Warning: Permanently added '10.128.1.153' (ED25519) to the list of known hosts.
2026/01/14 12:14:06 parsed 1 programs
[   22.536360][   T30] audit: type=1400 audit(1768392846.457:64): avc:  denied  { node_bind } for  pid=281 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[   22.557527][   T30] audit: type=1400 audit(1768392846.467:65): avc:  denied  { module_request } for  pid=281 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[   23.498729][   T30] audit: type=1400 audit(1768392847.427:66): avc:  denied  { mounton } for  pid=289 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   23.501937][  T289] cgroup: Unknown subsys name 'net'
[   23.521821][   T30] audit: type=1400 audit(1768392847.427:67): avc:  denied  { mount } for  pid=289 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   23.549155][   T30] audit: type=1400 audit(1768392847.457:68): avc:  denied  { unmount } for  pid=289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   23.549629][  T289] cgroup: Unknown subsys name 'devices'
[   23.748667][  T289] cgroup: Unknown subsys name 'hugetlb'
[   23.754310][  T289] cgroup: Unknown subsys name 'rlimit'
[   23.900779][   T30] audit: type=1400 audit(1768392847.827:69): avc:  denied  { setattr } for  pid=289 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   23.924053][   T30] audit: type=1400 audit(1768392847.827:70): avc:  denied  { create } for  pid=289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   23.944524][   T30] audit: type=1400 audit(1768392847.827:71): avc:  denied  { write } for  pid=289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   23.962089][  T292] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   23.964932][   T30] audit: type=1400 audit(1768392847.827:72): avc:  denied  { read } for  pid=289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[   23.993579][   T30] audit: type=1400 audit(1768392847.827:73): avc:  denied  { mounton } for  pid=289 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   24.023636][  T289] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   24.527447][  T295] request_module fs-gadgetfs succeeded, but still no fs?
[   24.981227][  T333] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.988412][  T333] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.995791][  T333] device bridge_slave_0 entered promiscuous mode
[   25.002985][  T333] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.010047][  T333] bridge0: port 2(bridge_slave_1) entered disabled state
[   25.017413][  T333] device bridge_slave_1 entered promiscuous mode
[   25.037199][  T329] syz-executor (329) used greatest stack depth: 21664 bytes left
[   25.071231][  T333] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.078294][  T333] bridge0: port 2(bridge_slave_1) entered forwarding state
[   25.085555][  T333] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.092686][  T333] bridge0: port 1(bridge_slave_0) entered forwarding state
[   25.111013][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   25.118777][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[   25.125980][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[   25.134850][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   25.143093][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.150195][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[   25.159115][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   25.167458][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.174487][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[   25.186342][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   25.201281][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   25.215693][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   25.227327][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   25.235468][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   25.243388][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   25.255918][  T333] device veth0_vlan entered promiscuous mode
[   25.265785][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   25.274801][  T333] device veth1_macvtap entered promiscuous mode
[   25.283918][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   25.298336][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   25.330122][  T333] syz-executor (333) used greatest stack depth: 21280 bytes left
2026/01/14 12:14:09 executed programs: 0
[   25.636028][  T362] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.643200][  T362] bridge0: port 1(bridge_slave_0) entered disabled state
