Warning: Permanently added '10.128.0.81' (ED25519) to the list of known hosts. 2026/04/02 12:52:20 parsed 1 programs [ 24.804303][ T28] audit: type=1400 audit(1775134340.891:64): avc: denied { node_bind } for pid=283 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 24.825121][ T28] audit: type=1400 audit(1775134340.891:65): avc: denied { module_request } for pid=283 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 25.924100][ T28] audit: type=1400 audit(1775134342.011:66): avc: denied { mounton } for pid=289 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 25.927246][ T289] cgroup: Unknown subsys name 'net' [ 25.947569][ T28] audit: type=1400 audit(1775134342.011:67): avc: denied { mount } for pid=289 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 25.974103][ T28] audit: type=1400 audit(1775134342.041:68): avc: denied { unmount } for pid=289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 25.974600][ T289] cgroup: Unknown subsys name 'devices' [ 26.088402][ T289] cgroup: Unknown subsys name 'hugetlb' [ 26.094002][ T289] cgroup: Unknown subsys name 'rlimit' [ 26.235789][ T28] audit: type=1400 audit(1775134342.321:69): avc: denied { setattr } for pid=289 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 26.258989][ T28] audit: type=1400 audit(1775134342.331:70): avc: denied { create } for pid=289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 26.279427][ T28] audit: type=1400 audit(1775134342.331:71): avc: denied { write } for pid=289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 26.299780][ T28] audit: type=1400 audit(1775134342.331:72): avc: denied { read } for pid=289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 26.320135][ T28] audit: type=1400 audit(1775134342.331:73): avc: denied { mounton } for pid=289 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 26.326312][ T293] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 26.384641][ T289] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 27.025303][ T296] request_module fs-gadgetfs succeeded, but still no fs? [ 27.342984][ T310] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.350136][ T310] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.357658][ T310] device bridge_slave_0 entered promiscuous mode [ 27.364571][ T310] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.371803][ T310] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.379267][ T310] device bridge_slave_1 entered promiscuous mode [ 27.424511][ T310] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.431586][ T310] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.439054][ T310] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.446097][ T310] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.466549][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.473935][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.482172][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 27.489623][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 27.499060][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 27.507337][ T10] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.514363][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.524007][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 27.532321][ T10] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.539384][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.551461][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 27.560711][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 27.574901][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 27.588270][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 27.596441][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 27.603912][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 27.612120][ T310] device veth0_vlan entered promiscuous mode [ 27.624100][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 27.633398][ T310] device veth1_macvtap entered promiscuous mode [ 27.642897][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 27.652821][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 27.690697][ T310] syz-executor (310) used greatest stack depth: 22048 bytes left 2026/04/02 12:52:24 executed programs: 0 [ 28.346657][ T359] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.353735][ T359] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.361377][ T359] device bridge_slave_0 entered promiscuous mode [ 28.368560][ T359] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.375597][ T359] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.383131][ T359] device bridge_slave_1 entered promiscuous mode [ 