rocess permissive=1 [ 16.859948][ T28] audit: type=1400 audit(1776519384.456:63): avc: denied { siginh } for pid=224 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.1.61' (ED25519) to the list of known hosts. 2026/04/18 13:36:34 parsed 1 programs [ 26.404802][ T28] audit: type=1400 audit(1776519394.006:64): avc: denied { node_bind } for pid=282 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 26.426366][ T28] audit: type=1400 audit(1776519394.006:65): avc: denied { module_request } for pid=282 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 27.533488][ T28] audit: type=1400 audit(1776519395.136:66): avc: denied { mounton } for pid=288 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 27.536906][ T288] cgroup: Unknown subsys name 'net' [ 27.561686][ T28] audit: type=1400 audit(1776519395.136:67): avc: denied { mount } for pid=288 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 27.583960][ T288] cgroup: Unknown subsys name 'devices' [ 27.583989][ T28] audit: type=1400 audit(1776519395.166:68): avc: denied { unmount } for pid=288 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 27.693851][ T288] cgroup: Unknown subsys name 'hugetlb' [ 27.699502][ T288] cgroup: Unknown subsys name 'rlimit' [ 27.811546][ T28] audit: type=1400 audit(1776519395.416:69): avc: denied { setattr } for pid=288 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 27.834864][ T28] audit: type=1400 audit(1776519395.416:70): avc: denied { create } for pid=288 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 27.855306][ T28] audit: type=1400 audit(1776519395.416:71): avc: denied { write } for pid=288 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 27.875672][ T28] audit: type=1400 audit(1776519395.416:72): avc: denied { read } for pid=288 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 27.895903][ T28] audit: type=1400 audit(1776519395.416:73): avc: denied { mounton } for pid=288 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 27.905356][ T292] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 27.971480][ T288] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 28.598951][ T294] request_module fs-gadgetfs succeeded, but still no fs? [ 29.219904][ T340] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.227045][ T340] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.234618][ T340] device bridge_slave_0 entered promiscuous mode [ 29.241810][ T340] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.248854][ T340] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.257370][ T340] device bridge_slave_1 entered promiscuous mode [ 29.302412][ T340] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.309473][ T340] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.316826][ T340] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.323889][ T340] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.343778][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 29.351466][ T303] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.358625][ T303] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.367869][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 29.376101][ T303] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.383163][ T303] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.392298][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 29.400615][ T303] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.407775][ T303] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.420139][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 29.429455][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 29.444412][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 29.456163][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 29.464367][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 29.471925][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 29.480125][ T340] device veth0_vlan entered promiscuous mode [ 29.490651][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 29.499910][ T340] device veth1_macvtap entered promiscuous mode [ 29.509870][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 29.520334][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 2026/04/18 13:36:37 executed programs: 0 [ 29.884898][ T355] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.892182][ T355] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.899663][ T355] device bridge_slave_0 entered promiscuous mode [ 29.912707][ T355] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.919765][ T355] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.927300][ T355] device bridge_slave_1 entered promiscuous mode [ 29.979323][ T355] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.986499][ T355] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.993822][ T355] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.000862][ T355] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.026014][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 30.034115][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.041569][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.055401][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 30.063632][ T10] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.070744][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.079695][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 30.088083][ T10] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.095170][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.107803][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 30.117254][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 30.131287][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 30.145537][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 30.153707][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 30.161584][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 30.169968][ T355] device veth0_vlan entered promiscuous mode [ 30.180694][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 30.189892][ T355] device veth1_macvtap entered promiscuous mode [ 30.199744][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 30.210394][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 30.238999][ T360] loop2: detected capacity change from 0 to 1024 [ 30.245731][ T360] ======================================================= [ 30.245731][ T360] WARNING: The mand mount option has been deprecated and [ 30.245731][ T360] and is ignored by this kernel. Remove the mand [ 30.245731][ T360] option from the mount to silence this warning. [ 30.245731][ T360] ======================================================= [ 30.293890][ T360] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 30.306616][ T355] EXT4-fs (loop2): unmounting filesystem. [ 30.323052][ T365] loop2: detected capacity change from 0 to 1024 [ 30.332567][ T365] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 30.344814][ T355] EXT4-fs (loop2): unmounting filesystem. [ 30.362440][ T368] loop2: detected capacity change from 0 to 1024 [ 30.373041][ T368] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 30.385363][ T355] EXT4-fs (loop2): unmounting filesystem. [ 30.403001][ T371] loop2: detected capacity change from 0 to 1024 [ 30.412329][ T371] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 30.425464][ T355] EXT4-fs (loop2): unmounting filesystem. [ 30.445608][ T374] loop2: detected capacity change from 0 to 1024 [ 30.463795][ T374] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 30.477774][ T355] EXT4-fs (loop2): unmounting filesystem. [ 30.495813][ T377] loop2: detected capacity change from 0 to 1024 [ 30.512779][ T377] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 30.527311][ T355] EXT4-fs (loop2): unmounting filesystem. [ 30.549504][ T380] loop2: detected capacity change from 0 to 1024 [ 30.566693][ T380] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 30.578458][ T355] EXT4-fs (loop2): unmounting filesystem. [ 30.593534][ T383] loop2: detected capacity change from 0 to 1024 [ 30.603764][ T383] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 30.614758][ T43] device bridge_slave_1 left promiscuous mode [ 30.620936][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.629577][ T43] device bridge_slave_0 left promiscuous mode [ 30.636144][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.643627][ T355] EXT4-fs (loop2): unmounting filesystem. [ 30.650367][ T43] device veth1_macvtap left promiscuous mode [ 30.656685][ T43] device veth0_vlan left promiscuous mode [ 30.677494][ T386] loop2: detected capacity change from 0 to 1024 [ 30.707388][ T386] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 30.722906][ T355] EXT4-fs (loop2): unmounting filesystem. [ 