Warning: Permanently added '10.128.0.118' (ED25519) to the list of known hosts. 2026/03/09 20:37:13 parsed 1 programs [ 47.883194][ T28] audit: type=1400 audit(1773088634.694:106): avc: denied { unlink } for pid=395 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 48.008902][ T395] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 48.769920][ T28] audit: type=1401 audit(1773088635.574:107): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768" [ 49.209953][ T431] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.217239][ T431] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.225014][ T431] device bridge_slave_0 entered promiscuous mode [ 49.231962][ T431] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.239142][ T431] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.246777][ T431] device bridge_slave_1 entered promiscuous mode [ 49.301852][ T431] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.309452][ T431] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.317094][ T431] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.324722][ T431] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.347890][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 49.356576][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.364373][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.374663][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 49.383301][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.390797][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.399845][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 49.408224][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.415521][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.428241][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 49.437989][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 49.453727][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 49.465622][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 49.475289][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 49.483973][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 49.493176][ T431] device veth0_vlan entered promiscuous mode [ 49.505333][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 49.516957][ T431] device veth1_macvtap entered promiscuous mode [ 49.527608][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 49.538754][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 2026/03/09 20:37:16 executed programs: 0 [ 50.041165][ T463] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.048546][ T463] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.056351][ T463] device bridge_slave_0 entered promiscuous mode [ 50.064020][ T463] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.071384][ T463] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.080112][ T463] device bridge_slave_1 entered promiscuous mode [ 50.138410][ T463] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.145848][ T463] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.153549][ T463] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.161620][ T463] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.184097][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 50.193214][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.200665][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.210404][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 50.219592][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.226890][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.235786][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 50.244384][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.251628][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.265597][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 50.275336][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 50.289955][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 50.302059][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 50.310501][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 50.318167][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 50.326662][ T463] device veth0_vlan entered promiscuous mode [ 50.338138][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 50.354503][ T463] device veth1_macvtap entered promiscuous mode [ 50.365553][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 