syzkaller
syzkaller login: [ 14.149485][ T28] kauditd_printk_skb: 31 callbacks suppressed
[ 14.149500][ T28] audit: type=1400 audit(1770627851.357:59): avc: denied { transition } for pid=224 comm="sshd-session" path="/bin/sh" dev="sda1" ino=90 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 14.154241][ T28] audit: type=1400 audit(1770627851.357:60): avc: denied { noatsecure } for pid=224 comm="sshd-session" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 14.157954][ T28] audit: type=1400 audit(1770627851.367:61): avc: denied { write } for pid=224 comm="sh" path="pipe:[14106]" dev="pipefs" ino=14106 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 14.161283][ T28] audit: type=1400 audit(1770627851.367:62): avc: denied { rlimitinh } for pid=224 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 14.164247][ T28] audit: type=1400 audit(1770627851.367:63): avc: denied { siginh } for pid=224 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
Warning: Permanently added '10.128.1.155' (ED25519) to the list of known hosts.
2026/02/09 09:04:31 parsed 1 programs
[ 34.328233][ T28] audit: type=1400 audit(1770627871.537:64): avc: denied { node_bind } for pid=283 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[ 34.349708][ T28] audit: type=1400 audit(1770627871.537:65): avc: denied { module_request } for pid=283 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[ 35.469445][ T28] audit: type=1400 audit(1770627872.677:66): avc: denied { mounton } for pid=289 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[ 35.472611][ T289] cgroup: Unknown subsys name 'net'
[ 35.492393][ T28] audit: type=1400 audit(1770627872.677:67): avc: denied { mount } for pid=289 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 35.519893][ T28] audit: type=1400 audit(1770627872.717:68): avc: denied { unmount } for pid=289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 35.520356][ T289] cgroup: Unknown subsys name 'devices'
[ 35.666000][ T289] cgroup: Unknown subsys name 'hugetlb'
[ 35.671653][ T289] cgroup: Unknown subsys name 'rlimit'
[ 35.785352][ T28] audit: type=1400 audit(1770627872.997:69): avc: denied { setattr } for pid=289 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 35.808591][ T28] audit: type=1400 audit(1770627872.997:70): avc: denied { create } for pid=289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[ 35.829043][ T28] audit: type=1400 audit(1770627872.997:71): avc: denied { write } for pid=289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 35.849920][ T28] audit: type=1400 audit(1770627872.997:72): avc: denied { read } for pid=289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 35.864736][ T294] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped).
[ 35.870960][ T28] audit: type=1400 audit(1770627872.997:73): avc: denied { mounton } for pid=289 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 35.908285][ T289] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 36.606941][ T296] request_module fs-gadgetfs succeeded, but still no fs?
[ 37.254565][ T338] bridge0: port 1(bridge_slave_0) entered blocking state
[ 37.261657][ T338] bridge0: port 1(bridge_slave_0) entered disabled state
[ 37.269463][ T338] device bridge_slave_0 entered promiscuous mode
[ 37.276991][ T338] bridge0: port 2(bridge_slave_1) entered blocking state
[ 37.284190][ T338] bridge0: port 2(bridge_slave_1) entered disabled state
[ 37.291692][ T338] device bridge_slave_1 entered promiscuous mode
[ 37.339872][ T338] bridge0: port 2(bridge_slave_1) entered blocking state
[ 37.346963][ T338] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 37.354289][ T338] bridge0: port 1(bridge_slave_0) entered blocking state
[ 37.361375][ T338] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 37.383122][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 37.390933][ T314] bridge0: port 1(bridge_slave_0) entered disabled state
[ 37.398692][ T314] bridge0: port 2(bridge_slave_1) entered disabled state
[ 37.407851][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 37.416416][ T314] bridge0: port 1(bridge_slave_0) entered blocking state
[ 37.423476][ T314] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 37.432826][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 37.441398][ T314] bridge0: port 2(bridge_slave_1) entered blocking state
[ 37.448514][ T314] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 37.461360][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 37.471243][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 37.486174][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 37.498080][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 37.506544][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 37.514267][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 37.522612][ T338] device veth0_vlan entered promiscuous mode
[ 37.534125][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 37.543339][ T338] device veth1_macvtap entered promiscuous mode
[ 37.553651][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 37.571243][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 37.613913][ T338] syz-executor (338) used greatest stack depth: 21760 bytes left
2026/02/09 09:04:35 executed programs: 0
