Warning: Permanently added '10.128.0.62' (ED25519) to the list of known hosts.
2026/05/15 18:34:23 parsed 1 programs
[   23.504388][   T24] audit: type=1400 audit(1778870063.350:64): avc:  denied  { node_bind } for  pid=287 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[   23.525937][   T24] audit: type=1400 audit(1778870063.350:65): avc:  denied  { create } for  pid=287 comm="syz-execprog" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   23.545708][   T24] audit: type=1400 audit(1778870063.350:66): avc:  denied  { module_request } for  pid=287 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[   24.113390][   T24] audit: type=1400 audit(1778870063.960:67): avc:  denied  { mounton } for  pid=293 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2024 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   24.114525][  T293] cgroup: Unknown subsys name 'net'
[   24.138328][   T24] audit: type=1400 audit(1778870063.960:68): avc:  denied  { mount } for  pid=293 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   24.166059][   T24] audit: type=1400 audit(1778870064.000:69): avc:  denied  { unmount } for  pid=293 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   24.166267][  T293] cgroup: Unknown subsys name 'devices'
[   24.343565][  T293] cgroup: Unknown subsys name 'hugetlb'
[   24.349900][  T293] cgroup: Unknown subsys name 'rlimit'
[   24.522072][   T24] audit: type=1400 audit(1778870064.370:70): avc:  denied  { setattr } for  pid=293 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=253 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   24.545328][   T24] audit: type=1400 audit(1778870064.370:71): avc:  denied  { create } for  pid=293 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[   24.565577][  T297] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   24.566480][   T24] audit: type=1400 audit(1778870064.370:72): avc:  denied  { write } for  pid=293 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   24.595172][   T24] audit: type=1400 audit(1778870064.370:73): avc:  denied  { read } for  pid=293 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   24.625700][  T293] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   25.027349][  T299] request_module fs-gadgetfs succeeded, but still no fs?
[   25.038057][  T299] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation
[   25.488856][  T345] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.496131][  T345] bridge0: port 1(bridge_slave_0) entered disabled state
[   25.504036][  T345] device bridge_slave_0 entered promiscuous mode
[   25.510915][  T345] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.518298][  T345] bridge0: port 2(bridge_slave_1) entered disabled state
[   25.525759][  T345] device bridge_slave_1 entered promiscuous mode
[   25.563121][  T345] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.570195][  T345] bridge0: port 2(bridge_slave_1) entered forwarding state
[   25.577522][  T345] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.584576][  T345] bridge0: port 1(bridge_slave_0) entered forwarding state
[   25.599680][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   25.607529][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[   25.615052][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[   25.624858][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   25.633260][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.640315][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[   25.649630][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   25.658061][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.665192][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[   25.676043][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   25.685803][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   25.698312][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   25.709066][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   25.717162][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   25.724699][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   25.732953][  T345] device veth0_vlan entered promiscuous mode
[   25.741723][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   25.750920][  T345] device veth1_macvtap entered promiscuous mode
[   25.759951][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   25.770142][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
2026/05/15 18:34:25 executed programs: 0
[   26.093085][  T364] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.100160][  T364] bridge0: port 1(bridge_slave_0) entered disabled state
[   26.107891][  T364] device bridge_slave_0 entered promiscuous mode