50.376284][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 50.407501][ T475] loop2: detected capacity change from 0 to 1024 [ 50.414743][ T475] ======================================================= [ 50.414743][ T475] WARNING: The mand mount option has been deprecated and [ 50.414743][ T475] and is ignored by this kernel. Remove the mand [ 50.414743][ T475] option from the mount to silence this warning. [ 50.414743][ T475] ======================================================= [ 50.468355][ T475] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 50.477880][ T28] audit: type=1400 audit(1773088637.284:108): avc: denied { mount } for pid=474 comm="syz.2.16" name="/" dev="loop2" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 50.500008][ T28] audit: type=1400 audit(1773088637.284:109): avc: denied { write } for pid=474 comm="syz.2.16" name="/" dev="loop2" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 50.528703][ T28] audit: type=1400 audit(1773088637.284:110): avc: denied { add_name } for pid=474 comm="syz.2.16" name="memory.stat" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 50.529216][ T475] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3852: comm syz.2.16: Allocating blocks 497-513 which overlap fs metadata [ 50.564225][ T28] audit: type=1400 audit(1773088637.284:111): avc: denied { create } for pid=474 comm="syz.2.16" name="memory.stat" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 50.566275][ T475] EXT4-fs (loop2): pa ffff8881117bce70: logic 256, phys. 385, len 8 [ 50.587694][ T28] audit: type=1400 audit(1773088637.314:112): avc: denied { read append open } for pid=474 comm="syz.2.16" path="/0/file1/memory.stat" dev="loop2" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 50.593235][ T475] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:4892: group 0, free 0, pa_free 1 [ 50.630168][ T28] audit: type=1400 audit(1773088637.434:113): avc: denied { write } for pid=474 comm="syz.2.16" path="/0/file1/bus" dev="loop2" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 50.653126][ T28] audit: type=1400 audit(1773088637.434:114): avc: denied { mounton } for pid=474 comm="syz.2.16" path="/0/file1/bus" dev="loop2" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 50.665196][ T463] ================================================================== [ 50.678016][ T28] audit: type=1400 audit(1773088637.434:115): avc: denied { read write } for pid=474 comm="syz.2.16" name="file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 50.684800][ T463] BUG: KASAN: use-after-free in ext4_ext_remove_space+0x348b/0x40d0 [ 50.684833][ T463] Read of size 4 at addr ffff888125443db8 by task syz-executor/463 [ 50.684849][ T463] [ 50.684867][ T463] CPU: 1 PID: 463 Comm: syz-executor Not tainted syzkaller #0 [ 50.735306][ T463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 50.746441][ T463] Call Trace: [ 50.750049][ T463] [ 50.753106][ T463] __dump_stack+0x21/0x24 [ 50.757552][ T463] dump_stack_lvl+0x110/0x170 [ 50.762475][ T463] ? __cfi_dump_stack_lvl+0x8/0x8 [ 50.767536][ T463] ? ext4_inode_block_valid+0x2d7/0x3f0 [ 50.773527][ T463] ? ext4_ext_remove_space+0x348b/0x40d0 [ 50.779179][ T463] print_address_description+0x71/0x200 [ 50.785097][ T463] print_report+0x4a/0x60 [ 50.789627][ T463] kasan_report+0x122/0x150 [ 50.794159][ T463] ? ext4_ext_remove_space+0x348b/0x40d0 [ 50.800516][ T463] __asan_report_load4_noabort+0x14/0x20 [ 50.806300][ T463] ext4_ext_remove_space+0x348b/0x40d0 [ 50.811891][ T463] ? memset+0x35/0x40 [ 50.816343][ T463] ? ext4_es_insert_extent+0x2d60/0x2d60 [ 50.822257][ T463] ? _raw_write_lock+0x94/0xf0 [ 50.827318][ T463] ? ext4_da_release_space+0x1d6/0x480 [ 50.833001][ T463] ? __cfi_ext4_ext_remove_space+0x10/0x10 [ 50.838848][ T463] ? ext4_es_remove_extent+0x1d9/0x330 [ 50.844407][ T463] ext4_ext_truncate+0x200/0x320 [ 50.849366][ T463] ext4_truncate+0x9be/0xfb0 [ 50.854048][ T463] ? __cfi_ext4_truncate+0x10/0x10 [ 50.859265][ T463] ext4_evict_inode+0xccf/0x1470 [ 50.864484][ T463] ? _raw_spin_unlock+0x4c/0x70 [ 50.869460][ T463] ? __cfi_ext4_evict_inode+0x10/0x10 [ 50.875116][ T463] ? _raw_spin_unlock+0x4c/0x70 [ 50.880247][ T463] ? inode_io_list_del+0x19b/0x1b0 [ 50.885575][ T463] ? __cfi_ext4_evict_inode+0x10/0x10 [ 50.891242][ T463] evict+0x4d7/0x8f0 [ 50.895252][ T463] ? proc_nr_inodes+0x2f0/0x2f0 [ 50.900374][ T463] ? lockref_put_return+0x152/0x1d0 [ 50.906211][ T463] ? __cfi_lockref_put_return+0x10/0x10 [ 50.912050][ T463] ? __kasan_check_write+0x14/0x20 [ 50.917811][ T463] iput+0x620/0x670 [ 50.922191][ T463] do_unlinkat+0x380/0x6d0 [ 50.926736][ T463] ? __cfi_do_unlinkat+0x10/0x10 [ 50.932106][ T463] ? getname_flags+0x206/0x500 [ 50.937513][ T463] __x64_sys_unlink+0x49/0x50 [ 50.942458][ T463] x64_sys_call+0x958/0x9a0 [ 50.947448][ T463] do_syscall_64+0x4c/0xa0 [ 50.952241][ T463] ? clear_bhb_loop+0x30/0x80 [ 50.957114][ T463] ? clear_bhb_loop+0x30/0x80 [ 50.962594][ T463] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 50.968531][ T463] RIP: 0033:0x7f92c31991e7 [ 50.973142][ T463] Code: 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 57 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 50.993717][ T463] RSP: 002b:00007ffe3de002d8 EFLAGS: 00000206 ORIG_RAX: 0000000000000057 [ 51.002354][ T463] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f92c31991e7 [ 51.010600][ T463] RDX: 00007ffe3de00300 RSI: 00007ffe3de00390 RDI: 00007ffe3de00390 [ 51.018692][ T463] RBP: 00007ffe3de00390 R08: 00007ffe3de01390 R09: 00000000ffffffff [ 51.028439][ T463] R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffe3de01480 [ 51.036636][ T463] R13: 00007f92c322c113 R14: 000000000000c5bc R15: 00007ffe3de02550 [ 51.044809][ T463] [ 51.047840][ T463] [ 51.050166][ T463] The buggy address belongs to the physical page: [ 51.056580][ T463] page:ffffea00049510c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x125443 [ 51.067100][ T463] flags: 0x4000000000000000(zone=1) [ 51.072403][ T463] raw: 4000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 51.082121][ T463] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 51.092038][ T463] page dumped because: kasan: bad access detected [ 51.098556][ T463] page_owner tracks the page as freed [ 51.104038][ T463] page last allocated via order 0, migratetype Movable, gfp_mask 0x8140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO|__GFP_CMA), pid 395, tgid 395 (syz-executor), ts 48059061054, free_ts 48192193634 [ 51.124909][ T463] post_alloc_hook+0x1f5/0x210 [ 51.130311][ T463] prep_new_page+0x1c/0x110 [ 51.135459][ T463] get_page_from_freelist+0x2d12/0x2d80 [ 51.141161][ T463] __alloc_pages+0x1d9/0x480 [ 51.146069][ T463] __folio_alloc+0x12/0x40 [ 51.150872][ T463] handle_mm_fault+0x1972/0x26c0 [ 51.156290][ T463] do_user_addr_fault+0x905/0x1050 [ 51.161616][ T463] exc_page_fault+0x51/0xb0 [ 51.166906][ T463] asm_exc_page_fault+0x27/0x30 [ 51.171959][ T463] page last free stack trace: [ 51.177419][ T463] free_unref_page_prepare+0x742/0x750 [ 51.183076][ T463] free_unref_page_list+0x117/0x8c0 [ 51.188562][ T463] release_pages+0xaf2/0xb50 [ 51.193449][ T463] free_pages_and_swap_cache+0x86/0xa0 [ 51.199144][ T463] tlb_finish_mmu+0x1aa/0x370 [ 51.203998][ T463] unmap_region+0x2b7/0x320 [ 51.209354][ T463] do_mas_align_munmap+0xbed/0x1320 [ 51.215190][ T463] do_mas_munmap+0x241/0x2b0 [ 51.219803][ T463] __vm_munmap+0x1bd/0x330 [ 51.224313][ T463] __x64_sys_munmap+0x6b/0x80 [ 51.229020][ T463] x64_sys_call+0x8a/0x9a0 [ 51.233453][ T463] do_syscall_64+0x4c/0xa0 [ 51.237891][ T463] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 51.243997][ T463] [ 51.246412][ T463] Memory state around the buggy address: [ 51.252219][ T463] ffff888125443c80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 51.260656][ T463] ffff888125443d00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 51.269083][ T463] >ffff888125443d80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 51.277252][ T463] ^ [ 51.283489][ T463] ffff888125443e00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 51.291634][ T463] ffff888125443e80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 51.300047][ T463] ================================================================== [ 51.311256][ T463] Disabling lock debugging due to kernel taint [ 51.317995][ T463] EXT4-fs error (device loop2): ext4_free_blocks:6221: comm syz-executor: Freeing blocks not in datazone - block = 62012455635600, count = 16 [ 51.336053][ T463] EXT4-fs error (device loop2): ext4_free_blocks:6221: comm syz-executor: Freeing blocks not in datazone - block = 62012455609397, count = 26214 [ 51.351268][ T463] EXT4-fs error (device loop2): ext4_free_blocks:6221: comm syz-executor: Freeing blocks not in datazone - block = 62012455609392, count = 16 [ 