Warning: Permanently added '10.128.1.47' (ED25519) to the list of known hosts. 2025/12/11 12:17:43 parsed 1 programs [ 46.607236][ T24] kauditd_printk_skb: 30 callbacks suppressed [ 46.607248][ T24] audit: type=1400 audit(1765455464.380:104): avc: denied { unlink } for pid=405 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 46.653952][ T405] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 47.241070][ T24] audit: type=1401 audit(1765455465.020:105): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768" [ 47.282095][ T420] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.289878][ T420] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.298026][ T420] device bridge_slave_0 entered promiscuous mode [ 47.305649][ T420] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.313474][ T420] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.321452][ T420] device bridge_slave_1 entered promiscuous mode [ 47.353304][ T420] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.361072][ T420] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.369037][ T420] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.377546][ T420] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.394800][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.402989][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.411365][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 47.419676][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 47.429599][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 47.438211][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.445569][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.455533][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 47.465370][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.473177][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.485531][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 47.496351][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 47.509735][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 47.521828][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 47.531364][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 47.540773][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 47.552333][ T420] device veth0_vlan entered promiscuous mode [ 47.563145][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 47.573491][ T420] device veth1_macvtap entered promiscuous mode [ 47.583444][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 47.593812][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 47.957911][ T24] audit: type=1400 audit(1765455465.730:106): avc: denied { create } for pid=459 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 2025/12/11 12:17:45 executed programs: 0 [ 48.126899][ T24] audit: type=1400 audit(1765455465.900:107): avc: denied { write } for pid=397 comm="syz-execprog" path="pipe:[14787]" dev="pipefs" ino=14787 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 48.164831][ T464] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.173588][ T464] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.183250][ T464] device bridge_slave_0 entered promiscuous mode [ 48.194443][ T464] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.202729][ T464] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.211756][ T464] device bridge_slave_1 entered promiscuous mode [ 48.249293][ T464] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.256819][ T464] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.264597][ T464] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.272113][ T464] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.289165][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 48.297001][ T7] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.305806][ T7] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.317738][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.326319][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.335477][ T7] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.342845][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.354147][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.362409][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.371230][ T7] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.378688][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.389935][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 48.398526][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 48.408936][ T49] device bridge_slave_1 left promiscuous mode [ 48.415259][ T49] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.423612][ T49] device bridge_slave_0 left promiscuous mode [ 48.430133][ T49] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.438554][ T49] device veth1_macvtap left promiscuous mode [ 48.445740][ T49] device veth0_vlan left promiscuous mode [ 48.524981][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 48.533738][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 48.547623][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 48.557514][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 48.570131][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 48.578688][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 