Warning: Permanently added '10.128.0.228' (ED25519) to the list of known hosts. 2026/02/05 00:48:55 parsed 1 programs [ 20.792677][ T28] audit: type=1400 audit(1770252535.015:64): avc: denied { node_bind } for pid=283 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 20.795577][ T28] audit: type=1400 audit(1770252535.015:65): avc: denied { module_request } for pid=283 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 21.498413][ T28] audit: type=1400 audit(1770252535.715:66): avc: denied { mounton } for pid=291 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 21.499404][ T291] cgroup: Unknown subsys name 'net' [ 21.521088][ T28] audit: type=1400 audit(1770252535.715:67): avc: denied { mount } for pid=291 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.548318][ T28] audit: type=1400 audit(1770252535.745:68): avc: denied { unmount } for pid=291 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.548465][ T291] cgroup: Unknown subsys name 'devices' [ 21.692408][ T291] cgroup: Unknown subsys name 'hugetlb' [ 21.698005][ T291] cgroup: Unknown subsys name 'rlimit' [ 21.805120][ T28] audit: type=1400 audit(1770252536.025:69): avc: denied { setattr } for pid=291 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 21.828287][ T28] audit: type=1400 audit(1770252536.025:70): avc: denied { create } for pid=291 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 21.848679][ T28] audit: type=1400 audit(1770252536.025:71): avc: denied { write } for pid=291 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 21.857288][ T294] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 21.868940][ T28] audit: type=1400 audit(1770252536.025:72): avc: denied { read } for pid=291 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 21.897620][ T28] audit: type=1400 audit(1770252536.025:73): avc: denied { mounton } for pid=291 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 21.944714][ T291] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 22.564558][ T296] request_module fs-gadgetfs succeeded, but still no fs? [ 22.878202][ T316] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.885455][ T316] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.892833][ T316] device bridge_slave_0 entered promiscuous mode [ 22.899577][ T316] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.906610][ T316] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.913890][ T316] device bridge_slave_1 entered promiscuous mode [ 22.952041][ T316] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.959079][ T316] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.966385][ T316] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.973409][ T316] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.992307][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.999909][ T306] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.007387][ T306] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.016415][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.024642][ T306] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.031683][ T306] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.041422][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.049574][ T306] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.056595][ T306] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.068225][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.077470][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.090052][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.101963][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.109938][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 23.117464][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 23.125512][ T316] device veth0_vlan entered promiscuous mode [ 23.137573][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.146416][ T316] device veth1_macvtap entered promiscuous mode [ 23.155365][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.165325][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.196402][ T316] syz-executor (316) used greatest stack depth: 21792 bytes left 2026/02/05 00:48:57 executed programs: 0 [ 23.608027][ T362] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.615218][ T362] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.622831][ T362] device bridge_slave_0 entered promiscuous mode [ 23.632217][ T362] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.639233][ T362] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.646591][ T362] device bridge_slave_1 entered promiscuous mode [ 23.685770][ T362] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.692813][ T362] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.700039][ T362] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.707069][ T362] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.724562][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.732109][ T306] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.739216][ T306] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.750063][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.758188][ T306] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.765208][ T306] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.773854][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.782169][ T306] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.789193][ T306] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.797072][ T8] device bridge_slave_1 left promiscuous mode [ 23.803244][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.810572][ T8] device bridge_slave_0 left promiscuous mode [ 23.816787][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.824494][ T8] device veth1_macvtap left promiscuous mode [ 23.830477][ T8] device veth0_vlan left promiscuous mode [ 23.881653][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.889536][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.901022][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 23.909292][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.919701][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 23.927813][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.937864][ T362] device veth0_vlan entered promiscuous mode [ 23.944864][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 23.952423][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 23.962618][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 23.970971][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.980354][ T362] device veth1_macvtap entered promiscuous mode [ 23.988885][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 23.996784][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.004985][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.014426][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.022713][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.045875][ T372] ================================================================== [ 24.053931][ T372] BUG: KASAN: slab-out-of-bounds in __bpf_get_stackid+0x6fa/0x960 [ 24.061728][ T372] Write of size 72 at addr ffff88812d2c1590 by task syz.2.17/372 [ 24.069415][ T372] [ 24.071722][ T372] CPU: 1 PID: 372 Comm: syz.2.17 Not tainted syzkaller #0 [ 24.078810][ T372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 24.088847][ T372] Call Trace: [ 24.092104][ T372] [ 24.095020][ T372] __dump_stack+0x21/0x24 [ 24.099329][ T372] dump_stack_lvl+0x110/0x170 [ 24.103980][ T372] ? __cfi_dump_stack_lvl+0x8/0x8 [ 24.108983][ T372] ? __bpf_get_stackid+0x6fa/0x960 [ 24.114073][ T372] print_address_description+0x71/0x200 [ 24.119595][ T372] print_report+0x4a/0x60 [ 24.123918][ T372] kasan_report+0x122/0x150 [ 24.128398][ T372] ? __bpf_get_stackid+0x6fa/0x960 [ 24.133485][ T372] kasan_check_range+0x249/0x2a0 [ 24.138399][ T372] ? __bpf_get_stackid+0x6fa/0x960 [ 24.143485][ T372] memcpy+0x44/0x70 [ 24.147269][ T372] __bpf_get_stackid+0x6fa/0x960 [ 24.152179][ T372] bpf_get_stackid_pe+0x2ee/0x400 [ 24.157176][ T372] bpf_prog_47e2b75ffb32ae9a+0x21/0x39 [ 24.162618][ T372] bpf_overflow_handler+0x3d0/0x5e0 [ 24.167789][ T372] ? __cfi_bpf_overflow_handler+0x10/0x10 [ 24.173482][ T372] ? __this_cpu_preempt_check+0x13/0x20 [ 24.179003][ T372] ? __perf_event_account_interrupt+0x1a4/0x2c0 [ 24.185267][ T372] __perf_event_overflow+0x437/0x620 [ 24.190530][ T372] perf_swevent_event+0x2f7/0x530 [ 24.195531][ T372] ___perf_sw_event+0x3bf/0x4f0 [ 24.200358][ T372] ? arch_stack_walk+0xfc/0x150 [ 24.205187][ T372] ? __cfi____perf_sw_event+0x10/0x10 [ 24.210536][ T372] ? getname+0x19/0x20 [ 24.214576][ T372] ? do_sys_openat2+0xeb/0x810 [ 24.219323][ T372] ? __x64_sys_openat+0x136/0x160 [ 24.224323][ T372] ? x64_sys_call+0x783/0x9a0 [ 24.228976][ T372] ? do_syscall_64+0x4c/0xa0 [ 24.233543][ T372] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 24.239612][ T372] __perf_sw_event+0x134/0x270 [ 24.244353][ T372] do_user_addr_fault+0xffb/0x1050 [ 24.249444][ T372] exc_page_fault+0x51/0xb0 [ 24.253922][ T372] asm_exc_page_fault+0x27/0x30 [ 24.258752][ T372] RIP: 0010:strncpy_from_user+0xdf/0x2d0 [ 24.264356][ T372] Code: 00 00 4c 89 ee e8 e1 78 e2 fe 49 83 fd 07 0f 86 a2 00 00 00 4c 89 75 c0 49 c7 c7 f8 ff ff ff 45 31 e4 4c 89 65 c8 48 8b 45 c0 <4a> 8b 1c 20 48 b8 ff fe fe fe fe fe fe fe 4c 8d 34 03 49 89 dc 49 [ 24.283936][ T372] RSP: 0018:ffffc900007a7cb8 EFLAGS: 00050246 [ 24.289992][ T372] RAX: 0000000000000000 RBX: 0000000000000fe0 RCX: ffff8881139b6540 [ 24.297940][ T372] RDX: 0000000000000000 RSI: 0000000000000fe0 RDI: 0000000000000007 [ 24.305978][ T372] RBP: ffffc900007a7d00 R08: ffffea0004b1dc07 R09: 1ffffd4000963b80 [ 24.313928][ T372] R10: dffffc0000000000 R11: fffff94000963b81 R12: 0000000000000000 [ 24.321961][ T372] R13: 0000000000000fe0 R14: 0000000000000000 R15: fffffffffffffff8 [ 24.329916][ T372] ? strncpy_from_user+0xbf/0x2d0 [ 24.334925][ T372] getname_flags+0xf4/0x500 [ 24.339418][ T372] getname+0x19/0x20 [ 24.343298][ T372] do_sys_openat2+0xeb/0x810 [ 