Warning: Permanently added '10.128.0.23' (ED25519) to the list of known hosts. 2026/05/06 18:56:29 parsed 1 programs [ 21.334333][ T24] audit: type=1400 audit(1778093789.360:64): avc: denied { node_bind } for pid=287 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 21.338556][ T24] audit: type=1400 audit(1778093789.360:65): avc: denied { create } for pid=287 comm="syz-execprog" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 21.343656][ T24] audit: type=1400 audit(1778093789.360:66): avc: denied { module_request } for pid=287 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 21.903514][ T24] audit: type=1400 audit(1778093789.930:67): avc: denied { mounton } for pid=294 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2024 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 21.904874][ T294] cgroup: Unknown subsys name 'net' [ 21.926146][ T24] audit: type=1400 audit(1778093789.930:68): avc: denied { mount } for pid=294 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.953405][ T24] audit: type=1400 audit(1778093789.960:69): avc: denied { unmount } for pid=294 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.953559][ T294] cgroup: Unknown subsys name 'devices' [ 22.093353][ T294] cgroup: Unknown subsys name 'hugetlb' [ 22.098951][ T294] cgroup: Unknown subsys name 'rlimit' [ 22.240329][ T24] audit: type=1400 audit(1778093790.260:70): avc: denied { setattr } for pid=294 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=253 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 22.263496][ T24] audit: type=1400 audit(1778093790.260:71): avc: denied { create } for pid=294 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 22.283850][ T24] audit: type=1400 audit(1778093790.260:72): avc: denied { write } for pid=294 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 22.304154][ T24] audit: type=1400 audit(1778093790.260:73): avc: denied { read } for pid=294 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 22.327945][ T297] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 22.370992][ T294] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 22.770711][ T301] request_module fs-gadgetfs succeeded, but still no fs? [ 22.781466][ T301] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 23.156659][ T335] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.163820][ T335] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.171081][ T335] device bridge_slave_0 entered promiscuous mode [ 23.177895][ T335] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.184931][ T335] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.192232][ T335] device bridge_slave_1 entered promiscuous mode [ 23.222534][ T335] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.229571][ T335] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.236832][ T335] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.243846][ T335] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.261465][ T336] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.268800][ T336] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.276116][ T336] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 23.283518][ T336] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.292679][ T336] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.300770][ T336] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.307794][ T336] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.316463][ T336] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.324810][ T336] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.331852][ T336] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.343174][ T336] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.353179][ T336] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.364355][ T336] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.374669][ T336] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.382657][ T336] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 23.389974][ T336] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 23.398002][ T335] device veth0_vlan entered promiscuous mode [ 23.406873][ T336] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.415620][ T335] device