Warning: Permanently added '10.128.0.177' (ED25519) to the list of known hosts. 2026/03/07 19:43:56 parsed 1 programs [ 29.113699][ T30] audit: type=1400 audit(1772912636.962:64): avc: denied { node_bind } for pid=281 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 29.134875][ T30] audit: type=1400 audit(1772912636.962:65): avc: denied { module_request } for pid=281 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 30.063856][ T30] audit: type=1400 audit(1772912637.912:66): avc: denied { mounton } for pid=287 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 30.067235][ T287] cgroup: Unknown subsys name 'net' [ 30.086810][ T30] audit: type=1400 audit(1772912637.912:67): avc: denied { mount } for pid=287 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 30.114192][ T30] audit: type=1400 audit(1772912637.952:68): avc: denied { unmount } for pid=287 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 30.114631][ T287] cgroup: Unknown subsys name 'devices' [ 30.321162][ T287] cgroup: Unknown subsys name 'hugetlb' [ 30.326789][ T287] cgroup: Unknown subsys name 'rlimit' [ 30.533614][ T30] audit: type=1400 audit(1772912638.382:69): avc: denied { setattr } for pid=287 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 30.556868][ T30] audit: type=1400 audit(1772912638.382:70): avc: denied { create } for pid=287 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 30.577328][ T30] audit: type=1400 audit(1772912638.382:71): avc: denied { write } for pid=287 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 30.597739][ T30] audit: type=1400 audit(1772912638.382:72): avc: denied { read } for pid=287 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 30.606741][ T293] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 30.618461][ T30] audit: type=1400 audit(1772912638.382:73): avc: denied { mounton } for pid=287 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 30.678556][ T287] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 31.139123][ T295] request_module fs-gadgetfs succeeded, but still no fs? [ 31.439015][ T306] syz-executor (306) used greatest stack depth: 21952 bytes left [ 31.735969][ T336] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.743084][ T336] bridge0: port 1(bridge_slave_0) entered disabled state [ 31.750629][ T336] device bridge_slave_0 entered promiscuous mode [ 31.757528][ T336] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.764660][ T336] bridge0: port 2(bridge_slave_1) entered disabled state [ 31.772119][ T336] device bridge_slave_1 entered promiscuous mode [ 31.814248][ T336] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.821331][ T336] bridge0: port 2(bridge_slave_1) entered forwarding state [ 31.828696][ T336] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.835737][ T336] bridge0: port 1(bridge_slave_0) entered forwarding state [ 31.855877][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 31.863638][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 31.870938][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 31.884578][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 31.892850][ T10] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.899929][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state [ 31.908707][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 31.916912][ T10] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.923976][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state [ 31.942115][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 31.951322][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 31.970185][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 31.981425][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 31.989651][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 31.997422][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 32.010304][ T336] device veth0_vlan entered promiscuous mode [ 32.020499][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 32.029733][ T336] device veth1_macvtap entered promiscuous mode [ 32.039227][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 32.049213][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 32.082045][ T336] syz-executor (336) used greatest stack depth: 21408 bytes left 2026/03/07 19:44:00 executed programs: 0 [ 32.415007][ T354] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.422366][ T354] bridge0: port 1(bridge_slave_0) entered disabled state [ 32.429885][ T354] device bridge_slave_0 entered promiscuous mode [ 32.437155][ T354] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.444326][ T354] bridge0: port 2(bridge_slave_1) entered disabled