Warning: Permanently added '10.128.1.228' (ED25519) to the list of known hosts.
2026/05/15 18:55:01 parsed 1 programs
[   21.228093][   T24] audit: type=1400 audit(1778871301.770:64): avc:  denied  { node_bind } for  pid=287 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[   21.235640][   T24] audit: type=1400 audit(1778871301.770:65): avc:  denied  { create } for  pid=287 comm="syz-execprog" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   21.242314][   T24] audit: type=1400 audit(1778871301.770:66): avc:  denied  { module_request } for  pid=287 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[   21.861085][   T24] audit: type=1400 audit(1778871302.400:67): avc:  denied  { mounton } for  pid=293 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2024 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   21.862003][  T293] cgroup: Unknown subsys name 'net'
[   21.883953][   T24] audit: type=1400 audit(1778871302.400:68): avc:  denied  { mount } for  pid=293 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   21.911189][   T24] audit: type=1400 audit(1778871302.430:69): avc:  denied  { unmount } for  pid=293 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   21.911334][  T293] cgroup: Unknown subsys name 'devices'
[   22.029142][  T293] cgroup: Unknown subsys name 'hugetlb'
[   22.034961][  T293] cgroup: Unknown subsys name 'rlimit'
[   22.176996][   T24] audit: type=1400 audit(1778871302.710:70): avc:  denied  { setattr } for  pid=293 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=253 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   22.200293][   T24] audit: type=1400 audit(1778871302.710:71): avc:  denied  { create } for  pid=293 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   22.205978][  T298] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   22.220913][   T24] audit: type=1400 audit(1778871302.710:72): avc:  denied  { write } for  pid=293 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   22.249628][   T24] audit: type=1400 audit(1778871302.710:73): avc:  denied  { read } for  pid=293 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[   22.373027][  T293] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   22.805732][  T300] request_module fs-gadgetfs succeeded, but still no fs?
[   22.816615][  T300] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation
[   23.429181][  T355] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.436321][  T355] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.443736][  T355] device bridge_slave_0 entered promiscuous mode
[   23.450597][  T355] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.457860][  T355] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.465125][  T355] device bridge_slave_1 entered promiscuous mode
[   23.497181][  T355] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.504301][  T355] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.511588][  T355] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.518623][  T355] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.534500][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   23.542098][    T7] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.549330][    T7] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.558895][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   23.567101][    T7] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.574141][    T7] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.581652][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   23.589793][    T7] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.596806][    T7] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.611201][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   23.620647][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   23.633287][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   23.648752][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   23.656720][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   23.664302][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   23.672470][  T355] device veth0_vlan entered promiscuous mode
[   23.688027][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   23.696863][  T355] device veth1_macvtap entered promiscuous mode
[   23.705460][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   23.715026][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
2026/05/15 18:55:04 executed programs: 0
[   23.965955][  T365] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.973318][  T365] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.981048][  T365] device bridge_slave_0 entered promiscuous mode
[   23.987949][  T365] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.994980][  T365] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.002739][  T365] device bridge_slave_1 entered promiscuous mode
