Warning: Permanently added '10.128.1.100' (ED25519) to the list of known hosts. 2026/01/26 04:25:22 parsed 1 programs [ 21.290489][ T24] audit: type=1400 audit(1769401522.140:64): avc: denied { node_bind } for pid=275 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 21.299349][ T24] audit: type=1400 audit(1769401522.140:65): avc: denied { create } for pid=275 comm="syz-execprog" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 21.307742][ T24] audit: type=1400 audit(1769401522.150:66): avc: denied { module_request } for pid=275 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 22.202941][ T24] audit: type=1400 audit(1769401523.050:67): avc: denied { mounton } for pid=283 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 22.206386][ T283] cgroup: Unknown subsys name 'net' [ 22.225850][ T24] audit: type=1400 audit(1769401523.060:68): avc: denied { mount } for pid=283 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 22.253184][ T24] audit: type=1400 audit(1769401523.080:69): avc: denied { unmount } for pid=283 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 22.253594][ T283] cgroup: Unknown subsys name 'devices' [ 22.395013][ T283] cgroup: Unknown subsys name 'hugetlb' [ 22.400631][ T283] cgroup: Unknown subsys name 'rlimit' [ 22.669297][ T24] audit: type=1400 audit(1769401523.520:70): avc: denied { setattr } for pid=283 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=253 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 22.692658][ T24] audit: type=1400 audit(1769401523.520:71): avc: denied { create } for pid=283 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 22.713222][ T24] audit: type=1400 audit(1769401523.520:72): avc: denied { write } for pid=283 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 22.733832][ T24] audit: type=1400 audit(1769401523.520:73): avc: denied { read } for pid=283 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 22.758639][ T285] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 22.835322][ T283] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 23.238450][ T287] request_module fs-gadgetfs succeeded, but still no fs? [ 23.249009][ T287] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 23.578241][ T307] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.585436][ T307] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.592782][ T307] device bridge_slave_0 entered promiscuous mode [ 23.599851][ T307] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.606900][ T307] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.614348][ T307] device bridge_slave_1 entered promiscuous mode [ 23.653133][ T307] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.660195][ T307] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.667524][ T307] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.674578][ T307] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.692126][ T301] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.699441][ T301] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.707495][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 23.715718][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.725438][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.733758][ T301] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.740785][ T301] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.749407][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.757915][ T301] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.764992][ T301] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.777679][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.786955][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.802116][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.814036][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.822333][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 23.830062][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 23.838566][ T307] device veth0_vlan entered promiscuous mode [ 23.848487][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.857770][ T307] device veth1_macvtap entered promiscuous mode [ 23.866833][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.876749][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 