[ 37.947011][ T362] bridge0: port 1(bridge_slave_0) entered blocking state
[ 37.954120][ T362] bridge0: port 1(bridge_slave_0) entered disabled state
[ 37.961522][ T362] device bridge_slave_0 entered promiscuous mode
[ 37.969154][ T362] bridge0: port 2(bridge_slave_1) entered blocking state
[ 37.976277][ T362] bridge0: port 2(bridge_slave_1) entered disabled state
[ 37.983904][ T362] device bridge_slave_1 entered promiscuous mode
[ 38.040410][ T362] bridge0: port 2(bridge_slave_1) entered blocking state
[ 38.047487][ T362] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 38.054884][ T362] bridge0: port 1(bridge_slave_0) entered blocking state
[ 38.061911][ T362] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 38.085452][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 38.093242][ T314] bridge0: port 1(bridge_slave_0) entered disabled state
[ 38.101295][ T314] bridge0: port 2(bridge_slave_1) entered disabled state
[ 38.110810][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 38.119296][ T314] bridge0: port 1(bridge_slave_0) entered blocking state
[ 38.126359][ T314] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 38.137611][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 38.145893][ T314] bridge0: port 2(bridge_slave_1) entered blocking state
[ 38.152929][ T314] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 38.165254][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 38.174806][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 38.189903][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 38.201791][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 38.210143][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 38.217676][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 38.226312][ T362] device veth0_vlan entered promiscuous mode
[ 38.237366][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 38.246675][ T362] device veth1_macvtap entered promiscuous mode
[ 38.256966][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 38.267700][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 38.299045][ T373] loop2: detected capacity change from 0 to 1024
[ 38.305768][ T373] =======================================================
[ 38.305768][ T373] WARNING: The mand mount option has been deprecated and
[ 38.305768][ T373] and is ignored by this kernel. Remove the mand
[ 38.305768][ T373] option from the mount to silence this warning.
[ 38.305768][ T373] =======================================================
[ 38.345754][ T373] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 38.361649][ T362] EXT4-fs (loop2): unmounting filesystem.
[ 38.381606][ T378] loop2: detected capacity change from 0 to 1024
[ 38.400784][ T378] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 38.414710][ T362] EXT4-fs (loop2): unmounting filesystem.
[ 38.432948][ T381] loop2: detected capacity change from 0 to 1024
[ 38.445116][ T381] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 38.459673][ T362] EXT4-fs (loop2): unmounting filesystem.
[ 38.478423][ T384] loop2: detected capacity change from 0 to 1024
[ 38.495220][ T384] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 38.511730][ T362] EXT4-fs (loop2): unmounting filesystem.
[ 38.527643][ T387] loop2: detected capacity change from 0 to 1024
[ 38.547710][ T387] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 38.561105][ T362] EXT4-fs (loop2): unmounting filesystem.
[ 38.576629][ T390] loop2: detected capacity change from 0 to 1024
[ 38.595396][ T390] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 38.608870][ T362] EXT4-fs (loop2): unmounting filesystem.
[ 38.624198][ T393] loop2: detected capacity change from 0 to 1024
[ 38.635073][ T393] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 38.650405][ T362] EXT4-fs (loop2): unmounting filesystem.
[ 38.670115][ T396] loop2: detected capacity change from 0 to 1024
[ 38.685830][ T396] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 38.698685][ T362] EXT4-fs (loop2): unmounting filesystem.
[ 38.715700][ T43] device bridge_slave_1 left promiscuous mode
[ 38.719137][ T399] loop2: detected capacity change from 0 to 1024
[ 38.722012][ T43] bridge0: port 2(bridge_slave_1) entered disabled state
[ 38.737483][ T43] device bridge_slave_0 left promiscuous mode
[ 38.744230][ T43] bridge0: port 1(bridge_slave_0) entered disabled state
[ 38.752572][ T43] device veth1_macvtap left promiscuous mode
[ 38.758963][ T43] device veth0_vlan left promiscuous mode
[ 38.768655][ T399] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 38.797494][ T362] EXT4-fs (loop2): unmounting filesystem.
[ 38.814644][ T402] loop2: detected capacity change from 0 to 1024
[ 38.835232][ T402] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 38.856437][ T362] EXT4-fs (loop2): unmounting filesystem.
[ 38.876282][ T406] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 38.888374][ T362] EXT4-fs (loop2): unmounting filesystem.
[ 38.919733][ T409] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 38.933532][ T362] EXT4-fs (loop2): unmounting filesystem.
[ 38.955848][ T412] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 38.968681][ T362] EXT4-fs (loop2): unmounting filesystem.
