syzkaller syzkaller login: [ 10.864710][ T24] kauditd_printk_skb: 48 callbacks suppressed [ 10.864728][ T24] audit: type=1400 audit(1779653645.710:59): avc: denied { transition } for pid=215 comm="sshd-session" path="/bin/sh" dev="sda1" ino=90 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 10.869836][ T24] audit: type=1400 audit(1779653645.710:60): avc: denied { noatsecure } for pid=215 comm="sshd-session" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 10.873809][ T24] audit: type=1400 audit(1779653645.710:61): avc: denied { write } for pid=215 comm="sh" path="pipe:[14302]" dev="pipefs" ino=14302 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 10.877287][ T24] audit: type=1400 audit(1779653645.710:62): avc: denied { rlimitinh } for pid=215 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 10.880430][ T24] audit: type=1400 audit(1779653645.710:63): avc: denied { siginh } for pid=215 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.0.144' (ED25519) to the list of known hosts. 2026/05/24 20:14:14 parsed 1 programs [ 19.600530][ T24] audit: type=1400 audit(1779653654.440:64): avc: denied { node_bind } for pid=287 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 19.605347][ T24] audit: type=1400 audit(1779653654.440:65): avc: denied { create } for pid=287 comm="syz-execprog" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 19.609371][ T24] audit: type=1400 audit(1779653654.440:66): avc: denied { module_request } for pid=287 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 20.179942][ T24] audit: type=1400 audit(1779653655.020:67): avc: denied { mounton } for pid=295 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2024 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 20.181006][ T295] cgroup: Unknown subsys name 'net' [ 20.202586][ T24] audit: type=1400 audit(1779653655.020:68): avc: denied { mount } for pid=295 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 20.229836][ T24] audit: type=1400 audit(1779653655.050:69): avc: denied { unmount } for pid=295 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 20.230001][ T295] cgroup: Unknown subsys name 'devices' [ 20.344246][ T295] cgroup: Unknown subsys name 'hugetlb' [ 20.349840][ T295] cgroup: Unknown subsys name 'rlimit' [ 20.492630][ T24] audit: type=1400 audit(1779653655.330:70): avc: denied { setattr } for pid=295 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=253 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 20.516107][ T24] audit: type=1400 audit(1779653655.340:71): avc: denied { create } for pid=295 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 20.521350][ T298] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 20.536647][ T24] audit: type=1400 audit(1779653655.340:72): avc: denied { write } for pid=295 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 20.565382][ T24] audit: type=1400 audit(1779653655.340:73): avc: denied { read } for pid=295 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 20.600256][ T295] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 21.038368][ T300] request_module fs-gadgetfs succeeded, but still no fs? [ 21.049601][ T300] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 21.142173][ T309] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.149395][ T309] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.156944][ T309] device bridge_slave_0 entered promiscuous mode [ 21.164582][ T309] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.171694][ T309] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.178991][ T309] device bridge_slave_1 entered promiscuous mode [ 21.210347][ T309] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.217381][ T309] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.224687][ T309] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.231691][ T309] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.247607][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.254816][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.262091][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 21.269932][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 21.278604][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 