[   24.054710][  T365] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.061806][  T365] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.069171][  T365] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.076323][  T365] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.092872][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   24.100653][    T7] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.107974][    T7] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.117467][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   24.125978][    T7] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.133025][    T7] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.142396][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   24.151333][    T7] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.158456][    T7] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.169713][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   24.178534][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   24.191325][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   24.202043][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   24.210398][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   24.217817][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   24.225680][  T365] device veth0_vlan entered promiscuous mode
[   24.234949][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   24.244472][  T365] device veth1_macvtap entered promiscuous mode
[   24.253312][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   24.261744][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   24.275086][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   24.283477][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   24.328889][  T399] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option
[   24.336465][  T399] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[   24.349755][  T399] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003]
[   24.358127][  T399] System zones: 0-1, 3-36
[   24.363635][  T399] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,delalloc,resuid=0x0000000000000000,debug,dioread_nolock,bsddf,nomblk_io_submit,noauto_da_alloc,,errors=continue
[   24.390379][  T399] ==================================================================
[   24.398480][  T399] BUG: KASAN: use-after-free in ext4_get_inode_usage+0x3a1/0x520
[   24.406201][  T399] Read of size 4 at addr ffff8881111c8070 by task syz.2.17/399
[   24.413721][  T399] 
[   24.416039][  T399] CPU: 1 PID: 399 Comm: syz.2.17 Not tainted syzkaller #0
[   24.423213][  T399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[   24.433346][  T399] Call Trace:
[   24.436619][  T399]  __dump_stack+0x21/0x24
[   24.440936][  T399]  dump_stack_lvl+0x1a7/0x208
[   24.445602][  T399]  ? show_regs_print_info+0x18/0x18
[   24.450865][  T399]  ? thaw_kernel_threads+0x220/0x220
[   24.456126][  T399]  print_address_description+0x7f/0x2c0
[   24.461656][  T399]  ? ext4_get_inode_usage+0x3a1/0x520
[   24.467008][  T399]  kasan_report+0xe2/0x130
[   24.471503][  T399]  ? ext4_get_inode_usage+0x3a1/0x520
[   24.476859][  T399]  __asan_report_load4_noabort+0x14/0x20
[   24.482475][  T399]  ext4_get_inode_usage+0x3a1/0x520
[   24.487658][  T399]  ? stack_trace_save+0xf0/0xf0
[   24.492682][  T399]  ? ext4_listxattr+0xc50/0xc50
[   24.497523][  T399]  __dquot_transfer+0x192/0x20d0
[   24.502459][  T399]  ? kasan_set_track+0x5b/0x70
[   24.507339][  T399]  ? kasan_set_track+0x4a/0x70
[   24.512101][  T399]  ? kasan_set_free_info+0x23/0x40
[   24.517201][  T399]  ? ____kasan_slab_free+0x125/0x160
[   24.522562][  T399]  ? dquot_free_inode+0x850/0x850
[   24.527616][  T399]  ? user_path_at_empty+0x43/0x50
[   24.532619][  T399]  ? __x64_sys_chown+0x82/0x90
[   24.537365][  T399]  ? do_syscall_64+0x31/0x40
[   24.542025][  T399]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   24.548111][  T399]  ? from_kgid+0x169/0x690
[   24.552509][  T399]  ? avc_has_perm+0x168/0x3d0
[   24.557165][  T399]  ? __kasan_check_write+0x14/0x20
[   24.562272][  T399]  ? mutex_lock+0x92/0xf0
[   24.566579][  T399]  ? mutex_trylock+0xa0/0xa0
[   24.571150][  T399]  ? __kasan_check_read+0x11/0x20
[   24.576160][  T399]  ? dqget+0x7f1/0xde0
[   24.580210][  T399]  dquot_transfer+0x2f1/0x460
[   24.584866][  T399]  ? __dquot_transfer+0x20d0/0x20d0
[   24.590046][  T399]  ? in_group_p+0x82/0x1c0
[   24.594464][  T399]  ? __kasan_check_write+0x14/0x20
[   24.599558][  T399]  ext4_setattr+0x715/0x1950
[   24.604140][  T399]  ? kmem_cache_free+0x100/0x2d0
[   24.609161][  T399]  ? make_kgid+0x660/0x660
[   24.613557][  T399]  ? ext4_write_inode+0x5b0/0x5b0
[   24.618568][  T399]  notify_change+0xab3/0xe40
[   24.623225][  T399]  chown_common+0x335/0x500
[   24.627713][  T399]  ? __ia32_sys_chmod+0x70/0x70
[   24.632566][  T399]  ? mnt_want_write+0x19d/0x270
[   24.637400][  T399]  do_fchownat+0x147/0x240
[   24.641795][  T399]  ? chown_common+0x500/0x500
[   24.646455][  T399]  ? ____fput+0x15/0x20
[   24.650592][  T399]  ? debug_smp_processor_id+0x17/0x20
[   24.656380][  T399]  __x64_sys_chown+0x82/0x90
[   24.660953][  T399]  do_syscall_64+0x31/0x40
[   24.665351][  T399]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   24.671223][  T399] RIP: 0033:0x7f2170c90e59
[   24.675620][  T399] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   24.695300][  T399] RSP: 002b:00007ffc3803f378 EFLAGS: 00000246 ORIG_RAX: 000000000000005c
