Warning: Permanently added '10.128.1.136' (ED25519) to the list of known hosts.
2026/05/19 07:49:47 parsed 1 programs
[   24.793857][   T28] audit: type=1400 audit(1779176987.576:64): avc:  denied  { node_bind } for  pid=295 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[   24.815408][   T28] audit: type=1400 audit(1779176987.576:65): avc:  denied  { module_request } for  pid=295 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[   25.912378][   T28] audit: type=1400 audit(1779176988.696:66): avc:  denied  { mounton } for  pid=301 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2024 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   25.915583][  T301] cgroup: Unknown subsys name 'net'
[   25.935159][   T28] audit: type=1400 audit(1779176988.696:67): avc:  denied  { mount } for  pid=301 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   25.962434][   T28] audit: type=1400 audit(1779176988.726:68): avc:  denied  { unmount } for  pid=301 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   25.962867][  T301] cgroup: Unknown subsys name 'devices'
[   26.104097][  T301] cgroup: Unknown subsys name 'hugetlb'
[   26.109861][  T301] cgroup: Unknown subsys name 'rlimit'
[   26.222242][   T28] audit: type=1400 audit(1779176989.006:69): avc:  denied  { setattr } for  pid=301 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   26.245453][   T28] audit: type=1400 audit(1779176989.006:70): avc:  denied  { create } for  pid=301 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   26.265908][   T28] audit: type=1400 audit(1779176989.006:71): avc:  denied  { write } for  pid=301 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   26.286236][   T28] audit: type=1400 audit(1779176989.006:72): avc:  denied  { read } for  pid=301 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   26.306597][   T28] audit: type=1400 audit(1779176989.006:73): avc:  denied  { mounton } for  pid=301 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   26.319894][  T306] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
Setting up swapspace version 1, size = 127995904 bytes
[   26.431359][  T301] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   27.198349][  T310] request_module fs-gadgetfs succeeded, but still no fs?
[   27.759208][  T351] bridge0: port 1(bridge_slave_0) entered blocking state
[   27.767342][  T351] bridge0: port 1(bridge_slave_0) entered disabled state
[   27.774924][  T351] device bridge_slave_0 entered promiscuous mode
[   27.782002][  T351] bridge0: port 2(bridge_slave_1) entered blocking state
[   27.789054][  T351] bridge0: port 2(bridge_slave_1) entered disabled state
[   27.796646][  T351] device bridge_slave_1 entered promiscuous mode
[   27.842912][  T351] bridge0: port 2(bridge_slave_1) entered blocking state
[   27.849971][  T351] bridge0: port 2(bridge_slave_1) entered forwarding state
[   27.857326][  T351] bridge0: port 1(bridge_slave_0) entered blocking state
[   27.864420][  T351] bridge0: port 1(bridge_slave_0) entered forwarding state
[   27.886121][  T327] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   27.893859][  T327] bridge0: port 1(bridge_slave_0) entered disabled state
[   27.901088][  T327] bridge0: port 2(bridge_slave_1) entered disabled state
[   27.910737][  T327] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   27.919153][  T327] bridge0: port 1(bridge_slave_0) entered blocking state
[   27.926242][  T327] bridge0: port 1(bridge_slave_0) entered forwarding state
[   27.934892][  T327] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   27.943372][  T327] bridge0: port 2(bridge_slave_1) entered blocking state
[   27.950400][  T327] bridge0: port 2(bridge_slave_1) entered forwarding state
[   27.963903][  T327] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   27.973633][  T327] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   27.988840][  T327] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   28.000498][  T327] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   28.008771][  T327] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   28.016420][  T327] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   28.025398][  T351] device veth0_vlan entered promiscuous mode