[ 38.995134][ T415] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 39.016360][ T362] EXT4-fs (loop2): unmounting filesystem.
[ 39.045049][ T418] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 39.057931][ T362] EXT4-fs (loop2): unmounting filesystem.
[ 39.094938][ T421] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 39.108642][ T362] EXT4-fs (loop2): unmounting filesystem.
[ 39.135019][ T424] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 39.150462][ T362] EXT4-fs (loop2): unmounting filesystem.
[ 39.175297][ T427] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 39.189637][ T362] EXT4-fs (loop2): unmounting filesystem.
[ 39.215043][ T430] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 39.228163][ T362] EXT4-fs (loop2): unmounting filesystem.
[ 39.254974][ T433] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 39.269804][ T362] EXT4-fs (loop2): unmounting filesystem.
[ 39.295005][ T436] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 39.309677][ T362] EXT4-fs (loop2): unmounting filesystem.
[ 39.345189][ T439] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 39.359086][ T362] EXT4-fs (loop2): unmounting filesystem.
[ 39.387015][ T442] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 39.399620][ T362] EXT4-fs (loop2): unmounting filesystem.
[ 39.425176][ T445] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 39.443171][ T362] EXT4-fs (loop2): unmounting filesystem.
[ 39.467880][ T448] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 39.480479][ T362] EXT4-fs (loop2): unmounting filesystem.
[ 39.504964][ T451] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 39.522147][ T362] EXT4-fs (loop2): unmounting filesystem.
[ 39.545708][ T454] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 39.559460][ T362] EXT4-fs (loop2): unmounting filesystem.
[ 39.585342][ T457] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 39.597176][ T362] EXT4-fs (loop2): unmounting filesystem.
[ 39.626348][ T460] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 39.638887][ T362] EXT4-fs (loop2): unmounting filesystem.
[ 39.664955][ T463] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 39.676767][ T362] EXT4-fs (loop2): unmounting filesystem.
[ 39.706545][ T466] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 39.719087][ T362] EXT4-fs (loop2): unmounting filesystem.
[ 39.745175][ T469] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 39.759022][ T362] EXT4-fs (loop2): unmounting filesystem.
[ 40.066475][ T512] ==================================================================
[ 40.074605][ T512] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x979/0x21d0
[ 40.082466][ T512] Read of size 18446744073709551588 at addr ffff88811dc7c040 by task syz.2.62/512
[ 40.091788][ T512]
[ 40.094155][ T512] CPU: 1 PID: 512 Comm: syz.2.62 Not tainted syzkaller #0
[ 40.101296][ T512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 40.111415][ T512] Call Trace:
[ 40.114733][ T512]
[ 40.117696][ T512] __dump_stack+0x21/0x24
[ 40.122076][ T512] dump_stack_lvl+0x110/0x170
[ 40.126801][ T512] ? __cfi_dump_stack_lvl+0x8/0x8
[ 40.131895][ T512] ? kasan_save_alloc_info+0x25/0x30
[ 40.137573][ T512] ? ext4_xattr_block_set+0x9d5/0x3260
[ 40.143079][ T512] ? ext4_xattr_set+0x242/0x320
[ 40.147981][ T512] ? ext4_xattr_trusted_set+0x3c/0x50
[ 40.153399][ T512] ? ext4_xattr_set_entry+0x979/0x21d0
[ 40.158899][ T512] print_address_description+0x71/0x200
[ 40.164458][ T512] print_report+0x4a/0x60
[ 40.168792][ T512] kasan_report+0x122/0x150
[ 40.173322][ T512] ? ext4_xattr_set_entry+0x979/0x21d0
[ 40.178878][ T512] ? ext4_xattr_set_entry+0x979/0x21d0
[ 40.184349][ T512] kasan_check_range+0x249/0x2a0