24.347871][ T372] ? __se_sys_futex+0x136/0x310 [ 24.352701][ T372] ? do_sys_open+0xe0/0xe0 [ 24.357104][ T372] ? __x64_sys_futex+0x100/0x100 [ 24.362020][ T372] __x64_sys_openat+0x136/0x160 [ 24.366866][ T372] x64_sys_call+0x783/0x9a0 [ 24.371355][ T372] do_syscall_64+0x4c/0xa0 [ 24.375751][ T372] ? clear_bhb_loop+0x30/0x80 [ 24.380405][ T372] ? clear_bhb_loop+0x30/0x80 [ 24.385062][ T372] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 24.390941][ T372] RIP: 0033:0x7fa84819aeb9 [ 24.395338][ T372] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 24.414919][ T372] RSP: 002b:00007ffdbd5f9528 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 24.423316][ T372] RAX: ffffffffffffffda RBX: 00007fa848415fa0 RCX: 00007fa84819aeb9 [ 24.431272][ T372] RDX: 00000000000026e1 RSI: 0000000000000000 RDI: ffffffffffffff9c [ 24.439221][ T372] RBP: 00007fa848208c1f R08: 0000000000000000 R09: 0000000000000000 [ 24.447171][ T372] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 24.455119][ T372] R13: 00007fa848415fac R14: 00007fa848415fa0 R15: 00007fa848415fa0 [ 24.463072][ T372] [ 24.466070][ T372] [ 24.468366][ T372] Allocated by task 372: [ 24.472586][ T372] kasan_set_track+0x4b/0x70 [ 24.477150][ T372] kasan_save_alloc_info+0x25/0x30 [ 24.482328][ T372] __kasan_kmalloc+0x95/0xb0 [ 24.486892][ T372] __kmalloc_node+0xb2/0x1e0 [ 24.491464][ T372] bpf_map_area_alloc+0x4b/0xe0 [ 24.496288][ T372] prealloc_elems_and_freelist+0x8a/0x1e0 [ 24.501983][ T372] stack_map_alloc+0x3a7/0x530 [ 24.506720][ T372] map_create+0x49c/0xd80 [ 24.511023][ T372] __sys_bpf+0x34e/0x850 [ 24.515244][ T372] __x64_sys_bpf+0x7c/0x90 [ 24.519636][ T372] x64_sys_call+0x488/0x9a0 [ 24.524109][ T372] do_syscall_64+0x4c/0xa0 [ 24.528499][ T372] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 24.534367][ T372] [ 24.536671][ T372] The buggy address belongs to the object at ffff88812d2c1580 [ 24.536671][ T372] which belongs to the cache kmalloc-64 of size 64 [ 24.550518][ T372] The buggy address is located 16 bytes inside of [ 24.550518][ T372] 64-byte region [ffff88812d2c1580, ffff88812d2c15c0) [ 24.563595][ T372] [ 24.565903][ T372] The buggy address belongs to the physical page: [ 24.572293][ T372] page:ffffea0004b4b040 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12d2c1 [ 24.582505][ T372] flags: 0x4000000000000200(slab|zone=1) [ 24.588119][ T372] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888100042780 [ 24.596682][ T372] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 24.605238][ T372] page dumped because: kasan: bad access detected [ 24.611631][ T372] page_owner tracks the page as allocated [ 24.618112][ T372] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 362, tgid 362 (syz-executor), ts 24042116358, free_ts 24042075371 [ 24.636155][ T372] post_alloc_hook+0x1f5/0x210 [ 24.640909][ T372] prep_new_page+0x1c/0x110 [ 24.645389][ T372] get_page_from_freelist+0x2d12/0x2d80 [ 24.650911][ T372] __alloc_pages+0x1d9/0x480 [ 24.655486][ T372] alloc_slab_page+0x6e/0xf0 [ 24.660052][ T372] new_slab+0x98/0x3d0 [ 24.664097][ T372] ___slab_alloc+0x6bd/0xb20 [ 24.668664][ T372] __slab_alloc+0x5e/0xa0 [ 24.672968][ T372] __kmem_cache_alloc_node+0x203/0x2c0 [ 24.678399][ T372] kmalloc_node_trace+0x26/0xb0 [ 24.683232][ T372] __get_vm_area_node+0x12c/0x360 [ 24.688248][ T372] __vmalloc_node_range+0x326/0x1430 [ 24.693945][ T372] vzalloc+0x78/0x90 [ 24.697820][ T372] xt_counters_alloc+0x44/0x50 [ 24.702654][ T372] __do_replace+0xb0/0x960 [ 24.707081][ T372] do_ip6t_set_ctl+0xb33/0xe00 [ 24.711822][ T372] page last free stack trace: [ 24.716467][ T372] free_unref_page_prepare+0x742/0x750 [ 24.721904][ T372] free_unref_page+0x95/0x540 [ 24.726559][ T372] __free_pages+0x67/0x100 [ 24.730949][ T372] __vunmap+0x9c0/0xb80 [ 24.735075][ T372] vfree+0x61/0x90 [ 24.738766][ T372] do_ip6t_get_ctl+0xeaf/0x1190 [ 24.743598][ T372] nf_getsockopt+0x27f/0x2a0 [ 24.748158][ T372] ipv6_getsockopt+0x223/0x2d0 [ 24.752894][ T372] tcp_getsockopt+0xff/0x130 [ 24.757463][ T372] sock_common_getsockopt+0xaa/0xc0 [ 24.762633][ T372] __sys_getsockopt+0x215/0x4a0 [ 24.767457][ T372] __x64_sys_getsockopt+0xbf/0xd0 [ 24.772454][ T372] x64_sys_call+0x3d/0x9a0 [ 24.776845][ T372] do_syscall_64+0x4c/0xa0 [ 24.781235][ T372] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 24.787110][ T372] [ 24.789405][ T372] Memory state around the buggy address: [ 24.795003][ T372] ffff88812d2c1480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.803036][ T372] ffff88812d2c1500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.811069][ T372] >ffff88812d2c1580: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 24.819103][ T372] ^ [ 24.824442][ T372] ffff88812d2c1600: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 24.832475][ T372] ffff88812d2c1680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.840503][ T372] ================================================================== [ 24.849057][ T372] Disabling lock debugging due to kernel taint