[   28.036230][  T327] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   28.052506][  T351] device veth1_macvtap entered promiscuous mode
[   28.062652][  T327] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   28.073301][  T327] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
2026/05/19 07:49:51 executed programs: 0
[   28.461569][  T370] bridge0: port 1(bridge_slave_0) entered blocking state
[   28.469371][  T370] bridge0: port 1(bridge_slave_0) entered disabled state
[   28.477147][  T370] device bridge_slave_0 entered promiscuous mode
[   28.484212][  T370] bridge0: port 2(bridge_slave_1) entered blocking state
[   28.491261][  T370] bridge0: port 2(bridge_slave_1) entered disabled state
[   28.498915][  T370] device bridge_slave_1 entered promiscuous mode
[   28.552809][  T370] bridge0: port 2(bridge_slave_1) entered blocking state
[   28.559862][  T370] bridge0: port 2(bridge_slave_1) entered forwarding state
[   28.567190][  T370] bridge0: port 1(bridge_slave_0) entered blocking state
[   28.574272][  T370] bridge0: port 1(bridge_slave_0) entered forwarding state
[   28.597067][  T327] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   28.604862][  T327] bridge0: port 1(bridge_slave_0) entered disabled state
[   28.612332][  T327] bridge0: port 2(bridge_slave_1) entered disabled state
[   28.621384][  T327] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   28.629714][  T327] bridge0: port 1(bridge_slave_0) entered blocking state
[   28.636786][  T327] bridge0: port 1(bridge_slave_0) entered forwarding state
[   28.645765][  T327] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   28.654497][  T327] bridge0: port 2(bridge_slave_1) entered blocking state
[   28.661521][  T327] bridge0: port 2(bridge_slave_1) entered forwarding state
[   28.673862][  T327] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   28.683171][  T327] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   28.697413][  T327] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   28.708923][  T327] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   28.717080][  T327] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   28.724737][  T327] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   28.733583][  T370] device veth0_vlan entered promiscuous mode
[   28.744075][  T327] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   28.753305][  T370] device veth1_macvtap entered promiscuous mode
[   28.763141][  T327] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   28.773592][  T327] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   28.803824][    C0] ==================================================================
[   28.812009][    C0] BUG: KASAN: slab-out-of-bounds in __bpf_get_stackid+0x6fa/0x960
[   28.819862][    C0] Write of size 56 at addr ffff88812ef2e710 by task syz.2.17/375
[   28.827574][    C0] 
[   28.829906][    C0] CPU: 0 PID: 375 Comm: syz.2.17 Not tainted syzkaller #0
[   28.837016][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[   28.847080][    C0] Call Trace:
[   28.850360][    C0]  <IRQ>
[   28.853200][    C0]  __dump_stack+0x21/0x24
[   28.857538][    C0]  dump_stack_lvl+0x110/0x170
[   28.862314][    C0]  ? __cfi_dump_stack_lvl+0x8/0x8
[   28.867361][    C0]  ? __bpf_get_stackid+0x6fa/0x960
[   28.872477][    C0]  print_address_description+0x71/0x200
[   28.878022][    C0]  print_report+0x4a/0x60
[   28.882353][    C0]  kasan_report+0x122/0x150
[   28.886949][    C0]  ? __bpf_get_stackid+0x6fa/0x960
[   28.892075][    C0]  kasan_check_range+0x249/0x2a0
[   28.897021][    C0]  ? __bpf_get_stackid+0x6fa/0x960
[   28.902130][    C0]  memcpy+0x44/0x70
[   28.905937][    C0]  __bpf_get_stackid+0x6fa/0x960
[   28.910959][    C0]  bpf_get_stackid_pe+0x2ee/0x400
[   28.915984][    C0]  bpf_prog_7018bb76bd3f7f7a+0x28/0x3d