[   25.650674][  T362] device bridge_slave_0 entered promiscuous mode
[   25.657625][  T362] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.664740][  T362] bridge0: port 2(bridge_slave_1) entered disabled state
[   25.672236][  T362] device bridge_slave_1 entered promiscuous mode
[   25.735671][  T362] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.742778][  T362] bridge0: port 2(bridge_slave_1) entered forwarding state
[   25.750110][  T362] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.757181][  T362] bridge0: port 1(bridge_slave_0) entered forwarding state
[   25.780043][  T343] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   25.788638][  T343] bridge0: port 1(bridge_slave_0) entered disabled state
[   25.796046][  T343] bridge0: port 2(bridge_slave_1) entered disabled state
[   25.806174][  T343] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   25.814458][  T343] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.821542][  T343] bridge0: port 1(bridge_slave_0) entered forwarding state
[   25.830467][  T343] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   25.838695][  T343] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.845717][  T343] bridge0: port 2(bridge_slave_1) entered forwarding state
[   25.857900][  T343] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   25.867401][  T343] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   25.880624][  T343] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   25.891522][  T343] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   25.899661][  T343] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   25.907127][  T343] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   25.915317][  T362] device veth0_vlan entered promiscuous mode
[   25.925279][  T343] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   25.934272][  T362] device veth1_macvtap entered promiscuous mode
[   25.943195][  T343] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   25.953309][  T343] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   25.961760][  T343] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   26.192922][  T373] ==================================================================
[   26.201027][  T373] BUG: KASAN: slab-out-of-bounds in l2cap_sock_setsockopt+0x1b8e/0x1f60
[   26.209367][  T373] Read of size 4 at addr ffff88810f02dc5b by task syz.2.17/373
[   26.216906][  T373] 
[   26.219410][  T373] CPU: 0 PID: 373 Comm: syz.2.17 Not tainted syzkaller #0
[   26.226546][  T373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   26.236633][  T373] Call Trace:
[   26.239914][  T373]  <TASK>
[   26.242845][  T373]  __dump_stack+0x21/0x30
[   26.247182][  T373]  dump_stack_lvl+0xee/0x150
[   26.251772][  T373]  ? show_regs_print_info+0x20/0x20
[   26.256990][  T373]  ? load_image+0x3a0/0x3a0
[   26.261492][  T373]  ? lock_sock_nested+0x1f1/0x290
[   26.266512][  T373]  print_address_description+0x7f/0x2c0
[   26.272053][  T373]  ? l2cap_sock_setsockopt+0x1b8e/0x1f60
[   26.277692][  T373]  kasan_report+0xf1/0x140
[   26.282112][  T373]  ? memcpy+0x56/0x70
[   26.286105][  T373]  ? l2cap_sock_setsockopt+0x1b8e/0x1f60
[   26.291762][  T373]  __asan_report_load_n_noabort+0xf/0x20
[   26.297404][  T373]  l2cap_sock_setsockopt+0x1b8e/0x1f60
[   26.302857][  T373]  ? selinux_socket_setsockopt+0x21c/0x300
[   26.308657][  T373]  ? __cgroup_bpf_run_filter_sysctl+0x700/0x700
[   26.314894][  T373]  ? link_create+0x623/0x960
[   26.319493][  T373]  ? l2cap_sock_shutdown+0xbe0/0xbe0
[   26.324800][  T373]  ? security_socket_setsockopt+0x82/0xa0
[   26.330520][  T373]  ? l2cap_sock_shutdown+0xbe0/0xbe0
[   26.335805][  T373]  __sys_setsockopt+0x2f0/0x460
[   26.340658][  T373]  ? __ia32_sys_recv+0xb0/0xb0
[   26.345442][  T373]  __x64_sys_setsockopt+0xbf/0xd0
[   26.350478][  T373]  x64_sys_call+0x982/0x9a0
[   26.354981][  T373]  do_syscall_64+0x4c/0xa0
[   26.359391][  T373]  ? clear_bhb_loop+0x50/0xa0
[   26.364057][  T373]  ? clear_bhb_loop+0x50/0xa0
[   26.368730][  T373]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   26.374625][  T373] RIP: 0033:0x7fc31a8c5749
[   26.379058][  T373] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   26.398662][  T373] RSP: 002b:00007ffc6e63fe98 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   26.407086][  T373] RAX: ffffffffffffffda RBX: 00007fc31ab1bfa0 RCX: 00007fc31a8c5749
[   26.415055][  T373] RDX: 0000000000000008 RSI: 0000000000000112 RDI: 0000000000000004
[   26.423023][  T373] RBP: 00007fc31a949f91 R08: 0000000000000001 R09: 0000000000000000