[ 40.189316][ T512] ? ext4_xattr_set_entry+0x979/0x21d0
[ 40.194777][ T512] memmove+0x2d/0x70
[ 40.198671][ T512] ext4_xattr_set_entry+0x979/0x21d0
[ 40.203973][ T512] ext4_xattr_block_set+0xad3/0x3260
[ 40.209268][ T512] ? __kasan_check_write+0x14/0x20
[ 40.214387][ T512] ? iput+0x620/0x670
[ 40.218417][ T512] ? ext4_xattr_block_find+0x310/0x310
[ 40.223888][ T512] ext4_xattr_set_handle+0x10e8/0x12c0
[ 40.229474][ T512] ? __cfi_ext4_xattr_set_handle+0x10/0x10
[ 40.235285][ T512] ? __kasan_check_read+0x11/0x20
[ 40.240313][ T512] ? __ext4_journal_start_sb+0x2ed/0x4a0
[ 40.245950][ T512] ext4_xattr_set+0x242/0x320
[ 40.250648][ T512] ? __kasan_kmalloc+0x95/0xb0
[ 40.255417][ T512] ? __kmalloc_node+0xb2/0x1e0
[ 40.260195][ T512] ? __cfi_ext4_xattr_set+0x10/0x10
[ 40.265401][ T512] ? selinux_inode_setxattr+0x5cf/0xbf0
[ 40.270979][ T512] ext4_xattr_trusted_set+0x3c/0x50
[ 40.276201][ T512] ? __cfi_ext4_xattr_trusted_set+0x10/0x10
[ 40.282115][ T512] __vfs_setxattr+0x3f2/0x440
[ 40.286808][ T512] __vfs_setxattr_noperm+0x12a/0x5e0
[ 40.292111][ T512] __vfs_setxattr_locked+0x212/0x230
[ 40.297414][ T512] vfs_setxattr+0x167/0x2e0
[ 40.302028][ T512] ? __cfi_vfs_setxattr+0x10/0x10
[ 40.307073][ T512] ? __kasan_check_write+0x14/0x20
[ 40.312194][ T512] setxattr+0x346/0x360
[ 40.316358][ T512] ? path_setxattr+0x290/0x290
[ 40.321133][ T512] ? __mnt_want_write+0x1e6/0x260
[ 40.326155][ T512] ? mnt_want_write+0x220/0x300
[ 40.331017][ T512] path_setxattr+0x147/0x290
[ 40.335649][ T512] ? simple_xattr_list_add+0x120/0x120
[ 40.341127][ T512] __x64_sys_lsetxattr+0xc2/0xe0
[ 40.346077][ T512] x64_sys_call+0x8b7/0x9a0
[ 40.350589][ T512] do_syscall_64+0x4c/0xa0
[ 40.355007][ T512] ? clear_bhb_loop+0x30/0x80
[ 40.359683][ T512] ? clear_bhb_loop+0x30/0x80
[ 40.364365][ T512] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 40.370299][ T512] RIP: 0033:0x7fd6f219aeb9
[ 40.374724][ T512] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 40.394359][ T512] RSP: 002b:00007fff2fbd2118 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd
[ 40.402984][ T512] RAX: ffffffffffffffda RBX: 00007fd6f2415fa0 RCX: 00007fd6f219aeb9
[ 40.410978][ T512] RDX: 0000200000000000 RSI: 0000200000000180 RDI: 00002000000001c0
[ 40.419038][ T512] RBP: 00007fd6f2208c1f R08: 0000000000000000 R09: 0000000000000000
[ 40.427008][ T512] R10: 0000000000000361 R11: 0000000000000246 R12: 0000000000000000
[ 40.435064][ T512] R13: 00007fd6f2415fac R14: 00007fd6f2415fa0 R15: 00007fd6f2415fa0
[ 40.443040][ T512]
[ 40.446054][ T512]
[ 40.448372][ T512] Allocated by task 512:
[ 40.452606][ T512] kasan_set_track+0x4b/0x70
[ 40.457198][ T512] kasan_save_alloc_info+0x25/0x30
[ 40.462335][ T512] __kasan_kmalloc+0x95/0xb0
[ 40.466928][ T512] __kmalloc_node_track_caller+0xb1/0x1e0
[ 40.472664][ T512] kmemdup+0x2b/0x60
[ 40.476566][ T512] ext4_xattr_block_set+0x9d5/0x3260
[ 40.481852][ T512] ext4_xattr_set_handle+0x10e8/0x12c0
[ 40.487313][ T512] ext4_xattr_set+0x242/0x320
[ 40.491991][ T512] ext4_xattr_trusted_set+0x3c/0x50
[ 40.497218][ T512] __vfs_setxattr+0x3f2/0x440
[ 40.501900][ T512] __vfs_setxattr_noperm+0x12a/0x5e0
[ 40.507217][ T512] __vfs_setxattr_locked+0x212/0x230
[ 40.512589][ T512] vfs_setxattr+0x167/0x2e0
[ 40.517092][ T512] setxattr+0x346/0x360
[ 40.521253][ T512] path_setxattr+0x147/0x290
[ 40.525852][ T512] __x64_sys_lsetxattr+0xc2/0xe0
[ 40.530791][ T512] x64_sys_call+0x8b7/0x9a0
[ 40.535294][ T512] do_syscall_64+0x4c/0xa0
[ 40.539712][ T512] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 40.545606][ T512]
[ 40.547922][ T512] The buggy address belongs to the object at ffff88811dc7c000
[ 40.547922][ T512] which belongs to the cache kmalloc-1k of size 1024
[ 40.561980][ T512] The buggy address is located 64 bytes inside of