[   28.921447][    C0]  bpf_overflow_handler+0x3d0/0x5e0
[   28.926647][    C0]  ? __cfi_bpf_overflow_handler+0x10/0x10
[   28.932361][    C0]  ? kvm_sched_clock_read+0x18/0x40
[   28.937561][    C0]  ? __this_cpu_preempt_check+0x13/0x20
[   28.943106][    C0]  ? __perf_event_account_interrupt+0x1a4/0x2c0
[   28.949349][    C0]  __perf_event_overflow+0x437/0x620
[   28.954635][    C0]  perf_swevent_hrtimer+0x400/0x5b0
[   28.959835][    C0]  ? __cfi_perf_swevent_hrtimer+0x10/0x10
[   28.965555][    C0]  ? ipv6_rcv+0xed/0x230
[   28.969810][    C0]  ? timerqueue_del+0xd3/0x120
[   28.974570][    C0]  ? __cfi_perf_swevent_hrtimer+0x10/0x10
[   28.980293][    C0]  __hrtimer_run_queues+0x3bb/0x8e0
[   28.985496][    C0]  ? hrtimer_interrupt+0x8c0/0x8c0
[   28.990609][    C0]  ? ktime_get_update_offsets_now+0x30c/0x320
[   28.996672][    C0]  hrtimer_interrupt+0x3c7/0x8c0
[   29.001617][    C0]  __sysvec_apic_timer_interrupt+0x11e/0x440
[   29.007690][    C0]  sysvec_apic_timer_interrupt+0xa4/0xc0
[   29.013360][    C0]  </IRQ>
[   29.016290][    C0]  <TASK>
[   29.019217][    C0]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[   29.025197][    C0] RIP: 0010:perf_ioctl+0x147a/0x1e70
[   29.030481][    C0] Code: 00 65 48 8b 04 25 28 00 00 00 48 3b 84 24 40 02 00 00 0f 85 3e 09 00 00 4c 89 f8 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 <e8> 71 62 d7 ff 45 31 ff e9 6e ff ff ff e8 64 62 d7 ff 41 bf ea ff
[   29.050189][    C0] RSP: 0018:ffffc900007bfbe0 EFLAGS: 00010246
[   29.056273][    C0] RAX: ffffffff819a095d RBX: 0000000000000000 RCX: 0000000000000000
[   29.064243][    C0] RDX: ffff888113e30000 RSI: 0000000000000000 RDI: 0000000000000000
[   29.072232][    C0] RBP: ffffc900007bfe80 R08: ffff888115651007 R09: 1ffff11022aca200
[   29.080303][    C0] R10: dffffc0000000000 R11: ffffed1022aca201 R12: 0000000040042408
[   29.088415][    C0] R13: dffffc0000000000 R14: fffff520000f7f8c R15: ffffc90000109000
[   29.096484][    C0]  ? perf_ioctl+0x8dd/0x1e70
[   29.101086][    C0]  ? ioctl_has_perm+0x40f/0x4f0
[   29.106027][    C0]  ? sysvec_apic_timer_interrupt+0x64/0xc0
[   29.111852][    C0]  ? has_cap_mac_admin+0x370/0x370
[   29.116984][    C0]  ? __cfi_perf_ioctl+0x10/0x10
[   29.121879][    C0]  ? do_futex+0x269/0x430
[   29.126237][    C0]  ? do_futex+0x2bf/0x430
[   29.130580][    C0]  ? selinux_file_ioctl+0x3a0/0x4d0
[   29.135791][    C0]  ? __cfi_do_futex+0x10/0x10
[   29.140483][    C0]  ? __cfi_selinux_file_ioctl+0x10/0x10
[   29.146037][    C0]  ? irqentry_exit+0x37/0x40
[   29.150639][    C0]  ? sysvec_apic_timer_interrupt+0x64/0xc0
[   29.156447][    C0]  ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[   29.162618][    C0]  ? __cfi_perf_ioctl+0x10/0x10
[   29.167474][    C0]  ? __se_sys_ioctl+0x114/0x1b0
[   29.172320][    C0]  ? __cfi_perf_ioctl+0x10/0x10
[   29.177168][    C0]  __se_sys_ioctl+0x12f/0x1b0
[   29.181857][    C0]  __x64_sys_ioctl+0x7b/0x90
[   29.186454][    C0]  x64_sys_call+0x58b/0x9a0
[   29.190975][    C0]  do_syscall_64+0x4c/0xa0
[   29.195406][    C0]  ? clear_bhb_loop+0x30/0x80
[   29.200090][    C0]  ? clear_bhb_loop+0x30/0x80
[   29.204773][    C0]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   29.210672][    C0] RIP: 0033:0x7f7646b9ce59
[   29.215092][    C0] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   29.234717][    C0] RSP: 002b:00007ffe0f431ab8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   29.243138][    C0] RAX: ffffffffffffffda RBX: 00007f7646e15fa0 RCX: 00007f7646b9ce59
[   29.251108][    C0] RDX: 0000000000000004 RSI: 0000000040042408 RDI: 0000000000000005
[   29.259080][    C0] RBP: 00007f7646c32d6f R08: 0000000000000000 R09: 0000000000000000
[   29.267048][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   29.275024][    C0] R13: 00007f7646e15fac R14: 00007f7646e15fa0 R15: 00007f7646e15fa0
[   29.283007][    C0]  </TASK>
[   29.286030][    C0] 
[   29.288348][    C0] Allocated by task 375:
[   29.292592][    C0]  kasan_set_track+0x4b/0x70
[   29.297193][    C0]  kasan_save_alloc_info+0x25/0x30
