Warning: Permanently added '10.128.0.181' (ED25519) to the list of known hosts. 2026/04/18 16:18:12 parsed 1 programs [ 21.279047][ T28] audit: type=1400 audit(1776529092.578:64): avc: denied { node_bind } for pid=282 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 21.282327][ T28] audit: type=1400 audit(1776529092.578:65): avc: denied { module_request } for pid=282 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 22.055393][ T28] audit: type=1400 audit(1776529093.348:66): avc: denied { mounton } for pid=290 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 22.056346][ T290] cgroup: Unknown subsys name 'net' [ 22.078570][ T28] audit: type=1400 audit(1776529093.348:67): avc: denied { mount } for pid=290 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 22.106067][ T28] audit: type=1400 audit(1776529093.378:68): avc: denied { unmount } for pid=290 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 22.106213][ T290] cgroup: Unknown subsys name 'devices' [ 22.250199][ T290] cgroup: Unknown subsys name 'hugetlb' [ 22.255839][ T290] cgroup: Unknown subsys name 'rlimit' [ 22.364354][ T28] audit: type=1400 audit(1776529093.658:69): avc: denied { setattr } for pid=290 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 22.383948][ T293] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 22.387658][ T28] audit: type=1400 audit(1776529093.658:70): avc: denied { create } for pid=290 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 22.416737][ T28] audit: type=1400 audit(1776529093.658:71): avc: denied { write } for pid=290 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 22.437127][ T290] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 22.437502][ T28] audit: type=1400 audit(1776529093.658:72): avc: denied { read } for pid=290 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 22.466315][ T28] audit: type=1400 audit(1776529093.658:73): avc: denied { mounton } for pid=290 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 23.165411][ T295] request_module fs-gadgetfs succeeded, but still no fs? [ 23.857001][ T347] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.864714][ T347] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.872285][ T347] device bridge_slave_0 entered promiscuous mode [ 23.879127][ T347] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.886237][ T347] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.893999][ T347] device bridge_slave_1 entered promiscuous mode [ 23.931241][ T347] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.938322][ T347] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.945620][ T347] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.952657][ T347] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.971426][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.979395][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.986602][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.995720][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.003940][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.011055][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.019967][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.028253][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.035300][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.047538][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.057019][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.076557][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.087919][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.095991][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.103531][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.118752][ T347] device veth0_vlan entered promiscuous mode [ 24.128705][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.137688][ T347] device veth1_macvtap entered promiscuous mode [ 24.147274][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.157347][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.198163][ T347] syz-executor (347) used greatest stack depth: 21792 bytes left 2026/04/18 16:18:15 executed programs: 0 [ 24.388874][ T358] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.395927][ T358] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.403712][ T358] device bridge_slave_0 entered promiscuous mode [ 24.416367][ T358] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.423669][ T358] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.431252][ T358] device bridge_slave_1 entered promiscuous mode [ 24.476746][ T358] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.483821][ T358] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.491244][ T358] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.498305][ T358] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.516683][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.525273][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.532627][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.545834][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.554465][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.561613][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.569236][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.577385][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.584478][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.601257][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.609299][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.623219][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.634375][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.642588][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.650424][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.659025][ T358] device veth0_vlan entered promiscuous mode [ 24.669931][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.680423][ T358] device veth1_macvtap entered promiscuous mode [ 24.690019][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.699936][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.726640][ T363] loop2: detected capacity change from 0 to 1024 [ 24.733537][ T363] ======================================================= [ 24.733537][ T363] WARNING: The mand mount option has been deprecated and [ 24.733537][ T363] and is ignored by this kernel. Remove the mand [ 24.733537][ T363] option from the mount to silence this warning. [ 24.733537][ T363] ======================================================= [ 24.779997][ T363] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 24.793056][ T358] EXT4-fs (loop2): unmounting filesystem. [ 24.807965][ T367] loop2: detected capacity change from 0 to 1024 [ 24.819839][ T367] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 24.835720][ T358] EXT4-fs (loop2): unmounting filesystem. [ 24.851364][ T370] loop2: detected capacity change from 0 to 1024 [ 24.875479][ T370] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 24.895393][ T358] EXT4-fs (loop2): unmounting filesystem. [ 24.912665][ T374] loop2: detected capacity change from 0 to 1024 [ 24.929606][ T374] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 24.948696][ T358] EXT4-fs (loop2): unmounting filesystem. [ 24.963804][ T377] loop2: detected capacity change from 0 to 1024 [ 24.989818][ T377] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 25.003236][ T358] EXT4-fs (loop2): unmounting filesystem. [ 25.020321][ T380] loop2: detected capacity change from 0 to 1024 [ 25.029955][ T380] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 25.041802][ T358] EXT4-fs (loop2): unmounting filesystem. [ 25.062255][ T383] loop2: detected capacity change from 0 to 1024 [ 25.079948][ T383] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 25.092881][ T358] EXT4-fs (loop2): unmounting filesystem. [ 25.112816][ T386] loop2: detected capacity change from 0 to 1024 [ 25.131923][ T386] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 25.145156][ T358] EXT4-fs (loop2): unmounting filesystem. [ 25.161039][ T389] loop2: detected capacity change from 0 to 1024 [ 25.172073][ T389] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 25.187899][ T358] EXT4-fs (loop2): unmounting filesystem. [ 25.207230][ T392] loop2: detected capacity change from 0 to 1024 [ 25.219899][ T392] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 25.233147][ T8] device bridge_slave_1 left promiscuous mode [ 25.234182][ T358] EXT4-fs (loop2): unmounting filesystem. [ 25.239585][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.252871][ T8] device bridge_slave_0 left promiscuous mode [ 25.264859][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.274490][ T8] device veth1_macvtap left promiscuous mode [ 25.280668][ T8] device veth0_vlan left