2026/01/26 04:25:25 executed programs: 0 [ 24.345544][ T352] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.352603][ T352] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.360411][ T352] device bridge_slave_0 entered promiscuous mode [ 24.369291][ T352] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.376580][ T352] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.384005][ T352] device bridge_slave_1 entered promiscuous mode [ 24.426002][ T352] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.433072][ T352] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.440351][ T352] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.447422][ T352] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.469165][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.476931][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.486014][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.503756][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.511638][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.523893][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.535180][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.543942][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.551565][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.560271][ T352] device veth0_vlan entered promiscuous mode [ 24.571707][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.581033][ T352] device veth1_macvtap entered promiscuous mode [ 24.589914][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.598486][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.608084][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.616555][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.688594][ T362] ====================================================== [ 24.688594][ T362] WARNING: the mand mount option is being deprecated and [ 24.688594][ T362] will be removed in v5.15! [ 24.688594][ T362] ====================================================== [ 24.724530][ T362] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 24.737122][ T362] ================================================================== [ 24.745253][ T362] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x1d79/0x3860 [ 24.753074][ T362] Read of size 18446744073709550624 at addr ffff88812599b7e0 by task syz.2.17/362 [ 24.762278][ T362] [ 24.764651][ T362] CPU: 0 PID: 362 Comm: syz.2.17 Not tainted syzkaller #0 [ 24.771761][ T362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 24.781821][ T362] Call Trace: [ 24.785127][ T362] __dump_stack+0x21/0x24 [ 24.789465][ T362] dump_stack_lvl+0x1a7/0x208 [ 24.794250][ T362] ? show_regs_print_info+0x18/0x18 [ 24.799451][ T362] ? thaw_kernel_threads+0x220/0x220 [ 24.804756][ T362] print_address_description+0x7f/0x2c0 [ 24.810308][ T362] ? ext4_xattr_set_entry+0x1d79/0x3860 [ 24.815887][ T362] kasan_report+0xe2/0x130 [ 24.820309][ T362] ? ext4_xattr_set_entry+0x1d79/0x3860 [ 24.825878][ T362] ? ext4_xattr_set_entry+0x1d79/0x3860 [ 24.831435][ T362] kasan_check_range+0x249/0x2a0 [ 24.836468][ T362] ? ext4_xattr_set_entry+0x1d79/0x3860 [ 24.842112][ T362] memmove+0x2d/0x70 [ 24.846017][ T362] ext4_xattr_set_entry+0x1d79/0x3860 [ 24.851538][ T362] ? ext4_xattr_ibody_set+0x360/0x360 [ 24.856913][ T362] ? kmem_cache_free+0x100/0x2d0 [ 24.862016][ T362] ? __mb_cache_entry_free+0x225/0x340 [ 24.867490][ T362] ? mb_cache_entry_delete_or_get+0x203/0x220 [ 24.873564][ T362] ext4_xattr_block_set+0x4e0/0x2a80 [ 24.878870][ T362] ? __kasan_check_read+0x11/0x20 [ 24.883983][ T362] ? __ext4_xattr_check_block+0x265/0x8e0 [ 24.889715][ T362] ? ext4_xattr_block_find+0x4f0/0x4f0 [ 24.895219][ T362] ext4_xattr_set_handle+0xbc4/0x12b0 [ 24.900599][ T362] ? ext4_xattr_set_entry+0x3860/0x3860 [ 24.906147][ T362] ? __kasan_check_read+0x11/0x20 [ 24.911183][ T362] ? __ext4_journal_start_sb+0x2e2/0x490 [ 24.916821][ T362] ext4_xattr_set+0x1f4/0x310 [ 24.921660][ T362] ? ext4_xattr_set_credits+0x290/0x290 [ 24.927225][ T362] ext4_xattr_trusted_set+0x3b/0x50 [ 24.932432][ T362] ? ext4_xattr_trusted_get+0x40/0x40 [ 24.937817][ T362] __vfs_setxattr+0x42a/0x480 [ 24.942513][ T362] __vfs_setxattr_noperm+0x11e/0x4e0 [ 24.947802][ T362] __vfs_setxattr_locked+0x203/0x220 [ 24.953095][ T362] vfs_setxattr+0x8d/0x1c0 [ 24.957514][ T362] setxattr+0x1df/0x3f0 [ 24.961680][ T362] ? path_setxattr+0x230/0x230 [ 24.966446][ T362] ? __mnt_want_write+0x1e6/0x260 [ 24.971478][ T362] ? mnt_want_write+0x19d/0x270 [ 24.976766][ T362] path_setxattr+0x11f/0x230 [ 24.981365][ T362] ? __kasan_check_write+0x14/0x20 [ 24.986565][ T362] ? simple_xattr_list_add+0x120/0x120 [ 24.992031][ T362] __x64_sys_lsetxattr+0xc2/0xe0 [ 24.996971][ T362] do_syscall_64+0x31/0x40 [ 25.001397][ T362] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 25.007307][ T362] RIP: 0033:0x7fcb770b6cb9 [ 25.011727][ T362] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 25.031419][ T362] RSP: 002b:00007fff0be46748 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 25.039962][ T362] RAX: ffffffffffffffda RBX: 00007fcb77331fa0 RCX: 00007fcb770b6cb9 [ 25.047938][ T362] RDX: 0000200000000440 RSI: 00002000000000c0 RDI: 0000200000000100 [ 25.055915][ T362] RBP: 00007fcb77124bf7 R08: 0000000000000000 R09: 0000000000000000 [ 25.063892][ T362] R10: 000000000000fe37 R11: 0000000000000246 R12: 0000000000000000 [ 25.071871][ T362] R13: 00007fcb77331fac R14: 00007fcb77331fa0 R15: 00007fcb77331fa0 [ 25.079849][ T362] [ 25.082183][ T362] The buggy address belongs to the page: [ 25.087837][ T362] page:ffffea00049666c0 refcount:2 mapcount:0 mapping:ffff88810044a050 index:0x1c pfn:0x12599b [ 25.098167][ T362] aops:def_blk_aops ino:0 [ 25.102510][ T362] flags: 0x400000000000203a(referenced|dirty|lru|active|private) [ 25.110576][ T362] raw: 400000000000203a ffffea00043ebc08 ffffea0004960948 ffff88810044a050 [ 25.119168][ T362] raw: 000000000000001c ffff8881215065e8 00000002ffffffff ffff88810fb62000 [ 25.127758][ T362] page dumped because: kasan: bad access detected [ 25.134171][ T362] page->mem_cgroup:ffff88810fb62000 [ 25.139378][ T362] page_owner tracks the page as allocated [ 25.145106][ T362] page last allocated via order 0, migratetype Movable, gfp_mask 0x108c48(GFP_NOFS|__GFP_NOFAIL|__GFP_HARDWALL|__GFP_MOVABLE), pid 362, ts 24734939922, free_ts 24719827616 [ 25.162114][ T362] prep_new_page+0x179/0x180 [ 25.166719][ T362] get_page_from_freelist+0x223b/0x23d0 [ 25.172269][ T362] __alloc_pages_nodemask+0x290/0x620 [ 25.177647][ T362] pagecache_get_page+0x63e/0x930 [ 25.182691][ T362] __getblk_gfp+0x212/0x780 [ 25.187207][ T362] ext4_xattr_block_set+0x1ccc/0x2a80 [ 25.192587][ T362] ext4_xattr_set_handle+0xbc4/0x12b0 [ 25.197974][ T362] ext4_xattr_set+0x1f4/0x310 [ 25.202679][ T362] ext4_xattr_user_set+0xc9/0xf0 [ 25.207628][ T362] __vfs_setxattr+0x42a/0x480 [ 25.212319][ T362] __vfs_setxattr_noperm+0x11e/0x4e0 [ 25.218042][ T362] __vfs_setxattr_locked+0x203/0x220 [ 25.223358][ T362] vfs_setxattr+0x8d/0x1c0 [ 25.227787][ T362] setxattr+0x1df/0x3f0 [ 25.231944][ T362] path_setxattr+0x11f/0x230 [ 25.236538][ T362] __x64_sys_setxattr+0xc5/0xe0 [ 25.241386][ T362] page last free stack trace: [ 25.246069][ T362] free_unref_page_prepare+0x2b7/0x2d0 [ 25.251535][ T362] free_unref_page_list+0x129/0x9c0 [ 25.256772][ T362] release_pages+0xe52/0xea0 [ 25.261368][ T362] free_pages_and_swap_cache+0x86/0xa0 [ 25.266829][ T362] tlb_finish_mmu+0x17e/0x310 [ 25.271522][ T362] unmap_region+0x355/0x3c0 [ 25.276047][ T362] __do_munmap+0x63c/0x850 [ 25.280464][ T362] __se_sys_munmap+0x130/0x1c0 [ 25.285235][ T362] __x64_sys_munmap+0x5b/0x70 [ 25.289917][ T362] do_syscall_64+0x31/0x40 [ 25.294342][ T362] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 25.300242][ T362] [ 25.302579][ T362] Memory state around the buggy address: [ 25.308217][ T362] ffff88812599b680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.316285][ T362] ffff88812599b700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.324349][ T362] >ffff88812599b780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.332428][ T362] ^ [ 25.339618][ T362] ffff88812599b800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.347676][ T362] ffff88812599b880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.355740][ T362] ================================================================== [ 25.363806][ T362] Disabling lock debugging due to kernel taint