Warning: Permanently added '10.128.0.124' (ED25519) to the list of known hosts. 2026/05/06 18:14:43 parsed 1 programs [ 25.962876][ T30] audit: type=1400 audit(1778091283.432:64): avc: denied { node_bind } for pid=293 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 25.984632][ T30] audit: type=1400 audit(1778091283.432:65): avc: denied { module_request } for pid=293 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 26.672633][ T30] audit: type=1400 audit(1778091284.142:66): avc: denied { mounton } for pid=299 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2024 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 26.673748][ T299] cgroup: Unknown subsys name 'net' [ 26.697379][ T30] audit: type=1400 audit(1778091284.142:67): avc: denied { mount } for pid=299 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 26.725459][ T30] audit: type=1400 audit(1778091284.172:68): avc: denied { unmount } for pid=299 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 26.725828][ T299] cgroup: Unknown subsys name 'devices' [ 26.898141][ T299] cgroup: Unknown subsys name 'hugetlb' [ 26.904049][ T299] cgroup: Unknown subsys name 'rlimit' [ 27.045530][ T30] audit: type=1400 audit(1778091284.512:69): avc: denied { setattr } for pid=299 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 27.068864][ T30] audit: type=1400 audit(1778091284.512:70): avc: denied { create } for pid=299 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 27.089696][ T30] audit: type=1400 audit(1778091284.522:71): avc: denied { write } for pid=299 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 27.095596][ T304] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 27.110679][ T30] audit: type=1400 audit(1778091284.522:72): avc: denied { read } for pid=299 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 27.140454][ T30] audit: type=1400 audit(1778091284.522:73): avc: denied { mounton } for pid=299 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 27.202872][ T299] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 27.656649][ T306] request_module fs-gadgetfs succeeded, but still no fs? [ 27.889978][ T323] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.897428][ T323] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.904900][ T323] device bridge_slave_0 entered promiscuous mode [ 27.911959][ T323] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.919178][ T323] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.927412][ T323] device bridge_slave_1 entered promiscuous mode [ 27.965692][ T323] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.973636][ T323] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.981007][ T323] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.988864][ T323] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.007132][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 28.014932][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.022325][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.032305][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 28.040940][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.048199][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.058123][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 28.066695][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.074183][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.086957][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 28.096653][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 28.110652][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 28.121577][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 28.129771][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 28.137397][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 28.147120][ T323] device veth0_vlan entered promiscuous mode [ 28.157005][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 28.166379][ T323] device veth1_macvtap entered promiscuous mode [ 28.175075][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 28.185061][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 2026/05/06 18:14:46 executed programs: 0 [ 28.877965][ T368] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.885153][ T368] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.892929][ T368] device bridge_slave_0 entered promiscuous mode [ 28.903185][ T368] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.910369][ T368] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.917967][ T368] device bridge_slave_1 entered promiscuous mode [ 28.959046][ T368] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.966247][ T368] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.973592][ T368] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.980643][ T368] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.001006][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 29.008670][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.016493][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.025474][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 29.034301][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.041838][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.051014][ T45] device bridge_slave_1 left promiscuous mode [ 29.057518][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.065162][ T45] device bridge_slave_0 left promiscuous mode [ 29.071722][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.079679][ T45] device veth1_macvtap left promiscuous mode [ 29.085685][ T45] device veth0_vlan left promiscuous mode [ 29.219740][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 29.228192][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.235474][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.249002][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 29.257267][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 29.270486][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 29.282742][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 29.291618][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 29.300478][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 29.309198][ T368] device veth0_vlan entered promiscuous mode [ 29.319211][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 29.328309][ T368] device veth1_macvtap entered promiscuous mode [ 29.337552][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 29.352727][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 29.381248][ T373] loop2: detected capacity change from 0 to 1024 [ 29.444786][ T373] ======================================================= [ 29.444786][ T373] WARNING: The mand mount option has been deprecated and [ 29.444786][ T373] and is ignored by this kernel. Remove the mand [ 29.444786][ T373] option from the mount to silence this warning. [ 29.444786][ T373] ======================================================= [ 29.488766][ T373] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 29.505506][ T373] ================================================================== [ 29.513758][ T373] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x1e04/0x3940 [ 29.521692][ T373] Read of size 18446744073709550624 at addr ffff88812e8297e0 by task syz.2.17/373 [ 29.530983][ T373] [ 29.533307][ T373] CPU: 0 PID: 373 Comm: syz.2.17 Not tainted syzkaller #0 [ 29.540625][ T373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 29.550793][ T373] Call Trace: [ 29.554317][ T373] [ 29.557369][ T373] __dump_stack+0x21/0x30 [ 29.561795][ T373] dump_stack_lvl+0x110/0x170 [ 29.566602][ T373] ? show_regs_print_info+0x20/0x20 [ 29.571792][ T373] ? load_image+0x3e0/0x3e0 [ 29.576281][ T373] print_address_description+0x7f/0x2c0 [ 29.581958][ T373] ? ext4_xattr_set_entry+0x1e04/0x3940 [ 29.587514][ T373] kasan_report+0xf1/0x140 [ 29.592042][ T373] ? ext4_xattr_set_entry+0x1e04/0x3940 [ 29.597854][ T373] ? ext4_xattr_set_entry+0x1e04/0x3940 [ 29.603515][ T373] kasan_check_range+0x249/0x2a0 [ 29.608576][ T373] ? ext4_xattr_set_entry+0x1e04/0x3940 [ 29.614297][ T373] memmove+0x2d/0x70 [ 29.618358][ T373] ext4_xattr_set_entry+0x1e04/0x3940 [ 29.623828][ T373] ? ext4_xattr_ibody_set+0x360/0x360 [ 29.629199][ T373] ? __mb_cache_entry_free+0x253/0x390 [ 29.634661][ T373] ? kmem_cache_free+0x100/0x320 [ 29.639596][ T373] ? mb_cache_entry_delete_or_get+0x203/0x220 [ 29.645761][ T373] ext4_xattr_block_set+0x4f8/0x2d10 [ 29.651219][ T373] ? __kasan_check_read+0x11/0x20 [ 29.656324][ T373] ? __ext4_xattr_check_block+0x265/0x8e0 [ 29.662487][ T373] ? ext4_xattr_block_find+0x4f0/0x4f0 [ 29.668111][ T373] ext4_xattr_set_handle+0xbc4/0x12b0 [ 29.673747][ T373] ? ext4_xattr_set_entry+0x3940/0x3940 [ 29.679512][ T373] ? ext4_xattr_set+0x20c/0x320 [ 29.684364][ T373] ? __ext4_journal_start_sb+0x154/0x2b0 [ 29.689992][ T373] ext4_xattr_set+0x242/0x320 [ 29.694867][ T373] ? ext4_xattr_set_credits+0x290/0x290 [ 29.700618][ T373] ? selinux_inode_setxattr+0x5d9/0xc00 [ 29.706269][ T373] ext4_xattr_trusted_set+0x3c/0x50 [ 29.711529][ T373] ? ext4_xattr_trusted_get+0x40/0x40 [ 29.717004][ T373] __vfs_setxattr+0x3e1/0x430 [ 29.721717][ T373] __vfs_setxattr_noperm+0x12a/0x5e0 [ 29.727010][ T373] __vfs_setxattr_locked+0x212/0x230 [ 29.732387][ T373] vfs_setxattr+0x167/0x2e0 [ 29.736908][ T373] ? xattr_permission+0x550/0x550 [ 29.741937][ T373] ? _copy_from_user+0x95/0xd0 [ 29.746705][ T373] setxattr+0x36c/0x390 [ 29.750962][ T373] ? path_setxattr+0x290/0x290 [ 29.755812][ T373] ? debug_smp_processor_id+0x17/0x20 [ 29.761189][ T373] ? __mnt_want_write+0x1e6/0x260 [ 29.766463][ T373] ? mnt_want_write+0x20b/0x2e0 [ 29.771408][ T373] path_setxattr+0x147/0x290 [ 29.776086][ T373] ? simple_xattr_list_add+0x120/0x120 [ 29.781739][ T373] __x64_sys_lsetxattr+0xc2/0xe0 [ 29.786779][ T373] x64_sys_call+0x8cc/0x9a0 [ 29.791285][ T373] do_syscall_64+0x4c/0xa0 [ 29.795795][ T373] ? clear_bhb_loop+0x50/0xa0 [ 29.800572][ T373] ? clear_bhb_loop+0x50/0xa0 [ 29.805344][ T373] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 29.811343][ T373] RIP: 0033:0x7f780ef8cdd9 [ 29.815849][ T373] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 29.835630][ T373] RSP: 002b:00007ffdef397808 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 29.844047][ T373] RAX: ffffffffffffffda RBX: 00007f780f205fa0 RCX: 00007f780ef8cdd9 [ 29.852311][ T373] RDX: 0000200000000440 RSI: 00002000000000c0 RDI: 0000200000000100 [ 29.860386][ T373] RBP: 00007f780f022d69 R08: 0000000000000000 R09: 0000000000000000 [ 29.868622][ T373] R10: 000000000000fe37 R11: 0000000000000246 R12: 0000000000000000 [ 29.876594][ T373] R13: 00007f780f205fac R14: 00007f780f205fa0 R15: 00007f780f205fa0 [ 29.884658][ T373] [ 29.887767][ T373] [ 29.890103][ T373] The buggy address belongs to the page: [ 29.895795][ T373] page:ffffea0004ba0a40 refcount:2 mapcount:0 mapping:ffff8881093705d8 index:0x1c pfn:0x12e829 [ 29.906483][ T373] memcg:ffff88811d61c500 [ 29.910717][ T373] aops:def_blk_aops ino:700002 [ 29.915480][ T373] flags: 0x400000000000203a(referenced|dirty|lru|active|private|zone=1) [ 29.923917][ T373] raw: 400000000000203a ffffea00044337c8 ffffea0004ba0a08 ffff8881093705d8 [ 29.932608][ T373] raw: 000000000000001c ffff888100414498 00000002ffffffff ffff88811d61c500 [ 29.941191][ T373] page dumped because: kasan: bad access detected [ 29.947686][ T373] page_owner tracks the page as allocated [ 29.953657][ T373] page last allocated via order 0, migratetype Movable, gfp_mask 0x108c48(GFP_NOFS|__GFP_NOFAIL|__GFP_HARDWALL|__GFP_MOVABLE), pid 373, ts 29503558300, free_ts 29392237937 [ 29.971281][ T373] post_alloc_hook+0x192/0x1b0 [ 29.976074][ T373] prep_new_page+0x1c/0x110 [ 29.981028][ T373] get_page_from_freelist+0x2d3a/0x2dc0 [ 29.986656][ T373] __alloc_pages+0x1a2/0x460 [ 29.991278][ T373] pagecache_get_page+0xac6/0xde0 [ 29.997920][ T373] __getblk_gfp+0x238/0x7d0 [ 30.002729][ T373] ext4_xattr_block_set+0x1d7c/0x2d10 [ 30.008297][ T373] ext4_xattr_set_handle+0xbc4/0x12b0 [ 30.014451][ T373] ext4_xattr_set+0x242/0x320 [ 30.019301][ T373] ext4_xattr_user_set+0xc4/0xf0 [ 30.024542][ T373] __vfs_setxattr+0x3e1/0x430 [ 30.029462][ T373] __vfs_setxattr_noperm+0x12a/0x5e0 [ 30.034847][ T373] __vfs_setxattr_locked+0x212/0x230 [ 30.040696][ T373] vfs_setxattr+0x167/0x2e0 [ 30.045287][ T373] setxattr+0x36c/0x390 [ 30.049448][ T373] path_setxattr+0x147/0x290 [ 30.054148][ T373] page last free stack trace: [ 30.058940][ T373] free_unref_page_prepare+0x542/0x550 [ 30.064498][ T373] free_unref_page_list+0x13a/0x9d0 [ 30.070133][ T373] release_pages+0x1006/0x1060 [ 30.074910][ T373] free_pages_and_swap_cache+0x86/0xa0 [ 30.080480][ T373] tlb_finish_mmu+0x17e/0x310 [ 30.085255][ T373] unmap_region+0x344/0x3b0 [ 30.089770][ T373] __do_munmap+0xa24/0x1020 [ 30.094476][ T373] __vm_munmap+0x163/0x2b0 [ 30.099069][ T373] __x64_sys_munmap+0x6b/0x80 [ 30.103926][ T373] x64_sys_call+0xc9/0x9a0 [ 30.108366][ T373] do_syscall_64+0x4c/0xa0 [ 30.112817][ T373] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 30.119010][ T373] [ 30.121335][ T373] Memory state around the buggy address: [ 30.127327][ T373] ffff88812e829680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.135646][ T373] ffff88812e829700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.143726][ T373] >ffff88812e829780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.152575][ T373] ^ [ 30.160098][ T373] ffff88812e829800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.168540][ T373] ffff88812e829880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.177341][ T373] ================================================================== [ 30.185593][ T373] Disabling lock debugging due to kernel taint