sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 13.178796][ T30] audit: type=1400 audit(1768395950.274:63): avc: denied { siginh } for pid=223 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.0.104' (ED25519) to the list of known hosts. 2026/01/14 13:05:59 parsed 1 programs [ 22.521583][ T30] audit: type=1400 audit(1768395959.624:64): avc: denied { node_bind } for pid=281 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 22.542369][ T30] audit: type=1400 audit(1768395959.624:65): avc: denied { module_request } for pid=281 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 23.159803][ T30] audit: type=1400 audit(1768395960.264:66): avc: denied { mounton } for pid=289 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 23.160888][ T289] cgroup: Unknown subsys name 'net' [ 23.182533][ T30] audit: type=1400 audit(1768395960.264:67): avc: denied { mount } for pid=289 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 23.209806][ T30] audit: type=1400 audit(1768395960.294:68): avc: denied { unmount } for pid=289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 23.209985][ T289] cgroup: Unknown subsys name 'devices' [ 23.354712][ T289] cgroup: Unknown subsys name 'hugetlb' [ 23.360293][ T289] cgroup: Unknown subsys name 'rlimit' [ 23.591627][ T30] audit: type=1400 audit(1768395960.694:69): avc: denied { setattr } for pid=289 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 23.614769][ T30] audit: type=1400 audit(1768395960.694:70): avc: denied { create } for pid=289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 23.635521][ T30] audit: type=1400 audit(1768395960.694:71): avc: denied { write } for pid=289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 23.636763][ T292] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 23.664401][ T30] audit: type=1400 audit(1768395960.694:72): avc: denied { read } for pid=289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 23.684810][ T30] audit: type=1400 audit(1768395960.694:73): avc: denied { mounton } for pid=289 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 23.720316][ T289] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 24.114450][ T294] request_module fs-gadgetfs succeeded, but still no fs? [ 24.567592][ T335] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.574662][ T335] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.581937][ T335] device bridge_slave_0 entered promiscuous mode [ 24.588796][ T335] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.595927][ T335] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.603234][ T335] device bridge_slave_1 entered promiscuous mode [ 24.640681][ T335] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.647814][ T335] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.655108][ T335] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.662122][ T335] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.679436][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.686720][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.694461][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 24.701833][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.710715][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.718926][ T10] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.726119][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.734801][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.742969][ T10] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.750165][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.761466][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.770658][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.783936][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.795020][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.802975][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.810627][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.818826][ T335] device veth0_vlan entered promiscuous mode [ 24.827699][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.836527][ T335] device veth1_macvtap entered promiscuous mode [ 24.845109][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.854955][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.893210][ T335] syz-executor (335) used greatest stack depth: 21152 bytes left 2026/01/14 13:06:02 executed programs: 0 [ 25.259006][ T362] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.266107][ T362] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.273909][ T362] device bridge_slave_0 entered promiscuous mode [ 25.280779][ T362] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.287874][ T362] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.295232][ T362] device bridge_slave_1 entered promiscuous mode [ 25.336454][ T362] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.343511][ T362] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.350736][ T362] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.357769][ T362] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.377828][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 25.385499][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.392702][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.401819][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 25.410095][ T10] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.417135][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.429237][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 25.437560][ T10] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.444599][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.456069][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 25.473917][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.482585][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 25.495327][ T362] device veth0_vlan entered promiscuous mode [ 25.501992][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.510647][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 25.518532][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 25.530837][ T362] device veth1_macvtap entered promiscuous mode [ 25.538294][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.549697][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.559318][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.567747][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.706925][ T373] ================================================================== [ 25.715025][ T373] BUG: KASAN: slab-out-of-bounds in l2cap_sock_setsockopt+0x1b8e/0x1f60 [ 25.723351][ T373] Read of size 4 at addr ffff88810f2b316b by task syz.2.17/373 [ 25.730970][ T373] [ 25.733289][ T373] CPU: 0 PID: 373 Comm: syz.2.17 Not tainted syzkaller #0 [ 25.740376][ T373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 25.750480][ T373] Call Trace: [ 25.753833][ T373] [ 25.756764][ T373] __dump_stack+0x21/0x30 [ 25.761194][ T373] dump_stack_lvl+0xee/0x150 [ 25.765910][ T373] ? show_regs_print_info+0x20/0x20 [ 25.771096][ T373] ? load_image+0x3a0/0x3a0 [ 25.775588][ T373] ? lock_sock_nested+0x1f1/0x290 [ 25.780716][ T373] print_address_description+0x7f/0x2c0 [ 25.786336][ T373] ? l2cap_sock_setsockopt+0x1b8e/0x1f60 [ 25.792163][ T373] kasan_report+0xf1/0x140 [ 25.796659][ T373] ? memcpy+0x56/0x70 [ 25.800621][ T373] ? l2cap_sock_setsockopt+0x1b8e/0x1f60 [ 25.806250][ T373] __asan_report_load_n_noabort+0xf/0x20 [ 25.811863][ T373] l2cap_sock_setsockopt+0x1b8e/0x1f60 [ 25.817318][ T373] ? selinux_socket_setsockopt+0x21c/0x300 [ 25.823144][ T373] ? __cgroup_bpf_run_filter_sysctl+0x700/0x700 [ 25.829809][ T373] ? link_create+0x623/0x960 [ 25.834424][ T373] ? l2cap_sock_shutdown+0xbe0/0xbe0 [ 25.839706][ T373] ? security_socket_setsockopt+0x82/0xa0 [ 25.845406][ T373] ? l2cap_sock_shutdown+0xbe0/0xbe0 [ 25.850677][ T373] __sys_setsockopt+0x2f0/0x460 [ 25.855573][ T373] ? __ia32_sys_recv+0xb0/0xb0 [ 25.860323][ T373] __x64_sys_setsockopt+0xbf/0xd0 [ 25.865336][ T373] x64_sys_call+0x982/0x9a0 [ 25.869838][ T373] do_syscall_64+0x4c/0xa0 [ 25.874255][ T373] ? clear_bhb_loop+0x50/0xa0 [ 25.878915][ T373] ? clear_bhb_loop+0x50/0xa0 [ 25.883662][ T373] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 25.889539][ T373] RIP: 0033:0x7fa826bb3749 [ 25.893933][ T373] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 25.913722][ T373] RSP: 002b:00007ffc316bec98 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 25.922120][ T373] RAX: ffffffffffffffda RBX: 00007fa826e09fa0 RCX: 00007fa826bb3749 [ 25.930080][ T373] RDX: 0000000000000008 RSI: 0000000000000112 RDI: 0000000000000004 [ 25.938043][ T373] RBP: 00007fa826c37f91 R08: 0000000000000001 R09: 0000000000000000 [ 25.946005][ T373] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000000 [ 25.954238][ T373] R13: 00007fa826e09fa0 R14: 00007fa826e09fa0 R15: 