[   26.115108][  T364] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.122463][  T364] bridge0: port 2(bridge_slave_1) entered disabled state
[   26.129822][  T364] device bridge_slave_1 entered promiscuous mode
[   26.167239][  T364] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.175201][  T364] bridge0: port 2(bridge_slave_1) entered forwarding state
[   26.182978][  T364] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.190101][  T364] bridge0: port 1(bridge_slave_0) entered forwarding state
[   26.208106][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   26.217270][    T7] bridge0: port 1(bridge_slave_0) entered disabled state
[   26.226091][    T7] bridge0: port 2(bridge_slave_1) entered disabled state
[   26.239562][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   26.247852][    T7] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.255110][    T7] bridge0: port 1(bridge_slave_0) entered forwarding state
[   26.264135][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   26.272451][    T7] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.279549][    T7] bridge0: port 2(bridge_slave_1) entered forwarding state
[   26.298983][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   26.308629][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   26.320931][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   26.340138][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   26.348263][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   26.355882][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   26.364339][  T364] device veth0_vlan entered promiscuous mode
[   26.378496][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   26.387127][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   26.396427][  T364] device veth1_macvtap entered promiscuous mode
[   26.410435][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   26.418113][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   26.426524][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   26.435836][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   26.444339][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   26.512903][  T368] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option
[   26.521277][  T368] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[   26.535792][  T368] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003]
[   26.544357][  T368] System zones: 0-1, 3-36
[   26.549999][  T368] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,delalloc,resuid=0x0000000000000000,debug,dioread_nolock,bsddf,nomblk_io_submit,noauto_da_alloc,,errors=continue
[   26.578043][  T368] ==================================================================
[   26.586611][  T368] BUG: KASAN: use-after-free in ext4_get_inode_usage+0x3a1/0x520
[   26.594600][  T368] Read of size 4 at addr ffff888110dd0070 by task syz.2.17/368
[   26.602326][  T368] 
[   26.604777][  T368] CPU: 0 PID: 368 Comm: syz.2.17 Not tainted syzkaller #0
[   26.612641][  T368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[   26.623686][  T368] Call Trace:
[   26.626992][  T368]  __dump_stack+0x21/0x24
[   26.631305][  T368]  dump_stack_lvl+0x1a7/0x208
[   26.636225][  T368]  ? show_regs_print_info+0x18/0x18
[   26.641509][  T368]  ? thaw_kernel_threads+0x220/0x220
[   26.646872][  T368]  print_address_description+0x7f/0x2c0
[   26.652421][  T368]  ? ext4_get_inode_usage+0x3a1/0x520
[   26.657904][  T368]  kasan_report+0xe2/0x130
[   26.662332][  T368]  ? ext4_get_inode_usage+0x3a1/0x520
[   26.667889][  T368]  __asan_report_load4_noabort+0x14/0x20
[   26.673600][  T368]  ext4_get_inode_usage+0x3a1/0x520
[   26.678870][  T368]  ? stack_trace_save+0xf0/0xf0
[   26.683700][  T368]  ? ext4_listxattr+0xc50/0xc50
[   26.688620][  T368]  __dquot_transfer+0x192/0x20d0
[   26.693838][  T368]  ? kasan_set_track+0x5b/0x70
[   26.698606][  T368]  ? kasan_set_track+0x4a/0x70
[   26.703353][  T368]  ? kasan_set_free_info+0x23/0x40
[   26.708458][  T368]  ? ____kasan_slab_free+0x125/0x160
[   26.713725][  T368]  ? dquot_free_inode+0x850/0x850
[   26.718737][  T368]  ? user_path_at_empty+0x43/0x50
[   26.723761][  T368]  ? __x64_sys_chown+0x82/0x90
[   26.728510][  T368]  ? do_syscall_64+0x31/0x40
[   26.733100][  T368]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   26.739153][  T368]  ? from_kgid+0x169/0x690
[   26.743639][  T368]  ? avc_has_perm+0x168/0x3d0
[   26.749002][  T368]  ? __kasan_check_write+0x14/0x20
[   26.754285][  T368]  ? mutex_lock+0x92/0xf0
[   26.758621][  T368]  ? mutex_trylock+0xa0/0xa0
[   26.763294][  T368]  ? __kasan_check_read+0x11/0x20
[   26.768312][  T368]  ? dqget+0x7f1/0xde0