21.286747][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.293793][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.303016][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 21.311164][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.318194][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.329443][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 21.339244][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 21.351472][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 21.361864][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 21.370051][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 21.377598][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 21.386783][ T309] device veth0_vlan entered promiscuous mode [ 21.395966][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 21.404827][ T309] device veth1_macvtap entered promiscuous mode [ 21.413945][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 21.423752][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 2026/05/24 20:14:16 executed programs: 0 [ 22.055875][ T365] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.063223][ T365] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.070616][ T365] device bridge_slave_0 entered promiscuous mode [ 22.079845][ T365] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.087370][ T365] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.094694][ T365] device bridge_slave_1 entered promiscuous mode [ 22.129383][ T365] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.136510][ T365] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.143859][ T365] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.150860][ T365] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.163699][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.170843][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.180023][ T49] device bridge_slave_1 left promiscuous mode [ 22.186227][ T49] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.193749][ T49] device bridge_slave_0 left promiscuous mode [ 22.199834][ T49] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.207550][ T49] device veth1_macvtap left promiscuous mode [ 22.213650][ T49] device veth0_vlan left promiscuous mode [ 22.318957][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 22.326391][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.334786][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 22.343135][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.351193][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.358250][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.366477][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 22.374825][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.383351][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.390380][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.400347][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 22.408428][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.418197][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 22.426348][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.438322][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.446994][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.457338][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.465353][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.473415][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.480912][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 22.489379][ T365] device veth0_vlan entered promiscuous mode [ 22.498270][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 22.506389][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.515495][ T365] device veth1_macvtap entered promiscuous mode [ 22.523862][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 22.531429][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 22.539811][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 22.549219][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 22.557576][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 22.578061][ T369] ================================================================== [ 22.586165][ T369] BUG: KASAN: slab-out-of-bounds in tc_setup_flow_action+0x842/0x32b0 [ 22.594301][ T369] Read of size 8 at addr ffff888110170cc0 by task syz.2.17/369 [ 22.601825][ T369] [ 22.604173][ T369] CPU: 