syzkaller syzkaller login: [ 19.518680][ T24] kauditd_printk_skb: 31 callbacks suppressed [ 19.518693][ T24] audit: type=1400 audit(1767210490.310:59): avc: denied { transition } for pid=217 comm="sshd-session" path="/bin/sh" dev="sda1" ino=90 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 19.529292][ T24] audit: type=1400 audit(1767210490.310:60): avc: denied { noatsecure } for pid=217 comm="sshd-session" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 19.536172][ T24] audit: type=1400 audit(1767210490.310:61): avc: denied { write } for pid=217 comm="sh" path="pipe:[13304]" dev="pipefs" ino=13304 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 19.553561][ T24] audit: type=1400 audit(1767210490.310:62): avc: denied { rlimitinh } for pid=217 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 19.572350][ T24] audit: type=1400 audit(1767210490.310:63): avc: denied { siginh } for pid=217 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.0.122' (ED25519) to the list of known hosts. 2025/12/31 19:48:20 parsed 1 programs [ 29.448653][ T24] audit: type=1400 audit(1767210500.240:64): avc: denied { node_bind } for pid=275 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 29.469390][ T24] audit: type=1400 audit(1767210500.240:65): avc: denied { create } for pid=275 comm="syz-execprog" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 29.489323][ T24] audit: type=1400 audit(1767210500.240:66): avc: denied { module_request } for pid=275 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 30.419425][ T24] audit: type=1400 audit(1767210501.210:67): avc: denied { mounton } for pid=284 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 30.421163][ T284] cgroup: Unknown subsys name 'net' [ 30.442150][ T24] audit: type=1400 audit(1767210501.210:68): avc: denied { mount } for pid=284 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 30.469584][ T24] audit: type=1400 audit(1767210501.240:69): avc: denied { unmount } for pid=284 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 30.469800][ T284] cgroup: Unknown subsys name 'devices' [ 30.669295][ T284] cgroup: Unknown subsys name 'hugetlb' [ 30.674925][ T284] cgroup: Unknown subsys name 'rlimit' [ 30.869634][ T24] audit: type=1400 audit(1767210501.660:70): avc: denied { setattr } for pid=284 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=253 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 30.892841][ T24] audit: type=1400 audit(1767210501.660:71): avc: denied { create } for pid=284 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 30.913280][ T24] audit: type=1400 audit(1767210501.660:72): avc: denied { write } for pid=284 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 30.921174][ T286] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 30.933713][ T24] audit: type=1400 audit(1767210501.660:73): avc: denied { read } for pid=284 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 30.982905][ T284] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 31.539516][ T288] request_module fs-gadgetfs succeeded, but still no fs? [ 31.550217][ T288] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 32.156142][ T334] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.163225][ T334] bridge0: port 1(bridge_slave_0) entered disabled state [ 32.170744][ T334] device bridge_slave_0 entered promiscuous mode [ 32.178324][ T334] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.185352][ T334] bridge0: port 2(bridge_slave_1) entered disabled state [ 32.192820][ T334] device bridge_slave_1 entered promiscuous mode [ 32.229361][ T334] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.236404][ T334] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.243762][ T334] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.250811][ T334] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.269464][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 32.276778][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 32.284161][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 32.292125][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 32.301558][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 