Warning: Permanently added '10.128.1.75' (ED25519) to the list of known hosts. 2026/05/24 03:19:37 parsed 1 programs [ 22.052296][ T28] audit: type=1400 audit(1779592777.354:64): avc: denied { node_bind } for pid=294 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 22.073148][ T28] audit: type=1400 audit(1779592777.364:65): avc: denied { module_request } for pid=294 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 23.154551][ T28] audit: type=1400 audit(1779592778.464:66): avc: denied { mounton } for pid=302 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2024 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 23.157685][ T302] cgroup: Unknown subsys name 'net' [ 23.177566][ T28] audit: type=1400 audit(1779592778.464:67): avc: denied { mount } for pid=302 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 23.204666][ T28] audit: type=1400 audit(1779592778.494:68): avc: denied { unmount } for pid=302 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 23.224787][ T302] cgroup: Unknown subsys name 'devices' [ 23.344755][ T302] cgroup: Unknown subsys name 'hugetlb' [ 23.350374][ T302] cgroup: Unknown subsys name 'rlimit' [ 23.462347][ T28] audit: type=1400 audit(1779592778.764:69): avc: denied { setattr } for pid=302 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 23.485548][ T28] audit: type=1400 audit(1779592778.774:70): avc: denied { create } for pid=302 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 23.506070][ T28] audit: type=1400 audit(1779592778.774:71): avc: denied { write } for pid=302 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 23.526435][ T28] audit: type=1400 audit(1779592778.774:72): avc: denied { read } for pid=302 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 23.532209][ T305] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 23.546797][ T28] audit: type=1400 audit(1779592778.774:73): avc: denied { mounton } for pid=302 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 23.586471][ T302] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 24.238292][ T307] request_module fs-gadgetfs succeeded, but still no fs? [ 24.322196][ T312] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.329680][ T312] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.337402][ T312] device bridge_slave_0 entered promiscuous mode [ 24.345459][ T312] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.352498][ T312] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.360217][ T312] device bridge_slave_1 entered promiscuous mode [ 24.408403][ T312] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.415475][ T312] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.422764][ T312] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.429793][ T312] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.449772][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.457108][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.464849][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 24.472287][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.482690][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.490865][ T10] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.497925][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.506634][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.515013][ T10] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.522036][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.535686][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.544985][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.559574][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.570997][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.579289][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.586880][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.596298][ T312] device veth0_vlan entered promiscuous mode [ 24.606767][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.616304][ T312] device veth1_macvtap entered promiscuous mode [ 24.626149][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.637111][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.668515][ T312] syz-executor (312) used greatest stack depth: 21120 bytes left 2026/05/24 03:19:40 executed programs: 0 [ 25.423709][ T43] device bridge_slave_1 left promiscuous mode [ 25.429946][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.437768][ T43] device bridge_slave_0 left promiscuous mode [ 25.444067][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.452416][ T43] device veth1_macvtap left promiscuous mode [ 25.458729][ T43] device veth0_vlan left promiscuous mode [ 25.559706][ T369] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.569010][ T369] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.576469][ T369] device bridge_slave_0 entered promiscuous mode [ 25.583574][ T369] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.590607][ T369] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.598014][ T369] device bridge_slave_1 entered promiscuous mode [ 25.643682][ T369] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.650735][ T369] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.658046][ T369] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.665099][ T369] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.685783][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 25.694121][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.701325][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.710403][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 25.718775][ T10] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.725836][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.735415][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 25.743700][ T10] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.750744][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.764600][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 25.774290][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 25.790893][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.802247][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.810385][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 25.818159][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 25.826549][ T369] device veth0_vlan entered promiscuous mode [ 25.838719][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.847862][ T369] device veth1_macvtap entered promiscuous mode [ 25.857373][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.867281][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 26.152614][ C1] hrtimer: interrupt took 37462 ns [ 26.649919][ C1] ================================================================== [ 26.658013][ C1] BUG: KASAN: slab-out-of-bounds in __bpf_get_stackid+0x6fa/0x960 [ 26.665831][ C1] Write of size 32 at addr ffff88810e9bbc60 by task syz.2.63/419 [ 26.673537][ C1] [ 26.675857][ C1] CPU: 1 PID: 419 Comm: syz.2.63 Not tainted syzkaller #0 [ 26.682961][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 26.693020][ C1] Call Trace: [ 26.696292][ C1] [ 26.699222][ C1] __dump_stack+0x21/0x24 [ 26.703573][ C1] dump_stack_lvl+0x110/0x170 [ 26.708249][ C1] ? __cfi_dump_stack_lvl+0x8/0x8 [ 26.713272][ C1] ? __bpf_get_stackid+0x6fa/0x960 [ 26.718380][ C1] print_address_description+0x71/0x200 [ 26.723921][ C1] print_report+0x4a/0x60 [ 26.728248][ C1] kasan_report+0x122/0x150 [ 26.732755][ C1] ? __bpf_get_stackid+0x6fa/0x960 [ 26.737871][ C1] kasan_check_range+0x249/0x2a0 [ 26.742816][ C1] ? __bpf_get_stackid+0x6fa/0x960 [ 26.747950][ C1] memcpy+0x44/0x70 [ 26.751768][ C1] __bpf_get_stackid+0x6fa/0x960 [ 26.756711][ C1] bpf_get_stackid_pe+0x350/0x400 [ 26.761749][ C1] bpf_prog_644fb7c94e15512a+0x2b/0x40 [ 26.767221][ C1] bpf_overflow_handler+0x3d0/0x5e0 [ 26.772434][ C1] ? __cfi_bpf_overflow_handler+0x10/0x10 [ 26.778155][ C1] ? kvm_sched_clock_read+0x18/0x40 [ 26.783354][ C1] ? __this_cpu_preempt_check+0x13/0x20 [ 26.788903][ C1] ? __perf_event_account_interrupt+0x1a4/0x2c0 [ 26.795141][ C1] __perf_event_overflow+0x437/0x620 [ 26.800512][ C1] perf_swevent_hrtimer+0x400/0x5b0 [ 26.805710][ C1] ? __cfi_perf_swevent_hrtimer+0x10/0x10 [ 26.811458][ C1] ? perf_ioctl+0x140e/0x1e70 [ 26.816134][ C1] ? timerqueue_del+0xd3/0x120 [ 26.820899][ C1] ? __cfi_perf_swevent_hrtimer+0x10/0x10 [ 26.826623][ C1] __hrtimer_run_queues+0x3bb/0x8e0 [ 26.831827][ C1] ? hrtimer_interrupt+0x8c0/0x8c0 [ 26.836938][ C1] ? ktime_get_update_offsets_now+0x30c/0x320 [ 26.843002][ C1] hrtimer_interrupt+0x3c7/0x8c0 [ 26.847953][ C1] __sysvec_apic_timer_interrupt+0x11e/0x440 [ 26.853932][ C1] sysvec_apic_timer_interrupt+0x53/0xc0 [ 26.859563][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 26.865551][ C1] RIP: 0033:0x7ffe7edf97a1 [ 26.869986][ C1] Code: db 00 00 00 48 8d 1d fe b8 ff ff 89 f8 48 c1 e0 04 4c 8d 74 03 20 44 8b 3b 41 f6 c7 01 75 38 8b 43 04 83 f8 01 75 34 0f 01 f9 <66> 90 48 c1 e2 20 48 09 c2 48 85 d2 0f 88 e8 00 00 00 4d 8b 06 4d [ 26.889584][ C1] RSP: 002b:00007ffe7edb78b0 EFLAGS: 00000246 [ 26.895660][ C1] RAX: 00000000c58945a8 RBX: 00007ffe7edf5080 RCX: 0000000000000001 [ 26.903631][ C1] RDX: 000000000000000e RSI: 00007ffe7edb7960 RDI: 0000000000000001 [ 26.911619][ C1] RBP: 00007ffe7edb78e0 R08: 0000000000000000 R09: 0000000000000000 [ 26.919586][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 26.927560][ C1] R13: 00007fe210a15fac R14: 00007ffe7edf50b0 R15: 0000000000000e1e [ 26.935533][ C1] [ 26.938551][ C1] [ 26.940870][ C1] Allocated by task 419: [ 26.945098][ C1] kasan_set_track+0x4b/0x70 [ 26.949689][ C1] kasan_save_alloc_info+0x25/0x30 [ 26.954802][ C1] __kasan_kmalloc+0x95/0xb0 [ 26.959409][ C1] __kmalloc_node+0xb2/0x1e0 [ 26.963999][ C1] bpf_map_area_alloc+0x4b/0xe0 [ 26.968862][ C1] prealloc_elems_and_freelist+0x8a/0x1e0 [ 26.974588][ C1] stack_map_alloc+0x3a7/0x530 [ 26.979376][ C1] map_create+0x49c/0xd80 [ 26.983713][ C1] __sys_bpf+0x34e/0x850 [ 26.987962][ C1] __x64_sys_bpf+0x7c/0x90 [ 26.992389][ C1] x64_sys_call+0x488/0x9a0 [ 26.996995][ C1] do_syscall_64+0x4c/0xa0 [ 27.001547][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 27.007460][ C1] [ 27.009782][ C1] The buggy address belongs to the object at ffff88810e9bbc00 [ 27.009782][ C1] which belongs to the cache kmalloc-128 of size 128 [ 27.023829][ C1] The buggy address is located 96 bytes inside of [ 27.023829][ C1] 128-byte region [ffff88810e9bbc00, ffff88810e9bbc80) [ 27.037019][ C1] [ 27.039342][ C1] The buggy address belongs to the physical page: [ 27.045771][ C1] page:ffffea00043a6ec0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10e9bb [ 27.056017][ C1] flags: 0x4000000000000200(slab|zone=1) [ 27.061659][ C1] raw: 4000000000000200 dead000000000100 dead000000000122 ffff888100042a80 [ 27.070238][ C1] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 27.078815][ C1] page dumped because: kasan: bad access detected [ 27.085246][ C1] page_owner tracks the page as allocated [ 27.090975][ C1] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, tgid 1 (swapper/0), ts 3853825022, free_ts 3763298715 [ 27.108332][ C1] post_alloc_hook+0x1f5/0x210 [ 27.113105][ C1] prep_new_page+0x1c/0x110 [ 27.117616][ C1] get_page_from_freelist+0x2d12/0x2d80 [ 27.123161][ C1] __alloc_pages+0x1fa/0x610 [ 27.127753][ C1] alloc_slab_page+0x6e/0xf0 [ 27.132363][ C1] new_slab+0x98/0x3d0 [ 27.136429][ C1] ___slab_alloc+0x6bd/0xb20 [ 27.141035][ C1] __slab_alloc+0x5e/0xa0 [ 27.145369][ C1] __kmem_cache_alloc_node+0x203/0x2c0 [ 27.150830][ C1] __kmalloc+0xa1/0x1e0 [ 27.154979][ C1] xt_hook_ops_alloc+0x82/0x310 [ 27.159852][ C1] ip6table_filter_init+0x3f/0xb4 [ 27.164879][ C1] do_one_initcall+0x1d6/0x580 [ 27.169643][ C1] do_initcall_level+0x16f/0x2d0 [ 27.174580][ C1] do_initcalls+0x50/0x92 [ 27.178909][ C1] do_basic_setup+0x92/0x99 [ 27.183430][ C1] page last free stack trace: [ 27.188092][ C1] __free_pages_ok+0xba3/0xc90 [ 27.192877][ C1] __free_pages+0xec/0x100 [ 27.197295][ C1] free_large_kmalloc+0xae/0xf0 [ 27.202167][ C1] kfree+0x8b/0xf0 [ 27.205883][ C1] kvfree+0x35/0x40 [ 27.209683][ C1] btf_check_all_metas+0x5d3/0xad0 [ 27.214797][ C1] btf_parse_vmlinux+0x437/0x940 [ 27.219732][ C1] bpf_get_btf_vmlinux+0x41/0x60 [ 27.224667][ C1] btf_get_module_btf+0x85/0x200 [ 27.229604][ C1] register_btf_kfunc_id_set+0x44/0x600 [ 27.235163][ C1] register_nf_conntrack_bpf+0x1b/0xb0 [ 27.240618][ C1] nf_conntrack_init_start+0x3c6/0x460 [ 27.246075][ C1] nf_conntrack_standalone_init+0x11/0x100 [ 27.251876][ C1] do_one_initcall+0x1d6/0x580 [ 27.256638][ C1] do_initcall_level+0x16f/0x2d0 [ 27.261571][ C1] do_initcalls+0x50/0x92 [ 27.265900][ C1] [ 27.268217][ C1] Memory state around the buggy address: [ 27.273840][ C1] ffff88810e9bbb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.281897][ C1] ffff88810e9bbb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.289949][ C1] >ffff88810e9bbc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.297997][ C1] ^ [ 27.305971][ C1] ffff88810e9bbc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.314031][ C1] ffff88810e9bbd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.322086][ C1] ================================================================== [ 27.330158][ C1] Disabling lock debugging due to kernel taint [ 27.341095][ T28] kauditd_printk_skb: 40 callbacks suppressed [ 27.341109][ T28] audit: type=1400 audit(1779592782.644:114): avc: denied { read } for pid=84 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 27.371311][ T28] audit: type=1400 audit(1779592782.644:115): avc: denied { search } for pid=84 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 27.392766][ T28] audit: type=1400 audit(1779592782.644:116): avc: denied { write } for pid=84 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 27.414184][ T28] audit: type=1400 audit(1779592782.644:117): avc: denied { add_name } for pid=84 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 27.434826][ T28] audit: type=1400 audit(1779592782.644:118): avc: denied { create } for pid=84 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 27.455307][ T28] audit: type=1400 audit(1779592782.644:119): avc: denied { append open } for pid=84 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 27.479009][ T28] audit: type=1400 audit(1779592782.644:120): avc: denied { getattr } for pid=84 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 2026/05/24 03:19:45 executed programs: 232 [ 30.513699][ T28] audit: type=1400 audit(1779592785.824:121): avc: denied { write } for pid=294 comm="syz-execprog" path="pipe:[15444]" dev="pipefs" ino=15444 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 2026/05/24 03:19:50 executed programs: 532