veth1_macvtap entered promiscuous mode [ 23.423969][ T336] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.433495][ T336] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 2026/05/06 18:56:31 executed programs: 0 [ 23.722345][ T362] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.729381][ T362] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.736749][ T362] device bridge_slave_0 entered promiscuous mode [ 23.743753][ T362] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.750760][ T362] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.758083][ T362] device bridge_slave_1 entered promiscuous mode [ 23.793507][ T362] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.800554][ T362] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.807804][ T362] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.814826][ T362] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.830175][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.838043][ T7] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.845480][ T7] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.857435][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.865733][ T7] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.872792][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.881112][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.889351][ T7] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.896376][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.910530][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.919633][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.934820][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.945112][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.953205][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 23.960510][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 23.968786][ T362] device veth0_vlan entered promiscuous mode [ 23.982668][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.991409][ T362] device veth1_macvtap entered promiscuous mode [ 23.999899][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.009344][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.072583][ T366] ====================================================== [ 24.072583][ T366] WARNING: the mand mount option is being deprecated and [ 24.072583][ T366] will be removed in v5.15! [ 24.072583][ T366] ====================================================== [ 24.114056][ T366] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 24.123117][ T366] EXT4-fs (loop2): mounted filesystem without journal. Opts: auto_da_alloc,mblk_io_submit,,errors=continue [ 24.137305][ T366] ================================================================== [ 24.145424][ T366] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x1d79/0x3860 [ 24.153206][ T366] Read of size 18446744073709550624 at addr ffff88812bf597e0 by task syz.2.17/366 [ 24.162381][ T366] [ 24.164688][ T366] CPU: 0 PID: 366 Comm: syz.2.17 Not tainted syzkaller #0 [ 24.171781][ T366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 24.181831][ T366] Call Trace: [ 24.185108][ T366] __dump_stack+0x21/0x24 [ 24.189413][ T366] dump_stack_lvl+0x1a7/0x208 [ 24.194093][ T366] ? show_regs_print_info+0x18/0x18 [ 24.199266][ T366] ? thaw_kernel_threads+0x220/0x220 [ 24.204534][ T366] print_address_description+0x7f/0x2c0 [ 24.210058][ T366] ? ext4_xattr_set_entry+0x1d79/0x3860 [ 24.215577][ T366] kasan_report+0xe2/0x130 [ 24.220002][ T366] ? ext4_xattr_set_entry+0x1d79/0x3860 [ 24.225520][ T366] ? ext4_xattr_set_entry+0x1d79/0x3860 [ 24.231036][ T366] kasan_check_range+0x249/0x2a0 [ 24.235945][ T366] ? ext4_xattr_set_entry+0x1d79/0x3860 [ 24.241482][ T366] memmove+0x2d/0x70 [ 24.245350][ T366] ext4_xattr_set_entry+0x1d79/0x3860 [ 24.250693][ T366] ? ext4_xattr_ibody_set+0x360/0x360 [ 24.256037][ T366] ? kmem_cache_free+0x100/0x2d0 [ 24.260944][ T366] ? __mb_cache_entry_free+0x225/0x340 [ 24.266370][ T366] ? mb_cache_entry_delete_or_get+0x203/0x220 [ 24.272408][ T366] ext4_xattr_block_set+0x4e0/0x2a80 [ 24.277663][ T366] ? __kasan_check_read+0x11/0x20 [ 24.282660][ T366] ? __ext4_xattr_check_block+0x265/0x8e0 [ 24.288350][ T366] ? ext4_xattr_block_find+0x4f0/0x4f0 [ 24.293777][ T366] ext4_xattr_set_handle+0xbc4/0x12b0 [ 24.299207][ T366] ? ext4_xattr_set_entry+0x3860/0x3860 [ 24.304727][ T366] ? __kasan_check_read+0x11/0x20 [ 24.309720][ T366] ? __ext4_journal_start_sb+0x2e2/0x490 [ 24.315322][ T366] ext4_xattr_set+0x1f4/0x310 [ 24.319983][ T366] ? ext4_xattr_set_credits+0x290/0x290 [ 24.325496][ T366] ext4_xattr_trusted_set+0x3b/0x50 [ 24.330658][ T366] ? ext4_xattr_trusted_get+0x40/0x40 [ 24.336000][ T366] __vfs_setxattr+0x42a/0x480 [ 24.340648][ T366] __vfs_setxattr_noperm+0x11e/0x4e0 [ 24.345900][ T366] __vfs_setxattr_locked+0x203/0x220 [ 24.351164][ T366] vfs_setxattr+0x8d/0x1c0 [ 24.355551][ T366] setxattr+0x1df/0x3f0 [ 24.359681][ T366] ? path_setxattr+0x230/0x230 [ 24.364420][ T366] ? __mnt_want_write+0x1e6/0x260 [ 24.369415][ T366] ? mnt_want_write+0x19d/0x270 [ 24.374239][ T366] path_setxattr+0x11f/0x230 [ 24.378804][ T366] ? __kasan_check_write+0x14/0x20 [ 24.383888][ T366] ? simple_xattr_list_add+0x120/0x120 [ 24.389322][ T366] __x64_sys_lsetxattr+0xc2/0xe0 [ 24.394232][ T366] do_syscall_64+0x31/0x40 [ 24.398627][ T366] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 24.404503][ T366] RIP: 0033:0x7ffa43ca4dd9 [ 24.408893][ T366] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 24.428470][ T366] RSP: 002b:00007fff13d68fb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 24.436861][ T366] RAX: ffffffffffffffda RBX: 00007ffa43f1dfa0 RCX: 00007ffa43ca4dd9 [ 24.444808][ T366] RDX: 0000200000000440 RSI: 00002000000000c0 RDI: 0000200000000100 [ 24.452753][ T366] RBP: 00007ffa43d3ad69 R08: 0000000000000000 R09: 0000000000000000 [ 24.460697][ T366] R10: 000000000000fe37 R11: 0000000000000246 R12: 0000000000000000 [ 24.468642][ T366] R13: 00007ffa43f1dfac R14: 00007ffa43f1dfa0 R15: 00007ffa43f1dfa0 [ 24.476589][ T366] [ 24.478889][ T366] The buggy address belongs to the page: [ 24.484509][ T366] page:ffffea0004afd640 refcount:2 mapcount:0 mapping:ffff88810919dc10 index:0x1c pfn:0x12bf59 [ 24.494801][ T366] aops:def_blk_aops ino:0 [ 24.499105][ T366] flags: 0x400000000000203a(referenced|dirty|lru|active|private) [ 24.506802][ T366] raw: 400000000000203a ffffea0004411d88 ffffea0004afd688 ffff88810919dc10 [ 24.515364][ T366] raw: 000000000000001c ffff88810d25c930 00000002ffffffff ffff88810ec60000 [ 24.523914][ T366] page dumped because: kasan: bad access detected [ 24.530305][ T366] page->mem_cgroup:ffff88810ec60000 [ 24.535481][ T366] page_owner tracks the page as allocated [ 24.541199][ T366] page last allocated via order 0, migratetype Movable, gfp_mask 0x108c48(GFP_NOFS|__GFP_NOFAIL|__GFP_HARDWALL|__GFP_MOVABLE), pid 366, ts 24135668694, free_ts 0 [ 24.557498][ T366] prep_new_page+0x179/0x180 [ 24.562070][ T366] get_page_from_freelist+0x223b/0x23d0 [ 24.567589][ T366] __alloc_pages_nodemask+0x290/0x620 [ 24.572943][ T366] pagecache_get_page+0x63e/0x930 [ 24.577955][ T366] __getblk_gfp+0x212/0x780 [ 24.582438][ T366] ext4_xattr_block_set+0x1ccc/0x2a80 [ 24.587785][ T366] ext4_xattr_set_handle+0xbc4/0x12b0 [ 24.593131][ T366] ext4_xattr_set+0x1f4/0x310 [ 24.597783][ T366] ext4_xattr_user_set+0xc9/0xf0 [ 24.602695][ T366] __vfs_setxattr+0x42a/0x480 [ 24.607464][ T366] __vfs_setxattr_noperm+0x11e/0x4e0 [ 24.612740][ T366] __vfs_setxattr_locked+0x203/0x220 [ 24.618001][ T366] vfs_setxattr+0x8d/0x1c0 [ 24.622390][ T366] setxattr+0x1df/0x3f0 [ 24.626514][ T366] path_setxattr+0x11f/0x230 [ 24.631076][ T366] __x64_sys_setxattr+0xc5/0xe0 [ 24.635904][ T366] page_owner free stack trace missing [ 24.641241][ T366] [ 24.643547][ T366] Memory state around the buggy address: [ 24.649151][ T366] ffff88812bf59680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.657273][ T366] ffff88812bf59700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.665308][ T366] >ffff88812bf59780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.673345][ T366] ^ [ 24.680512][ T366] ffff88812bf59800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.688545][ T366] ffff88812bf59880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.696576][ T366] ================================================================== [ 24.704607][ T366] Disabling lock debugging due to kernel taint