Warning: Permanently added '10.128.1.39' (ED25519) to the list of known hosts. 2026/01/14 14:52:15 parsed 1 programs [ 22.030126][ T30] audit: type=1400 audit(1768402335.088:64): avc: denied { node_bind } for pid=281 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 22.051384][ T30] audit: type=1400 audit(1768402335.088:65): avc: denied { module_request } for pid=281 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 22.685233][ T30] audit: type=1400 audit(1768402335.748:66): avc: denied { mounton } for pid=289 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 22.686314][ T289] cgroup: Unknown subsys name 'net' [ 22.708431][ T30] audit: type=1400 audit(1768402335.748:67): avc: denied { mount } for pid=289 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 22.736649][ T30] audit: type=1400 audit(1768402335.778:68): avc: denied { unmount } for pid=289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 22.736823][ T289] cgroup: Unknown subsys name 'devices' [ 22.944144][ T289] cgroup: Unknown subsys name 'hugetlb' [ 22.949820][ T289] cgroup: Unknown subsys name 'rlimit' [ 23.152977][ T30] audit: type=1400 audit(1768402336.218:69): avc: denied { setattr } for pid=289 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 23.176321][ T30] audit: type=1400 audit(1768402336.218:70): avc: denied { create } for pid=289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 23.194485][ T291] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 23.196972][ T30] audit: type=1400 audit(1768402336.218:71): avc: denied { write } for pid=289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 23.225584][ T30] audit: type=1400 audit(1768402336.218:72): avc: denied { read } for pid=289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 23.245858][ T30] audit: type=1400 audit(1768402336.218:73): avc: denied { mounton } for pid=289 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 23.261263][ T289] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 23.717698][ T294] request_module fs-gadgetfs succeeded, but still no fs? [ 23.922779][ T307] syz-executor (307) used greatest stack depth: 21920 bytes left [ 24.167520][ T340] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.175547][ T340] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.183143][ T340] device bridge_slave_0 entered promiscuous mode [ 24.190211][ T340] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.197415][ T340] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.204917][ T340] device bridge_slave_1 entered promiscuous mode [ 24.246389][ T340] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.253653][ T340] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.261953][ T340] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.269028][ T340] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.286041][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.294385][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.301698][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.310934][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.319150][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.326407][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.335291][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.343558][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.350592][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.361613][ T351] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.371222][ T351] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.383714][ T351] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.394632][ T351] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.402897][ T351] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.410293][ T351] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.418399][ T340] device veth0_vlan entered promiscuous mode [ 24.428124][ T351] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.437303][ T340] device veth1_macvtap entered promiscuous mode [ 24.446486][ T351] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.456536][ T351] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.482912][ T340] syz-executor (340) used greatest stack depth: 21664 bytes left 2026/01/14 14:52:17 executed programs: 0 [ 24.794491][ T363] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.801558][ T363] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.809257][ T363] device bridge_slave_0 entered promiscuous mode [ 24.816671][ T363] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.823900][ T363] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.832121][ T363] device bridge_slave_1 entered promiscuous mode [ 24.896630][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 24.904118][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.913519][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 24.923191][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.931466][ T352] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.938644][ T352] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.946277][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 24.961343][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 24.969790][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.978011][ T352] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.985331][ T352] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.995490][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 25.003579][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 25.018343][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 25.032293][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.043399][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.051402][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 25.059455][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 25.067977][ T363] device veth0_vlan entered promiscuous mode [ 25.079373][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.088800][ T363] device veth1_macvtap entered promiscuous mode [ 