+0x203/0x220 [ 26.067034][ T360] ext4_xattr_block_set+0x4f8/0x2d10 [ 26.072339][ T360] ? __kasan_check_read+0x11/0x20 [ 26.077357][ T360] ? __ext4_xattr_check_block+0x265/0x8e0 [ 26.083084][ T360] ? ext4_xattr_block_find+0x4f0/0x4f0 [ 26.088544][ T360] ext4_xattr_set_handle+0xbc4/0x12b0 [ 26.093910][ T360] ? ext4_xattr_set_entry+0x3940/0x3940 [ 26.099453][ T360] ? ext4_xattr_set+0x20c/0x320 [ 26.104293][ T360] ? __ext4_journal_start_sb+0x154/0x2b0 [ 26.109925][ T360] ext4_xattr_set+0x242/0x320 [ 26.114604][ T360] ? ext4_xattr_set_credits+0x290/0x290 [ 26.120139][ T360] ? selinux_inode_setxattr+0x5d9/0xc00 [ 26.125675][ T360] ext4_xattr_trusted_set+0x3c/0x50 [ 26.130866][ T360] ? ext4_xattr_trusted_get+0x40/0x40 [ 26.136228][ T360] __vfs_setxattr+0x3e1/0x430 [ 26.140896][ T360] __vfs_setxattr_noperm+0x12a/0x5e0 [ 26.146170][ T360] __vfs_setxattr_locked+0x212/0x230 [ 26.151440][ T360] vfs_setxattr+0x167/0x2e0 [ 26.155930][ T360] ? xattr_permission+0x550/0x550 [ 26.160947][ T360] ? _copy_from_user+0x95/0xd0 [ 26.165695][ T360] setxattr+0x36c/0x390 [ 26.169844][ T360] ? path_setxattr+0x290/0x290 [ 26.174607][ T360] ? debug_smp_processor_id+0x17/0x20 [ 26.179966][ T360] ? __mnt_want_write+0x1e6/0x260 [ 26.184975][ T360] ? mnt_want_write+0x20b/0x2e0 [ 26.189807][ T360] path_setxattr+0x147/0x290 [ 26.194383][ T360] ? simple_xattr_list_add+0x120/0x120 [ 26.199829][ T360] ? __kasan_check_read+0x11/0x20 [ 26.204839][ T360] __x64_sys_lsetxattr+0xc2/0xe0 [ 26.209765][ T360] x64_sys_call+0x8cc/0x9a0 [ 26.214269][ T360] do_syscall_64+0x4c/0xa0 [ 26.218704][ T360] ? clear_bhb_loop+0x50/0xa0 [ 26.223400][ T360] ? clear_bhb_loop+0x50/0xa0 [ 26.228067][ T360] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 26.233949][ T360] RIP: 0033:0x7f225b2f5819 [ 26.238399][ T360] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 26.257993][ T360] RSP: 002b:00007ffe3728e908 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 26.266399][ T360] RAX: ffffffffffffffda RBX: 00007f225b56efa0 RCX: 00007f225b2f5819 [ 26.274376][ T360] RDX: 0000200000000440 RSI: 00002000000000c0 RDI: 0000200000000100 [ 26.282381][ T360] RBP: 00007f225b38bc91 R08: 0000000000000000 R09: 0000000000000000 [ 26.290342][ T360] R10: 000000000000fe37 R11: 0000000000000246 R12: 0000000000000000 [ 26.298314][ T360] R13: 00007f225b56efac R14: 00007f225b56efa0 R15: 00007f225b56efa0 [ 26.306277][ T360] [ 26.309283][ T360] [ 26.311604][ T360] The buggy address belongs to the page: [ 26.317229][ T360] page:ffffea0004a9ac00 refcount:2 mapcount:0 mapping:ffff8881092c05d8 index:0x1c pfn:0x12a6b0 [ 26.327538][ T360] memcg:ffff88810178c500 [ 26.331759][ T360] aops:def_blk_aops ino:700002 [ 26.336505][ T360] flags: 0x400000000000203a(referenced|dirty|lru|active|private|zone=1) [ 26.344826][ T360] raw: 400000000000203a ffffea0004404f48 ffffea0004a9abc8 ffff8881092c05d8 [ 26.353397][ T360] raw: 000000000000001c ffff888111eabb28 00000002ffffffff ffff88810178c500 [ 26.361961][ T360] page dumped because: kasan: bad access detected [ 26.368380][ T360] page_owner tracks the page as allocated [ 26.374103][ T360] page last allocated via order 0, migratetype Movable, gfp_mask 0x108c48(GFP_NOFS|__GFP_NOFAIL|__GFP_HARDWALL|__GFP_MOVABLE), pid 360, ts 25925015521, free_ts 25906858218 [ 26.391114][ T360] post_alloc_hook+0x192/0x1b0 [ 26.395883][ T360] prep_new_page+0x1c/0x110 [ 26.400395][ T360] get_page_from_freelist+0x2d3a/0x2dc0 [ 26.405996][ T360] __alloc_pages+0x1a2/0x460 [ 26.410584][ T360] pagecache_get_page+0xac6/0xde0 [ 26.415604][ T360] __getblk_gfp+0x238/0x7d0 [ 26.420108][ T360] ext4_xattr_block_set+0x1d7c/0x2d10 [ 26.425482][ T360] ext4_xattr_set_handle+0xbc4/0x12b0 [ 26.430852][ T360] ext4_xattr_set+0x242/0x320 [ 26.435532][ T360] ext4_xattr_user_set+0xc4/0xf0 [ 26.440476][ T360] __vfs_setxattr+0x3e1/0x430 [ 26.445159][ T360] __vfs_setxattr_noperm+0x12a/0x5e0 [ 26.450440][ T360] __vfs_setxattr_locked+0x212/0x230 [ 26.455732][ T360] vfs_setxattr+0x167/0x2e0 [ 26.460257][ T360] setxattr+0x36c/0x390 [ 26.464426][ T360] path_setxattr+0x147/0x290 [ 26.469028][ T360] page last free stack trace: [ 26.473691][ T360] free_unref_page_prepare+0x542/0x550 [ 26.479149][ T360] free_unref_page_list+0x13a/0x9d0 [ 26.484345][ T360] release_pages+0x1006/0x1060 [ 26.489105][ T360] free_pages_and_swap_cache+0x86/0xa0 [ 26.494562][ T360] tlb_finish_mmu+0x17e/0x310 [ 26.499240][ T360] unmap_region+0x344/0x3b0 [ 26.503742][ T360] __do_munmap+0xa24/0x1020 [ 26.508243][ T360] __vm_munmap+0x163/0x2b0 [ 26.512660][ T360] __x64_sys_munmap+0x6b/0x80 [ 26.517348][ T360] x64_sys_call+0xc9/0x9a0 [ 26.521765][ T360] do_syscall_64+0x4c/0xa0 [ 26.526190][ T360] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 26.532082][ T360] [ 26.534404][ T360] Memory state around the buggy address: [ 26.540033][ T360] ffff88812a6b0680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.548090][ T360] ffff88812a6b0700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.556150][ T360] >ffff88812a6b0780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.564207][ T360] ^ [ 26.571405][ T360] ffff88812a6b0800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.579475][ T360] ffff88812a6b0880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.587534][ T360] ================================================================== [ 26.595606][ T360] Disabling lock debugging due to kernel taint