Warning: Permanently added '10.128.0.54' (ED25519) to the list of known hosts.
2025/10/13 13:10:52 parsed 1 programs
[   21.844973][   T24] audit: type=1400 audit(1760361052.400:64): avc:  denied  { node_bind } for  pid=275 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[   21.852317][   T24] audit: type=1400 audit(1760361052.400:65): avc:  denied  { create } for  pid=275 comm="syz-execprog" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   21.858772][   T24] audit: type=1400 audit(1760361052.400:66): avc:  denied  { module_request } for  pid=275 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[   22.510729][   T24] audit: type=1400 audit(1760361053.060:67): avc:  denied  { mounton } for  pid=283 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   22.511684][  T283] cgroup: Unknown subsys name 'net'
[   22.533992][   T24] audit: type=1400 audit(1760361053.060:68): avc:  denied  { mount } for  pid=283 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   22.561280][   T24] audit: type=1400 audit(1760361053.100:69): avc:  denied  { unmount } for  pid=283 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   22.561409][  T283] cgroup: Unknown subsys name 'devices'
[   22.702757][  T283] cgroup: Unknown subsys name 'hugetlb'
[   22.708345][  T283] cgroup: Unknown subsys name 'rlimit'
[   22.971121][   T24] audit: type=1400 audit(1760361053.520:70): avc:  denied  { setattr } for  pid=283 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=253 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   22.994475][   T24] audit: type=1400 audit(1760361053.530:71): avc:  denied  { create } for  pid=283 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   22.999935][  T285] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   23.023479][   T24] audit: type=1400 audit(1760361053.530:72): avc:  denied  { write } for  pid=283 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   23.043971][   T24] audit: type=1400 audit(1760361053.530:73): avc:  denied  { read } for  pid=283 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   23.067615][  T283] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   23.512792][  T287] request_module fs-gadgetfs succeeded, but still no fs?
[   23.523587][  T287] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation
[   23.636843][  T298] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.644012][  T298] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.651612][  T298] device bridge_slave_0 entered promiscuous mode
[   23.658395][  T298] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.665505][  T298] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.672798][  T298] device bridge_slave_1 entered promiscuous mode
[   23.703550][  T298] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.710589][  T298] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.717862][  T298] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.724893][  T298] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.740140][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   23.747675][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.754898][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.765232][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   23.773510][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.780527][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.789036][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   23.797301][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.804364][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.816069][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   23.825332][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   23.837932][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   23.849363][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   23.857909][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   23.865587][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   23.873908][  T298] device veth0_vlan entered promiscuous mode
[   23.883249][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   23.893150][  T298] device veth1_macvtap entered promiscuous mode
[   23.901983][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   23.911543][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
2025/10/13 13:10:55 executed programs: 0
[   24.650956][  T352] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.658033][  T352] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.665584][  T352] device bridge_slave_0 entered promiscuous mode
[   24.672788][  T112] device bridge_slave_1 left promiscuous mode
[   24.679202][  T112] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.686777][  T112] device bridge_slave_0 left promiscuous mode
[   24.693206][  T112] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.700852][  T112] device veth1_macvtap left promiscuous mode
[   24.707217][  T112] device veth0_vlan left promiscuous mode
[   24.753619][  T352] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.760671][  T352] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.768057][  T352] device bridge_slave_1 entered promiscuous mode
[   24.811791][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   24.819281][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   24.828221][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   24.836918][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   24.845377][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.852463][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.859949][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   24.868524][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   24.876974][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   24.885209][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.892240][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.903892][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   24.912968][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   24.926068][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   24.936602][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   24.944768][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   24.952319][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   24.960431][  T352] device veth0_vlan entered promiscuous mode
[   24.971910][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   24.981549][  T352] device veth1_macvtap entered promiscuous mode
[   24.991960][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   25.010754][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   25.041416][  T368] ======================================================
[   25.041416][  T368] WARNING: the mand mount option is being deprecated and
[   25.041416][  T368]          will be removed in v5.15!
