Warning: Permanently added '10.128.1.7' (ED25519) to the list of known hosts. 2026/02/15 18:41:04 parsed 1 programs [ 38.979292][ T28] audit: type=1400 audit(1771180864.574:64): avc: denied { node_bind } for pid=282 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 39.000579][ T28] audit: type=1400 audit(1771180864.584:65): avc: denied { module_request } for pid=282 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 40.173184][ T28] audit: type=1400 audit(1771180865.774:66): avc: denied { mounton } for pid=289 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 40.177008][ T289] cgroup: Unknown subsys name 'net' [ 40.201345][ T28] audit: type=1400 audit(1771180865.774:67): avc: denied { mount } for pid=289 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 40.223679][ T289] cgroup: Unknown subsys name 'devices' [ 40.223875][ T28] audit: type=1400 audit(1771180865.804:68): avc: denied { unmount } for pid=289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 40.402562][ T289] cgroup: Unknown subsys name 'hugetlb' [ 40.408213][ T289] cgroup: Unknown subsys name 'rlimit' [ 40.522865][ T28] audit: type=1400 audit(1771180866.124:69): avc: denied { setattr } for pid=289 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 40.546315][ T28] audit: type=1400 audit(1771180866.124:70): avc: denied { create } for pid=289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 40.567043][ T28] audit: type=1400 audit(1771180866.124:71): avc: denied { write } for pid=289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 40.587390][ T28] audit: type=1400 audit(1771180866.124:72): avc: denied { read } for pid=289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 40.608111][ T28] audit: type=1400 audit(1771180866.124:73): avc: denied { mounton } for pid=289 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 40.609553][ T292] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 40.693212][ T289] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 41.449512][ T294] request_module fs-gadgetfs succeeded, but still no fs? [ 42.385546][ T344] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.393524][ T344] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.401655][ T344] device bridge_slave_0 entered promiscuous mode [ 42.408768][ T344] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.415916][ T344] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.423423][ T344] device bridge_slave_1 entered promiscuous mode [ 42.480792][ T344] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.487848][ T344] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.495212][ T344] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.502285][ T344] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.523239][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 42.531955][ T326] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.539308][ T326] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.553188][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 42.561502][ T326] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.568585][ T326] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.577564][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 42.586121][ T326] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.593258][ T326] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.606205][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 42.619193][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 42.634146][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 42.646491][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 42.655109][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 42.662946][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 42.671945][ T344] device veth0_vlan entered promiscuous mode [ 42.687820][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 42.697277][ T344] device veth1_macvtap entered promiscuous mode [ 42.707409][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 42.718148][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 2026/02/15 18:41:08 executed programs: 0 [ 43.004808][ T364] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.012042][ T364] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.019494][ T364] device bridge_slave_0 entered promiscuous mode [ 43.026773][ T364] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.033879][ T364] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.041874][ T364] device bridge_slave_1 entered promiscuous mode [ 43.099478][ T364] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.106711][ T364] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.114068][ T364] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.121224][ T364] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.148602][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 