30.744086][ T389] loop2: detected capacity change from 0 to 1024 [ 30.763512][ T389] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 30.777079][ T355] EXT4-fs (loop2): unmounting filesystem. [ 30.805828][ T392] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 30.818818][ T355] EXT4-fs (loop2): unmounting filesystem. [ 30.864218][ T395] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 30.877283][ T355] EXT4-fs (loop2): unmounting filesystem. [ 30.902258][ T398] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 30.918135][ T355] EXT4-fs (loop2): unmounting filesystem. [ 30.943439][ T401] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 30.956492][ T355] EXT4-fs (loop2): unmounting filesystem. [ 30.988555][ T404] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 31.002635][ T355] EXT4-fs (loop2): unmounting filesystem. [ 31.022515][ T407] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 31.036349][ T355] EXT4-fs (loop2): unmounting filesystem. [ 31.072291][ T410] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 31.089435][ T355] EXT4-fs (loop2): unmounting filesystem. [ 31.112864][ T413] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 31.125416][ T355] EXT4-fs (loop2): unmounting filesystem. [ 31.152279][ T416] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 31.165490][ T355] EXT4-fs (loop2): unmounting filesystem. [ 31.192668][ T419] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 31.204514][ T355] EXT4-fs (loop2): unmounting filesystem. [ 31.242448][ T422] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 31.257309][ T355] EXT4-fs (loop2): unmounting filesystem. [ 31.282335][ T425] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 31.296217][ T355] EXT4-fs (loop2): unmounting filesystem. [ 31.322902][ T428] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 31.336623][ T355] EXT4-fs (loop2): unmounting filesystem. [ 31.363291][ T431] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 31.379212][ T355] EXT4-fs (loop2): unmounting filesystem. [ 31.402612][ T434] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 31.415561][ T355] EXT4-fs (loop2): unmounting filesystem. [ 31.452189][ T437] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 31.465059][ T355] EXT4-fs (loop2): unmounting filesystem. [ 31.493577][ T440] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 31.506647][ T355] EXT4-fs (loop2): unmounting filesystem. [ 31.532579][ T443] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 31.545303][ T355] EXT4-fs (loop2): unmounting filesystem. [ 31.574921][ T446] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 31.588415][ T355] EXT4-fs (loop2): unmounting filesystem. [ 31.622609][ T449] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 31.636477][ T355] EXT4-fs (loop2): unmounting filesystem. [ 31.662329][ T452] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 31.676540][ T355] EXT4-fs (loop2): unmounting filesystem. [ 31.702689][ T455] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 32.663956][ T584] ================================================================== [ 32.672083][ T584] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x979/0x21d0 [ 32.679861][ T584] Read of size 18446744073709551588 at addr ffff888110491840 by task syz.2.91/584 [ 32.689089][ T584] [ 32.691457][ T584] CPU: 1 PID: 584 Comm: syz.2.91 Not tainted syzkaller #0 [ 32.698595][ T584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 32.708688][ T584] Call Trace: [ 32.711998][ T584] [ 32.714960][ T584] __dump_stack+0x21/0x24 [ 32.719350][ T584] dump_stack_lvl+0x110/0x170 [ 32.724060][ T584] ? __cfi_dump_stack_lvl+0x8/0x8 [ 32.729119][ T584] ? kasan_save_alloc_info+0x25/0x30 [ 32.734446][ T584] ? ext4_xattr_block_set+0x9d5/0x3260 [ 32.739954][ T584] ? ext4_xattr_set+0x242/0x320 [ 32.744885][ T584] ? ext4_xattr_security_set+0x3c/0x50 [ 32.750684][ T584] ? ext4_xattr_set_entry+0x979/0x21d0 [ 32.756180][ T584] print_address_description+0x71/0x200 [ 32.761749][ T584] print_report+0x4a/0x60 [ 32.766112][ T584] kasan_report+0x122/0x150 [ 32.770644][ T584] ? ext4_xattr_set_entry+0x979/0x21d0 [ 32.776134][ T584] ? ext4_xattr_set_entry+0x979/0x21d0 [ 32.781721][ T584] kasan_check_range+0x249/0x2a0 [ 32.786684][ T584] ? ext4_xattr_set_entry+0x979/0x21d0 [ 32.792172][ T584] memmove+0x2d/0x70 [ 32.796095][ T584] ext4_xattr_set_entry+0x979/0x21d0 [ 32.801493][ T584] ext4_xattr_block_set+0xad3/0x3260 [ 32.806804][ T584] ? __kasan_check_write+0x14/0x20 [ 32.811943][ T584] ? iput+0x620/0x670 [ 32.815948][ T584] ? ext4_xattr_block_find+0x310/0x310 [ 32.821432][ T584] ext4_xattr_set_handle+0xe3b/0x1570 [ 32.826832][ T584] ? __cfi_ext4_xattr_set_handle+0x10/0x10 [ 32.832661][ T584] ? __kasan_check_read+0x11/0x20 [ 32.837702][ T584] ? __ext4_journal_start_sb+0x2ed/0x4a0 [ 32.843355][ T584] ext4_xattr_set+0x242/0x320 [ 32.848085][ T584] ? ns_capable+0x8c/0xf0 [ 32.852465][ T584] ? __cfi_ext4_xattr_set+0x10/0x10 [ 32.857695][ T584] ? selinux_inode_setxattr+0x5cf/0xbf0 [ 32.863336][ T584] ext4_xattr_security_set+0x3c/0x50 [ 32.868668][ T584] ? __cfi_ext4_xattr_security_set+0x10/0x10 [ 32.874693][ T584] __vfs_setxattr+0x3f2/0x440 [ 32.879417][ T584] __vfs_setxattr_noperm+0x12a/0x5e0 [ 32.884762][ T584] __vfs_setxattr_locked+0x212/0x230 [ 32.890077][ T584] vfs_setxattr+0x167/0x2e0 [ 32.894613][ T584] ? __cfi_vfs_setxattr+0x10/0x10 [ 32.899735][ T584] ? copy_user_enhanced_fast_string+0xa/0x40 [ 32.905846][ T584] setxattr+0x346/0x360 [ 32.910046][ T584] ? path_setxattr+0x290/0x290 [ 32.914849][ T584] ? __mnt_want_write+0x1e6/0x260 [ 32.919905][ T584] ? mnt_want_write+0x220/0x300 [ 32.924788][ T584] path_setxattr+0x147/0x290 [ 32.929423][ T584] ? simple_xattr_list_add+0x120/0x120 [ 32.934926][ T584] __x64_sys_setxattr+0xc5/0xe0 [ 32.939829][ T584] x64_sys_call+0x633/0x9a0 [ 32.944448][ T584] do_syscall_64+0x4c/0xa0 [ 32.948887][ T584] ? clear_bhb_loop+0x30/0x80 [ 32.953618][ T584] ? clear_bhb_loop+0x30/0x80 [ 32.958330][ T584] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 32.964252][ T584] RIP: 0033:0x7f9d7399c819 [ 32.968706][ T584] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 32.988333][ T584] RSP: 002b:00007ffef33b6d28 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc [ 32.996942][ T584] RAX: ffffffffffffffda RBX: 00007f9d73c15fa0 RCX: 00007f9d7399c819 [ 33.004939][ T584] RDX: 00002000000013c0 RSI: 0000200000000140 RDI: 0000200000000100 [ 33.012956][ T584] RBP: 00007f9d73a32c91 R08: 0000000000000000 R09: 0000000000000000 [ 33.020947][ T584] R10: 0000000000000700 R11: 0000000000000246 R12: 0000000000000000 [ 33.028936][ T584] R13: 00007f9d73c15fac R14: 00007f9d73c15fa0 R15: 00007f9d73c15fa0 [ 33.036931][ T584] [ 33.039974][ T584] [ 33.042312][ T584] Allocated by task 584: [ 33.046568][ T584] kasan_set_track+0x4b/0x70 [ 33.051195][ T584] kasan_save_alloc_info+0x25/0x30 [ 33.056342][ T584] __kasan_kmalloc+0x95/0xb0 [ 33.061044][ T584] __kmalloc_node_track_caller+0xb1/0x1e0 [ 33.066780][ T584] kmemdup+0x2b/0x60 [ 33.070698][ T584] ext4_xattr_block_set+0x9d5/0x3260 [ 33.076015][ T584] ext4_xattr_set_handle+0xe3b/0x1570 [ 33.081423][ T584] ext4_xattr_set+0x242/0x320 [ 33.086129][ T584] ext4_xattr_security_set+0x3c/0x50 [ 33.091430][ T584] __vfs_setxattr+0x3f2/0x440 [ 33.096129][ T584] __vfs_setxattr_noperm+0x12a/0x5e0 [ 33.101445][ T584] __vfs_setxattr_locked+0x212/0x230 [ 33.106760][ T584] vfs_setxattr+0x167/0x2e0 [ 33.111318][ T584] setxattr+0x346/0x360 [ 33.115498][ T584] path_setxattr+0x147/0x290 [ 33.120117][ T584] __x64_sys_setxattr+0xc5/0xe0 [ 33.125007][ T584] x64_sys_call+0x633/0x9a0 [ 33.129631][ T584] do_syscall_64+0x4c/0xa0 [ 33.134068][ T584] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 33.139986][ T584] [ 33.142328][ T584] The buggy address belongs to the object at ffff888110491800 [ 33.142328][ T584] which belongs to the cache kmalloc-1k of size 1024 [ 33.156412][ T584] The buggy address is located 64 bytes inside of [ 33.156412][ T584] 1024-byte region [ffff888110491800, ffff888110491c00) [ 33.169794][ T584] [ 33.172135][ T584] The buggy address belongs to the physical page: [ 33.178564][ T584] page:ffffea0004412400 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888110495000 pfn:0x110490 [ 33.190245][ T584] head:ffffea0004412400 order:3 compound_mapcount:0 compound_pincount:0 [ 33.198606][ T584] flags: 0x4000000000010200(slab|head|zone=1) [ 33.204724][ T584] raw: 4000000000010200 ffffea0004866400 dead000000000003 ffff888100043080 [ 33.213334][ T584] raw: ffff888110495000 000000008010000c 00000001ffffffff 0000000000000000 [ 33.221926][ T584] page dumped because: kasan: bad access detected [ 33.228363][ T584] page_owner tracks the page as allocated [ 33.234084][ T584] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 100, tgid 100 (rcS), ts 5622436646, free_ts 0 [ 33.253543][ T584] post_alloc_hook+0x1f5/0x210 [ 33.258324][ T584] prep_new_page+0x1c/0x110 [ 33.262860][ T584] get_page_from_freelist+0x2d12/0x2d80 [ 33.268420][ T584] __alloc_pages+0x1fa/0x610 [ 33.273116][ T584] alloc_slab_page+0x6e/0xf0 [ 33.277733][ T584] new_slab+0x98/0x3d0 [ 33.281841][ T584] ___slab_alloc+0x6bd/0xb20 [ 33.286453][ T584] __slab_alloc+0x5e/0xa0 [ 33.290894][ T584] __kmem_cache_alloc_node+0x203/0x2c0 [ 33.296375][ T584] __kmalloc+0xa1/0x1e0 [ 33.300546][ T584] load_elf_binary+0x264/0x2800 [ 33.305419][ T584] bprm_execve+0x79b/0x1450 [ 33.309945][ T584] do_execveat_common+0x915/0xa70 [ 33.315007][ T584] __x64_sys_execve+0x92/0xb0 [ 33.319702][ T584] x64_sys_call+0x98/0x9a0 [ 33.324140][ T584] do_syscall_64+0x4c/0xa0 [ 33.328576][ T584] page_owner free stack trace missing [ 33.333968][ T584] [ 33.336317][ T584] Memory state around the buggy address: [ 33.341959][ T584] ffff888110491700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.350027][ T584] ffff888110491780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.358113][ T584] >ffff888110491800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.366188][ T584] ^ [ 33.372348][ T584] ffff888110491880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.380415][ T584] ffff888110491900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.388582][ T584] ================================================================== [ 33.402760][ T28] kauditd_printk_skb: 33 callbacks suppressed [ 33.402773][ T28] audit: type=1400 audit(1776519401.006:107): avc: denied { read } for pid=84 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 33.408645][ T584] Disabling lock debugging due to kernel taint [ 33.408906][ T28] audit: type=1400 audit(1776519401.006:108): avc: denied { search } for pid=84 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 33.458435][ T28] audit: type=1400 audit(1776519401.006:109): avc: denied { write } for pid=84 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 33.480180][ T28] audit: type=1400 audit(1776519401.006:110): avc: denied { add_name } for pid=84 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 33.500977][ T28] audit: type=1400 audit(1776519401.006:111): avc: denied { create } for pid=84 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 33.522115][ T28] audit: type=1400 audit(1776519401.006:112): avc: denied { append open } for pid=84 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 33.545213][ T28] audit: type=1400 audit(1776519401.006:113): avc: denied { getattr } for pid=84 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 34.512381][ T695] EXT4-fs mount: 157 callbacks suppressed [ 34.512398][ T695] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 34.533586][ T355] EXT4-fs (loop2): unmounting filesystem. [ 34.552207][ T698] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 34.565348][ T355] EXT4-fs (loop2): unmounting filesystem. [ 34.602251][ T701] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 34.617453][ T355] EXT4-fs (loop2): unmounting filesystem. [ 34.642242][ T704] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 34.655628][ T355] EXT4-fs (loop2): unmounting filesystem. [ 34.682382][ T707] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 34.695498][ T355] EXT4-fs (loop2): unmounting filesystem. [ 34.732198][ T710] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 34.745835][ T355] EXT4-fs (loop2): unmounting filesystem. [ 34.772764][ T713] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 34.785545][ T355] EXT4-fs (loop2): unmounting filesystem. [ 34.816837][ T716] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 34.829144][ T355] EXT4-fs (loop2): unmounting filesystem. [ 34.852297][ T719] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. 