[   25.041416][  T368] ======================================================
[   25.092498][  T368] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[   25.104870][  T368] ==================================================================
[   25.112976][  T368] BUG: KASAN: use-after-free in ext4_xattr_set_entry+0xde3/0x36c0
[   25.120854][  T368] Read of size 4 at addr ffff8881104b0004 by task syz.2.17/368
[   25.128390][  T368] 
[   25.130744][  T368] CPU: 1 PID: 368 Comm: syz.2.17 Not tainted syzkaller #0
[   25.137838][  T368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   25.147874][  T368] Call Trace:
[   25.151159][  T368]  __dump_stack+0x21/0x24
[   25.155475][  T368]  dump_stack_lvl+0x169/0x1d8
[   25.160134][  T368]  ? show_regs_print_info+0x18/0x18
[   25.165316][  T368]  ? thaw_kernel_threads+0x220/0x220
[   25.170580][  T368]  print_address_description+0x7f/0x2c0
[   25.176191][  T368]  ? ext4_xattr_set_entry+0xde3/0x36c0
[   25.181728][  T368]  kasan_report+0xe2/0x130
[   25.186160][  T368]  ? ext4_xattr_set_entry+0xde3/0x36c0
[   25.191626][  T368]  __asan_report_load4_noabort+0x14/0x20
[   25.197238][  T368]  ext4_xattr_set_entry+0xde3/0x36c0
[   25.202767][  T368]  ? ext4_xattr_ibody_set+0x360/0x360
[   25.208307][  T368]  ? kmem_cache_free+0x100/0x2d0
[   25.213334][  T368]  ? _raw_spin_lock+0x8e/0xe0
[   25.218006][  T368]  ? __mb_cache_entry_free+0x225/0x340
[   25.223541][  T368]  ? mb_cache_entry_delete_or_get+0x203/0x220
[   25.229590][  T368]  ext4_xattr_block_set+0x4d6/0x2a50
[   25.234866][  T368]  ? __kasan_check_read+0x11/0x20
[   25.239876][  T368]  ? __ext4_xattr_check_block+0x265/0x8e0
[   25.245587][  T368]  ? ext4_xattr_block_find+0x4f0/0x4f0
[   25.251043][  T368]  ext4_xattr_set_handle+0xbd5/0x12a0
[   25.256545][  T368]  ? ext4_xattr_set_entry+0x36c0/0x36c0
[   25.262173][  T368]  ? __kasan_check_read+0x11/0x20
[   25.267205][  T368]  ? __ext4_journal_start_sb+0x2e2/0x490
[   25.272825][  T368]  ext4_xattr_set+0x1ec/0x320
[   25.277504][  T368]  ? ext4_xattr_set_credits+0x290/0x290
[   25.283033][  T368]  ext4_xattr_trusted_set+0x3b/0x50
[   25.288211][  T368]  ? ext4_xattr_trusted_get+0x40/0x40
[   25.293570][  T368]  __vfs_setxattr+0x42a/0x480
[   25.298419][  T368]  __vfs_setxattr_noperm+0x11e/0x4e0
[   25.303746][  T368]  __vfs_setxattr_locked+0x203/0x220
[   25.309121][  T368]  vfs_setxattr+0x8d/0x1c0
[   25.313522][  T368]  setxattr+0x1a9/0x370
[   25.317659][  T368]  ? path_setxattr+0x210/0x210
[   25.322408][  T368]  ? __mnt_want_write+0x1e6/0x260
[   25.327416][  T368]  ? mnt_want_write+0x19d/0x270
[   25.332263][  T368]  path_setxattr+0x110/0x210
[   25.336853][  T368]  ? simple_xattr_list_add+0x120/0x120
[   25.342301][  T368]  __x64_sys_lsetxattr+0xc2/0xe0
[   25.347234][  T368]  do_syscall_64+0x31/0x40
[   25.351652][  T368]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   25.357562][  T368] RIP: 0033:0x7f9bc601cec9
[   25.361966][  T368] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   25.381645][  T368] RSP: 002b:00007ffccc0e1af8 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd
[   25.390044][  T368] RAX: ffffffffffffffda RBX: 00007f9bc6273fa0 RCX: 00007f9bc601cec9