promiscuous mode [ 25.283195][ T395] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 25.304882][ T358] EXT4-fs (loop2): unmounting filesystem. [ 25.344147][ T398] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 25.369601][ T358] EXT4-fs (loop2): unmounting filesystem. [ 25.389911][ T401] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 25.402636][ T358] EXT4-fs (loop2): unmounting filesystem. [ 25.429853][ T404] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 25.442246][ T358] EXT4-fs (loop2): unmounting filesystem. [ 25.469780][ T407] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 25.485292][ T358] EXT4-fs (loop2): unmounting filesystem. [ 25.511073][ T410] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 25.523616][ T358] EXT4-fs (loop2): unmounting filesystem. [ 25.549962][ T413] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 25.562770][ T358] EXT4-fs (loop2): unmounting filesystem. [ 25.591982][ T416] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 25.605633][ T358] EXT4-fs (loop2): unmounting filesystem. [ 25.631330][ T419] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 25.644208][ T358] EXT4-fs (loop2): unmounting filesystem. [ 25.671989][ T422] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 25.685364][ T358] EXT4-fs (loop2): unmounting filesystem. [ 25.710027][ T425] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 25.722872][ T358] EXT4-fs (loop2): unmounting filesystem. [ 25.750611][ T428] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 25.763258][ T358] EXT4-fs (loop2): unmounting filesystem. [ 25.799846][ T431] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 25.812431][ T358] EXT4-fs (loop2): unmounting filesystem. [ 25.839614][ T434] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 25.852527][ T358] EXT4-fs (loop2): unmounting filesystem. [ 25.879527][ T437] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 25.892557][ T358] EXT4-fs (loop2): unmounting filesystem. [ 25.911515][ T440] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 25.923795][ T358] EXT4-fs (loop2): unmounting filesystem. [ 25.950360][ T443] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 25.962692][ T358] EXT4-fs (loop2): unmounting filesystem. [ 25.989578][ T446] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 26.001932][ T446] ================================================================== [ 26.010037][ T446] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x979/0x21d0 [ 26.017768][ T446] Read of size 18446744073709551588 at addr ffff8881153b5040 by task syz.2.44/446 [ 26.026962][ T446] [ 26.029284][ T446] CPU: 1 PID: 446 Comm: syz.2.44 Not tainted syzkaller #0 [ 26.036402][ T446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 26.046461][ T446] Call Trace: [ 26.049751][ T446] [ 26.052806][ T446] __dump_stack+0x21/0x24 [ 26.057143][ T446] dump_stack_lvl+0x110/0x170 [ 26.061823][ T446] ? __cfi_dump_stack_lvl+0x8/0x8 [ 26.066932][ T446] ? kasan_save_alloc_info+0x25/0x30 [ 26.072419][ T446] ? ext4_xattr_block_set+0x9d5/0x3260 [ 26.077883][ T446] ? ext4_xattr_set+0x242/0x320 [ 26.082746][ T446] ? ext4_xattr_security_set+0x3c/0x50 [ 26.088389][ T446] ? ext4_xattr_set_entry+0x979/0x21d0 [ 26.093952][ T446] print_address_description+0x71/0x200 [ 26.099501][ T446] print_report+0x4a/0x60 [ 26.103839][ T446] kasan_report+0x122/0x150 [ 26.108437][ T446] ? ext4_xattr_set_entry+0x979/0x21d0 [ 26.113908][ T446] ? ext4_xattr_set_entry+0x979/0x21d0 [ 26.119720][ T446] kasan_check_range+0x249/0x2a0 [ 26.124770][ T446] ? ext4_xattr_set_entry+0x979/0x21d0 [ 26.130253][ T446] memmove+0x2d/0x70 [ 26.134366][ T446] ext4_xattr_set_entry+0x979/0x21d0 [ 26.139766][ T446] ext4_xattr_block_set+0xad3/0x3260 [ 26.145100][ T446] ? __kasan_check_write+0x14/0x20 [ 26.150408][ T446] ? iput+0x620/0x670 [ 26.154488][ T446] ? ext4_xattr_block_find+0x310/0x310 [ 26.160046][ T446] ext4_xattr_set_handle+0xe3b/0x1570 [ 26.165625][ T446] ? __cfi_ext4_xattr_set_handle+0x10/0x10 [ 26.171472][ T446] ? __kasan_check_read+0x11/0x20 [ 26.176531][ T446] ? __ext4_journal_start_sb+0x2ed/0x4a0 [ 26.182189][ T446] ext4_xattr_set+0x242/0x320 [ 26.186882][ T446] ? ns_capable+0x8c/0xf0 [ 26.191238][ T446] ? __cfi_ext4_xattr_set+0x10/0x10 [ 26.196467][ T446] ? selinux_inode_setxattr+0x5cf/0xbf0 [ 26.202038][ T446] ext4_xattr_security_set+0x3c/0x50 [ 26.207374][ T446] ? __cfi_ext4_xattr_security_set+0x10/0x10 [ 26.213368][ T446] __vfs_setxattr+0x3f2/0x440 [ 26.218256][ T446] __vfs_setxattr_noperm+0x12a/0x5e0 [ 26.223550][ T446] __vfs_setxattr_locked+0x212/0x230 [ 26.229118][ T446] vfs_setxattr+0x167/0x2e0 [ 26.233649][ T446] ? __cfi_vfs_setxattr+0x10/0x10 [ 26.238696][ T446] ? copy_user_enhanced_fast_string+0xa/0x40 [ 26.244699][ T446] setxattr+0x346/0x360 [ 26.248877][ T446] ? path_setxattr+0x290/0x290 [ 26.253670][ T446] ? __mnt_want_write+0x1e6/0x260 [ 26.258706][ T446] ? mnt_want_write+0x220/0x300 [ 26.263569][ T446] path_setxattr+0x147/0x290 [ 26.268261][ T446] ? simple_xattr_list_add+0x120/0x120 [ 26.273821][ T446] __x64_sys_setxattr+0xc5/0xe0 [ 26.278678][ T446] x64_sys_call+0x633/0x9a0 [ 26.283182][ T446] do_syscall_64+0x4c/0xa0 [ 26.287600][ T446] ? clear_bhb_loop+0x30/0x80 [ 26.292276][ T446] ? clear_bhb_loop+0x30/0x80 [ 26.297039][ T446] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 26.302941][ T446] RIP: 0033:0x7f5a07b9c819 [ 26.307359][ T446] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 26.326966][ T446] RSP: 002b:00007ffca79fbe38 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc [ 26.335384][ T446] RAX: ffffffffffffffda RBX: 00007f5a07e15fa0 RCX: 00007f5a07b9c819 [ 26.343363][ T446] RDX: 00002000000013c0 RSI: 0000200000000140 RDI: 0000200000000100 [ 26.351423][ T446] RBP: 00007f5a07c32c91 R08: 0000000000000000 R09: 0000000000000000 [ 26.359396][ T446] R10: 0000000000000700 R11: 0000000000000246 R12: 0000000000000000 [ 26.367362][ T446] R13: 00007f5a07e15fac R14: 00007f5a07e15fa0 R15: 00007f5a07e15fa0 [ 26.375337][ T446] [ 26.378359][ T446] [ 26.380679][ T446] Allocated by task 446: [ 26.384915][ T446] kasan_set_track+0x4b/0x70 [ 26.389506][ T446] kasan_save_alloc_info+0x25/0x30 [ 26.394622][ T446] __kasan_kmalloc+0x95/0xb0 [ 26.399310][ T446] __kmalloc_node_track_caller+0xb1/0x1e0 [ 26.405035][ T446] kmemdup+0x2b/0x60 [ 26.408946][ T446] ext4_xattr_block_set+0x9d5/0x3260 [ 26.414335][ T446] ext4_xattr_set_handle+0xe3b/0x1570 [ 26.419711][ T446] ext4_xattr_set+0x242/0x320 [ 26.424394][ T446] ext4_xattr_security_set+0x3c/0x50 [ 26.429679][ T446] __vfs_setxattr+0x3f2/0x440 [ 26.434358][ T446] __vfs_setxattr_noperm+0x12a/0x5e0 [ 26.439642][ T446] __vfs_setxattr_locked+0x212/0x230 [ 26.444929][ T446] vfs_setxattr+0x167/0x2e0 [ 26.449430][ T446] setxattr+0x346/0x360 [ 26.453595][ T446] path_setxattr+0x147/0x290 [ 26.458186][ T446] __x64_sys_setxattr+0xc5/0xe0 [ 26.463038][ T446] x64_sys_call+0x633/0x9a0 [ 26.467691][ T446] do_syscall_64+0x4c/0xa0 [ 26.472110][ T446] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 26.478015][ T446] [ 26.480335][ T446] The buggy address belongs to the object at ffff8881153b5000 [ 26.480335][ T446] which belongs to the cache kmalloc-1k of size 1024 [ 26.494385][ T446] The buggy address is located 64 bytes inside of [ 26.494385][ T446] 1024-byte region [ffff8881153b5000, ffff8881153b5400) [ 26.507659][ T446] [ 26.509981][ T446] The buggy address belongs to the physical page: [ 26.516389][ T446] page:ffffea000454ec00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1153b0 [ 26.526625][ T446] head:ffffea000454ec00 order:3 compound_mapcount:0 compound_pincount:0 [ 26.534947][ T446] flags: 0x4000000000010200(slab|head|zone=1) [ 26.541015][ T446] raw: 4000000000010200 dead000000000100 dead000000000122 ffff888100043080 [ 26.549600][ T446] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 26.558176][ T446] page dumped because: kasan: bad access detected [ 26.564590][ T446] page_owner tracks the page as allocated [ 26.570305][ T446] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 109, tgid 109 (udevd), ts 5419137933, free_ts 0 [ 26.590015][ T446] post_alloc_hook+0x1f5/0x210 [ 26.594787][ T446] prep_new_page+0x1c/0x110 [ 26.599300][ T446] get_page_from_freelist+0x2d12/0x2d80 [ 26.604867][ T446] __alloc_pages+0x1fa/0x610 [ 26.609462][ T446] alloc_slab_page+0x6e/0xf0 [ 26.614056][ T446] new_slab+0x98/0x3d0 [ 26.618212][ T446] ___slab_alloc+0x6bd/0xb20 [ 26.622807][ T446] __slab_alloc+0x5e/0xa0 [ 26.627224][ T446] __kmem_cache_alloc_node+0x203/0x2c0 [ 26.632682][ T446] __kmalloc_node_track_caller+0xa0/0x1e0 [ 26.641355][ T446] __alloc_skb+0x236/0x4b0 [ 26.646206][ T446] netlink_sendmsg+0x635/0xbd0 [ 26.651062][ T446] ____sys_sendmsg+0x5cc/0x990 [ 26.655824][ T446] ___sys_sendmsg+0x2a2/0x360 [ 26.660507][ T446] __x64_sys_sendmsg+0x205/0x2d0 [ 26.665438][ T446] x64_sys_call+0x171/0x9a0 [ 26.669954][ T446] page_owner free stack trace missing [ 26.675315][ T446] [ 26.677633][ T446] Memory state around the buggy address: [ 26.683269][ T446] ffff8881153b4f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.691328][ T446] ffff8881153b4f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.699386][ T446] >ffff8881153b5000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.707531][ T446] ^ [ 26.713769][ T446] ffff8881153b5080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.721932][ T446] ffff8881153b5100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.729989][ T446] ================================================================== [ 26.742475][ T446] Disabling lock debugging due to kernel taint [ 26.748722][ T28] kauditd_printk_skb: 33 callbacks suppressed [ 26.748735][ T28] audit: type=1400 audit(1776529098.038:107): avc: denied { read } for pid=84 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 26.776890][ T28] audit: type=1400 audit(1776529098.038:108): avc: denied { search } for pid=84 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 26.798749][ T28] audit: type=1400 audit(1776529098.038:109): avc: denied { write } for pid=84 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 26.799455][ T358] EXT4-fs (loop2): unmounting filesystem. [ 26.820210][ T28] audit: type=1400 audit(1776529098.038:110): avc: denied { add_name } for pid=84 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 26.820240][ T28] audit: type=1400 audit(1776529098.038:111): avc: denied { create } for pid=84 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 26.820261][ T28] audit: type=1400 audit(1776529098.038:112): avc: denied { append open } for pid=84 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 26.820283][ T28] audit: type=1400 audit(1776529098.038:113): avc: denied { getattr } for pid=84 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 26.929745][ T449] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 26.942500][ T358] EXT4-fs (loop2): unmounting filesystem. [ 26.972010][ T452] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 26.984589][ T358] EXT4-fs (loop2): unmounting filesystem. [ 27.009609][ T456] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 27.023704][ T358] EXT4-fs (loop2): unmounting filesystem. [ 27.060699][ T459] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. 2026/04/18 16:18:20 executed programs: 135 [ 29.379502][ T28] audit: type=1400 audit(1776529100.678:114): avc: denied { write } for pid=282 comm="syz-execprog" path="pipe:[14672]" dev="pipefs" ino=14672 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 29.753288][ T819] set_capacity_and_notify: 141 callbacks suppressed [ 29.753304][ T819] loop2: detected capacity change from 0 to 1024 [ 29.784269][ T822] loop2: detected capacity change from 0 to 1024 [ 29.812260][ T825] loop2: detected capacity change from 0 to 1024 [ 29.854728][ T828] loop2: detected capacity change from 0 to 1024 [ 29.882933][ T831] loop2: detected capacity change from 0 to 1024 [ 29.924070][ T834] loop2: detected capacity change from 0 to 1024 [ 29.965324][ T837] loop2: detected capacity change from 0 to 1024 [ 29.994763][ T840] loop2: detected capacity change from 0 to 1024 [ 30.023691][ T843] loop2: detected capacity change from 0 to 1024 [ 30.054550][ T846] loop2: detected capacity change from 0 to 1024 [ 31.649547][ T296] I/O error, dev loop2, sector 24 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 34.039878][ T1366] EXT4-fs mount: 601 callbacks suppressed [ 34.039891][ T1366] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 34.060821][ T358] EXT4-fs (loop2): unmounting filesystem. [ 34.089831][ T1369] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 34.102858][ T358] EXT4-fs (loop2): unmounting filesystem. [ 34.139557][ T1372] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 34.152862][ T358] EXT4-fs (loop2): unmounting filesystem. [ 34.179651][ T1375] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 34.192659][ T358] EXT4-fs (loop2): unmounting filesystem. [ 34.230014][ T1378] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 34.242736][ T358] EXT4-fs (loop2): unmounting filesystem. [ 34.261300][ T1381] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 34.272961][ T358] EXT4-fs (loop2): unmounting filesystem. [ 34.302109][ T1384] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 34.315044][ T358] EXT4-fs (loop2): unmounting filesystem. [ 34.340423][ T1387] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 34.353540][ T358] EXT4-fs (loop2): unmounting filesystem. [ 34.379598][ T1390] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 34.392140][ T358] EXT4-fs (loop2): unmounting filesystem. 