Warning: Permanently added '10.128.1.146' (ED25519) to the list of known hosts.
2026/02/17 14:09:07 parsed 1 programs
[   23.344771][   T30] audit: type=1400 audit(1771337347.042:64): avc:  denied  { node_bind } for  pid=281 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[   23.365955][   T30] audit: type=1400 audit(1771337347.042:65): avc:  denied  { module_request } for  pid=281 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[   24.264988][   T30] audit: type=1400 audit(1771337347.962:66): avc:  denied  { mounton } for  pid=287 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   24.268113][  T287] cgroup: Unknown subsys name 'net'
[   24.287893][   T30] audit: type=1400 audit(1771337347.962:67): avc:  denied  { mount } for  pid=287 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   24.315020][   T30] audit: type=1400 audit(1771337348.002:68): avc:  denied  { unmount } for  pid=287 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   24.315384][  T287] cgroup: Unknown subsys name 'devices'
[   24.579656][  T287] cgroup: Unknown subsys name 'hugetlb'
[   24.585347][  T287] cgroup: Unknown subsys name 'rlimit'
[   24.881805][   T30] audit: type=1400 audit(1771337348.582:69): avc:  denied  { setattr } for  pid=287 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   24.905114][   T30] audit: type=1400 audit(1771337348.582:70): avc:  denied  { create } for  pid=287 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   24.925658][   T30] audit: type=1400 audit(1771337348.582:71): avc:  denied  { write } for  pid=287 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   24.939152][  T291] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   24.946537][   T30] audit: type=1400 audit(1771337348.582:72): avc:  denied  { read } for  pid=287 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[   24.974748][   T30] audit: type=1400 audit(1771337348.582:73): avc:  denied  { mounton } for  pid=287 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   25.030127][  T287] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   25.463551][  T294] request_module fs-gadgetfs succeeded, but still no fs?
[   25.767170][  T320] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.774274][  T320] bridge0: port 1(bridge_slave_0) entered disabled state
[   25.781922][  T320] device bridge_slave_0 entered promiscuous mode
[   25.789652][  T320] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.796703][  T320] bridge0: port 2(bridge_slave_1) entered disabled state
[   25.804237][  T320] device bridge_slave_1 entered promiscuous mode
[   25.848264][  T320] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.855318][  T320] bridge0: port 2(bridge_slave_1) entered forwarding state
[   25.862687][  T320] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.869764][  T320] bridge0: port 1(bridge_slave_0) entered forwarding state
[   25.890742][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   25.898686][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[   25.905834][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[   25.914913][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   25.923399][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.930538][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[   25.939875][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   25.948153][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.955176][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[   25.967216][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   25.976563][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   25.991023][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   26.002400][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   26.010614][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   26.018044][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   26.026183][  T320] device veth0_vlan entered promiscuous mode
[   26.036221][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   26.046099][  T320] device veth1_macvtap entered promiscuous mode
[   26.056369][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   26.066165][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   26.094887][  T320] syz-executor (320) used greatest stack depth: 21376 bytes left
2026/02/17 14:09:10 executed programs: 0
[   26.560657][  T360] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.568016][  T360] bridge0: port 1(bridge_slave_0) entered disabled state
[   26.575479][  T360] device bridge_slave_0 entered promiscuous mode
[   26.586674][  T360] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.593727][  T360] bridge0: port 2(bridge_slave_1) entered disabled state
[   26.601320][  T360] device bridge_slave_1 entered promiscuous mode
[   26.658286][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   26.665718][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   26.674445][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   26.682833][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   26.691410][   T10] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.698512][   T10] bridge0: port 1(bridge_slave_0) entered forwarding state
[   26.717974][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   26.725605][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   26.734066][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   26.742268][   T10] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.749329][   T10] bridge0: port 2(bridge_slave_1) entered forwarding state
[   26.756798][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   26.765924][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   26.773926][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   26.781955][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   26.796888][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   26.805298][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   26.816457][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   26.824673][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   26.832430][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   26.840688][  T360] device veth0_vlan entered promiscuous mode