43.156355][ T326] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.163716][ T326] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.173164][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 43.181558][ T326] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.188617][ T326] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.205005][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 43.213283][ T326] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.220442][ T326] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.233855][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 43.249258][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 43.264473][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 43.276359][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 43.285087][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 43.293175][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 43.301729][ T364] device veth0_vlan entered promiscuous mode [ 43.315218][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 43.324528][ T364] device veth1_macvtap entered promiscuous mode [ 43.334994][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 43.344200][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 43.354235][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 43.362851][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 43.398023][ T375] loop2: detected capacity change from 0 to 1024 [ 43.404860][ T375] ======================================================= [ 43.404860][ T375] WARNING: The mand mount option has been deprecated and [ 43.404860][ T375] and is ignored by this kernel. Remove the mand [ 43.404860][ T375] option from the mount to silence this warning. [ 43.404860][ T375] ======================================================= [ 43.442292][ T375] EXT4-fs: Ignoring removed bh option [ 43.448219][ T375] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 43.472445][ T375] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 43.492090][ T326] ================================================================== [ 43.500214][ T326] BUG: KASAN: use-after-free in ext4_find_extent+0xbeb/0xe20 [ 43.507653][ T326] Read of size 4 at addr ffff88812a596018 by task kworker/u4:4/326 [ 43.515583][ T326] [ 43.517942][ T326] CPU: 1 PID: 326 Comm: kworker/u4:4 Not tainted syzkaller #0 [ 43.525604][ T326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 43.535697][ T326] Workqueue: writeback wb_workfn (flush-7:2) [ 43.541816][ T326] Call Trace: [ 43.545120][ T326] [ 43.548087][ T326] __dump_stack+0x21/0x24 [ 43.552487][ T326] dump_stack_lvl+0x110/0x170 [ 43.557220][ T326] ? __cfi_dump_stack_lvl+0x8/0x8 [ 43.562394][ T326] ? ext4_find_extent+0xbeb/0xe20 [ 43.567482][ T326] print_address_description+0x71/0x200 [ 43.573067][ T326] print_report+0x4a/0x60 [ 43.577515][ T326] kasan_report+0x122/0x150 [ 43.582152][ T326] ? ext4_find_extent+0xbeb/0xe20 [ 43.587230][ T326] __asan_report_load4_noabort+0x14/0x20 [ 43.592981][ T326] ext4_find_extent+0xbeb/0xe20 [ 43.597869][ T326] ? __cfi__raw_spin_lock_irqsave+0x10/0x10 [ 43.603903][ T326] ext4_ext_map_blocks+0x207/0x61d0 [ 43.609152][ T326] ? kasan_set_track+0x60/0x70 [ 43.613979][ T326] ? kasan_set_track+0x4b/0x70 [ 43.618783][ T326] ? kasan_save_alloc_info+0x25/0x30 [ 43.624198][ T326] ? __kasan_slab_alloc+0x72/0x80 [ 43.629519][ T326] ? slab_post_alloc_hook+0x4f/0x2d0 [ 43.634846][ T326] ? kmem_cache_alloc+0x16e/0x330 [ 43.639913][ T326] ? ext4_alloc_io_end_vec+0x2a/0x160 [ 43.645322][ T326] ? ext4_writepages+0x10e9/0x30e0 [ 43.650653][ T326] ? do_writepages+0x3a4/0x5f0 [ 43.655604][ T326] ? __writeback_single_inode+0xc6/0xad0 [ 43.661282][ T326] ? writeback_sb_inodes+0xa10/0x15d0 [ 43.666689][ T326] ? wb_writeback+0x40b/0x9d0 [ 43.671402][ T326] ? wb_workfn+0x378/0xeb0 [ 43.675849][ T326] ? process_one_work+0x71f/0xc40 [ 43.680905][ T326] ? worker_thread+0xa29/0x11e0 [ 43.685789][ T326] ? kthread+0x281/0x320 [ 43.690068][ T326] ? ret_from_fork+0x1f/0x30 [ 43.694692][ T326] ? __cfi_ext4_ext_map_blocks+0x10/0x10 [ 43.700365][ T326] ? ext4_es_lookup_extent+0x54c/0x900 [ 43.705881][ T326] ext4_map_blocks+0x9d8/0x1b70 [ 43.710870][ T326] ? __cfi_ext4_map_blocks+0x10/0x10 [ 43.716198][ T326] ? ext4_inode_journal_mode+0x19a/0x480 [ 43.721872][ T326] ext4_writepages+0x1409/0x30e0 [ 43.726854][ T326] ? kasan_set_track+0x60/0x70 [ 43.731760][ T326] ? __cfi_ext4_writepages+0x10/0x10 [ 43.737091][ T326] ? __kasan_slab_free+0x11/0x20 [ 43.742079][ T326] ? slab_free_freelist_hook+0xc2/0x190 [ 43.747673][ T326] ? kmem_cache_free+0x12d/0x300 [ 43.752653][ T326] ? ext4_es_free_extent+0x3de/0x4c0 [ 43.757989][ T326] ? __es_remove_extent+0x8fe/0x1770 [ 43.763437][ T326] ? ext4_es_insert_extent+0x495/0x2d60 [ 43.769042][ T326] ? ext4_map_blocks+0xd5e/0x1b70 [ 43.774116][ T326] ? ext4_convert_unwritten_extents+0x2b7/0x5f0 [ 43.780403][ T326] ? ext4_convert_unwritten_io_end_vec+0x103/0x180 [ 43.786939][ T326] ? ext4_end_io_rsv_work+0x2c1/0x610 [ 43.792353][ T326] ? process_one_work+0x71f/0xc40 [ 43.797415][ T326] ? worker_thread+0xa29/0x11e0 [ 43.802307][ T326] ? kthread+0x281/0x320 [ 43.806598][ T326] ? ret_from_fork+0x1f/0x30 [ 43.811231][ T326] ? xas_start+0x317/0x3e0 [ 43.815775][ T326] ? __kasan_check_write+0x14/0x20 [ 43.820938][ T326] ? __cfi_ext4_writepages+0x10/0x10 [ 43.826280][ T326] do_writepages+0x3a4/0x5f0 [ 43.830921][ T326] ? __update_load_avg_cfs_rq+0xaf/0x2f0 [ 43.836600][ T326] ? __cfi_do_writepages+0x10/0x10 [ 43.841743][ T326] ? __kasan_check_write+0x14/0x20 [ 43.846896][ T326] ? _raw_spin_lock+0x94/0xf0 [ 43.851609][ T326] __writeback_single_inode+0xc6/0xad0 [ 43.857110][ T326] ? inode_io_list_move_locked+0x366/0x3d0 [ 43.862954][ T326] writeback_sb_inodes+0xa10/0x15d0 [ 43.868207][ T326] ? queue_io+0x4c0/0x4c0 [ 43.872575][ T326] ? __kasan_check_read+0x11/0x20 [ 43.877642][ T326] ? queue_io+0x382/0x4c0 [ 43.882004][ T326] wb_writeback+0x40b/0x9d0 [ 43.886552][ T326] ? inode_cgwb_move_to_attached+0x3e0/0x3e0 [ 43.892574][ T326] ? set_worker_desc+0x1ba/0x1f0 [ 43.897558][ T326] ? __kasan_check_write+0x14/0x20 [ 43.902700][ T326] ? kvm_sched_clock_read+0x18/0x40 [ 43.907933][ T326] ? sched_clock+0x9/0x10 [ 43.912288][ T326] ? sched_clock_cpu+0x6e/0x260 [ 43.917159][ T326] wb_workfn+0x378/0xeb0 [ 43.921437][ T326] ? __cfi_wb_workfn+0x10/0x10 [ 43.926224][ T326] ? kthread_data+0x50/0xc0 [ 43.930751][ T326] ? _raw_spin_unlock+0x4c/0x70 [ 43.935629][ T326] ? finish_task_switch+0x16b/0x7b0 [ 43.941039][ T326] ? __switch_to_asm+0x3a/0x60 [ 43.945823][ T326] ? __schedule+0xbae/0x1500 [ 43.950441][ T326] ? __cfi__raw_spin_lock_irq+0x10/0x10 [ 43.956022][ T326] process_one_work+0x71f/0xc40 [ 43.960902][ T326] worker_thread+0xa29/0x11e0 [ 43.965623][ T326] ? _raw_spin_lock_irqsave+0xc2/0x130 [ 43.971203][ T326] ? __kthread_parkme+0x142/0x180 [ 43.976344][ T326] kthread+0x281/0x320 [ 43.980449][ T326] ? __cfi_worker_thread+0x10/0x10 [ 43.985593][ T326] ? __cfi_kthread+0x10/0x10 [ 43.990214][ T326] ret_from_fork+0x1f/0x30 [ 43.994676][ T326] [ 43.997725][ T326] [ 44.000150][ T326] The buggy address belongs to the physical page: [ 44.006680][ T326] page:ffffea0004a96580 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x12a596 [ 44.016992][ T326] flags: 0x4000000000000000(zone=1) [ 44.022239][ T326] raw: 4000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 44.030848][ T326] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 44.039545][ T326] page dumped because: kasan: bad access detected [ 44.046071][ T326] page_owner tracks the page as freed [ 44.051463][ T326] page last allocated via order 0, migratetype Movable, gfp_mask 0x8140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO|__GFP_CMA), pid 289, tgid 289 (syz-executor), ts 40720615075, free_ts 40791033413 [ 44.071041][ T326] post_alloc_hook+0x1f5/0x210 [ 44.075838][ T326] prep_new_page+0x1c/0x110 [ 44.080398][ T326] get_page_from_freelist+0x2d12/0x2d80 [ 44.085966][ T326] __alloc_pages+0x1d9/0x480 [ 44.090586][ T326] __folio_alloc+0x12/0x40 [ 44.095028][ T326] handle_mm_fault+0x1972/0x26c0 [ 44.100079][ T326] do_user_addr_fault+0x905/0x1050 [ 44.105232][ T326] exc_page_fault+0x51/0xb0 [ 44.109757][ T326] asm_exc_page_fault+0x27/0x30 [ 44.114722][ T326] page last free stack trace: [ 44.119405][ T326] free_unref_page_prepare+0x742/0x750 [ 44.124976][ T326] free_unref_page_list+0x117/0x8c0 [ 44.130199][ T326] release_pages+0xaf2/0xb50 [ 44.134807][ T326] free_pages_and_swap_cache+0x86/0xa0 [ 44.140297][ T326] tlb_finish_mmu+0x1aa/0x370 [ 44.145013][ T326] unmap_region+0x2b7/0x320 [ 44.149634][ T326] do_mas_align_munmap+0xbed/0x1320 [ 44.154901][ T326] do_mas_munmap+0x241/0x2b0 [ 44.159633][ T326] __vm_munmap+0x1bd/0x330 [ 44.164073][ T326] __x64_sys_munmap+0x6b/0x80 [ 44.168807][ T326] x64_sys_call+0x8a/0x9a0 [ 44.173245][ T326] do_syscall_64+0x4c/0xa0 [ 44.177685][ T326] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 44.183619][ T326] [ 44.185958][ T326] Memory state around the buggy address: [ 44.191602][ T326] ffff88812a595f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 44.199794][ T326] ffff88812a595f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 44.207905][ T326] >ffff88812a596000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 44.215985][ T326] ^ [ 44.220859][ T326] ffff88812a596080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 44.228949][ T326] ffff88812a596100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 44.237118][ T326] ================================================================== [ 44.248898][ T326] Disabling lock debu