[ 40.561980][ T512] 1024-byte region [ffff88811dc7c000, ffff88811dc7c400)
[ 40.575262][ T512]
[ 40.577603][ T512] The buggy address belongs to the physical page:
[ 40.584031][ T512] page:ffffea0004771e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11dc78
[ 40.594288][ T512] head:ffffea0004771e00 order:3 compound_mapcount:0 compound_pincount:0
[ 40.602740][ T512] flags: 0x4000000000010200(slab|head|zone=1)
[ 40.608842][ T512] raw: 4000000000010200 ffffea000456ea00 dead000000000002 ffff888100043080
[ 40.617442][ T512] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 40.626037][ T512] page dumped because: kasan: bad access detected
[ 40.632557][ T512] page_owner tracks the page as allocated
[ 40.638375][ T512] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 143, tgid 143 (dhcpcd), ts 7016320274, free_ts 0
[ 40.658101][ T512] post_alloc_hook+0x1f5/0x210
[ 40.662895][ T512] prep_new_page+0x1c/0x110
[ 40.667855][ T512] get_page_from_freelist+0x2d12/0x2d80
[ 40.673430][ T512] __alloc_pages+0x1d9/0x480
[ 40.678041][ T512] alloc_slab_page+0x6e/0xf0
[ 40.682654][ T512] new_slab+0x98/0x3d0
[ 40.686739][ T512] ___slab_alloc+0x6bd/0xb20
[ 40.691345][ T512] __slab_alloc+0x5e/0xa0
[ 40.695698][ T512] __kmem_cache_alloc_node+0x203/0x2c0
[ 40.701178][ T512] __kmalloc_node+0xa1/0x1e0
[ 40.705785][ T512] kvmalloc_node+0x28a/0x460
[ 40.710388][ T512] bpf_jit_binary_pack_alloc+0x1a9/0x420
[ 40.716037][ T512] bpf_int_jit_compile+0xbd61/0xd0d0
[ 40.721334][ T512] bpf_prog_select_runtime+0x8a8/0xbb0
[ 40.726819][ T512] bpf_prepare_filter+0x102e/0x11d0
[ 40.732033][ T512] bpf_prog_create_from_user+0x2c7/0x410
[ 40.737683][ T512] page_owner free stack trace missing
[ 40.743052][ T512]
[ 40.745442][ T512] Memory state around the buggy address:
[ 40.751082][ T512] ffff88811dc7bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 40.759151][ T512] ffff88811dc7bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 40.767398][ T512] >ffff88811dc7c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 40.775566][ T512] ^
[ 40.781746][ T512] ffff88811dc7c080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 40.789829][ T512] ffff88811dc7c100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 40.797904][ T512] ==================================================================
[ 40.814283][ T28] kauditd_printk_skb: 34 callbacks suppressed
[ 40.814298][ T28] audit: type=1400 audit(1770627878.027:108): avc: denied { read } for pid=85 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[ 40.843875][ T512] Disabling lock debugging due to kernel taint
[ 40.844571][ T28] audit: type=1400 audit(1770627878.027:109): avc: denied { search } for pid=85 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 40.872522][ T28] audit: type=1400 audit(1770627878.027:110): avc: denied { write } for pid=85 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 40.894519][ T28] audit: type=1400 audit(1770627878.027:111): avc: denied { add_name } for pid=85 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 40.915701][ T28] audit: type=1400 audit(1770627878.057:112): avc: denied { create } for pid=85 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 40.936710][ T28] audit: type=1400 audit(1770627878.057:113): avc: denied { append open } for pid=85 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 40.960002][ T28] audit: type=1400 audit(1770627878.057:114): avc: denied { getattr } for pid=85 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 41.436116][ C0] BUG: unable to handle page fault for address: fffffffffffffffc
[ 41.439472][ T297] list_add corruption. next->prev should be prev (ffff888117c371b0), but was 0000000000000000. (next=ffff888123c29d50).
