Warning: Permanently added '10.128.0.139' (ED25519) to the list of known hosts. 2026/02/05 00:06:41 parsed 1 programs [ 24.354131][ T28] audit: type=1400 audit(1770250001.556:64): avc: denied { node_bind } for pid=283 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 24.375392][ T28] audit: type=1400 audit(1770250001.556:65): avc: denied { module_request } for pid=283 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 25.504782][ T28] audit: type=1400 audit(1770250002.706:66): avc: denied { mounton } for pid=289 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 25.509083][ T289] cgroup: Unknown subsys name 'net' [ 25.527612][ T28] audit: type=1400 audit(1770250002.706:67): avc: denied { mount } for pid=289 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 25.554841][ T28] audit: type=1400 audit(1770250002.746:68): avc: denied { unmount } for pid=289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 25.555269][ T289] cgroup: Unknown subsys name 'devices' [ 25.701079][ T289] cgroup: Unknown subsys name 'hugetlb' [ 25.706717][ T289] cgroup: Unknown subsys name 'rlimit' [ 25.819400][ T28] audit: type=1400 audit(1770250003.026:69): avc: denied { setattr } for pid=289 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 25.842625][ T28] audit: type=1400 audit(1770250003.026:70): avc: denied { create } for pid=289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 25.863067][ T28] audit: type=1400 audit(1770250003.026:71): avc: denied { write } for pid=289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 25.883521][ T28] audit: type=1400 audit(1770250003.026:72): avc: denied { read } for pid=289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 25.893933][ T293] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 25.904925][ T28] audit: type=1400 audit(1770250003.026:73): avc: denied { mounton } for pid=289 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 25.946598][ T289] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 26.694177][ T297] request_module fs-gadgetfs succeeded, but still no fs? [ 27.101012][ T325] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.108084][ T325] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.115712][ T325] device bridge_slave_0 entered promiscuous mode [ 27.122780][ T325] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.130117][ T325] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.137559][ T325] device bridge_slave_1 entered promiscuous mode [ 27.191010][ T325] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.198145][ T325] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.205494][ T325] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.212564][ T325] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.235838][ T306] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.243421][ T306] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.251338][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 27.259132][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 27.274401][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 27.282629][ T306] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.289804][ T306] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.297248][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 27.305690][ T306] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.312826][ T306] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.324051][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 27.333795][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 27.347571][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 27.359839][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 27.368036][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 27.376097][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 27.384654][ T325] device veth0_vlan entered promiscuous mode [ 27.395296][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 27.404540][ T325] device veth1_macvtap entered promiscuous mode [ 27.414067][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 27.424428][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 2026/02/05 00:06:45 executed programs: 0 [ 28.076493][ T366] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.083861][ T366] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.091779][ T366] device bridge_slave_0 entered promiscuous mode [ 28.101331][ T366] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.108881][ T366] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.116627][ T366] device bridge_slave_1 entered promiscuous mode [ 28.186277][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 28.193841][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 28.202896][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 28.211498][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 28.219725][ T306] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.226748][ T306] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.234340][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 28.243079][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 28.251642][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 28.260062][ T306] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.267105][ T306] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.279369][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 28.287532][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 28.297128][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 28.305408][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 28.319990][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 28.328644][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 28.340682][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 28.348751][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 28.357343][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 28.365091][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 28.373199][ T366] device veth0_vlan entered promiscuous mode [ 28.383789][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 28.392026][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 28.401161][ T366] device veth1_macvtap entered promiscuous mode [ 28.411499][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 28.419221][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 28.427463][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 28.443674][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 28.452483][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 28.481795][ T376] ================================================================== [ 28.489910][ T376] BUG: KASAN: slab-out-of-bounds in __bpf_get_stackid+0x6fa/0x960 [ 28.497851][ T376] Write of size 72 at addr ffff888112c3fb90 by task syz.2.17/376 [ 28.505585][ T376] [ 28.507930][ T376] CPU: 0 PID: 376 Comm: syz.2.17 Not tainted syzkaller #0 [ 28.515051][ T376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 28.525131][ T376] Call Trace: [ 28.528434][ T376] [ 28.531390][ T376] __dump_stack+0x21/0x24 [ 28.535775][ T376] dump_stack_lvl+0x110/0x170 [ 28.540575][ T376] ? __cfi_dump_stack_lvl+0x8/0x8 [ 28.545711][ T376] ? __bpf_get_stackid+0x6fa/0x960 [ 28.550827][ T376] print_address_description+0x71/0x200 [ 28.556387][ T376] print_report+0x4a/0x60 [ 28.560745][ T376] kasan_report+0x122/0x150 [ 28.565288][ T376] ? __bpf_get_stackid+0x6fa/0x960 [ 28.570432][ T376] kasan_check_range+0x249/0x2a0 [ 28.575401][ T376] ? __bpf_get_stackid+0x6fa/0x960 [ 28.580539][ T376] memcpy+0x44/0x70 [ 28.584373][ T376] __bpf_get_stackid+0x6fa/0x960 [ 28.589775][ T376] bpf_get_stackid_pe+0x2ee/0x400 [ 28.594825][ T376] bpf_prog_47e2b75ffb32ae9a+0x21/0x39 [ 28.600319][ T376] bpf_overflow_handler+0x3d0/0x5e0 [ 28.605554][ T376] ? __cfi_bpf_overflow_handler+0x10/0x10 [ 28.611313][ T376] ? __this_cpu_preempt_check+0x13/0x20 [ 28.616894][ T376] ? __perf_event_account_interrupt+0x1a4/0x2c0 [ 28.623171][ T376] __perf_event_overflow+0x437/0x620 [ 28.628490][ T376] perf_swevent_event+0x2f7/0x530 [ 28.633538][ T376] ___perf_sw_event+0x3bf/0x4f0 [ 28.638498][ T376] ? arch_stack_walk+0xfc/0x150 [ 28.643372][ T376] ? __cfi____perf_sw_event+0x10/0x10 [ 28.648789][ T376] ? getname+0x19/0x20 [ 28.652872][ T376] ? do_sys_openat2+0xeb/0x810 [ 28.657660][ T376] ? __x64_sys_openat+0x136/0x160 [ 28.662704][ T376] ? x64_sys_call+0x783/0x9a0 [ 28.667414][ T376] ? do_syscall_64+0x4c/0xa0 [ 28.672199][ T376] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 28.678380][ T376] __perf_sw_event+0x134/0x270 [ 28.683165][ T376] do_user_addr_fault+0xffb/0x1050 [ 28.688294][ T376] exc_page_fault+0x51/0xb0 [ 28.692813][ T376] asm_exc_page_fault+0x27/0x30 [ 28.697692][ T376] RIP: 0010:strncpy_from_user+0xdf/0x2d0 [ 28.703366][ T376] Code: 00 00 4c 89 ee e8 e1 78 e2 fe 49 83 fd 07 0f 86 a2 00 00 00 4c 89 75 c0 49 c7 c7 f8 ff ff ff 45 31 e4 4c 89 65 c8 48 8b 45 c0 <4a> 8b 1c 20 48 b8 ff fe fe fe fe fe fe fe 4c 8d 34 03 49 89 dc 49 [ 28.722992][ T376] RSP: 0018:ffffc90000a87cb8 EFLAGS: 00050246 [ 28.729088][ T376] RAX: 0000000000000000 RBX: 0000000000000fe0 RCX: ffff888113ee6540 [ 28.737072][ T376] RDX: 0000000000000000 RSI: 0000000000000fe0 RDI: 0000000000000007 [ 28.745060][ T376] RBP: ffffc90000a87d00 R08: ffffea000451ce07 R09: 1ffffd40008a39c0 [ 28.753049][ T376] R10: dffffc0000000000 R11: fffff940008a39c1 R12: 0000000000000000 [ 28.761036][ T376] R13: 0000000000000fe0 R14: 0000000000000000 R15: fffffffffffffff8 [ 28.769027][ T376] ? strncpy_from_user+0xbf/0x2d0 [ 28.774081][ T376] getname_flags+0xf4/0x500 [ 28.778602][ T376] getname+0x19/0x20 [ 28.782510][ T376] do_sys_openat2+0xeb/0x810 [ 28.787124][ T376] ? __se_sys_futex+0x136/0x310 [ 28.792004][ T376] ? do_sys_open+0xe0/0xe0 [ 28.796442][ T376] ? __x64_sys_futex+0x100/0x100 [ 28.801395][ T376] __x64_sys_openat+0x136/0x160 [ 28.806276][ T376] x64_sys_call+0x783/0x9a0 [ 28.810800][ T376] do_syscall_64+0x4c/0xa0 [ 28.815235][ T376] ? clear_bhb_loop+0x30/0x80 [ 28.819932][ T376] ? clear_bhb_loop+0x30/0x80 [ 28.824630][ T376] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 28.830548][ T376] RIP: 0033:0x7f13af59aeb9 [ 28.834979][ T376] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 28.854605][ T376] RSP: 002b:00007ffe75014a48 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 28.863045][ T376] RAX: ffffffffffffffda RBX: 00007f13af815fa0 RCX: 00007f13af59aeb9 [ 28.871036][ T376] RDX: 00000000000026e1 RSI: 0000000000000000 RDI: ffffffffffffff9c [ 28.879026][ T376] RBP: 00007f13af608c1f R08: 0000000000000000 R09: 0000000000000000 [ 28.887014][ T376] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 28.895003][ T376] R13: 00007f13af815fac R14: 00007f13af815fa0 R15: 00007f13af815fa0 [ 28.902999][ T376] [ 28.906036][ T376] [ 28.908377][ T376] Allocated by task 376: [ 28.912652][ T376] kasan_set_track+0x4b/0x70 [ 28.917262][ T376] kasan_save_alloc_info+0x25/0x30 [ 28.922391][ T376] __kasan_kmalloc+0x95/0xb0 [ 28.927001][ T376] __kmalloc_node+0xb2/0x1e0 [ 28.931633][ T376] bpf_map_area_alloc+0x4b/0xe0 [ 28.936505][ T376] prealloc_elems_and_freelist+0x8a/0x1e0 [ 28.942248][ T376] stack_map_alloc+0x3a7/0x530 [ 28.947033][ T376] map_create+0x49c/0xd80 [ 28.951377][ T376] __sys_bpf+0x34e/0x850 [ 28.955633][ T376] __x64_sys_bpf+0x7c/0x90 [ 28.960071][ T376] x64_sys_call+0x488/0x9a0 [ 28.964595][ T376] do_syscall_64+0x4c/0xa0 [ 28.969030][ T376] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 28.974950][ T376] [ 28.977325][ T376] The buggy address belongs to the object at ffff888112c3fb80 [ 28.977325][ T376] which belongs to the cache kmalloc-64 of size 64 [ 28.991325][ T376] The buggy address is located 16 bytes inside of [ 28.991325][ T376] 64-byte region [ffff888112c3fb80, ffff888112c3fbc0) [ 29.004539][ T376] [ 29.006889][ T376] The buggy address belongs to the physical page: [ 29.013324][ T376] page:ffffea00044b0fc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x112c3f [ 29.023581][ T376] flags: 0x4000000000000200(slab|zone=1) [ 29.029260][ T376] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888100042780 [ 29.037874][ T376] raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000 [ 29.046553][ T376] page dumped because: kasan: bad access detected [ 29.052985][ T376] page_owner tracks the page as allocated [ 29.058712][ T376] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 366, tgid 366 (syz-executor), ts 28201775438, free_ts 27847051615 [ 29.076967][ T376] post_alloc_hook+0x1f5/0x210 [ 29.081782][ T376] prep_new_page+0x1c/0x110 [ 29.086318][ T376] get_page_from_freelist+0x2d12/0x2d80 [ 29.091943][ T376] __alloc_pages+0x1d9/0x480 [ 29.096580][ T376] alloc_slab_page+0x6e/0xf0 [ 29.101208][ T376] new_slab+0x98/0x3d0 [ 29.105310][ T376] ___slab_alloc+0x6bd/0xb20 [ 29.109928][ T376] __slab_alloc+0x5e/0xa0 [ 29.114401][ T376] __kmem_cache_alloc_node+0x203/0x2c0 [ 29.119883][ T376] kmalloc_trace+0x29/0xb0 [ 29.124425][ T376] __request_module+0x2a7/0x910 [ 29.129382][ T376] dev_load+0x5b/0xb0 [ 29.133393][ T376] dev_ioctl+0x3c6/0xd10 [ 29.137671][ T376] sock_do_ioctl+0x252/0x330 [ 29.142291][ T376] sock_ioctl+0x4ca/0x720 [ 29.146651][ T376] __se_sys_ioctl+0x12f/0x1b0 [ 29.151361][ T376] page last free stack trace: [ 29.156051][ T376] free_unref_page_prepare+0x742/0x750 [ 29.161657][ T376] free_unref_page+0x95/0x540 [ 29.166375][ T376] __free_pages+0x67/0x100 [ 29.170873][ T376] __free_slab+0xca/0x1a0 [ 29.175242][ T376] __unfreeze_partials+0x160/0x190 [ 29.180485][ T376] put_cpu_partial+0xa9/0x100 [ 29.185225][ T376] __slab_free+0x1c4/0x280 [ 29.189676][ T376] ___cache_free+0xbf/0xd0 [ 29.194133][ T376] qlist_free_all+0xc6/0x140 [ 29.198752][ T376] kasan_quarantine_reduce+0x14a/0x170 [ 29.204236][ T376] __kasan_slab_alloc+0x24/0x80 [ 29.209118][ T376] slab_post_alloc_hook+0x4f/0x2d0 [ 29.214252][ T376] kmem_cache_alloc+0x16e/0x330 [ 29.219131][ T376] getname_flags+0xb9/0x500 [ 29.223664][ T376] getname+0x19/0x20 [ 29.227585][ T376] do_sys_openat2+0xeb/0x810 [ 29.232301][ T376] [ 29.234654][ T376] Memory state around the buggy address: [ 29.240297][ T376] ffff888112c3fa80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.248383][ T376] ffff888112c3fb00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.256551][ T376] >ffff888112c3fb80: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 29.264708][ T376] ^ [ 29.270091][ T376] ffff888112c3fc00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.278190][ T376] ffff888112c3fc80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 29.286264][ T376] ================================================================== [ 29.294911][ T376] Disabling lock debugging due to kernel taint