[   29.302308][    C0]  __kasan_kmalloc+0x95/0xb0
[   29.306903][    C0]  __kmalloc_node+0xb2/0x1e0
[   29.311490][    C0]  bpf_map_area_alloc+0x4b/0xe0
[   29.316346][    C0]  prealloc_elems_and_freelist+0x8a/0x1e0
[   29.322089][    C0]  stack_map_alloc+0x3a7/0x530
[   29.326850][    C0]  map_create+0x49c/0xd80
[   29.331176][    C0]  __sys_bpf+0x34e/0x850
[   29.335413][    C0]  __x64_sys_bpf+0x7c/0x90
[   29.339824][    C0]  x64_sys_call+0x488/0x9a0
[   29.344321][    C0]  do_syscall_64+0x4c/0xa0
[   29.348733][    C0]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   29.354629][    C0] 
[   29.356945][    C0] The buggy address belongs to the object at ffff88812ef2e700
[   29.356945][    C0]  which belongs to the cache kmalloc-64 of size 64
[   29.370821][    C0] The buggy address is located 16 bytes inside of
[   29.370821][    C0]  64-byte region [ffff88812ef2e700, ffff88812ef2e740)
[   29.383915][    C0] 
[   29.386232][    C0] The buggy address belongs to the physical page:
[   29.392653][    C0] page:ffffea0004bbcb80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12ef2e
[   29.402895][    C0] flags: 0x4000000000000200(slab|zone=1)
[   29.408536][    C0] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888100042780
[   29.417116][    C0] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000
[   29.425692][    C0] page dumped because: kasan: bad access detected
[   29.432106][    C0] page_owner tracks the page as allocated
[   29.437812][    C0] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 375, tgid 375 (syz-executor), ts 28796931056, free_ts 28311039511
[   29.455949][    C0]  post_alloc_hook+0x1f5/0x210
[   29.460724][    C0]  prep_new_page+0x1c/0x110
[   29.465260][    C0]  get_page_from_freelist+0x2d12/0x2d80
[   29.470811][    C0]  __alloc_pages+0x1fa/0x610
[   29.475492][    C0]  alloc_slab_page+0x6e/0xf0
[   29.480073][    C0]  new_slab+0x98/0x3d0
[   29.484164][    C0]  ___slab_alloc+0x6bd/0xb20
[   29.488771][    C0]  __slab_alloc+0x5e/0xa0
[   29.493115][    C0]  __kmem_cache_alloc_node+0x203/0x2c0
[   29.498572][    C0]  __kmalloc_node+0xa1/0x1e0
[   29.503152][    C0]  kvmalloc_node+0x28a/0x460
[   29.507734][    C0]  simple_xattr_alloc+0x43/0xa0
[   29.512585][    C0]  shmem_initxattrs+0x8d/0x1e0
[   29.517353][    C0]  security_inode_init_security+0x2a9/0x3d0
[   29.523243][    C0]  shmem_symlink+0xd0/0x4c0
[   29.527750][    C0]  vfs_symlink+0x261/0x3f0
[   29.532276][    C0] page last free stack trace:
[   29.536934][    C0]  free_unref_page_prepare+0x7f8/0x800
[   29.542393][    C0]  free_unref_page+0x95/0x540
[   29.547072][    C0]  __free_pages+0x67/0x100
[   29.551605][    C0]  __vunmap+0x9c0/0xb80
[   29.555752][    C0]  vfree+0x61/0x90
[   29.559466][    C0]  kcov_close+0x2b/0x50
[   29.563614][    C0]  __fput+0x1fc/0x8f0
[   29.567685][    C0]  ____fput+0x15/0x20
[   29.571665][    C0]  task_work_run+0x1e1/0x250
[   29.576256][    C0]  do_exit+0xa35/0x2660
[   29.580413][    C0]  do_group_exit+0x225/0x2e0
[   29.585005][    C0]  get_signal+0x13b5/0x1520
[   29.589507][    C0]  arch_do_signal_or_restart+0xd1/0x1140
[   29.595163][    C0]  exit_to_user_mode_loop+0x7a/0xb0
[   29.600358][    C0]  exit_to_user_mode_prepare+0x87/0xd0
[   29.605809][    C0]  syscall_exit_to_user_mode+0x1a/0x30
[   29.611270][    C0] 
[   29.613631][    C0] Memory state around the buggy address:
[   29.619255][    C0]  ffff88812ef2e600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[   29.627314][    C0]  ffff88812ef2e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.635370][    C0] >ffff88812ef2e700: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[   29.643420][    C0]                                   ^
[   29.648801][    C0]  ffff88812ef2e780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   29.656871][    C0]  ffff88812ef2e800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.664922][    C0] ==================================================================
[   29.672971][    C0] Disabling lock debugging due to kernel taint