2026/04/18 16:18:25 executed programs: 346 [ 34.429832][ T1393] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 34.443459][ T358] EXT4-fs (loop2): unmounting filesystem. [ 34.479503][ T1396] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 34.493512][ T358] EXT4-fs (loop2): unmounting filesystem. [ 34.519363][ T1399] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 34.532145][ T358] EXT4-fs (loop2): unmounting filesystem. [ 34.559518][ T1402] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 34.572753][ T358] EXT4-fs (loop2): unmounting filesystem. [ 34.600104][ T1405] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 34.612753][ T358] EXT4-fs (loop2): unmounting filesystem. [ 34.640319][ T1408] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 34.655019][ T358] EXT4-fs (loop2): unmounting filesystem. [ 34.679853][ T1411] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 34.697316][ T358] EXT4-fs (loop2): unmounting filesystem. [ 34.719670][ T1414] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 34.732785][ T358] EXT4-fs (loop2): unmounting filesystem. [ 34.753114][ T1417] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 34.765672][ T358] EXT4-fs (loop2): unmounting filesystem. [ 34.781142][ T1420] set_capacity_and_notify: 189 callbacks suppressed [ 34.781157][ T1420] loop2: detected capacity change from 0 to 1024 [ 34.809504][ T1420] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 34.822507][ T358] EXT4-fs (loop2): unmounting filesystem. [ 34.837962][ T1423] loop2: detected capacity change from 0 to 1024 [ 34.859997][ T1423] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 34.873598][ T358] EXT4-fs (loop2): unmounting filesystem. [ 34.888817][ T1426] loop2: detected capacity change from 0 to 1024 [ 34.909537][ T1426] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 34.923213][ T358] EXT4-fs (loop2): unmounting filesystem. [ 34.938286][ T1429] loop2: detected capacity change from 0 to 1024 [ 34.949880][ T1429] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 34.965605][ T358] EXT4-fs (loop2): unmounting filesystem. [ 34.980712][ T1432] loop2: detected capacity change from 0 to 1024 [ 35.009587][ T1432] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 35.022839][ T358] EXT4-fs (loop2): unmounting filesystem. [ 35.038244][ T1435] loop2: detected capacity change from 0 to 1024 [ 35.059579][ T1435] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 35.072687][ T358] EXT4-fs (loop2): unmounting filesystem. [ 35.088456][ T1438] loop2: detected capacity change from 0 to 1024 [ 35.100307][ T1438] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 35.113781][ T358] EXT4-fs (loop2): unmounting filesystem. [ 35.129287][ T1441] loop2: detected capacity change from 0 to 1024 [ 35.140345][ T1441] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 35.154188][ T358] EXT4-fs (loop2): unmounting filesystem. [ 35.169481][ T1444] loop2: detected capacity change from 0 to 1024 [ 35.189734][ T1444] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 35.202389][ T358] EXT4-fs (loop2): unmounting filesystem. [ 35.220347][ T1447] loop2: detected capacity change from 0 to 1024 [ 35.239371][ T1447] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 35.253458][ T358] EXT4-fs (loop2): unmounting filesystem. [ 35.281245][ T1450] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 35.295802][ T358] EXT4-fs (loop2): unmounting filesystem. [ 35.319595][ T1453] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 35.332684][ T358] EXT4-fs (loop2): unmounting filesystem. [ 35.359600][ T1456] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 35.372192][ T358] EXT4-fs (loop2): unmounting filesystem. [ 35.391041][ T1460] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 35.403394][ T358] EXT4-fs (loop2): unmounting filesystem. SeaBIOS (version 1.8.2-google) Total RAM Size = 0x0000000200000000 = 8192 MiB