0 PID: 369 Comm: syz.2.17 Not tainted syzkaller #0 [ 22.611256][ T369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 22.621298][ T369] Call Trace: [ 22.624581][ T369] __dump_stack+0x21/0x24 [ 22.628884][ T369] dump_stack_lvl+0x1a7/0x208 [ 22.633531][ T369] ? show_regs_print_info+0x18/0x18 [ 22.639131][ T369] ? thaw_kernel_threads+0x220/0x220 [ 22.644564][ T369] print_address_description+0x7f/0x2c0 [ 22.650075][ T369] ? tc_setup_flow_action+0x842/0x32b0 [ 22.655500][ T369] kasan_report+0xe2/0x130 [ 22.659889][ T369] ? _raw_spin_lock_irq+0xf0/0xf0 [ 22.664885][ T369] ? tc_setup_flow_action+0x842/0x32b0 [ 22.670310][ T369] __asan_report_load8_noabort+0x14/0x20 [ 22.675915][ T369] tc_setup_flow_action+0x842/0x32b0 [ 22.681265][ T369] ? __kmalloc+0x1a4/0x330 [ 22.685655][ T369] ? flow_rule_alloc+0x32/0x2c0 [ 22.690477][ T369] mall_replace_hw_filter+0x2cc/0x8a0 [ 22.695821][ T369] ? pcpu_block_update_hint_alloc+0x8bf/0xc50 [ 22.701860][ T369] ? mall_set_parms+0x410/0x410 [ 22.706786][ T369] ? tcf_exts_destroy+0xb0/0xb0 [ 22.711603][ T369] ? pcpu_alloc+0xf9b/0x16b0 [ 22.716166][ T369] ? mall_set_parms+0x19d/0x410 [ 22.720983][ T369] mall_change+0x546/0x760 [ 22.725369][ T369] ? __kasan_check_write+0x14/0x20 [ 22.730455][ T369] ? mall_get+0xa0/0xa0 [ 22.734665][ T369] ? tcf_chain_tp_insert_unique+0xac1/0xc10 [ 22.740524][ T369] ? nla_strcmp+0xf4/0x140 [ 22.744996][ T369] tc_new_tfilter+0x1452/0x1a90 [ 22.749824][ T369] ? mall_get+0xa0/0xa0 [ 22.753947][ T369] ? tcf_gate_entry_destructor+0x20/0x20 [ 22.759591][ T369] ? security_capable+0x87/0xb0 [ 22.764410][ T369] ? ns_capable+0x8c/0xf0 [ 22.768714][ T369] ? netlink_net_capable+0x125/0x160 [ 22.774139][ T369] ? tcf_gate_entry_destructor+0x20/0x20 [ 22.779881][ T369] rtnetlink_rcv_msg+0x845/0xcc0 [ 22.784805][ T369] ? rtnetlink_bind+0x80/0x80 [ 22.789463][ T369] ? arch_stack_walk+0xee/0x140 [ 22.794463][ T369] ? stack_trace_save+0xa6/0xf0 [ 22.799282][ T369] ? stack_trace_snprint+0xf0/0xf0 [ 22.804363][ T369] ? do_syscall_64+0x31/0x40 [ 22.808948][ T369] ? avc_has_perm+0x168/0x3d0 [ 22.813602][ T369] ? memcpy+0x56/0x70 [ 22.817554][ T369] ? avc_has_perm+0x27f/0x3d0 [ 22.822198][ T369] ? __kasan_slab_alloc+0xbd/0xf0 [ 22.827192][ T369] ? slab_post_alloc_hook+0x5d/0x2f0 [ 22.832555][ T369] ? avc_has_perm_noaudit+0x260/0x260 [ 22.837893][ T369] ? selinux_nlmsg_lookup+0x3fb/0x4a0 [ 22.843231][ T369] netlink_rcv_skb+0x1f5/0x440 [ 22.847973][ T369] ? rtnetlink_bind+0x80/0x80 [ 22.852613][ T369] ? netlink_ack+0xb70/0xb70 [ 22.857176][ T369] ? __netlink_lookup+0x387/0x3b0 [ 22.862184][ T369] rtnetlink_rcv+0x1c/0x20 [ 22.866590][ T369] netlink_unicast+0x876/0xa40 [ 22.871333][ T369] netlink_sendmsg+0x89c/0xb50 [ 22.876078][ T369] ? netlink_getsockopt+0x530/0x530 [ 22.881507][ T369] ? get_futex_key+0x718/0xc70 [ 22.886257][ T369] ? security_socket_sendmsg+0x82/0xa0 [ 22.891690][ T369] ? netlink_getsockopt+0x530/0x530 [ 22.896864][ T369] ____sys_sendmsg+0x5b7/0x8f0 [ 22.901600][ T369] ? __sys_sendmsg_sock+0x40/0x40 [ 22.906599][ T369] ? import_iovec+0x7c/0xb0 [ 22.911068][ T369] ___sys_sendmsg+0x236/0x2e0 [ 22.915711][ T369] ? __sys_sendmsg+0x280/0x280 [ 22.920446][ T369] ? __kasan_check_read+0x11/0x20 [ 22.925436][ T369] ? __fdget+0x15b/0x230 [ 22.929771][ T369] __x64_sys_sendmsg+0x1f9/0x2c0 [ 22.934727][ T369] ? __kasan_check_write+0x14/0x20 [ 22.939813][ T369] ? ___sys_sendmsg+0x2e0/0x2e0 [ 22.944637][ T369] ? debug_smp_processor_id+0x17/0x20 [ 22.949982][ T369] ? fpregs_assert_state_consistent+0xb1/0xe0 [ 22.956019][ T369] ? exit_to_user_mode_prepare+0x2f/0xa0 [ 22.961624][ T369] do_syscall_64+0x31/0x40 [ 22.966026][ T369] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 22.971985][ T369] RIP: 0033:0x7f229322de59 [ 22.976386][ T369] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 22.996055][ T369] RSP: 002b:00007ffc6f84dea8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 23.004441][ T369] RAX: ffffffffffffffda RBX: 00007f22934a6fa0 RCX: 00007f229322de59 [ 23.012489][ T369] RDX: 0000000020000000 RSI: 0000200000000040 RDI: 0000000000000003 [ 23.020558][ T369] RBP: 00007f22932c3d6f R08: 0000000000000000 R09: 0000000000000000 [ 23.028606][ T369] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 23.036552][ T369] R13: 00007f22934a6fac R14: 00007f22934a6fa0 R15: 