28.428212][ T359] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.435281][ T359] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.442613][ T359] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.449697][ T359] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.470493][ T301] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.477801][ T301] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.485086][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 28.492787][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 28.502105][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 28.510905][ T301] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.517985][ T301] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.535603][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 28.543948][ T301] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.551014][ T301] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.563320][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 28.572688][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 28.594271][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 28.605703][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 28.613879][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 28.621448][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 28.630322][ T359] device veth0_vlan entered promiscuous mode [ 28.648041][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 28.657816][ T359] device veth1_macvtap entered promiscuous mode [ 28.667986][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 28.685324][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 28.712618][ C1] ================================================================== [ 28.712630][ C1] BUG: KASAN: slab-out-of-bounds in __bpf_get_stackid+0x6fa/0x960 [ 28.712656][ C1] Write of size 56 at addr ffff888111e27d10 by task syz.2.17/363 [ 28.712671][ C1] [ 28.712682][ C1] CPU: 1 PID: 363 Comm: syz.2.17 Not tainted syzkaller #0 [ 28.712700][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 28.712713][ C1] Call Trace: [ 28.712718][ C1] <#DB> [ 28.712724][ C1] __dump_stack+0x21/0x24 [ 28.712752][ C1] dump_stack_lvl+0x110/0x170 [ 28.712776][ C1] ? __cfi_dump_stack_lvl+0x8/0x8 [ 28.712802][ C1] ? __bpf_get_stackid+0x6fa/0x960 [ 28.712826][ C1] print_address_description+0x71/0x200 [ 28.712850][ C1] print_report+0x4a/0x60 [ 28.712872][ C1] kasan_report+0x122/0x150 [ 28.712895][ C1] ? __bpf_get_stackid+0x6fa/0x960 [ 28.712914][ C1] kasan_check_range+0x249/0x2a0 [ 28.712935][ C1] ? __bpf_get_stackid+0x6fa/0x960 [ 28.712953][ C1] memcpy+0x44/0x70 [ 28.712969][ C1] __bpf_get_stackid+0x6fa/0x960 [ 28.712988][ C1] bpf_get_stackid_pe+0x2ee/0x400 [ 28.713007][ C1] bpf_prog_a82986b851e905af+0x21/0x33 [ 28.713023][ C1] bpf_overflow_handler+0x3d0/0x5e0 [ 28.713043][ C1] ? __cfi_bpf_overflow_handler+0x10/0x10 [ 28.713062][ C1] ? __this_cpu_preempt_check+0x13/0x20 [ 28.713086][ C1] ? __perf_event_account_interrupt+0x1a4/0x2c0 [ 28.713111][ C1] __perf_event_overflow+0x437/0x620 [ 28.713135][ C1] perf_swevent_event+0x2f7/0x530 [ 28.713159][ C1] perf_bp_event+0x28c/0x330 [ 28.713182][ C1] ? __cfi_perf_bp_event+0x10/0x10 [ 28.713215][ C1] hw_breakpoint_exceptions_notify+0x182/0x550 [ 28.713240][ C1] notify_die+0x12a/0x1e0 [ 28.713256][ C1] ? __cfi_notify_die+0x10/0x10 [ 28.713274][ C1] notify_debug+0x24/0x30 [ 28.713294][ C1] exc_debug+0xde/0x130 [ 28.713311][ C1] asm_exc_debug+0x1a/0x40 [ 28.713329][ C1] RIP: 0010:copy_user_enhanced_fast_string+0xa/0x40 [ 28.713356][ C1] Code: ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 01 ca c3 8d 0c ca 89 ca eb 20 0f 01 cb 83 fa 40 72 38 89 d1 a4 31 c0 0f 01 ca c3 89 ca eb 0a 90 90 90 90 90 90 90 90 90 90 [ 28.713370][ C1] RSP: 0018:ffffc900009c7d28 EFLAGS: 00050202 [ 28.713386][ C1] RAX: ffffffff82688c01 RBX: 0000000000000050 RCX: 000000000000000f [ 28.713399][ C1] RDX: 0000000000000050 RSI: 0000200000000301 RDI: ffffc900009c7de1 [ 28.713411][ C1] RBP: ffffc900009c7d50 R08: ffffc900009c7def R09: 1ffff92000138fbd [ 28.713424][ C1] R10: dffffc0000000000 R11: fffff52000138fbe R12: 00007fffffffefb0 [ 28.713437][ C1] R13: 0000000000000050 R14: ffffc900009c7da0 R15: 00002000000002c0 [ 28.713450][ C1] ? refcount_dec_and_lock_irqsave+0xb1/0x100 [ 28.713476][ C1] [ 28.713481][ C1] [ 28.713486][ C1] ? _copy_from_user+0x78/0xc0 [ 28.713507][ C1] __sys_bpf+0x2a0/0x850 [ 28.713524][ C1] ? bpf_link_show_fdinfo+0x330/0x330 [ 28.713544][ C1] ? __cfi_notify_die+0x10/0x10 [ 28.713560][ C1] ? debug_smp_processor_id+0x17/0x20 [ 28.713583][ C1] __x64_sys_bpf+0x7c/0x90 [ 28.713608][ C1] x64_sys_call+0x488/0x9a0 [ 28.713629][ C1] do_syscall_64+0x4c/0xa0 [ 28.713653][ C1] ? clear_bhb_loop+0x30/0x80 [ 28.713672][ C1] ? clear_bhb_loop+0x30/0x80 [ 28.713692][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 28.713710][ C1] RIP: 0033:0x7feaf859c819 [ 28.713723][ C1] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 28.713737][ C1] RSP: 002b:00007ffe5780b578 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 28.713754][ C1] RAX: ffffffffffffffda RBX: 00007feaf8815fa0 RCX: 00007feaf859c819 [ 28.713766][ C1] RDX: 0000000000000050 RSI: 00002000000002c0 RDI: 000000000000001c [ 28.713777][ C1] RBP: 00007feaf8632c91 R08: 0000000000000000 R09: 0000000000000000 [ 28.713788][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 28.713799][ C1] R13: 00007feaf8815fac R14: 00007feaf8815fa0 R15: 00007feaf8815fa0 [ 28.713820][ C1] [ 28.713825][ C1] [ 28.713828][ C1] Allocated by task 363: [ 28.713835][ C1] kasan_set_track+0x4b/0x70 [ 28.713854][ C1] kasan_save_alloc_info+0x25/0x30 [ 28.713878][ C1] __kasan_kmalloc+0x95/0xb0 [ 28.713897][ C1] __kmalloc_node+0xb2/0x1e0 [ 28.713911][ C1] bpf_map_area_alloc+0x4b/0xe0 [ 28.713929][ C1] prealloc_elems_and_freelist+0x8a/0x1e0 [ 28.713945][ C1] stack_map_alloc+0x3a7/0x530 [ 28.713960][ C1] map_create+0x49c/0xd80 [ 28.713974][ C1] __sys_bpf+0x34e/0x850 [ 28.713988][ C1] __x64_sys_bpf+0x7c/0x90 [ 28.714016][ C1] x64_sys_call+0x488/0x9a0 [ 28.714034][ C1] do_syscall_64+0x4c/0xa0 [ 28.714076][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 28.714094][ C1] [ 28.714097][ C1] The buggy address belongs to the object at ffff888111e27d00 [ 28.714097][ C1] which belongs to the cache kmalloc-64 of size 64 [ 28.714110][ C1] The buggy address is located 16 bytes inside of [ 28.714110][ C1] 64-byte region [ffff888111e27d00, ffff888111e27d40) [ 28.714128][ C1] [ 28.714131][ C1] The buggy address belongs to the physical page: [ 28.714137][ C1] page:ffffea00044789c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x111e27 [ 28.714161][ C1] flags: 0x4000000000000200(slab|zone=1) [ 28.714187][ C1] raw: 4000000000000200 0000000000000000 dead000000000001 ffff888100042780 [ 28.714203][ C1] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 28.714211][ C1] page dumped because: kasan: bad access detected [ 28.714222][ C1] page_owner tracks the page as allocated [ 28.714227][ C1] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 104, tgid 104 (udevadm), ts 5539800387, free_ts 5539747534 [ 28.714256][ C1] post_alloc_hook+0x1f5/0x210 [ 28.714278][ C1] prep_new_page+0x1c/0x110 [ 28.714300][ C1] get_page_from_freelist+0x2d12/0x2d80 [ 28.714323][ C1] __alloc_pages+0x1fa/0x610 [ 28.714345][ C1] alloc_slab_page+0x6e/0xf0 [ 28.714370][ C1] new_slab+0x98/0x3d0 [ 28.714394][ C1] ___slab_alloc+0x6bd/0xb20 [ 28.714415][ C1] __slab_alloc+0x5e/0xa0 [ 28.714438][ C1] __kmem_cache_alloc_node+0x203/0x2c0 [ 28.714460][ C1] __kmalloc+0xa1/0x1e0 [ 28.714472][ C1] kobject_get_path+0xbf/0x200 [ 28.714488][ C1] kobject_uevent_env+0x2a0/0x730 [ 28.714506][ C1] kobject_synth_uevent+0x57e/0xbc0 [ 28.714525][ C1] uevent_store+0x4b/0x70 [ 28.714549][ C1] drv_attr_store+0x88/0xb0 [ 28.714573][ C1] sysfs_kf_write+0x137/0x150 [ 28.714593][ C1] page last free stack trace: [ 28.714597][ C1] free_unref_page_prepare+0x742/0x750 [ 28.714619][ C1] free_unref_page+0x95/0x540 [ 28.714640][ C1] __free_pages+0x67/0x100 [ 28.714659][ C1] free_pages+0x82/0x90 [ 28.714681][ C1] selinux_genfs_get_sid+0x20b/0x250 [ 28.714707][ C1] inode_doinit_with_dentry+0x87a/0xd80 [ 28.714733][ C1] selinux_d_instantiate+0x27/0x40 [ 28.714757][ C1] security_d_instantiate+0xb3/0x110 [ 28.714773][ C1] d_splice_alias+0x6d/0x390 [ 28.714798][ C1] kernfs_iop_lookup+0x2c2/0x310 [ 28.714812][ C1] path_openat+0x1006/0x2f80 [ 28.714836][ C1] do_filp_open+0x1f1/0x430 [ 28.714854][ C1] do_sys_openat2+0x15e/0x810 [ 28.714875][ C1] __x64_sys_openat+0x136/0x160 [ 28.714897][ C1] x64_sys_call+0x783/0x9a0 [ 28.714916][ C1] do_syscall_64+0x4c/0xa0 [ 28.714940][ C1] [ 28.714942][ C1] Memory state around the buggy address: [ 28.714950][ C1] ffff888111e27c00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.714961][ C1] ffff888111e27c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.714972][ C1] >ffff888111e27d00: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 28.714981][ C1] ^ [ 28.714989][ C1] ffff888111e27d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.715000][ C1] ffff888111e27e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.715008][ C1] ================================================================== [ 28.715014][ C1] Disabling lock debugging due to kernel taint