[ 41.443891][ C0] #PF: supervisor read access in kernel mode
[ 41.443902][ C0] #PF: error_code(0x0000) - not-present page
[ 41.443923][ C0] PGD 7012067 P4D 7012067 PUD 7014067 PMD 0
[ 41.456862][ T297] ------------[ cut here ]------------
[ 41.462446][ C0]
[ 41.462456][ C0] Oops: 0000 [#1] PREEMPT SMP KASAN
[ 41.468570][ T297] kernel BUG at lib/list_debug.c:29!
[ 41.474416][ C0] CPU: 0 PID: 564 Comm: syz.2.80 Tainted: G B syzkaller #0
[ 41.474438][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 41.511403][ C0] RIP: 0010:__hrtimer_run_queues+0x3ca/0xa00
[ 41.517402][ C0] Code: 53 00 4d 8b 3e 48 8b 7c 24 48 48 8b b4 24 a0 00 00 00 e8 09 0a 9d 03 0f 1f 44 00 00 e8 7f 1f 0e 00 4c 89 e7 41 ba 5f 44 3e 8d <45> 03 57 fc 74 02 0f 0b 41 ff d7 41 89 c6 0f 1f 44 00 00 e8 5e 1f
[ 41.537012][ C0] RSP: 0018:ffffc90000007d40 EFLAGS: 00010006
[ 41.543099][ C0] RAX: ffffffff81634c91 RBX: dffffc0000000000 RCX: ffff88811039d100
[ 41.551069][ C0] RDX: 0000000000010000 RSI: 0000000000000802 RDI: ffffc90000997d00
[ 41.559037][ C0] RBP: ffffc90000007e90 R08: 0000000000000003 R09: 0000000000000004
[ 41.567110][ C0] R10: 000000008d3e445f R11: ffffffff812e9cc0 R12: ffffc90000997d00
[ 41.575092][ C0] R13: 1ffff92000132fa7 R14: ffffc90000997d28 R15: 0000000000000000
[ 41.583071][ C0] FS: 0000555589076500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 41.591996][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 41.598583][ C0] CR2: fffffffffffffffc CR3: 0000000120ce9000 CR4: 00000000003506b0
[ 41.606798][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 41.614772][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 41.622831][ C0] Call Trace:
[ 41.626132][ C0]
[ 41.628984][ C0] ? hrtimer_interrupt+0x8c0/0x8c0
[ 41.634107][ C0] ? ktime_get_update_offsets_now+0x30c/0x320
[ 41.640179][ C0] hrtimer_interrupt+0x3c7/0x8c0
[ 41.645127][ C0] __sysvec_apic_timer_interrupt+0x11e/0x440
[ 41.651109][ C0] sysvec_apic_timer_interrupt+0xa4/0xc0
[ 41.656739][ C0]
[ 41.659668][ C0]
[ 41.662595][ C0] asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 41.668582][ C0] RIP: 0010:__memmove+0x19c/0x1a0
[ 41.673702][ C0] Code: fa 02 72 16 66 44 8b 1e 66 44 8b 54 16 fe 66 44 89 1f 66 44 89 54 17 fe eb 0c 48 83 fa 01 72 06 44 8a 1e 44 88 1f c3 48 89 d1 a4 c3 00 eb 2e 0f 1f 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03
[ 41.693399][ C0] RSP: 0018:ffffc900031073a0 EFLAGS: 00010282
[ 41.699478][ C0] RAX: ffff888122fd3060 RBX: ffffffffffffffe4 RCX: ffffffffff33aefd
[ 41.707890][ C0] RDX: ffffffffffffffe4 RSI: ffff888123c98127 RDI: ffff888123c98147
[ 41.715951][ C0] RBP: ffffc900031073d0 R08: ffff888122fd3024 R09: 0000000000000001
[ 41.724021][ C0] R10: dffffc0000000000 R11: ffffed10245fa680 R12: 0000000000000000
[ 41.732007][ C0] R13: ffffffff81fb9179 R14: ffff888122fd3040 R15: ffff888122fd3060
[ 41.740086][ C0] ? ext4_xattr_set_entry+0x979/0x21d0
[ 41.745570][ C0] ? memmove+0x56/0x70
[ 41.749641][ C0] ext4_xattr_set_entry+0x979/0x21d0
[ 41.754933][ C0] ext4_xattr_block_set+0xad3/0x3260
[ 41.760230][ C0] ? __kasan_check_write+0x14/0x20
[ 41.765342][ C0] ? iput+0x620/0x670
[ 41.769324][ C0] ? ext4_xattr_block_find+0x310/0x310