48.587918][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 48.595887][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 48.604805][ T464] device veth0_vlan entered promiscuous mode [ 48.614628][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 48.623659][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 48.633778][ T464] device veth1_macvtap entered promiscuous mode [ 48.642461][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 48.650260][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 48.659055][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 48.668687][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 48.677870][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 48.733525][ T473] EXT4-fs (loop2): 1 orphan inode deleted [ 48.740112][ T473] EXT4-fs (loop2): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,noquota,init_itable,stripe=0x0000000000000079,resgid=0x0000000000000000,sysvgroups,bsddf,lazytime, [ 48.760762][ T24] audit: type=1400 audit(1765455466.540:108): avc: denied { mount } for pid=472 comm="syz.2.16" name="/" dev="loop2" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 48.760788][ T473] ext4 filesystem being mounted at /0/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 48.797861][ T24] audit: type=1400 audit(1765455466.580:109): avc: denied { write } for pid=472 comm="syz.2.16" name="/" dev="loop2" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 48.822265][ T24] audit: type=1400 audit(1765455466.580:110): avc: denied { add_name } for pid=472 comm="syz.2.16" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 48.844998][ T24] audit: type=1400 audit(1765455466.580:111): avc: denied { create } for pid=472 comm="syz.2.16" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 48.866049][ T24] audit: type=1400 audit(1765455466.580:112): avc: denied { write open } for pid=472 comm="syz.2.16" path="/0/file1/bus" dev="loop2" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 48.891094][ T24] audit: type=1400 audit(1765455466.580:113): avc: denied { read } for pid=472 comm="syz.2.16" name="bus" dev="loop2" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 48.891140][ T484] ================================================================== [ 48.922703][ T484] BUG: KASAN: use-after-free in ext4_find_extent+0xbeb/0xe20 [ 48.930334][ T484] Read of size 4 at addr ffff88812c4461b0 by task syz.2.16/484 [ 48.938898][ T484] [ 48.941508][ T484] CPU: 1 PID: 484 Comm: syz.2.16 Not tainted syzkaller #0 [ 48.948899][ T484] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 48.959405][ T484] Call Trace: [ 48.962704][ T484] __dump_stack+0x21/0x24 [ 48.967239][ T484] dump_stack_lvl+0x169/0x1d8 [ 48.972365][ T484] ? show_regs_print_info+0x18/0x18 [ 48.978216][ T484] ? thaw_kernel_threads+0x220/0x220 [ 48.983986][ T484] print_address_description+0x7f/0x2c0 [ 48.989891][ T484] ? ext4_find_extent+0xbeb/0xe20 [ 48.995271][ T484] kasan_report+0xe2/0x130 [ 48.999853][ T484] ? __read_extent_tree_block+0x1e8/0x790 [ 49.006117][ T484] ? ext4_find_extent+0xbeb/0xe20 [ 49.011586][ T484] __asan_report_load4_noabort+0x14/0x20 [ 49.017771][ T484] ext4_find_extent+0xbeb/0xe20 [ 49.022733][ T484] ext4_ext_remove_space+0x306/0x4920 [ 49.028271][ T484] ? __kasan_slab_free+0x11/0x20 [ 49.033569][ T484] ? slab_free_freelist_hook+0xc5/0x190 [ 49.039300][ T484] ? ext4_es_free_extent+0x3de/0x4c0 [ 49.044680][ T484] ? ext4_es_free_extent+0x3de/0x4c0 [ 49.050419][ T484] ? count_rsvd+0x156/0x8a0 [ 49.055027][ T484] ? __es_remove_extent+0xa77/0x16f0 [ 49.060400][ T484] ? ext4_ext_index_trans_blocks+0x100/0x100 [ 49.067032][ T484] ? ext4_es_remove_extent+0x1d9/0x330 [ 49.072599][ T484] ext4_punch_hole+0x6f8/0xad0 [ 49.077546][ T484] ext4_fallocate+0x271/0x1a70 [ 49.082303][ T484] ? selinux_file_permission+0x2a5/0x510 [ 49.088136][ T484] ? preempt_count_add+0x90/0x1b0 [ 49.093799][ T484] vfs_fallocate+0x4b4/0x590 [ 49.098626][ T484] __x64_sys_fallocate+0xc0/0x110 [ 49.104005][ T484] do_syscall_64+0x31/0x40 [ 49.108774][ T484] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 49.114923][ T484] RIP: 0033:0x7f9508f35de9 [ 49.119504][ T484] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 49.139714][ T484] RSP: 002b:00007f9508987038 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 49.148567][ T484] RAX: ffffffffffffffda RBX: 00007f950914f080 RCX: 00007f9508f35de9 [ 49.157156][ T484] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 49.166102][ T484] RBP: 00007f9508fb72a0 R08: 0000000000000000 R09: 0000000000000000 [ 49.174634][ T484] R10: 0000000000001a00 R11: 0000000000000246 R12: 0000000000000000 [ 49.182955][ T484] R13: 0000000000000000 R14: 00007f950914f080 R15: 00007ffd18882e28 [ 49.191642][ T484] [ 49.194221][ T484] The buggy address belongs to the page: [ 49.199852][ T484] page:ffffea0004b11180 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x12c446 [ 49.210257][ T484] flags: 0x4000000000000000() [ 49.215103][ T484] raw: 4000000000000000 ffffea0004b111c8 ffffea0004b11148 0000000000000000 [ 49.224147][ T484] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 49.233000][ T484] page dumped because: kasan: bad access detected [ 49.240082][ T484] page_owner info is not present (never set?) [ 49.246307][ T484] [ 