Warning: Permanently added '10.128.0.63' (ED25519) to the list of known hosts. 2026/02/17 11:57:38 parsed 1 programs [ 21.664457][ T30] audit: type=1400 audit(1771329458.034:64): avc: denied { node_bind } for pid=281 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 21.669334][ T30] audit: type=1400 audit(1771329458.034:65): avc: denied { module_request } for pid=281 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 22.266000][ T30] audit: type=1400 audit(1771329458.634:66): avc: denied { mounton } for pid=287 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 22.267113][ T287] cgroup: Unknown subsys name 'net' [ 22.288910][ T30] audit: type=1400 audit(1771329458.634:67): avc: denied { mount } for pid=287 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 22.316267][ T30] audit: type=1400 audit(1771329458.664:68): avc: denied { unmount } for pid=287 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 22.316465][ T287] cgroup: Unknown subsys name 'devices' [ 22.462628][ T287] cgroup: Unknown subsys name 'hugetlb' [ 22.468311][ T287] cgroup: Unknown subsys name 'rlimit' [ 22.611972][ T30] audit: type=1400 audit(1771329458.984:69): avc: denied { setattr } for pid=287 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 22.635237][ T30] audit: type=1400 audit(1771329458.984:70): avc: denied { create } for pid=287 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 22.638922][ T292] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 22.655727][ T30] audit: type=1400 audit(1771329458.984:71): avc: denied { write } for pid=287 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 22.684666][ T30] audit: type=1400 audit(1771329458.984:72): avc: denied { read } for pid=287 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 22.696173][ T287] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 22.705343][ T30] audit: type=1400 audit(1771329458.984:73): avc: denied { mounton } for pid=287 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 23.141590][ T294] request_module fs-gadgetfs succeeded, but still no fs? [ 23.584883][ T330] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.592105][ T330] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.599631][ T330] device bridge_slave_0 entered promiscuous mode [ 23.606580][ T330] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.613646][ T330] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.621087][ T330] device bridge_slave_1 entered promiscuous mode [ 23.658132][ T330] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.665221][ T330] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.672696][ T330] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.679807][ T330] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.700541][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.708167][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.715596][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.726635][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.734929][ T10] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.742006][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.749388][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.757724][ T10] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.764813][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.776097][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.785843][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.798372][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.809507][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.817696][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 23.825370][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 23.833619][ T330] device veth0_vlan entered promiscuous mode [ 23.842794][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.851819][ T330] device veth1_macvtap entered promiscuous mode [ 23.861471][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.871495][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.903497][ T330] syz-executor (330) used greatest stack depth: 21696 bytes left 2026/02/17 11:57:40 executed programs: 0 [ 24.164222][ T361] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.171883][ T361] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.179281][ T361] device bridge_slave_0 entered promiscuous mode [ 24.186661][ T361] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.193895][ T361] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.201575][ T361] device bridge_slave_1 entered promiscuous mode [ 24.243799][ T361] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.250937][ T361] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.258209][ T361] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.265353][ T361] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.283852][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.291427][ T300] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.298673][ T300] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.307958][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.316255][ T300] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.323416][ T300] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.332574][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.340895][ T300] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.348185][ T300] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.364492][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.373574][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.391323][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.402358][ T361] device veth0_vlan entered promiscuous mode [ 24.411684][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.423205][ T361] device veth1_macvtap entered promiscuous mode [ 24.430095][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.437946][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.445420][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 24.453652][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.461894][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 24.476011][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.484314][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.492658][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.501087][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.618091][ T372] ================================================================== [ 24.626161][ T372] BUG: KASAN: slab-out-of-bounds in hci_sock_setsockopt+0x7f1/0x820 [ 24.634167][ T372] Read of size 4 at addr ffff88810ca8d52b by task syz.2.17/372 [ 24.641695][ T372] [ 24.644006][ T372] CPU: 1 PID: 372 Comm: syz.2.17 Not tainted syzkaller #0 [ 24.651212][ T372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 24.661278][ T372] Call Trace: [ 24.664549][ T372] [ 24.667467][ T372] __dump_stack+0x21/0x30 [ 24.671780][ T372] dump_stack_lvl+0x110/0x170 [ 24.676440][ T372] ? show_regs_print_info+0x20/0x20 [ 24.681617][ T372] ? load_image+0x3e0/0x3e0 [ 24.686105][ T372] ? lock_sock_nested+0x21c/0x2a0 [ 24.691115][ T372] print_address_description+0x7f/0x2c0 [ 24.696635][ T372] ? hci_sock_setsockopt+0x7f1/0x820 [ 24.701898][ T372] kasan_report+0xf1/0x140 [ 24.706415][ T372] ? hci_sock_setsockopt+0x7f1/0x820 [ 24.711695][ T372] __asan_report_load_n_noabort+0xf/0x20 [ 24.717405][ T372] hci_sock_setsockopt+0x7f1/0x820 [ 24.722513][ T372] ? hci_sock_compat_ioctl+0x50/0x50 [ 24.727778][ T372] ? security_socket_setsockopt+0x82/0xa0 [ 24.733965][ T372] ? hci_sock_compat_ioctl+0x50/0x50 [ 24.739247][ T372] __sys_setsockopt+0x2e9/0x470 [ 24.744075][ T372] ? __ia32_sys_recv+0xb0/0xb0 [ 24.748905][ T372] ? ____fput+0x15/0x20 [ 24.753036][ T372] __x64_sys_setsockopt+0xbf/0xd0 [ 24.758097][ T372] x64_sys_call+0x982/0x9a0 [ 24.762674][ T372] do_syscall_64+0x4c/0xa0 [ 24.767248][ T372] ? clear_bhb_loop+0x50/0xa0 [ 24.771919][ T372] ? clear_bhb_loop+0x50/0xa0 [ 24.776607][ T372] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 24.782631][ T372] RIP: 0033:0x7f839cc2cf79 [ 24.788675][ T372] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 24.809911][ T372] RSP: 002b:00007ffd508f4b58 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 24.818309][ T372] RAX: ffffffffffffffda RBX: 00007f839cea6fa0 RCX: 00007f839cc2cf79 [ 24.826358][ T372] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000008 [ 24.834313][ T372] RBP: 00007f839ccc37e0 R08: 0000000000000001 R09: 0000000000000000 [ 24.842363][ T372] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 24.850313][ T372] R13: 00007f839cea6fac R14: 00007f839cea6fa0 R15: 00007f839cea6fa0 [ 24.858451][ T372] [ 24.861451][ T372] [ 24.863752][ T372] Allocated by task 372: [ 24.867963][ T372] __kasan_kmalloc+0xda/0x110 [ 24.872638][ T372] __kmalloc+0x13d/0x2c0 [ 24.877126][ T372] __cgroup_bpf_run_filter_setsockopt+0x8e7/0xaa0 [ 24.883517][ T372] __sys_setsockopt+0x40e/0x470 [ 24.888347][ T372] __x64_sys_setsockopt+0xbf/0xd0 [ 24.893350][ T372] x64_sys_call+0x982/0x9a0 [ 24.897838][ T372] do_syscall_64+0x4c/0xa0 [ 24.902244][ T372] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 24.908116][ T372] [ 24.910416][ T372] The buggy address belongs to the object at ffff88810ca8d528 [ 24.910416][ T372] which belongs to the cache kmalloc-8 of size 8 [ 24.924220][ T372] The buggy address is located 3 bytes inside of [ 24.924220][ T372] 8-byte region [ffff88810ca8d528, ffff88810ca8d530) [ 24.937126][ T372] The buggy address belongs to the page: [ 24.942742][ T372] page:ffffea000432a340 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10ca8d [ 24.952962][ T372] flags: 0x4000000000000200(slab|zone=1) [ 24.958672][ T372] raw: 4000000000000200 ffffea000432a200 0000000800000008 ffff888100042300 [ 24.967276][ T372] raw: 0000000000000000 0000000080660066 00000001ffffffff 0000000000000000 [ 24.975841][ T372] page dumped because: kasan: bad access detected [ 24.982316][ T372] page_owner tracks the page as allocated [ 24.988006][ T372] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY), pid 1, ts 3577445207, free_ts 0 [ 25.002972][ T372] post_alloc_hook+0x192/0x1b0 [ 25.007734][ T372] prep_new_page+0x1c/0x110 [ 25.012216][ T372] get_page_from_freelist+0x2d3a/0x2dc0 [ 25.017739][ T372] __alloc_pages+0x1a2/0x460 [ 25.022336][ T372] new_slab+0xa1/0x4d0 [ 25.026422][ T372] ___slab_alloc+0x381/0x810 [ 25.030999][ T372] __slab_alloc+0x49/0x90 [ 25.035428][ T372] __kmalloc_track_caller+0x169/0x2c0 [ 25.040790][ T372] kstrdup+0x36/0x70 [ 25.044680][ T372] get_permissions_callback+0x46/0xa0 [ 25.050131][ T372] hashtab_map+0xf4/0x1f0 [ 25.054552][ T372] security_get_permissions+0x105/0x330 [ 25.060092][ T372] sel_make_policy_nodes+0xd95/0x1360 [ 25.065598][ T372] sel_write_load+0x3dc/0x600 [ 25.070269][ T372] vfs_write+0x3f9/0xfd0 [ 25.074502][ T372] ksys_write+0x149/0x250 [ 25.078924][ T372] page_owner free stack trace missing [ 25.084308][ T372] [ 25.086627][ T372] Memory state around the buggy address: [ 25.092262][ T372] ffff88810ca8d400: fc fc fb fc fc fc fc fb fc fc fc fc fa fc fc fc [ 25.100633][ T372] ffff88810ca8d480: fc fb fc fc fc fc fb fc fc fc fc fb fc fc fc fc [ 25.108699][ T372] >ffff88810ca8d500: fa fc fc fc fc 01 fc fc fc fc fb fc fc fc fc 00 [ 25.116748][ T372] ^ [ 25.122228][ T372] ffff88810ca8d580: fc fc fc fc fb fc fc fc fc 05 fc fc fc fc 00 fc [ 25.130278][ T372] ffff88810ca8d600: fc fc fc fb fc fc fc fc fb fc fc fc fc fa fc fc [ 25.138358][ T372] ================================================================== [ 25.146410][ T372] Disabling lock debugging due to kernel taint