[   25.397999][  T368] RDX: 0000200000000480 RSI: 00002000000000c0 RDI: 0000200000000100
[   25.406067][  T368] RBP: 00007f9bc609ff91 R08: 0000000000000000 R09: 0000000000000000
[   25.414033][  T368] R10: 000000000000fe37 R11: 0000000000000246 R12: 0000000000000000
[   25.422000][  T368] R13: 00007f9bc6273fa0 R14: 00007f9bc6273fa0 R15: 0000000000000005
[   25.429960][  T368] 
[   25.432270][  T368] Allocated by task 0:
[   25.436403][  T368] (stack is not available)
[   25.440804][  T368] 
[   25.443143][  T368] The buggy address belongs to the object at ffff8881104b0000
[   25.443143][  T368]  which belongs to the cache kmalloc-512 of size 512
[   25.457179][  T368] The buggy address is located 4 bytes inside of
[   25.457179][  T368]  512-byte region [ffff8881104b0000, ffff8881104b0200)
[   25.470362][  T368] The buggy address belongs to the page:
[   25.475983][  T368] page:ffffea0004412c00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1104b0
[   25.486199][  T368] head:ffffea0004412c00 order:2 compound_mapcount:0 compound_pincount:0
[   25.494802][  T368] flags: 0x4000000000010200(slab|head)
[   25.500257][  T368] raw: 4000000000010200 dead000000000100 dead000000000122 ffff888100043080
[   25.508919][  T368] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   25.517483][  T368] page dumped because: kasan: bad access detected
[   25.523878][  T368] page_owner tracks the page as allocated
[   25.529682][  T368] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 100, ts 4367163002, free_ts 0
[   25.547730][  T368]  prep_new_page+0x179/0x180
[   25.552306][  T368]  get_page_from_freelist+0x2235/0x23d0
[   25.557832][  T368]  __alloc_pages_nodemask+0x268/0x5f0
[   25.563188][  T368]  new_slab+0x84/0x3f0
[   25.567240][  T368]  ___slab_alloc+0x2a6/0x450
[   25.571825][  T368]  __slab_alloc+0x63/0xa0
[   25.576142][  T368]  __kmalloc_track_caller+0x1ef/0x320
[   25.581500][  T368]  __alloc_skb+0xdc/0x520
[   25.585898][  T368]  alloc_skb_with_frags+0xa2/0x560
[   25.591004][  T368]  sock_alloc_send_pskb+0x853/0x980
[   25.596286][  T368]  unix_dgram_sendmsg+0x5f4/0x17d0
[   25.601401][  T368]  sock_write_iter+0x29c/0x380
[   25.606170][  T368]  vfs_write+0x725/0xd60
[   25.610402][  T368]  ksys_write+0x140/0x240
[   25.614714][  T368]  __x64_sys_write+0x7b/0x90
[   25.619284][  T368]  do_syscall_64+0x31/0x40
[   25.623713][  T368] page_owner free stack trace missing
[   25.629071][  T368] 
[   25.631548][  T368] Memory state around the buggy address:
[   25.637299][  T368]  ffff8881104aff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.645469][  T368]  ffff8881104aff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.653526][  T368] >ffff8881104b0000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   25.661686][  T368]                    ^
[   25.665868][  T368]  ffff8881104b0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   25.673924][  T368]  ffff8881104b0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   25.681970][  T368] ==================================================================
[   25.690028][  T368] Disabling lock debugging due to kernel taint