00007f22934a6fa0 [ 23.044505][ T369] [ 23.046802][ T369] Allocated by task 369: [ 23.051186][ T369] __kasan_kmalloc+0xda/0x110 [ 23.055855][ T369] __kmalloc+0x1a4/0x330 [ 23.060063][ T369] tcf_idr_create+0x5f/0x790 [ 23.064619][ T369] tcf_idr_create_from_flags+0x61/0x70 [ 23.070045][ T369] tcf_gact_init+0x2e6/0x560 [ 23.074614][ T369] tcf_action_init_1+0x443/0x6e0 [ 23.079538][ T369] tcf_action_init+0x227/0x780 [ 23.084275][ T369] tcf_exts_validate+0x248/0x570 [ 23.089223][ T369] mall_set_parms+0x4b/0x410 [ 23.093782][ T369] mall_change+0x47a/0x760 [ 23.098178][ T369] tc_new_tfilter+0x1452/0x1a90 [ 23.103001][ T369] rtnetlink_rcv_msg+0x845/0xcc0 [ 23.107911][ T369] netlink_rcv_skb+0x1f5/0x440 [ 23.112649][ T369] rtnetlink_rcv+0x1c/0x20 [ 23.117040][ T369] netlink_unicast+0x876/0xa40 [ 23.121767][ T369] netlink_sendmsg+0x89c/0xb50 [ 23.126504][ T369] ____sys_sendmsg+0x5b7/0x8f0 [ 23.131261][ T369] ___sys_sendmsg+0x236/0x2e0 [ 23.135911][ T369] __x64_sys_sendmsg+0x1f9/0x2c0 [ 23.140821][ T369] do_syscall_64+0x31/0x40 [ 23.145262][ T369] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 23.151120][ T369] [ 23.153426][ T369] The buggy address belongs to the object at ffff888110170c00 [ 23.153426][ T369] which belongs to the cache kmalloc-192 of size 192 [ 23.167449][ T369] The buggy address is located 0 bytes to the right of [ 23.167449][ T369] 192-byte region [ffff888110170c00, ffff888110170cc0) [ 23.181038][ T369] The buggy address belongs to the page: [ 23.186663][ T369] page:ffffea0004405c00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x110170 [ 23.196900][ T369] flags: 0x4000000000000200(slab) [ 23.201903][ T369] raw: 4000000000000200 dead000000000100 dead000000000122 ffff888100043380 [ 23.210462][ T369] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 23.219020][ T369] page dumped because: kasan: bad access detected [ 23.225415][ T369] page_owner tracks the page as allocated [ 23.231111][ T369] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 365, ts 22573613536, free_ts 22573602749 [ 23.246962][ T369] prep_new_page+0x179/0x180 [ 23.251541][ T369] get_page_from_freelist+0x223b/0x23d0 [ 23.257057][ T369] __alloc_pages_nodemask+0x290/0x620 [ 23.262397][ T369] new_slab+0x84/0x3f0 [ 23.266446][ T369] ___slab_alloc+0x2a6/0x450 [ 23.271011][ T369] __slab_alloc+0x63/0xa0 [ 23.275305][ T369] kmem_cache_alloc_trace+0x1b0/0x2e0 [ 23.280731][ T369] kernfs_fop_open+0x343/0xb30 [ 23.285551][ T369] do_dentry_open+0x793/0x1090 [ 23.290368][ T369] vfs_open+0x73/0x80 [ 23.294428][ T369] path_openat+0x280f/0x31c0 [ 23.298986][ T369] do_filp_open+0x1e2/0x410 [ 23.303543][ T369] do_sys_openat2+0x19f/0x750 [ 23.308182][ T369] __x64_sys_openat+0x136/0x160 [ 23.313005][ T369] do_syscall_64+0x31/0x40 [ 23.317394][ T369] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 23.323250][ T369] page last free stack trace: [ 23.327931][ T369] free_unref_page_prepare+0x2b7/0x2d0 [ 23.333373][ T369] __free_pages+0x146/0x3b0 [ 23.337853][ T369] free_pages+0x82/0x90 [ 23.342095][ T369] selinux_genfs_get_sid+0x20b/0x250 [ 23.347354][ T369] inode_doinit_with_dentry+0x879/0xd70 [ 23.352876][ T369] selinux_d_instantiate+0x27/0x40 [ 23.357976][ T369] security_d_instantiate+0x9e/0xf0 [ 23.363148][ T369] d_splice_alias+0x6d/0x390 [ 23.367730][ T369] kernfs_iop_lookup+0x2c5/0x310 [ 23.372643][ T369] path_openat+0x1140/0x31c0 [ 23.377208][ T369] do_filp_open+0x1e2/0x410 [ 23.381681][ T369] do_sys_openat2+0x19f/0x750 [ 23.386342][ T369] __x64_sys_openat+0x136/0x160 [ 23.391160][ T369] do_syscall_64+0x31/0x40 [ 23.395806][ T369] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 23.401670][ T369] [ 23.403964][ T369] Memory state around the buggy address: [ 23.409562][ T369] ffff888110170b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 23.417677][ T369] ffff888110170c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.425709][ T369] >ffff888110170c80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 23.433736][ T369] ^ [ 23.439857][ T369] ffff888110170d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.447886][ T369] ffff888110170d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.455917][ T369] ================================================================== [ 23.464126][ T369] Disabling lock debugging due to kernel taint