Warning: Permanently added '10.128.0.191' (ED25519) to the list of known hosts. 2026/04/04 17:30:21 parsed 1 programs [ 22.267463][ T28] audit: type=1400 audit(1775323821.307:64): avc: denied { node_bind } for pid=283 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 22.290159][ T28] audit: type=1400 audit(1775323821.307:65): avc: denied { module_request } for pid=283 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 23.079634][ T28] audit: type=1400 audit(1775323822.117:66): avc: denied { mounton } for pid=289 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 23.080640][ T289] cgroup: Unknown subsys name 'net' [ 23.102904][ T28] audit: type=1400 audit(1775323822.117:67): avc: denied { mount } for pid=289 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 23.130873][ T28] audit: type=1400 audit(1775323822.147:68): avc: denied { unmount } for pid=289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 23.131126][ T289] cgroup: Unknown subsys name 'devices' [ 23.275361][ T289] cgroup: Unknown subsys name 'hugetlb' [ 23.282192][ T289] cgroup: Unknown subsys name 'rlimit' [ 23.419211][ T28] audit: type=1400 audit(1775323822.457:69): avc: denied { setattr } for pid=289 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 23.439565][ T293] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 23.442744][ T28] audit: type=1400 audit(1775323822.457:70): avc: denied { create } for pid=289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 23.473471][ T28] audit: type=1400 audit(1775323822.457:71): avc: denied { write } for pid=289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 23.494784][ T28] audit: type=1400 audit(1775323822.457:72): avc: denied { read } for pid=289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 23.515540][ T289] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 23.515572][ T28] audit: type=1400 audit(1775323822.457:73): avc: denied { mounton } for pid=289 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 24.337878][ T298] request_module fs-gadgetfs succeeded, but still no fs? [ 24.696090][ T321] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.703490][ T321] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.710935][ T321] device bridge_slave_0 entered promiscuous mode [ 24.719360][ T321] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.726757][ T321] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.734266][ T321] device bridge_slave_1 entered promiscuous mode [ 24.774775][ T321] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.782283][ T321] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.790237][ T321] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.797375][ T321] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.816946][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.824185][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.831405][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 24.839122][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.849794][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.858359][ T10] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.865952][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.875141][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.883441][ T10] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.890554][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.905659][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.914930][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.928607][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.940088][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.948417][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.956348][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.965541][ T321] device veth0_vlan entered promiscuous mode [ 24.976171][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.985926][ T321] device veth1_macvtap entered promiscuous mode [ 24.995794][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.005689][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 2026/04/04 17:30:24 executed programs: 0 [ 25.429928][ T357] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.437373][ T357] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.445361][ T357] device bridge_slave_0 entered promiscuous mode [ 25.455448][ T357] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.462885][ T357] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.471119][ T357] device bridge_slave_1 entered promiscuous mode [ 25.519895][ T357] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.527458][ T357] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.535211][ T357] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.542264][ T357] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.563905][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 25.571946][ T326] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.579466][ T326] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.594315][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 25.602828][ T326] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.610407][ T326] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.618201][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 25.626819][ T326] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.634341][ T326] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.646936][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 25.656511][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 25.670553][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.682031][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.690771][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 25.698511][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 25.708270][ T357] device veth0_vlan entered promiscuous mode [ 25.718018][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 25.726570][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.735874][ T357] device veth1_macvtap entered promiscuous mode [ 25.745429][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 25.753773][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.762587][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.772753][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.781197][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.808864][ T361] loop2: detected capacity change from 0 to 1024 [ 25.816189][ T361] ======================================================= [ 25.816189][ T361] WARNING: The mand mount option has been deprecated and [ 25.816189][ T361] and is ignored by this kernel. Remove the mand [ 25.816189][ T361] option from the mount to silence this warning. [ 25.816189][ T361] ======================================================= [ 25.865249][ T361] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 25.878789][ T357] EXT4-fs (loop2): unmounting filesystem. [ 25.894428][ T365] loop2: detected capacity change from 0 to 1024 [ 25.914524][ T365] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 25.929746][ T357] EXT4-fs (loop2): unmounting filesystem. [ 25.947253][ T369] loop2: detected capacity change from 0 to 1024 [ 25.964632][ T369] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 25.978010][ T357] EXT4-fs (loop2): unmounting filesystem. [ 25.995373][ T372] loop2: detected capacity change from 0 to 1024 [ 26.007515][ T372] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 26.020128][ T357] EXT4-fs (loop2): unmounting filesystem. [ 26.038244][ T375] loop2: detected capacity change from 0 to 1024 [ 26.056972][ T375] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 26.070831][ T357] EXT4-fs (loop2): unmounting filesystem. [ 26.086471][ T378] loop2: detected capacity change from 0 to 1024 [ 26.107555][ T378] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 26.120241][ T357] EXT4-fs (loop2): unmounting filesystem. [ 26.135803][ T381] loop2: detected capacity change from 0 to 1024 [ 26.154641][ T381] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 26.171507][ T357] EXT4-fs (loop2): unmounting filesystem. [ 26.187531][ T384] loop2: detected capacity change from 0 to 1024 [ 26.204724][ T384] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 26.218570][ T357] EXT4-fs (loop2): unmounting filesystem. [ 26.236258][ T387] loop2: detected capacity change from 0 to 1024 [ 26.254654][ T387] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 26.268477][ T357] EXT4-fs (loop2): unmounting filesystem. [ 26.284273][ T390] loop2: detected capacity change from 0 to 1024 [ 26.294803][ T390] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 26.318736][ T357] EXT4-fs (loop2): unmounting filesystem. [ 26.354798][ T394] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 26.371143][ T357] EXT4-fs (loop2): unmounting filesystem. [ 26.404514][ T397] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 26.420567][ T357] EXT4-fs (loop2): unmounting filesystem. [ 26.444561][ T400] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 26.457828][ T357] EXT4-fs (loop2): unmounting filesystem. [ 26.464898][ T8] device bridge_slave_1 left promiscuous mode [ 26.471088][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.479391][ T8] device bridge_slave_0 left promiscuous mode [ 26.486550][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.501689][ T8] device veth1_macvtap left promiscuous mode [ 26.508642][ T8] device veth0_vlan left promiscuous mode [ 26.516775][ T403] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 26.546260][ T357] EXT4-fs (loop2): unmounting filesystem. [ 26.587754][ T407] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 26.600416][ T357] EXT4-fs (loop2): unmounting filesystem. [ 26.624525][ T410] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 26.638149][ T357] EXT4-fs (loop2): unmounting filesystem. [ 26.664788][ T413] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 26.678004][ T357] EXT4-fs (loop2): unmounting filesystem. [ 26.704409][ T416] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 26.722564][ T357] EXT4-fs (loop2): unmounting filesystem. [ 26.747108][ T419] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 26.760009][ T357] EXT4-fs (loop2): unmounting filesystem. [ 26.790923][ T422] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 26.812142][ T357] EXT4-fs (loop2): unmounting filesystem. [ 26.836597][ T425] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 26.851155][ T357] EXT4-fs (loop2): unmounting filesystem. [ 26.874434][ T428] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 26.891390][ T357] EXT4-fs (loop2): unmounting filesystem. [ 26.914748][ T431] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 26.927421][ T357] EXT4-fs (loop2): unmounting filesystem. [ 26.954512][ T434] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 26.967651][ T357] EXT4-fs (loop2): unmounting filesystem. [ 27.004548][ T437] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 27.017946][ T357] EXT4-fs (loop2): unmounting filesystem. [ 27.044845][ T440] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 27.057321][ T357] EXT4-fs (loop2): unmounting filesystem. [ 27.084941][ T443] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 27.098560][ T357] EXT4-fs (loop2): unmounting filesystem. [ 27.124597][ T446] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 27.138234][ T357] EXT4-fs (loop2): unmounting filesystem. [ 27.164793][ T449] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 27.178238][ T357] EXT4-fs (loop2): unmounting filesystem. [ 27.204510][ T452] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 27.218266][ T357] EXT4-fs (loop2): unmounting filesystem. [ 27.244594][ T455] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 27.257727][ T357] EXT4-fs (loop2): unmounting filesystem. [ 27.284714][ T458] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 27.767625][ T515] ================================================================== [ 27.775846][ T515] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x979/0x21d0 [ 27.783779][ T515] Read of size 18446744073709551588 at addr ffff88811519f840 by task syz.2.70/515 [ 27.793260][ T515] [ 27.795688][ T515] CPU: 0 PID: 515 Comm: syz.2.70 Not tainted syzkaller #0 [ 27.802816][ T515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 27.813385][ T515] Call Trace: [ 27.816668][ T515] [ 27.819597][ T515] __dump_stack+0x21/0x24 [ 27.823942][ T515] dump_stack_lvl+0x110/0x170 [ 27.828631][ T515] ? __cfi_dump_stack_lvl+0x8/0x8 [ 27.833674][ T515] ? kasan_save_alloc_info+0x25/0x30 [ 27.839042][ T515] ? ext4_xattr_block_set+0x9d5/0x3260 [ 27.844823][ T515] ? ext4_xattr_set+0x242/0x320 [ 27.849976][ T515] ? ext4_xattr_trusted_set+0x3c/0x50 [ 27.855439][ T515] ? ext4_xattr_set_entry+0x979/0x21d0 [ 27.861084][ T515] print_address_description+0x71/0x200 [ 27.866872][ T515] print_report+0x4a/0x60 [ 27.871477][ T515] kasan_report+0x122/0x150 [ 27.876179][ T515] ? ext4_xattr_set_entry+0x979/0x21d0 [ 27.881768][ T515] ? ext4_xattr_set_entry+0x979/0x21d0 [ 27.887364][ T515] kasan_check_range+0x249/0x2a0 [ 27.892400][ T515] ? ext4_xattr_set_entry+0x979/0x21d0 [ 27.897895][ T515] memmove+0x2d/0x70 [ 27.901787][ T515] ext4_xattr_set_entry+0x979/0x21d0 [ 27.907242][ T515] ext4_xattr_block_set+0xad3/0x3260 [ 27.912606][ T515] ? __kasan_check_write+0x14/0x20 [ 27.917719][ T515] ? iput+0x620/0x670 [ 27.921891][ T515] ? ext4_xattr_block_find+0x310/0x310 [ 27.927357][ T515] ext4_xattr_set_handle+0x1338/0x1570 [ 27.933019][ T515] ? __cfi_ext4_xattr_set_handle+0x10/0x10 [ 27.939058][ T515] ? __kasan_check_read+0x11/0x20 [ 27.944975][ T515] ? __ext4_journal_start_sb+0x2ed/0x4a0 [ 27.950882][ T515] ext4_xattr_set+0x242/0x320 [ 27.955667][ T515] ? __kasan_kmalloc+0x95/0xb0 [ 27.960536][ T515] ? __kmalloc_node+0xb2/0x1e0 [ 27.965398][ T515] ? __cfi_ext4_xattr_set+0x10/0x10 [ 27.971210][ T515] ? selinux_inode_setxattr+0x5cf/0xbf0 [ 27.976834][ T515] ext4_xattr_trusted_set+0x3c/0x50 [ 27.982472][ T515] ? __cfi_ext4_xattr_trusted_set+0x10/0x10 [ 27.988793][ T515] __vfs_setxattr+0x3f2/0x440 [ 27.994086][ T515] __vfs_setxattr_noperm+0x12a/0x5e0 [ 27.999373][ T515] __vfs_setxattr_locked+0x212/0x230 [ 28.004708][ T515] vfs_setxattr+0x167/0x2e0 [ 28.009764][ T515] ? __cfi_vfs_setxattr+0x10/0x10 [ 28.014895][ T515] ? __kasan_check_write+0x14/0x20 [ 28.020048][ T515] setxattr+0x346/0x360 [ 28.024431][ T515] ? path_setxattr+0x290/0x290 [ 28.029929][ T515] ? __mnt_want_write+0x1e6/0x260 [ 28.035059][ T515] ? mnt_want_write+0x220/0x300 [ 28.040051][ T515] path_setxattr+0x147/0x290 [ 28.044759][ T515] ? simple_xattr_list_add+0x120/0x120 [ 28.050238][ T515] ? do_user_addr_fault+0x9ac/0x1050 [ 28.055984][ T515] __x64_sys_lsetxattr+0xc2/0xe0 [ 28.061164][ T515] x64_sys_call+0x8b7/0x9a0 [ 28.065789][ T515] do_syscall_64+0x4c/0xa0 [ 28.070232][ T515] ? clear_bhb_loop+0x30/0x80 [ 28.075104][ T515] ? clear_bhb_loop+0x30/0x80 [ 28.079818][ T515] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 28.086770][ T515] RIP: 0033:0x7fb86659c819 [ 28.091401][ T515] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 28.111897][ T515] RSP: 002b:00007ffc2fdd76c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 28.120676][ T515] RAX: ffffffffffffffda RBX: 00007fb866815fa0 RCX: 00007fb86659c819 [ 28.129134][ T515] RDX: 0000200000000800 RSI: 0000200000000180 RDI: 00002000000001c0 [ 28.138255][ T515] RBP: 00007fb866632c91 R08: 0000000000000000 R09: 0000000000000000 [ 28.146487][ T515] R10: 0000000000000361 R11: 0000000000000246 R12: 0000000000000000 [ 28.155021][ T515] R13: 00007fb866815fac R14: 00007fb866815fa0 R15: 00007fb866815fa0 [ 28.163093][ T515] [ 28.166464][ T515] [ 28.169309][ T515] Allocated by task 515: [ 28.173906][ T515] kasan_set_track+0x4b/0x70 [ 28.179218][ T515] kasan_save_alloc_info+0x25/0x30 [ 28.184788][ T515] __kasan_kmalloc+0x95/0xb0 [ 28.189390][ T515] __kmalloc_node_track_caller+0xb1/0x1e0 [ 28.195213][ T515] kmemdup+0x2b/0x60 [ 28.199740][ T515] ext4_xattr_block_set+0x9d5/0x3260 [ 28.205282][ T515] ext4_xattr_set_handle+0x1338/0x1570 [ 28.211172][ T515] ext4_xattr_set+0x242/0x320 [ 28.216087][ T515] ext4_xattr_trusted_set+0x3c/0x50 [ 28.221577][ T515] __vfs_setxattr+0x3f2/0x440 [ 28.226286][ T515] __vfs_setxattr_noperm+0x12a/0x5e0 [ 28.231785][ T515] __vfs_setxattr_locked+0x212/0x230 [ 28.237369][ T515] vfs_setxattr+0x167/0x2e0 [ 28.242364][ T515] setxattr+0x346/0x360 [ 28.247276][ T515] path_setxattr+0x147/0x290 [ 28.252099][ T515] __x64_sys_lsetxattr+0xc2/0xe0 [ 28.257344][ T515] x64_sys_call+0x8b7/0x9a0 [ 28.261959][ T515] do_syscall_64+0x4c/0xa0 [ 28.266481][ T515] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 28.272549][ T515] [ 28.275228][ T515] The buggy address belongs to the object at ffff88811519f800 [ 28.275228][ T515] which belongs to the cache kmalloc-1k of size 1024 [ 28.290520][ T515] The buggy address is located 64 bytes inside of [ 28.290520][ T515] 1024-byte region [ffff88811519f800, ffff88811519fc00) [ 28.304448][ T515] [ 28.307254][ T515] The buggy address belongs to the physical page: [ 28.313776][ T515] page:ffffea0004546600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x115198 [ 28.324299][ T515] head:ffffea0004546600 order:3 compound_mapcount:0 compound_pincount:0 [ 28.332904][ T515] flags: 0x4000000000010200(slab|head|zone=1) [ 28.339149][ T515] raw: 4000000000010200 ffffea0004740000 dead000000000002 ffff888100043080 [ 28.347846][ T515] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 28.357087][ T515] page dumped because: kasan: bad access detected [ 28.363775][ T515] page_owner tracks the page as allocated [ 28.369501][ T515] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 117, tgid 117 (udevadm), ts 5534580528, free_ts 0 [ 28.390055][ T515] post_alloc_hook+0x1f5/0x210 [ 28.395029][ T515] prep_new_page+0x1c/0x110 [ 28.399626][ T515] get_page_from_freelist+0x2d12/0x2d80 [ 28.405445][ T515] __alloc_pages+0x1fa/0x610 [ 28.410148][ T515] alloc_slab_page+0x6e/0xf0 [ 28.414854][ T515] new_slab+0x98/0x3d0 [ 28.419386][ T515] ___slab_alloc+0x6bd/0xb20 [ 28.423982][ T515] __slab_alloc+0x5e/0xa0 [ 28.428488][ T515] __kmem_cache_alloc_node+0x203/0x2c0 [ 28.434118][ T515] __kmalloc_node_track_caller+0xa0/0x1e0 [ 28.439844][ T515] __alloc_skb+0x236/0x4b0 [ 28.444469][ T515] alloc_uevent_skb+0x85/0x240 [ 28.449427][ T515] kobject_uevent_net_broadcast+0x343/0x5b0 [ 28.455632][ T515] kobject_uevent_env+0x54f/0x730 [ 28.461400][ T515] kobject_synth_uevent+0x57e/0xbc0 [ 28.466718][ T515] uevent_store+0x25/0x70 [ 28.471087][ T515] page_owner free stack trace missing [ 28.476587][ T515] [ 28.479028][ T515] Memory state around the buggy address: [ 28.484864][ T515] ffff88811519f700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.493376][ T515] ffff88811519f780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.502246][ T515] >ffff88811519f800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.510928][ T515] ^ [ 28.517537][ T515] ffff88811519f880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.525721][ T515] ffff88811519f900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.534222][ T515] ================================================================== [ 28.549886][ T515] Disabling lock debugging due to kernel taint [ 28.549957][ T28] kauditd_printk_skb: 34 callbacks suppressed [ 28.549968][ T28] audit: type=1400 audit(1775323827.587:108): avc: denied { read } for pid=85 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 28.586313][ T28] audit: type=1400 audit(1775323827.597:109): avc: denied { search } for pid=85 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 28.609610][ T28] audit: type=1400 audit(1775323827.597:110): avc: denied { write } for pid=85 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 28.631754][ T28] audit: type=1400 audit(1775323827.597:111): avc: denied { add_name } for pid=85 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 28.653412][ T28] audit: type=1400 audit(1775323827.597:112): avc: denied { create } for pid=85 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 28.674263][ T28] audit: type=1400 audit(1775323827.597:113): avc: denied { append open } for pid=85 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 28.699220][ T28] audit: type=1400 audit(1775323827.597:114): avc: denied { getattr } for pid=85 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1