32.309776][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.316827][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.325627][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 32.334051][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.341100][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.353708][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 32.363091][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 32.377029][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 32.388668][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 32.396835][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 32.404595][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 32.412952][ T334] device veth0_vlan entered promiscuous mode [ 32.423245][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 32.432874][ T334] device veth1_macvtap entered promiscuous mode [ 32.449821][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 32.459778][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 2025/12/31 19:48:23 executed programs: 0 [ 32.817436][ T352] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.824501][ T352] bridge0: port 1(bridge_slave_0) entered disabled state [ 32.832170][ T352] device bridge_slave_0 entered promiscuous mode [ 32.839343][ T352] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.846378][ T352] bridge0: port 2(bridge_slave_1) entered disabled state [ 32.854009][ T352] device bridge_slave_1 entered promiscuous mode [ 32.904234][ T352] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.911347][ T352] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.918633][ T352] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.925660][ T352] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.945979][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 32.953520][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 32.960853][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 32.971838][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 32.980019][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.987071][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.995942][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 33.004405][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.011444][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 33.023271][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 33.032410][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 33.045666][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 33.061454][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 33.070105][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 33.077871][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 33.086187][ T352] device veth0_vlan entered promiscuous mode [ 33.099423][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 33.108933][ T352] device veth1_macvtap entered promiscuous mode [ 33.118471][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 33.132731][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 33.180683][ T387] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option [ 33.199040][ T387] EXT4-fs (loop2): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000080,nodelalloc,grpid,noauto_da_alloc,nomblk_io_submit,,errors=continue [ 33.227701][ T387] ------------[ cut here ]------------ [ 33.233242][ T387] kernel BUG at fs/ext4/mballoc.c:1640! [ 33.239134][ T387] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 33.245214][ T387] CPU: 1 PID: 387 Comm: syz.2.17 Not tainted syzkaller #0 [ 33.252320][ T387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 33.262515][ T387] RIP: 0010:mb_mark_used+0x13c4/0x13e0 [ 33.267977][ T387] Code: 0f 0b e8 6f b7 90 ff 0f 0b e8 68 b7 90 ff 0f 0b e8 61 b7 90 ff 0f 0b e8 5a b7 90 ff 0f 0b e8 53 b7 90 ff 0f 0b e8 4c b7 90 ff <0f> 0b e8 45 b7 90 ff 0f 0b e8 3e b7 90 ff 0f 0b 66 2e 0f 1f 84 00 [ 33.288057][ T387] RSP: 0018:ffffc9000439f658 EFLAGS: 00010293 [ 33.294142][ T387] RAX: ffffffff81d2ed34 RBX: ffffc9000439f8a0 RCX: ffff8881102b0000 [ 33.302133][ T387] RDX: 0000000000000000 RSI: ffffffff80000000 RDI: 0000000000002000 [ 33.310113][ T387] RBP: ffffc9000439f730 