[   26.772968][  T368]  dquot_transfer+0x2f1/0x460
[   26.777628][  T368]  ? __dquot_transfer+0x20d0/0x20d0
[   26.782988][  T368]  ? in_group_p+0x82/0x1c0
[   26.787575][  T368]  ? __kasan_check_write+0x14/0x20
[   26.793203][  T368]  ext4_setattr+0x715/0x1950
[   26.797844][  T368]  ? kmem_cache_free+0x100/0x2d0
[   26.802761][  T368]  ? make_kgid+0x660/0x660
[   26.807151][  T368]  ? ext4_write_inode+0x5b0/0x5b0
[   26.812147][  T368]  notify_change+0xab3/0xe40
[   26.817087][  T368]  chown_common+0x335/0x500
[   26.821561][  T368]  ? __ia32_sys_chmod+0x70/0x70
[   26.827253][  T368]  ? mnt_want_write+0x19d/0x270
[   26.832082][  T368]  do_fchownat+0x147/0x240
[   26.836569][  T368]  ? chown_common+0x500/0x500
[   26.841219][  T368]  ? ____fput+0x15/0x20
[   26.845542][  T368]  ? debug_smp_processor_id+0x17/0x20
[   26.850889][  T368]  __x64_sys_chown+0x82/0x90
[   26.855454][  T368]  do_syscall_64+0x31/0x40
[   26.859850][  T368]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   26.865725][  T368] RIP: 0033:0x7f4ee0985e59
[   26.870131][  T368] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   26.889719][  T368] RSP: 002b:00007ffc58f1c7e8 EFLAGS: 00000246 ORIG_RAX: 000000000000005c
[   26.898208][  T368] RAX: ffffffffffffffda RBX: 00007f4ee0bfefa0 RCX: 00007f4ee0985e59
[   26.906162][  T368] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000140
[   26.914115][  T368] RBP: 00007f4ee0a1bd6f R08: 0000000000000000 R09: 0000000000000000
[   26.922155][  T368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   26.930105][  T368] R13: 00007f4ee0bfefac R14: 00007f4ee0bfefa0 R15: 00007f4ee0bfefa0
[   26.938062][  T368] 
[   26.940368][  T368] The buggy address belongs to the page:
[   26.945979][  T368] page:ffffea0004437400 refcount:0 mapcount:-128 mapping:0000000000000000 index:0xffff888110dd2000 pfn:0x110dd0
[   26.957750][  T368] flags: 0x4000000000000000()
[   26.962406][  T368] raw: 4000000000000000 ffffea0004437808 ffffea0004438c08 0000000000000000
[   26.970980][  T368] raw: ffff888110dd2000 0000000000000004 00000000ffffff7f 0000000000000000
[   26.979622][  T368] page dumped because: kasan: bad access detected
[   26.986019][  T368] page_owner tracks the page as freed
[   26.991389][  T368] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 104, ts 4360692680, free_ts 26296659818
[   27.010810][  T368]  prep_new_page+0x179/0x180
[   27.015478][  T368]  get_page_from_freelist+0x223b/0x23d0
[   27.021039][  T368]  __alloc_pages_nodemask+0x290/0x620
[   27.026405][  T368]  new_slab+0x84/0x3f0
[   27.030960][  T368]  ___slab_alloc+0x2a6/0x450
[   27.036436][  T368]  __slab_alloc+0x63/0xa0
[   27.041196][  T368]  kmem_cache_alloc_trace+0x1b0/0x2e0
[   27.046857][  T368]  kernfs_iop_get_link+0x66/0x600
[   27.052013][  T368]  vfs_readlink+0x179/0x3e0
[   27.056538][  T368]  do_readlinkat+0x251/0x490
[   27.061244][  T368]  __x64_sys_readlink+0x7f/0x90
[   27.066447][  T368]  do_syscall_64+0x31/0x40
[   27.071219][  T368]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   27.079417][  T368] page last free stack trace:
[   27.085142][  T368]  __free_pages_ok+0x80b/0x830
[   27.090269][  T368]  __free_pages+0xd8/0x3b0
[   27.094679][  T368]  __free_slab+0xcf/0x190
[   27.098988][  T368]  unfreeze_partials+0x15f/0x190
[   27.103986][  T368]  put_cpu_partial+0xc1/0x180
[   27.108649][  T368]  __slab_free+0x2c9/0x3a0
[   27.113306][  T368]  ___cache_free+0x10e/0x130
[   27.117873][  T368]  qlink_free+0x50/0x90
[   27.122094][  T368]  qlist_free_all+0x5f/0xb0
[   27.126750][  T368]  kasan_quarantine_reduce+0x14a/0x160
[   27.132685][  T368]  __kasan_slab_alloc+0x2f/0xf0
[   27.137767][  T368]  slab_post_alloc_hook+0x5d/0x2f0
[   27.142900][  T368]  __kmalloc+0x180/0x330
[   27.147759][  T368]  fib_create_info+0x8f0/0x1fc0
[   27.152776][  T368]  fib_table_insert+0xc2/0x1d70
[   27.158905][  T368]  fib_add_ifaddr+0xa7c/0xfc0
[   27.164122][  T368] 
[   27.166440][  T368] Memory state around the buggy address:
[   27.172574][  T368]  ffff888110dcff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   27.182008][  T368]  ffff888110dcff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   27.191180][  T368] >ffff888110dd0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   27.204009][  T368]                                                              ^
[   27.214931][  T368]  ffff888110dd0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   27.223961][  T368]  ffff888110dd0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   27.236110][  T368] ==================================================================
[   27.244818][  T368] Disabling lock debugging due to kernel taint