25.098802][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.107358][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.127444][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.141008][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.280516][ T375] ================================================================== [ 25.289055][ T375] BUG: KASAN: slab-out-of-bounds in l2cap_sock_setsockopt+0x1b8e/0x1f60 [ 25.297469][ T375] Read of size 4 at addr ffff88810dff3c0b by task syz.2.17/375 [ 25.305097][ T375] [ 25.307418][ T375] CPU: 1 PID: 375 Comm: syz.2.17 Not tainted syzkaller #0 [ 25.314581][ T375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 25.324859][ T375] Call Trace: [ 25.328214][ T375] [ 25.331134][ T375] __dump_stack+0x21/0x30 [ 25.335472][ T375] dump_stack_lvl+0xee/0x150 [ 25.340275][ T375] ? show_regs_print_info+0x20/0x20 [ 25.345593][ T375] ? load_image+0x3a0/0x3a0 [ 25.350292][ T375] ? lock_sock_nested+0x1f1/0x290 [ 25.355333][ T375] print_address_description+0x7f/0x2c0 [ 25.361401][ T375] ? l2cap_sock_setsockopt+0x1b8e/0x1f60 [ 25.367291][ T375] kasan_report+0xf1/0x140 [ 25.371707][ T375] ? memcpy+0x56/0x70 [ 25.375684][ T375] ? l2cap_sock_setsockopt+0x1b8e/0x1f60 [ 25.381417][ T375] __asan_report_load_n_noabort+0xf/0x20 [ 25.387064][ T375] l2cap_sock_setsockopt+0x1b8e/0x1f60 [ 25.392690][ T375] ? selinux_socket_setsockopt+0x21c/0x300 [ 25.398502][ T375] ? __cgroup_bpf_run_filter_sysctl+0x700/0x700 [ 25.404737][ T375] ? link_create+0x623/0x960 [ 25.409318][ T375] ? l2cap_sock_shutdown+0xbe0/0xbe0 [ 25.414586][ T375] ? security_socket_setsockopt+0x82/0xa0 [ 25.420371][ T375] ? l2cap_sock_shutdown+0xbe0/0xbe0 [ 25.425633][ T375] __sys_setsockopt+0x2f0/0x460 [ 25.430561][ T375] ? __ia32_sys_recv+0xb0/0xb0 [ 25.435821][ T375] __x64_sys_setsockopt+0xbf/0xd0 [ 25.440841][ T375] x64_sys_call+0x982/0x9a0 [ 25.445334][ T375] do_syscall_64+0x4c/0xa0 [ 25.449824][ T375] ? clear_bhb_loop+0x50/0xa0 [ 25.454489][ T375] ? clear_bhb_loop+0x50/0xa0 [ 25.459143][ T375] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 25.465015][ T375] RIP: 0033:0x7efd173a3749 [ 25.469411][ T375] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 25.488996][ T375] RSP: 002b:00007fff6ff46778 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 25.497520][ T375] RAX: ffffffffffffffda RBX: 00007efd175f9fa0 RCX: 00007efd173a3749 [ 25.505475][ T375] RDX: 0000000000000008 RSI: 0000000000000112 RDI: 0000000000000004 [ 25.513434][ T375] RBP: 00007efd17427f91 R08: 0000000000000001 R09: 0000000000000000 [ 25.521503][ T375] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000000 [ 25.529461][ T375] R13: 00007efd175f9fa0 R14: 00007efd175f9fa0 R15: 0000000000000005 [ 25.537452][ T375] [ 25.540454][ T375] [ 25.542754][ T375] Allocated by task 375: [ 25.546980][ T375] __kasan_kmalloc+0xda/0x110 [ 25.551640][ T375] __kmalloc+0x13d/0x2c0 [ 25.555865][ T375] __cgroup_bpf_run_filter_setsockopt+0x891/0xa40 [ 25.562379][ T375] __sys_setsockopt+0x413/0x460 [ 25.567212][ T375] __x64_sys_setsockopt+0xbf/0xd0 [ 25.572222][ T375] x64_sys_call+0x982/0x9a0 [ 25.576963][ T375] do_syscall_64+0x4c/0xa0 [ 25.581362][ T375] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 25.587386][ T375] [ 25.589762][ T375] The buggy address belongs to the object at ffff88810dff3c08 [ 25.589762][ T375] which belongs to the cache kmalloc-8 of size 8 [ 25.603474][ T375] The buggy address is located 3 bytes inside of [ 25.603474][ T375] 8-byte region [ffff88810dff3c08, ffff88810dff3c10) [ 25.616480][ T375] The buggy address belongs to the page: [ 25.622177][ T375] page:ffffea000437fcc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10dff3 [ 25.632410][ T375] flags: 0x4000000000000200(slab|zone=1) [ 25.638037][ T375] raw: 4000000000000200 0000000000000000 0000000100000001 ffff888100042300 [ 25.646597][ T375] raw: 0000000000000000 0000000080660066 00000001ffffffff 0000000000000000 [ 25.655181][ T375] page dumped because: kasan: bad access detected [ 25.661604][ T375] page_owner tracks the page as allocated [ 25.667298][ T375] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 102, ts 4420357956, free_ts 0 [ 25.682662][ T375] post_alloc_hook+0x192/0x1b0 [ 25.687587][ T375] prep_new_page+0x1c/0x110 [ 25.692069][ T375] get_page_from_freelist+0x2cc5/0x2d50 [ 25.697706][ T375] __alloc_pages+0x18f/0x440 [ 25.702372][ T375] new_slab+0xa1/0x4d0 [ 25.706438][ T375] ___slab_alloc+0x381/0x810 [ 25.711135][ T375] __slab_alloc+0x49/0x90 [ 25.715456][ T375] __kmalloc+0x16a/0x2c0 [ 25.719819][ T375] kernfs_fop_write_iter+0x156/0x400 [ 25.725525][ T375] vfs_write+0x802/0xf70 [ 25.729760][ T375] ksys_write+0x140/0x240 [ 25.734208][ T375] __x64_sys_write+0x7b/0x90 [ 25.739033][ T375] x64_sys_call+0x8ef/0x9a0 [ 25.743817][ T375] do_syscall_64+0x4c/0xa0 [ 25.748228][ T375] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 25.754217][ T375] page_owner free stack trace missing [ 25.759646][ T375] [ 25.761981][ T375] Memory state around the buggy address: [ 25.767606][ T375] ffff88810dff3b00: fc fc fc fb fc fc fc fc fb fc fc fc fc fb fc fc [ 25.775739][ T375] ffff88810dff3b80: fc fc fb fc fc fc fc fb fc fc fc fc fb fc fc fc [ 25.783784][ T375] >ffff88810dff3c00: fc 01 fc fc fc fc fb fc fc fc fc fb fc fc fc fc [ 25.791916][ T375] ^ [ 25.796224][ T375] ffff88810dff3c80: fb fc fc fc fc fb fc fc fc fc 00 fc fc fc fc fb [ 25.804274][ T375] ffff88810dff3d00: fc fc fc fc 00 fc fc fc fc fa fc fc fc fc fb fc [ 25.812405][ T375] ================================================================== [ 25.820461][ T375] Disabling lock debugging due to kernel taint [ 26.273999][ T8] device bridge_slave_1 left promiscuous mode [ 26.280284][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.288313][ T8] device bridge_slave_0 left promiscuous mode [ 26.295574][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.303828][ T8] device veth1_macvtap left promiscuous mode [ 26.309909][ T8] device veth0_vlan left promiscuous mode 2026/01/14 14:52:22 executed programs: 237 2026/01/14 14:52:27 executed programs: 537