51.366296][ T463] EXT4-fs error (device loop2): ext4_free_blocks:6221: comm syz-executor: Freeing blocks not in datazone - block = 125844253747536, count = 16 [ 51.386835][ T463] EXT4-fs error (device loop2): ext4_free_blocks:6221: comm syz-executor: Freeing blocks not in datazone - block = 125844253718062, count = 29486 [ 51.402532][ T463] EXT4-fs error (device loop2): ext4_free_blocks:6221: comm syz-executor: Freeing blocks not in datazone - block = 110180460175040, count = 16 [ 51.417769][ T463] EXT4-fs error (device loop2): ext4_free_blocks:6221: comm syz-executor: Freeing blocks not in datazone - block = 110180460160611, count = 14438 [ 51.433584][ T463] EXT4-fs error (device loop2): ext4_free_blocks:6221: comm syz-executor: Freeing blocks not in datazone - block = 110180460160608, count = 16 [ 51.724081][ T10] device bridge_slave_1 left promiscuous mode [ 51.730373][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.738511][ T10] device bridge_slave_0 left promiscuous mode [ 51.744937][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.753682][ T10] device veth1_macvtap left promiscuous mode [ 51.759760][ T10] device veth0_vlan left promiscuous mode [ 55.532503][ T463] EXT4-fs error: 23726 callbacks suppressed [ 55.532523][ T463] EXT4-fs error (device loop2): ext4_free_blocks:6221: comm syz-executor: Freeing blocks not in datazone - block = 110090555436576, count = 12385 [ 55.554360][ T463] EXT4-fs error (device loop2): ext4_free_blocks:6221: comm syz-executor: Freeing blocks not in datazone - block = 110090555436576, count = 16 [ 55.569217][ T463] EXT4-fs error (device loop2): ext4_free_blocks:6221: comm syz-executor: Freeing blocks not in datazone - block = 112589165612224, count = 16 [ 55.584128][ T463] EXT4-fs error (device loop2): ext4_free_blocks:6221: comm syz-executor: Freeing blocks not in datazone - block = 112589165586022, count = 26214 [ 55.599454][ T463] EXT4-fs error (device loop2): ext4_free_blocks:6221: comm syz-executor: Freeing blocks not in datazone - block = 112589165586016, count = 16 [ 55.614403][ T463] EXT4-fs error (device loop2): ext4_free_blocks:6221: comm syz-executor: Freeing blocks not in datazone - block = 126642230825680, count = 16 [ 55.630160][ T463] EXT4-fs error (device loop2): ext4_free_blocks:6221: comm syz-executor: Freeing blocks not in datazone - block = 126642230817396, count = 8292 [ 55.645415][ T463] EXT4-fs error (device loop2): ext4_free_blocks:6221: comm syz-executor: Freeing blocks not in datazone - block = 126642230817392, count = 16 [ 55.660387][ T463] EXT4-fs error (device loop2): ext4_free_blocks:6221: comm syz-executor: Freeing blocks not in datazone - block = 62011613956752, count = 16 [ 55.675250][ T463] EXT4-fs error (device loop2): ext4_free_blocks:6221: comm syz-executor: Freeing blocks not in datazone - block = 62011613930549, count = 26214 [ 60.542499][ T463] EXT4-fs error: 26786 callbacks suppressed [ 60.542549][ T463] EXT4-fs error (device loop2): ext4_free_blocks:6221: comm syz-executor: Freeing blocks not in datazone - block = 53215188255072, count = 16 [ 60.564278][ T463] EXT4-fs error (device loop2): ext4_free_blocks:6221: comm syz-executor: Freeing blocks not in datazone - block = 53215188230192, count = 24881 [ 60.579557][ T463] EXT4-fs error (device loop2): ext4_free_blocks:6221: comm syz-executor: Freeing blocks not in datazone - block = 53215188230192, count = 16 [ 60.594508][ T463] EXT4-fs error (device loop2): ext4_free_blocks:6221: comm syz-executor: Freeing blocks not in datazone - block = 112589990710368, count = 16 [ 60.609703][ T463] EXT4-fs error (device loop2): ext4_free_blocks:6221: comm syz-executor: Freeing blocks not in datazone - block = 112589990684262, count = 26122 [ 60.626138][ T463] EXT4-fs error (device loop2): ext4_free_blocks:6221: comm syz-executor: Freeing blocks not in datazone - block = 112589990684256, count = 16 [ 60.641451][ T463] EXT4-fs error (device loop2): ext4_free_blocks:6221: comm syz-executor: Freeing blocks not in datazone - block = 109334523592400, count = 16 [ 60.656501][ T463] EXT4-fs error (device loop2): ext4_free_blocks:6221: comm syz-executor: Freeing blocks not in datazone - block = 109334523567977, count = 24431 [ 60.672693][ T463] EXT4-fs error (device loop2): ext4_free_blocks:6221: comm syz-executor: Freeing blocks not in datazone - block = 109334523567968, count = 16