0000000000000005 [ 25.962223][ T373] [ 25.965345][ T373] [ 25.967651][ T373] Allocated by task 373: [ 25.972011][ T373] __kasan_kmalloc+0xda/0x110 [ 25.976674][ T373] __kmalloc+0x13d/0x2c0 [ 25.980900][ T373] __cgroup_bpf_run_filter_setsockopt+0x891/0xa40 [ 25.987301][ T373] __sys_setsockopt+0x413/0x460 [ 25.992142][ T373] __x64_sys_setsockopt+0xbf/0xd0 [ 25.997174][ T373] x64_sys_call+0x982/0x9a0 [ 26.001680][ T373] do_syscall_64+0x4c/0xa0 [ 26.006075][ T373] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 26.011963][ T373] [ 26.014263][ T373] The buggy address belongs to the object at ffff88810f2b3168 [ 26.014263][ T373] which belongs to the cache kmalloc-8 of size 8 [ 26.027968][ T373] The buggy address is located 3 bytes inside of [ 26.027968][ T373] 8-byte region [ffff88810f2b3168, ffff88810f2b3170) [ 26.040874][ T373] The buggy address belongs to the page: [ 26.046480][ T373] page:ffffea00043cacc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10f2b3 [ 26.056984][ T373] flags: 0x4000000000000200(slab|zone=1) [ 26.062615][ T373] raw: 4000000000000200 ffffea00043798c0 0000000200000002 ffff888100042300 [ 26.071178][ T373] raw: 0000000000000000 0000000080660066 00000001ffffffff 0000000000000000 [ 26.079746][ T373] page dumped because: kasan: bad access detected [ 26.086692][ T373] page_owner tracks the page as allocated [ 26.092385][ T373] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 102, ts 4239300197, free_ts 4239268189 [ 26.108250][ T373] post_alloc_hook+0x192/0x1b0 [ 26.113237][ T373] prep_new_page+0x1c/0x110 [ 26.117729][ T373] get_page_from_freelist+0x2cc5/0x2d50 [ 26.123254][ T373] __alloc_pages+0x18f/0x440 [ 26.127821][ T373] new_slab+0xa1/0x4d0 [ 26.131866][ T373] ___slab_alloc+0x381/0x810 [ 26.136434][ T373] __slab_alloc+0x49/0x90 [ 26.140739][ T373] __kmalloc+0x16a/0x2c0 [ 26.144953][ T373] kernfs_fop_write_iter+0x156/0x400 [ 26.150217][ T373] vfs_write+0x802/0xf70 [ 26.154441][ T373] ksys_write+0x140/0x240 [ 26.158752][ T373] __x64_sys_write+0x7b/0x90 [ 26.163323][ T373] x64_sys_call+0x8ef/0x9a0 [ 26.167828][ T373] do_syscall_64+0x4c/0xa0 [ 26.172221][ T373] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 26.178092][ T373] page last free stack trace: [ 26.182823][ T373] free_unref_page_prepare+0x542/0x550 [ 26.188256][ T373] free_unref_page+0xa2/0x550 [ 26.192906][ T373] __free_pages+0x6c/0x100 [ 26.197291][ T373] free_pages+0x82/0x90 [ 26.201418][ T373] selinux_genfs_get_sid+0x20b/0x250 [ 26.206678][ T373] inode_doinit_with_dentry+0x86e/0xd70 [ 26.212205][ T373] selinux_d_instantiate+0x27/0x40 [ 26.217472][ T373] security_d_instantiate+0x9e/0xf0 [ 26.222645][ T373] d_splice_alias+0x6d/0x390 [ 26.227211][ T373] kernfs_iop_lookup+0x2c2/0x310 [ 26.232123][ T373] path_openat+0xfcf/0x2f10 [ 26.236601][ T373] do_filp_open+0x1b3/0x3e0 [ 26.241081][ T373] do_sys_openat2+0x14c/0x7b0 [ 26.245735][ T373] __x64_sys_openat+0x136/0x160 [ 26.250556][ T373] x64_sys_call+0x219/0x9a0 [ 26.255036][ T373] do_syscall_64+0x4c/0xa0 [ 26.259438][ T373] [ 26.261734][ T373] Memory state around the buggy address: [ 26.267350][ T373] ffff88810f2b3000: fb fc fc fc fc fb fc fc fc fc fb fc fc fc fc fb [ 26.275386][ T373] ffff88810f2b3080: fc fc fc fc fa fc fc fc fc fb fc fc fc fc fb fc [ 26.283612][ T373] >ffff88810f2b3100: fc fc fc fb fc fc fc fc fb fc fc fc fc 01 fc fc [ 26.291644][ T373] ^ [ 26.299090][ T373] ffff88810f2b3180: fc fc fb fc fc fc fc fb fc fc fc fc fb fc fc fc [ 26.307134][ T373] ffff88810f2b3200: fc fb fc fc fc fc fb fc fc fc fc fb fc fc fc fc [ 26.315171][ T373] ================================================================== [ 26.323218][ T373] Disabling lock debugging due to kernel taint [ 26.764621][ T8] device bridge_slave_1 left promiscuous mode [ 26.770741][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.778294][ T8] device bridge_slave_0 left promiscuous mode [ 26.784607][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.792729][ T8] device veth1_macvtap left promiscuous mode [ 26.803436][ T8] device veth0_vlan left promiscuous mode 2026/01/14 13:06:07 executed programs: 234 [ 30.234569][ T30] kauditd_printk_skb: 43 callbacks suppressed [ 30.234582][ T30] audit: type=1400 audit(1768395967.344:117): avc: denied { write } for pid=281 comm="syz-execprog" path="pipe:[485]" dev="pipefs" ino=485 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 2026/01/14 13:06:12 executed programs: 534