R08: dffffc0000000000 R09: ffffed10221efe01 [ 33.318098][ T387] R10: ffffed10221efe01 R11: 1ffff110221efe00 R12: ffffffff80000000 [ 33.326071][ T387] R13: 0000000000002000 R14: ffffc9000439f8b0 R15: ffff888110f7d000 [ 33.334045][ T387] FS: 0000555569ed8500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 33.342971][ T387] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 33.349554][ T387] CR2: 0000200000000380 CR3: 0000000127e42000 CR4: 00000000003506a0 [ 33.357521][ T387] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 33.365520][ T387] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 33.373540][ T387] Call Trace: [ 33.376843][ T387] ? _raw_spin_trylock+0xb1/0x140 [ 33.381916][ T387] ? __lock_text_start+0x8/0x8 [ 33.386683][ T387] ? find_next_bit+0x80/0x100 [ 33.391490][ T387] ext4_trim_fs+0xfbb/0x20a0 [ 33.396092][ T387] ? mb_free_blocks+0x11c0/0x11c0 [ 33.401118][ T387] ? ext4_ioctl+0x1e7b/0x3980 [ 33.405800][ T387] ext4_ioctl+0x21f1/0x3980 [ 33.410305][ T387] ? avc_has_extended_perms+0x761/0xc30 [ 33.415853][ T387] ? ext4_reset_inode_seed+0x510/0x510 [ 33.421310][ T387] ? avc_ss_reset+0x280/0x280 [ 33.426086][ T387] ? get_futex_key+0x712/0xc60 [ 33.430889][ T387] ? futex_wait_restart+0x210/0x210 [ 33.436143][ T387] ? ptep_set_access_flags+0x75/0xc0 [ 33.441438][ T387] ? __kasan_check_read+0x11/0x20 [ 33.446464][ T387] ? futex_wake+0x485/0x550 [ 33.450968][ T387] ? handle_mm_fault+0x11ba/0x16a0 [ 33.456078][ T387] ? do_vfs_ioctl+0xe1d/0x1510 [ 33.460835][ T387] ? __ia32_compat_sys_ioctl+0x7b0/0x7b0 [ 33.466467][ T387] ? has_cap_mac_admin+0x330/0x330 [ 33.471581][ T387] ? __init_rwsem+0x1c0/0x1c0 [ 33.476251][ T387] ? selinux_file_alloc_security+0x120/0x120 [ 33.482230][ T387] ? check_zeroed_user+0x120/0x170 [ 33.487340][ T387] ? __se_sys_futex+0x2b4/0x360 [ 33.492233][ T387] ? security_file_ioctl+0x84/0xa0 [ 33.497341][ T387] ? ext4_reset_inode_seed+0x510/0x510 [ 33.503336][ T387] __se_sys_ioctl+0x121/0x1a0 [ 33.508009][ T387] __x64_sys_ioctl+0x7b/0x90 [ 33.512616][ T387] do_syscall_64+0x31/0x40 [ 33.517040][ T387] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 33.523027][ T387] RIP: 0033:0x7f352a1b9749 [ 33.527445][ T387] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 33.547049][ T387] RSP: 002b:00007ffd11759d18 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 33.555466][ T387] RAX: ffffffffffffffda RBX: 00007f352a40ffa0 RCX: 00007f352a1b9749 [ 33.563525][ T387] RDX: 0000200000000080 RSI: 00000000c0185879 RDI: 0000000000000004 [ 33.571957][ T387] RBP: 00007f352a23df91 R08: 0000000000000000 R09: 0000000000000000 [ 33.580225][ T387] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 33.588200][ T387] R13: 00007f352a40ffa0 R14: 00007f352a40ffa0 R15: 0000000000000003 [ 33.596261][ T387] Modules linked in: [ 33.600917][ T387] ---[ end trace ec27f7cc84893b44 ]--- [ 33.606712][ T387] RIP: 0010:mb_mark_used+0x13c4/0x13e0 [ 33.612225][ T387] Code: 0f 0b e8 6f b7 90 ff 0f 0b e8 68 b7 90 ff 0f 0b e8 61 b7 90 ff 0f 0b e8 5a b7 90 ff 0f 0b e8 53 b7 90 ff 0f 0b e8 4c b7 90 ff <0f> 0b e8 45 b7 90 ff 0f 0b e8 3e b7 90 ff 0f 0b 66 2e 0f 1f 84 00 [ 33.631886][ T387] RSP: 0018:ffffc9000439f658 EFLAGS: 00010293 [ 33.638048][ T387] RAX: ffffffff81d2ed34 RBX: ffffc9000439f8a0 RCX: ffff8881102b0000 [ 33.646030][ T387] RDX: 0000000000000000 RSI: ffffffff80000000 RDI: 0000000000002000 [ 33.654055][ T387] RBP: ffffc9000439f730 R08: dffffc0000000000 R09: ffffed10221efe01 [ 33.662218][ T387] R10: ffffed10221efe01 R11: 1ffff110221efe00 R12: ffffffff80000000 [ 33.670396][ T387] R13: 0000000000002000 R14: ffffc9000439f8b0 R15: ffff888110f7d000 [ 33.678418][ T387] FS: 0000555569ed8500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 33.687390][ T387] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 33.693992][ T387] CR2: 0000200000000380 CR3: 0000000127e42000 CR4: 00000000003506a0 [ 33.702328][ T387] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 33.710421][ T387] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 33.718606][ T387] Kernel panic - not syncing: Fatal exception [ 33.725060][ T387] Kernel Offset: disabled [ 33.729409][ T387] Rebooting in 86400 seconds..