state [ 32.451915][ T354] device bridge_slave_1 entered promiscuous mode [ 32.494585][ T354] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.501657][ T354] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.509144][ T354] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.516189][ T354] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.540596][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 32.548224][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 32.555766][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 32.564786][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 32.573040][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.580099][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.593269][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 32.601513][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.608538][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.620923][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 32.634395][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 32.647957][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 32.663623][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 32.671680][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 32.679244][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 32.687639][ T354] device veth0_vlan entered promiscuous mode [ 32.699474][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 32.708520][ T354] device veth1_macvtap entered promiscuous mode [ 32.717992][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 32.732476][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 32.760004][ T359] loop2: detected capacity change from 0 to 1024 [ 32.779507][ T359] ======================================================= [ 32.779507][ T359] WARNING: The mand mount option has been deprecated and [ 32.779507][ T359] and is ignored by this kernel. Remove the mand [ 32.779507][ T359] option from the mount to silence this warning. [ 32.779507][ T359] ======================================================= [ 32.872927][ T359] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 32.887289][ T359] ================================================================== [ 32.895397][ T359] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x1e04/0x3940 [ 32.903258][ T359] Read of size 18446744073709550672 at addr ffff88812df1d7b0 by task syz.2.17/359 [ 32.912447][ T359] [ 32.914778][ T359] CPU: 1 PID: 359 Comm: syz.2.17 Not tainted syzkaller #0 [ 32.921876][ T359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 32.931938][ T359] Call Trace: [ 32.935254][ T359] [ 32.938188][ T359] __dump_stack+0x21/0x30 [ 32.942523][ T359] dump_stack_lvl+0x110/0x170 [ 32.947214][ T359] ? show_regs_print_info+0x20/0x20 [ 32.952413][ T359] ? load_image+0x3e0/0x3e0 [ 32.956919][ T359] print_address_description+0x7f/0x2c0 [ 32.962465][ T359] ? ext4_xattr_set_entry+0x1e04/0x3940 [ 32.968020][ T359] kasan_report+0xf1/0x140 [ 32.972443][ T359] ? ext4_xattr_set_entry+0x1e04/0x3940 [ 32.978110][ T359] ? ext4_xattr_set_entry+0x1e04/0x3940 [ 32.983664][ T359] kasan_check_range+0x249/0x2a0 [ 32.988620][ T359] ? ext4_xattr_set_entry+0x1e04/0x3940 [ 32.994217][ T359] memmove+0x2d/0x70 [ 32.998132][ T359] ext4_xattr_set_entry+0x1e04/0x3940 [ 33.003508][ T359] ? ext4_xattr_ibody_set+0x360/0x360 [ 33.008880][ T359] ? __mb_cache_entry_free+0x253/0x390 [ 33.014335][ T359] ? kmem_cache_free+0x100/0x320 [ 33.019303][ T359] ? mb_cache_entry_delete_or_get+0x203/0x220 [ 33.025393][ T359] ext4_xattr_block_set+0x4f8/0x2d10 [ 33.030685][ T359] ? __kasan_check_read+0x11/0x20 [ 33.035712][ T359] ? __ext4_xattr_check_block+0x265/0x8e0 [ 33.041437][ T359] ? ext4_xattr_block_find+0x4f0/0x4f0 [ 33.046895][ T359] ext4_xattr_set_handle+0xbc4/0x12b0 [ 33.052266][ T359] ? ext4_xattr_set_entry+0x3940/0x3940 [ 33.057811][ T359] ? ext4_xattr_set+0x20c/0x320 [ 33.062658][ T359] ? __ext4_journal_start_sb+0x154/0x2b0 [ 33.068299][ T359] ext4_xattr_set+0x242/0x320 [ 33.072976][ T359] ? ext4_xattr_set_credits+0x290/0x290 [ 33.078564][ T359] ? selinux_inode_setxattr+0x5d9/0xc00 [ 33.084331][ T359] ext4_xattr_trusted_set+0x3c/0x50 [ 33.089561][ T359] ? ext4_xattr_trusted_get+0x40/0x40 [ 33.094953][ T359] __vfs_setxattr+0x3e1/0x430 [ 33.099631][ T359] __vfs_setxattr_noperm+0x12a/0x5e0 [ 33.104915][ T359] __vfs_setxattr_locked+0x212/0x230 [ 33.110204][ T359] vfs_setxattr+0x167/0x2e0 [ 33.114727][ T359] ? xattr_permission+0x550/0x550 [ 33.119750][ T359] ? _copy_from_user+0x95/0xd0 [ 33.124509][ T359] setxattr+0x36c/0x390 [ 33.128683][ T359] ? path_setxattr+0x290/0x290 [ 33.133454][ T359] ? debug_smp_processor_id+0x17/0x20 [ 33.138828][ T359] ? __mnt_want_write+0x1e6/0x260 [ 33.143865][ T359] ? mnt_want_write+0x20b/0x2e0 [ 33.148712][ T359] path_setxattr+0x147/0x290 [ 33.153306][ T359] ? simple_xattr_list_add+0x120/0x120 [ 33.158769][ T359] ? __kasan_check_read+0x11/0x20 [ 33.163817][ T359] ? __se_sys_ioctl+0x1f/0x1a0 [ 33.168583][ T359] __x64_sys_lsetxattr+0xc2/0xe0 [ 33.173559][ T359] x64_sys_call+0x8cc/0x9a0 [ 33.178110][ T359] do_syscall_64+0x4c/0xa0 [ 33.182535][ T359] ? clear_bhb_loop+0x50/0xa0 [ 33.187213][ T359] ? clear_bhb_loop+0x50/0xa0 [ 33.191890][ T359] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 33.197785][ T359] RIP: 0033:0x7fa318af1799 [ 33.202205][ T359] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 33.221816][ T359] RSP: 002b:00007ffc37cbb768 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 33.230284][ T359] RAX: ffffffffffffffda RBX: 00007fa318d6afa0 RCX: 00007fa318af1799 [ 33.238514][ T359] RDX: 0000200000000480 RSI: 00002000000000c0 RDI: 0000200000000100 [ 33.246497][ T359] RBP: 00007fa318b87bd9 R08: 0000000000000000 R09: 0000000000000000 [ 33.254497][ T359] R10: 000000000000fe37 R11: 0000000000000246 R12: 0000000000000000 [ 33.262474][ T359] R13: 00007fa318d6afac R14: 00007fa318d6afa0 R15: 00007fa318d6afa0 [ 33.270479][ T359] [ 33.273496][ T359] [ 33.275812][ T359] The buggy address belongs to the page: [ 33.281449][ T359] page:ffffea0004b7c740 refcount:2 mapcount:0 mapping:ffff88810928f258 index:0x1c pfn:0x12df1d [ 33.291773][ T359] memcg:ffff88810bfa33c0 [ 33.296009][ T359] aops:def_blk_aops ino:700002 [ 33.300774][ T359] flags: 0x400000000000203a(referenced|dirty|lru|active|private|zone=1) [ 33.309123][ T359] raw: 400000000000203a ffffea0004b09108 ffffea0004b7c708 ffff88810928f258 [ 33.317711][ T359] raw: 000000000000001c ffff88810d124bd0 00000002ffffffff ffff88810bfa33c0 [ 33.326289][ T359] page dumped because: kasan: bad access detected [ 33.332691][ T359] page_owner tracks the page as allocated [ 33.338419][ T359] page last allocated via order 0, migratetype Movable, gfp_mask 0x108c48(GFP_NOFS|__GFP_NOFAIL|__GFP_HARDWALL|__GFP_MOVABLE), pid 359, ts 32884921010, free_ts 32869791424 [ 33.355622][ T359] post_alloc_hook+0x192/0x1b0 [ 33.360497][ T359] prep_new_page+0x1c/0x110 [ 33.365041][ T359] get_page_from_freelist+0x2d3a/0x2dc0 [ 33.370763][ T359] __alloc_pages+0x1a2/0x460 [ 33.375408][ T359] pagecache_get_page+0xac6/0xde0 [ 33.380440][ T359] __getblk_gfp+0x238/0x7d0 [ 33.384969][ T359] ext4_xattr_block_set+0x1d7c/0x2d10 [ 33.390347][ T359] ext4_xattr_set_handle+0xbc4/0x12b0 [ 33.395848][ T359] ext4_xattr_set+0x242/0x320 [ 33.400535][ T359] ext4_xattr_user_set+0xc4/0xf0 [ 33.405480][ T359] __vfs_setxattr+0x3e1/0x430 [ 33.410190][ T359] __vfs_setxattr_noperm+0x12a/0x5e0 [ 33.415480][ T359] __vfs_setxattr_locked+0x212/0x230 [ 33.420769][ T359] vfs_setxattr+0x167/0x2e0 [ 33.425270][ T359] setxattr+0x36c/0x390 [ 33.429427][ T359] path_setxattr+0x147/0x290 [ 33.434040][ T359] page last free stack trace: [ 33.438706][ T359] free_unref_page_prepare+0x542/0x550 [ 33.444163][ T359] free_unref_page_list+0x13a/0x9d0 [ 33.449367][ T359] release_pages+0x1006/0x1060 [ 33.454152][ T359] free_pages_and_swap_cache+0x86/0xa0 [ 33.459615][ T359] tlb_finish_mmu+0x17e/0x310 [ 33.464304][ T359] unmap_region+0x344/0x3b0 [ 33.468803][ T359] __do_munmap+0xa24/0x1020 [ 33.473303][ T359] __vm_munmap+0x163/0x2b0 [ 33.477727][ T359] __x64_sys_munmap+0x6b/0x80 [ 33.482399][ T359] x64_sys_call+0xc9/0x9a0 [ 33.486826][ T359] do_syscall_64+0x4c/0xa0 [ 33.491241][ T359] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 33.497133][ T359] [ 33.499452][ T359] Memory state around the buggy address: [ 33.505078][ T359] ffff88812df1d680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.513133][ T359] ffff88812df1d700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.521190][ T359] >ffff88812df1d780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.529258][ T359] ^ [ 33.534877][ T359] ffff88812df1d800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.542930][ T359] ffff88812df1d880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.550989][ T359] ================================================================== [ 33.559060][ T359] Disabling lock debugging due to kernel taint [ 33.629647][ T8] device bridge_slave_1 left promiscuous mode [ 33.635829][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.644326][ T8] device bridge_slave_0 left promiscuous mode [ 33.650741][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.659582][ T8] device veth1_macvtap left promiscuous mode [ 33.665633][ T8] device veth0_vlan left promiscuous mode