2026/04/18 13:36:42 executed programs: 123 [ 34.865955][ T355] EXT4-fs (loop2): unmounting filesystem. [ 34.873171][ T28] audit: type=1400 audit(1776519402.476:114): avc: denied { write } for pid=282 comm="syz-execprog" path="pipe:[14932]" dev="pipefs" ino=14932 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 34.912394][ T722] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 34.931722][ T355] EXT4-fs (loop2): unmounting filesystem. [ 34.963739][ T725] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 34.978582][ T355] EXT4-fs (loop2): unmounting filesystem. [ 35.012801][ T728] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 35.032854][ T355] EXT4-fs (loop2): unmounting filesystem. [ 35.052347][ T731] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 35.065099][ T355] EXT4-fs (loop2): unmounting filesystem. [ 35.103140][ T734] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 35.115552][ T355] EXT4-fs (loop2): unmounting filesystem. [ 35.142228][ T737] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 35.157860][ T355] EXT4-fs (loop2): unmounting filesystem. [ 35.182573][ T740] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 35.194847][ T355] EXT4-fs (loop2): unmounting filesystem. [ 35.222202][ T743] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 35.234700][ T355] EXT4-fs (loop2): unmounting filesystem. [ 35.250072][ T746] set_capacity_and_notify: 117 callbacks suppressed [ 35.250090][ T746] loop2: detected capacity change from 0 to 1024 [ 35.272243][ T746] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 35.284849][ T355] EXT4-fs (loop2): unmounting filesystem. [ 35.299934][ T749] loop2: detected capacity change from 0 to 1024 [ 35.322276][ T749] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 35.337287][ T355] EXT4-fs (loop2): unmounting filesystem. [ 35.352649][ T752] loop2: detected capacity change from 0 to 1024 [ 35.372213][ T752] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 35.386628][ T355] EXT4-fs (loop2): unmounting filesystem. [ 35.410265][ T755] loop2: detected capacity change from 0 to 1024 [ 35.423164][ T755] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 35.436324][ T355] EXT4-fs (loop2): unmounting filesystem. [ 35.453170][ T759] loop2: detected capacity change from 0 to 1024 [ 35.472419][ T759] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 35.485309][ T355] EXT4-fs (loop2): unmounting filesystem. [ 35.502204][ T762] loop2: detected capacity change from 0 to 1024 [ 35.512829][ T762] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 35.525768][ T355] EXT4-fs (loop2): unmounting filesystem. [ 35.541635][ T765] loop2: detected capacity change from 0 to 1024 [ 35.552382][ T765] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 35.564971][ T355] EXT4-fs (loop2): unmounting filesystem. [ 35.581731][ T768] loop2: detected capacity change from 0 to 1024 [ 35.592527][ T768] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 35.604926][ T355] EXT4-fs (loop2): unmounting filesystem. [ 35.622177][ T771] loop2: detected capacity change from 0 to 1024 [ 35.632491][ T771] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 35.645151][ T355] EXT4-fs (loop2): unmounting filesystem. [ 35.660273][ T774] loop2: detected capacity change from 0 to 1024 [ 35.674057][ T774] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 35.686429][ T355] EXT4-fs (loop2): unmounting filesystem. [ 35.712184][ T777] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 35.725355][ T355] EXT4-fs (loop2): unmounting filesystem. [ 35.754395][ T780] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 35.767050][ T355] EXT4-fs (loop2): unmounting filesystem. [ 35.792638][ T783] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 35.805587][ T355] EXT4-fs (loop2): unmounting filesystem. [ 35.843033][ T786] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 35.856060][ T355] EXT4-fs (loop2): unmounting filesystem. [ 35.882527][ T789] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 35.894277][ T355] EXT4-fs (loop2): unmounting filesystem. 2026/04/18 13:36:47 executed programs: 322 [ 40.267178][ T1364] set_capacity_and_notify: 193 callbacks suppressed [ 40.267195][ T1364] loop2: detected capacity change from 0 to 1024 [ 40.304905][ T1367] loop2: detected capacity change from 0 to 1024 [ 40.345327][ T1370] loop2: detected capacity change from 0 to 1024 [ 40.376862][ T1373] loop2: detected capacity change from 0 to 1024 [ 40.408626][ T1376] loop2: detected capacity change from 0 to 1024 [ 40.436878][ T1379] loop2: detected capacity change from 0 to 1024 [ 40.475276][ T1382] loop2: detected capacity change from 0 to 1024 [ 40.518252][ T1386] loop2: detected capacity change from 0 to 1024 [ 40.546381][ T1389] loop2: detected capacity change from 0 to 1024 [ 40.585717][ T1392] loop2: detected capacity change from 0 to 1024