[   24.703696][  T399] RAX: ffffffffffffffda RBX: 00007f2170f09fa0 RCX: 00007f2170c90e59
[   24.711652][  T399] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000140
[   24.719611][  T399] RBP: 00007f2170d26d6f R08: 0000000000000000 R09: 0000000000000000
[   24.727563][  T399] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   24.735520][  T399] R13: 00007f2170f09fac R14: 00007f2170f09fa0 R15: 00007f2170f09fa0
[   24.743480][  T399] 
[   24.745809][  T399] Allocated by task 0:
[   24.750033][  T399] (stack is not available)
[   24.754430][  T399] 
[   24.756914][  T399] Freed by task 7:
[   24.760622][  T399]  kasan_set_track+0x4a/0x70
[   24.765207][  T399]  kasan_set_free_info+0x23/0x40
[   24.770138][  T399]  ____kasan_slab_free+0x125/0x160
[   24.775231][  T399]  __kasan_slab_free+0x11/0x20
[   24.779974][  T399]  slab_free_freelist_hook+0xc5/0x190
[   24.785328][  T399]  kfree+0xc0/0x270
[   24.789115][  T399]  skb_release_data+0x532/0x670
[   24.793944][  T399]  consume_skb+0xab/0x1f0
[   24.798249][  T399]  netlink_broadcast_filtered+0x117d/0x1270
[   24.804129][  T399]  nlmsg_notify+0xed/0x1b0
[   24.808547][  T399]  rtmsg_ifinfo+0xea/0x130
[   24.812940][  T399]  netdev_state_change+0x190/0x230
[   24.818029][  T399]  linkwatch_do_dev+0x102/0x140
[   24.822858][  T399]  __linkwatch_run_queue+0x4b1/0x7c0
[   24.828118][  T399]  linkwatch_event+0x4c/0x60
[   24.832687][  T399]  process_one_work+0x6e1/0xba0
[   24.837610][  T399]  worker_thread+0xcf8/0x13c0
[   24.842280][  T399]  kthread+0x346/0x3d0
[   24.846339][  T399]  ret_from_fork+0x1f/0x30
[   24.850732][  T399] 
[   24.853041][  T399] The buggy address belongs to the object at ffff8881111c8000
[   24.853041][  T399]  which belongs to the cache kmalloc-2k of size 2048
[   24.867090][  T399] The buggy address is located 112 bytes inside of
[   24.867090][  T399]  2048-byte region [ffff8881111c8000, ffff8881111c8800)
[   24.880429][  T399] The buggy address belongs to the page:
[   24.886045][  T399] page:ffffea0004447200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1111c8
[   24.896353][  T399] head:ffffea0004447200 order:3 compound_mapcount:0 compound_pincount:0
[   24.904752][  T399] flags: 0x4000000000010200(slab|head)
[   24.910300][  T399] raw: 4000000000010200 dead000000000100 dead000000000122 ffff888100042d80
[   24.918866][  T399] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
[   24.927618][  T399] page dumped because: kasan: bad access detected
[   24.934025][  T399] page_owner tracks the page as allocated
[   24.939733][  T399] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d28c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 7, ts 24243513397, free_ts 24243144714
[   24.960886][  T399]  prep_new_page+0x179/0x180
[   24.965459][  T399]  get_page_from_freelist+0x223b/0x23d0
[   24.970981][  T399]  __alloc_pages_nodemask+0x290/0x620
[   24.976330][  T399]  new_slab+0x84/0x3f0
[   24.980375][  T399]  ___slab_alloc+0x2a6/0x450
[   24.984940][  T399]  __slab_alloc+0x63/0xa0
[   24.989268][  T399]  __kmalloc_track_caller+0x1ec/0x320
[   24.994616][  T399]  pskb_expand_head+0x123/0x1110
[   24.999567][  T399]  netlink_trim+0x193/0x230
[   25.004053][  T399]  netlink_broadcast_filtered+0x78/0x1270
[   25.009790][  T399]  nlmsg_notify+0xed/0x1b0
[   25.014210][  T399]  rtmsg_ifinfo+0xea/0x130
[   25.018631][  T399]  netdev_state_change+0x190/0x230
[   25.023853][  T399]  linkwatch_do_dev+0x102/0x140
[   25.028833][  T399]  __linkwatch_run_queue+0x4b1/0x7c0
[   25.034100][  T399]  linkwatch_event+0x4c/0x60
[   25.038667][  T399] page last free stack trace:
[   25.043331][  T399]  __free_pages_ok+0x80b/0x830
[   25.048085][  T399]  __free_pages+0xd8/0x3b0
[   25.052569][  T399]  __free_slab+0xcf/0x190
[   25.056906][  T399]  unfreeze_partials+0x15f/0x190
[   25.061819][  T399]  put_cpu_partial+0xc1/0x180
[   25.066470][  T399]  __slab_free+0x2c9/0x3a0
[   25.070863][  T399]  ___cache_free+0x10e/0x130
[   25.075434][  T399]  qlink_free+0x50/0x90
[   25.079658][  T399]  qlist_free_all+0x5f/0xb0
[   25.084147][  T399]  kasan_quarantine_reduce+0x14a/0x160
[   25.089598][  T399]  __kasan_slab_alloc+0x2f/0xf0
[   25.094445][  T399]  slab_post_alloc_hook+0x5d/0x2f0
[   25.099553][  T399]  kmem_cache_alloc_trace+0x15d/0x2e0
[   25.104908][  T399]  syslog_print+0x133/0x750
[   25.109479][  T399]  do_syslog+0x94c/0x9a0
[   25.113705][  T399]  __x64_sys_syslog+0x7c/0x90
[   25.118376][  T399] 
[   25.120689][  T399] Memory state around the buggy address:
[   25.126303][  T399]  ffff8881111c7f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.134371][  T399]  ffff8881111c7f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.142577][  T399] >ffff8881111c8000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   25.150640][  T399]                                                              ^
[   25.158347][  T399]  ffff8881111c8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   25.166401][  T399]  ffff8881111c8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   25.174438][  T399] ==================================================================
[   25.182593][  T399] Disabling lock debugging due to kernel taint