[ 41.774786][ C0] ext4_xattr_set_handle+0x10e8/0x12c0
[ 41.780253][ C0] ? __cfi_ext4_xattr_set_handle+0x10/0x10
[ 41.786073][ C0] ? __kasan_check_read+0x11/0x20
[ 41.791105][ C0] ? __ext4_journal_start_sb+0x2ed/0x4a0
[ 41.796767][ C0] ext4_xattr_set+0x242/0x320
[ 41.801454][ C0] ? __kasan_kmalloc+0x95/0xb0
[ 41.806239][ C0] ? __kmalloc_node+0xb2/0x1e0
[ 41.811010][ C0] ? __cfi_ext4_xattr_set+0x10/0x10
[ 41.816215][ C0] ? selinux_inode_setxattr+0x5cf/0xbf0
[ 41.821763][ C0] ext4_xattr_trusted_set+0x3c/0x50
[ 41.826968][ C0] ? __cfi_ext4_xattr_trusted_set+0x10/0x10
[ 41.832868][ C0] __vfs_setxattr+0x3f2/0x440
[ 41.837570][ C0] __vfs_setxattr_noperm+0x12a/0x5e0
[ 41.842880][ C0] __vfs_setxattr_locked+0x212/0x230
[ 41.848168][ C0] vfs_setxattr+0x167/0x2e0
[ 41.852695][ C0] ? __cfi_vfs_setxattr+0x10/0x10
[ 41.857735][ C0] ? __kasan_check_write+0x14/0x20
[ 41.862861][ C0] setxattr+0x346/0x360
[ 41.867029][ C0] ? path_setxattr+0x290/0x290
[ 41.871818][ C0] ? __mnt_want_write+0x1e6/0x260
[ 41.876852][ C0] ? mnt_want_write+0x220/0x300
[ 41.881745][ C0] path_setxattr+0x147/0x290
[ 41.886371][ C0] ? simple_xattr_list_add+0x120/0x120
[ 41.891866][ C0] __x64_sys_lsetxattr+0xc2/0xe0
[ 41.896811][ C0] x64_sys_call+0x8b7/0x9a0
[ 41.901403][ C0] do_syscall_64+0x4c/0xa0
[ 41.905991][ C0] ? clear_bhb_loop+0x30/0x80
[ 41.910790][ C0] ? clear_bhb_loop+0x30/0x80
[ 41.915474][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 41.921413][ C0] RIP: 0033:0x7fd6f219aeb9
[ 41.925835][ C0] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 41.945466][ C0] RSP: 002b:00007fff2fbd2118 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd
[ 41.953879][ C0] RAX: ffffffffffffffda RBX: 00007fd6f2415fa0 RCX: 00007fd6f219aeb9
[ 41.961846][ C0] RDX: 0000200000000000 RSI: 0000200000000180 RDI: 00002000000001c0
[ 41.969812][ C0] RBP: 00007fd6f2208c1f R08: 0000000000000000 R09: 0000000000000000
[ 41.977780][ C0] R10: 0000000000000361 R11: 0000000000000246 R12: 0000000000000000
[ 41.985747][ C0] R13: 00007fd6f2415fac R14: 00007fd6f2415fa0 R15: 00007fd6f2415fa0
[ 41.993732][ C0]
[ 41.996796][ C0] Modules linked in:
[ 42.000790][ C0] CR2: fffffffffffffffc
[ 42.005002][ C0] ---[ end trace 0000000000000000 ]---
[ 42.005005][ T297] invalid opcode: 0000 [#2] PREEMPT SMP KASAN
[ 42.010503][ C0] RIP: 0010:__hrtimer_run_queues+0x3ca/0xa00
[ 42.016581][ T297] CPU: 1 PID: 297 Comm: udevd Tainted: G B D syzkaller #0
[ 42.022564][ C0] Code: 53 00 4d 8b 3e 48 8b 7c 24 48 48 8b b4 24 a0 00 00 00 e8 09 0a 9d 03 0f 1f 44 00 00 e8 7f 1f 0e 00 4c 89 e7 41 ba 5f 44 3e 8d <45> 03 57 fc 74 02 0f 0b 41 ff d7 41 89 c6 0f 1f 44 00 00 e8 5e 1f
[ 42.030970][ T297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 42.050755][ C0] RSP: 0018:ffffc90000007d40 EFLAGS: 00010006
[ 42.060830][ T297] RIP: 0010:__list_add_valid+0xcf/0xf0
[ 42.066921][ C0] RAX: ffffffff81634c91 RBX: dffffc0000000000 RCX: ffff88811039d100
[ 42.072431][ T297] Code: 72 ca 85 e8 6b 4b 88 02 0f 0b 48 c7 c7 20 73 ca 85 e8 5d 4b 88 02 0f 0b 48 c7 c7 80 73 ca 85 4c 89 f6 48 89 d9 e8 49 4b 88 02 <0f> 0b 48 c7 c7 00 74 ca 85 48 89 de 4c 89 f1 e8 35 4b 88 02 0f 0b