49.248639][ T484] Memory state around the buggy address: [ 49.254611][ T484] ffff88812c446080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 49.262839][ T484] ffff88812c446100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 49.271263][ T484] >ffff88812c446180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 49.279598][ T484] ^ [ 49.285747][ T484] ffff88812c446200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 49.294082][ T484] ffff88812c446280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 49.302350][ T484] ================================================================== [ 49.310917][ T484] Disabling lock debugging due to kernel taint [ 49.321073][ T484] ------------[ cut here ]------------ [ 49.327531][ T484] kernel BUG at fs/ext4/extents.c:3181! [ 49.333859][ T484] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 49.340781][ T484] CPU: 0 PID: 484 Comm: syz.2.16 Tainted: G B syzkaller #0 [ 49.349654][ T484] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 49.360514][ T484] RIP: 0010:ext4_split_extent_at+0xe4c/0xe70 [ 49.366674][ T484] Code: fb ff ff 89 d9 80 e1 07 fe c1 38 c1 0f 8c c0 fb ff ff 48 89 df 49 89 f6 e8 31 5e d3 ff 4c 89 f6 e9 ad fb ff ff e8 d4 6f 99 ff <0f> 0b e8 cd 6f 99 ff 0f 0b e8 c6 6f 99 ff 0f 0b e8 bf 6f 99 ff 0f [ 49.387287][ T484] RSP: 0018:ffffc90002e9f900 EFLAGS: 00010293 [ 49.393547][ T484] RAX: ffffffff81ca346c RBX: 0000000000000000 RCX: ffff8881139f0000 [ 49.401629][ T484] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 49.410134][ T484] RBP: ffffc90002e9fa70 R08: 0000000000000000 R09: 0000000050000028 [ 49.418487][ T484] R10: fffffbfff0d8f048 R11: 1ffffffff0d8f048 R12: 0000000000000000 [ 49.427019][ T484] R13: 0000000000000030 R14: 0000000000000000 R15: 0000000000000030 [ 49.435177][ T484] FS: 00007f95089876c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 49.444790][ T484] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 49.452023][ T484] CR2: 00007f9508987d58 CR3: 00000001173bf000 CR4: 00000000003506b0 [ 49.460431][ T484] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 49.468759][ T484] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 49.477178][ T484] Call Trace: [ 49.480916][ T484] ? __kasan_check_write+0x14/0x20 [ 49.486067][ T484] ? __asan_report_load2_noabort+0x14/0x20 [ 49.492224][ T484] ? ext4_ext_try_to_merge_right+0x820/0x820 [ 49.498480][ T484] ext4_ext_remove_space+0x677/0x4920 [ 49.504333][ T484] ? __kasan_slab_free+0x11/0x20 [ 49.509644][ T484] ? ext4_es_free_extent+0x3de/0x4c0 [ 49.515227][ T484] ? ext4_es_free_extent+0x3de/0x4c0 [ 49.520888][ T484] ? count_rsvd+0x156/0x8a0 [ 49.525759][ T484] ? __es_remove_extent+0xa77/0x16f0 [ 49.531235][ T484] ? ext4_ext_index_trans_blocks+0x100/0x100 [ 49.537693][ T484] ? ext4_es_remove_extent+0x1d9/0x330 [ 49.543528][ T484] ext4_punch_hole+0x6f8/0xad0 [ 49.548927][ T484] ext4_fallocate+0x271/0x1a70 [ 49.554225][ T484] ? selinux_file_permission+0x2a5/0x510 [ 49.560661][ T484] ? preempt_count_add+0x90/0x1b0 [ 49.565881][ T484] vfs_fallocate+0x4b4/0x590 [ 49.570801][ T484] __x64_sys_fallocate+0xc0/0x110 [ 49.576013][ T484] do_syscall_64+0x31/0x40 [ 49.580823][ T484] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 49.587173][ T484] RIP: 0033:0x7f9508f35de9 [ 49.592214][ T484] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 49.613314][ T484] RSP: 002b:00007f9508987038 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 49.622304][ T484] RAX: ffffffffffffffda RBX: 00007f950914f080 RCX: 00007f9508f35de9 [ 49.630997][ T484] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 49.639780][ T484] RBP: 00007f9508fb72a0 R08: 0000000000000000 R09: 0000000000000000 [ 49.648030][ T484] R10: 0000000000001a00 R11: 0000000000000246 R12: 0000000000000000 [ 49.656370][ T484] R13: 0000000000000000 R14: 00007f950914f080 R15: 00007ffd18882e28 [ 49.664779][ T484] Modules linked in: [ 49.671086][ T484] ---[ end trace 6f2ad0a5f7d373fc ]--- [ 49.677213][ T484] RIP: 0010:ext4_split_extent_at+0xe4c/0xe70 [ 49.683586][ T484] Code: fb ff ff 89 d9 80 e1 07 fe c1 38 c1 0f 8c c0 fb ff ff 48 89 df 49 89 f6 e8 31 5e d3 ff 4c 89 f6 e9 ad fb ff ff e8 d4 6f 99 ff <0f> 0b e8 cd 6f 99 ff 0f 0b e8 c6 6f 99 ff 0f 0b e8 bf 6f 99 ff 0f [ 49.705396][ T484] RSP: 0018:ffffc90002e9f900 EFLAGS: 00010293 [ 49.712192][ T484] RAX: ffffffff81ca346c RBX: 0000000000000000 RCX: ffff8881139f0000 [ 49.720795][ T484] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 49.729050][ T484] RBP: ffffc90002e9fa70 R08: 0000000000000000 R09: 0000000050000028 [ 49.738188][ T484] R10: fffffbfff0d8f048 R11: 1ffffffff0d8f048 R12: 0000000000000000 [ 49.746922][ T484] R13: 0000000000000030 R14: 0000000000000000 R15: 0000000000000030 [ 49.755775][ T484] FS: 00007f95089876c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 49.765176][ T484] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 49.772929][ T484] CR2: 00007f1dab0f7000 CR3: 00000001173bf000 CR4: 00000000003506a0 [ 49.781559][ T484] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 49.789646][ T484] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 49.797952][ T484] Kernel panic - not syncing: Fatal exception [ 49.804727][ T484] Kernel Offset: disabled [ 49.809236][ T484] Rebooting in 86400 seconds..