[   26.430992][  T373] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000000
[   26.438962][  T373] R13: 00007fc31ab1bfa0 R14: 00007fc31ab1bfa0 R15: 0000000000000005
[   26.446936][  T373]  </TASK>
[   26.449950][  T373] 
[   26.452266][  T373] Allocated by task 373:
[   26.456495][  T373]  __kasan_kmalloc+0xda/0x110
[   26.461177][  T373]  __kmalloc+0x13d/0x2c0
[   26.465432][  T373]  __cgroup_bpf_run_filter_setsockopt+0x891/0xa40
[   26.471886][  T373]  __sys_setsockopt+0x413/0x460
[   26.476747][  T373]  __x64_sys_setsockopt+0xbf/0xd0
[   26.481765][  T373]  x64_sys_call+0x982/0x9a0
[   26.486263][  T373]  do_syscall_64+0x4c/0xa0
[   26.490673][  T373]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   26.496562][  T373] 
[   26.498876][  T373] The buggy address belongs to the object at ffff88810f02dc58
[   26.498876][  T373]  which belongs to the cache kmalloc-8 of size 8
[   26.512567][  T373] The buggy address is located 3 bytes inside of
[   26.512567][  T373]  8-byte region [ffff88810f02dc58, ffff88810f02dc60)
[   26.525487][  T373] The buggy address belongs to the page:
[   26.531123][  T373] page:ffffea00043c0b40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10f02d
[   26.541361][  T373] flags: 0x4000000000000200(slab|zone=1)
[   26.546997][  T373] raw: 4000000000000200 ffffea00043202c0 0000000200000002 ffff888100042300
[   26.555671][  T373] raw: 0000000000000000 0000000080660066 00000001ffffffff 0000000000000000
[   26.564269][  T373] page dumped because: kasan: bad access detected
[   26.570668][  T373] page_owner tracks the page as allocated
[   26.576373][  T373] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 102, ts 5414180402, free_ts 5414145527
[   26.592174][  T373]  post_alloc_hook+0x192/0x1b0
[   26.596937][  T373]  prep_new_page+0x1c/0x110
[   26.601434][  T373]  get_page_from_freelist+0x2cc5/0x2d50
[   26.606979][  T373]  __alloc_pages+0x18f/0x440
[   26.611586][  T373]  new_slab+0xa1/0x4d0
[   26.615678][  T373]  ___slab_alloc+0x381/0x810
[   26.620265][  T373]  __slab_alloc+0x49/0x90
[   26.624590][  T373]  __kmalloc+0x16a/0x2c0
[   26.628832][  T373]  kernfs_fop_write_iter+0x156/0x400
[   26.634122][  T373]  vfs_write+0x802/0xf70
[   26.638376][  T373]  ksys_write+0x140/0x240
[   26.642796][  T373]  __x64_sys_write+0x7b/0x90
[   26.647377][  T373]  x64_sys_call+0x8ef/0x9a0
[   26.651871][  T373]  do_syscall_64+0x4c/0xa0
[   26.656284][  T373]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   26.662176][  T373] page last free stack trace:
[   26.666839][  T373]  free_unref_page_prepare+0x542/0x550
[   26.672288][  T373]  free_unref_page+0xa2/0x550
[   26.676955][  T373]  __free_pages+0x6c/0x100
[   26.681357][  T373]  free_pages+0x82/0x90
[   26.685501][  T373]  selinux_genfs_get_sid+0x20b/0x250
[   26.690780][  T373]  inode_doinit_with_dentry+0x86e/0xd70
[   26.696414][  T373]  selinux_d_instantiate+0x27/0x40
[   26.701517][  T373]  security_d_instantiate+0x9e/0xf0
[   26.706704][  T373]  d_splice_alias+0x6d/0x390
[   26.711301][  T373]  kernfs_iop_lookup+0x2c2/0x310
[   26.716231][  T373]  path_openat+0xfcf/0x2f10
[   26.720723][  T373]  do_filp_open+0x1b3/0x3e0
[   26.725215][  T373]  do_sys_openat2+0x14c/0x7b0
[   26.729886][  T373]  __x64_sys_openat+0x136/0x160
[   26.734727][  T373]  x64_sys_call+0x219/0x9a0
[   26.739222][  T373]  do_syscall_64+0x4c/0xa0
[   26.743655][  T373] 
[   26.745969][  T373] Memory state around the buggy address:
[   26.751583][  T373]  ffff88810f02db00: fc fc fc 05 fc fc fc fc 05 fc fc fc fc fa fc fc
[   26.759632][  T373]  ffff88810f02db80: fc fc fa fc fc fc fc fa fc fc fc fc fb fc fc fc
[   26.767684][  T373] >ffff88810f02dc00: fc fa fc fc fc fc 05 fc fc fc fc 01 fc fc fc fc
[   26.775734][  T373]                                                     ^
[   26.782652][  T373]  ffff88810f02dc80: fa fc fc fc fc 05 fc fc fc fc 05 fc fc fc fc fb
[   26.790697][  T373]  ffff88810f02dd00: fc fc fc fc 05 fc fc fc fc 05 fc fc fc fc 04 fc
[   26.798738][  T373] ==================================================================
[   26.806777][  T373] Disabling lock debugging due to kernel taint
[   27.031392][   T45] device bridge_slave_1 left promiscuous mode
[   27.037809][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[   27.045493][   T45] device bridge_slave_0 left promiscuous mode
[   27.051800][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[   27.059981][   T45] device veth1_macvtap left promiscuous mode
[   27.065996][   T45] device veth0_vlan left promiscuous mode
2026/01/14 12:14:14 executed programs: 228
2026/01/14 12:14:19 executed programs: 530