[ 42.080504][ C0] RDX: 0000000000010000 RSI: 0000000000000802 RDI: ffffc90000997d00
[ 42.100290][ T297] RSP: 0018:ffffc90001767d38 EFLAGS: 00010246
[ 42.108271][ C0] RBP: ffffc90000007e90 R08: 0000000000000003 R09: 0000000000000004
[ 42.108288][ C0] R10: 000000008d3e445f R11: ffffffff812e9cc0 R12: ffffc90000997d00
[ 42.114346][ T297] RAX: 0000000000000075 RBX: ffff888123c29d50 RCX: 9fe4bcb8fa479d00
[ 42.122327][ C0] R13: 1ffff92000132fa7 R14: ffffc90000997d28 R15: 0000000000000000
[ 42.130300][ T297] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[ 42.138452][ C0] FS: 0000555589076500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 42.146425][ T297] RBP: ffffc90001767d60 R08: ffffc90001767a47 R09: 1ffff920002ecf48
[ 42.154403][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 42.163335][ T297] R10: dffffc0000000000 R11: fffff520002ecf49 R12: ffff888123c29d58
[ 42.171314][ C0] CR2: fffffffffffffffc CR3: 0000000120ce9000 CR4: 00000000003506b0
[ 42.177994][ T297] R13: dffffc0000000000 R14: ffff888117c371b0 R15: ffff888117e8dc40
[ 42.185974][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 42.193948][ T297] FS: 00007f915f351880(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 42.201936][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 42.209935][ T297] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 42.218870][ C0] Kernel panic - not syncing: Fatal exception in interrupt
[ 42.226935][ T297] CR2: 00007f915ea09000 CR3: 000000010d6e3000 CR4: 00000000003506a0
[ 42.226959][ T297] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 42.226970][ T297] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 42.226981][ T297] Call Trace:
[ 42.227004][ T297]
[ 42.227013][ T297] d_alloc+0xe1/0x260
[ 42.227044][ T297] lookup_one_qstr_excl+0xcb/0x270
[ 42.227063][ T297] do_unlinkat+0x194/0x6d0
[ 42.227086][ T297] ? __cfi_do_unlinkat+0x10/0x10
[ 42.227108][ T297] ? getname_flags+0x206/0x500
[ 42.227125][ T297] __x64_sys_unlink+0x49/0x50
[ 42.227146][ T297] x64_sys_call+0x958/0x9a0
[ 42.227167][ T297] do_syscall_64+0x4c/0xa0
[ 42.227189][ T297] ? clear_bhb_loop+0x30/0x80
[ 42.227206][ T297] ? clear_bhb_loop+0x30/0x80
[ 42.227223][ T297] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 42.227249][ T297] RIP: 0033:0x7f915ed15937
[ 42.227264][ T297] Code: 00 00 e9 a9 fd ff ff 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 5f 00 00 00 0f 05 c3 0f 1f 84 00 00 00 00 00 b8 57 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 8b 15 91 b4 0d 00 f7 d8 64 89 02 b8
[ 42.227279][ T297] RSP: 002b:00007ffda84f8c58 EFLAGS: 00000246 ORIG_RAX: 0000000000000057
[ 42.227298][ T297] RAX: ffffffffffffffda RBX: 000055579a590c70 RCX: 00007f915ed15937
[ 42.227311][ T297] RDX: 0000000000000000 RSI: 00007ffda84f7c10 RDI: 00007ffda84f8c60
[ 42.227322][ T297] RBP: 0000000000000141 R08: 0000000000000064 R09: 0000000000000000
[ 42.227333][ T297] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffda84f8c60
[ 42.227343][ T297] R13: 000055579a5a0920 R14: 0000000000000008 R15: 000055579a590c70
[ 42.227359][ T297]
[ 42.227364][ T297] Modules linked in:
[ 42.234519][ C0] Kernel Offset: disabled
[ 42.407921][ C0] Rebooting in 86400 seconds..