[   26.854508][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   26.863464][  T360] device veth1_macvtap entered promiscuous mode
[   26.872694][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   26.881134][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   26.890708][    T8] device bridge_slave_1 left promiscuous mode
[   26.896832][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[   26.904463][    T8] device bridge_slave_0 left promiscuous mode
[   26.910604][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[   26.918893][    T8] device veth1_macvtap left promiscuous mode
[   26.924888][    T8] device veth0_vlan left promiscuous mode
[   27.042667][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   27.050940][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   27.233902][  T370] ==================================================================
[   27.242027][  T370] BUG: KASAN: slab-out-of-bounds in hci_sock_setsockopt+0x7f1/0x820
[   27.250045][  T370] Read of size 4 at addr ffff88810e1915a3 by task syz.2.17/370
[   27.257607][  T370] 
[   27.259937][  T370] CPU: 1 PID: 370 Comm: syz.2.17 Not tainted syzkaller #0
[   27.267135][  T370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[   27.277208][  T370] Call Trace:
[   27.280500][  T370]  <TASK>
[   27.283447][  T370]  __dump_stack+0x21/0x30
[   27.287792][  T370]  dump_stack_lvl+0x110/0x170
[   27.292492][  T370]  ? show_regs_print_info+0x20/0x20
[   27.297703][  T370]  ? load_image+0x3e0/0x3e0
[   27.302221][  T370]  ? lock_sock_nested+0x21c/0x2a0
[   27.307264][  T370]  print_address_description+0x7f/0x2c0
[   27.312825][  T370]  ? hci_sock_setsockopt+0x7f1/0x820
[   27.318123][  T370]  kasan_report+0xf1/0x140
[   27.322555][  T370]  ? hci_sock_setsockopt+0x7f1/0x820
[   27.328307][  T370]  __asan_report_load_n_noabort+0xf/0x20
[   27.333952][  T370]  hci_sock_setsockopt+0x7f1/0x820
[   27.339080][  T370]  ? hci_sock_compat_ioctl+0x50/0x50
[   27.344378][  T370]  ? security_socket_setsockopt+0x82/0xa0
[   27.350100][  T370]  ? hci_sock_compat_ioctl+0x50/0x50
[   27.355397][  T370]  __sys_setsockopt+0x2e9/0x470
[   27.360255][  T370]  ? __ia32_sys_recv+0xb0/0xb0
[   27.365028][  T370]  ? ____fput+0x15/0x20
[   27.369190][  T370]  __x64_sys_setsockopt+0xbf/0xd0
[   27.374239][  T370]  x64_sys_call+0x982/0x9a0
[   27.378748][  T370]  do_syscall_64+0x4c/0xa0
[   27.383172][  T370]  ? clear_bhb_loop+0x50/0xa0
[   27.387851][  T370]  ? clear_bhb_loop+0x50/0xa0
[   27.392569][  T370]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   27.398491][  T370] RIP: 0033:0x7f75c2057f79
[   27.402933][  T370] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   27.422557][  T370] RSP: 002b:00007ffd007bb858 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   27.430987][  T370] RAX: ffffffffffffffda RBX: 00007f75c22d1fa0 RCX: 00007f75c2057f79
[   27.438973][  T370] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000008
[   27.446973][  T370] RBP: 00007f75c20ee7e0 R08: 0000000000000001 R09: 0000000000000000
[   27.454963][  T370] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[   27.462936][  T370] R13: 00007f75c22d1fac R14: 00007f75c22d1fa0 R15: 00007f75c22d1fa0
[   27.470918][  T370]  </TASK>
[   27.473939][  T370] 
[   27.476263][  T370] Allocated by task 370:
[   27.480501][  T370]  __kasan_kmalloc+0xda/0x110
[   27.485188][  T370]  __kmalloc+0x13d/0x2c0
[   27.489445][  T370]  __cgroup_bpf_run_filter_setsockopt+0x8e7/0xaa0
[   27.495863][  T370]  __sys_setsockopt+0x40e/0x470
[   27.500717][  T370]  __x64_sys_setsockopt+0xbf/0xd0
[   27.505747][  T370]  x64_sys_call+0x982/0x9a0
[   27.510252][  T370]  do_syscall_64+0x4c/0xa0
[   27.514682][  T370]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   27.520598][  T370] 
[   27.522929][  T370] The buggy address belongs to the object at ffff88810e1915a0
[   27.522929][  T370]  which belongs to the cache kmalloc-8 of size 8
[   27.536639][  T370] The buggy address is located 3 bytes inside of
[   27.536639][  T370]  8-byte region [ffff88810e1915a0, ffff88810e1915a8)
[   27.549582][  T370] The buggy address belongs to the page:
[   27.555215][  T370] page:ffffea0004386440 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10e191
[   27.565474][  T370] flags: 0x4000000000000200(slab|zone=1)
[   27.571124][  T370] raw: 4000000000000200 0000000000000000 0000000100000001 ffff888100042300
[   27.579716][  T370] raw: 0000000000000000 0000000080660066 00000001ffffffff 0000000000000000
[   27.588297][  T370] page dumped because: kasan: bad access detected
[   27.594716][  T370] page_owner tracks the page as allocated
[   27.600428][  T370] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 102, ts 5313248237, free_ts 5313215238
[   27.616256][  T370]  post_alloc_hook+0x192/0x1b0
[   27.621041][  T370]  prep_new_page+0x1c/0x110
[   27.625557][  T370]  get_page_from_freelist+0x2d3a/0x2dc0
[   27.631123][  T370]  __alloc_pages+0x1a2/0x460
[   27.635722][  T370]  new_slab+0xa1/0x4d0
[   27.639799][  T370]  ___slab_alloc+0x381/0x810
[   27.644394][  T370]  __slab_alloc+0x49/0x90
[   27.648728][  T370]  __kmalloc+0x16a/0x2c0
[   27.653114][  T370]  kernfs_fop_write_iter+0x156/0x400
[   27.658415][  T370]  vfs_write+0x835/0xfd0
[   27.662665][  T370]  ksys_write+0x149/0x250
[   27.667014][  T370]  __x64_sys_write+0x7b/0x90
[   27.671627][  T370]  x64_sys_call+0x8ef/0x9a0
[   27.676145][  T370]  do_syscall_64+0x4c/0xa0
[   27.680571][  T370]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   27.686477][  T370] page last free stack trace:
[   27.691167][  T370]  free_unref_page_prepare+0x542/0x550
[   27.696637][  T370]  free_unref_page+0xae/0x540
[   27.701317][  T370]  __free_pages+0x6c/0x100
[   27.705747][  T370]  free_pages+0x82/0x90
[   27.709901][  T370]  selinux_genfs_get_sid+0x20b/0x250
[   27.715212][  T370]  inode_doinit_with_dentry+0x87a/0xd80
[   27.720760][  T370]  selinux_d_instantiate+0x27/0x40
[   27.725878][  T370]  security_d_instantiate+0x9e/0xf0
[   27.731081][  T370]  d_splice_alias+0x6d/0x390
[   27.735678][  T370]  kernfs_iop_lookup+0x2c2/0x310
[   27.740638][  T370]  path_openat+0xfc9/0x2f20
[   27.745151][  T370]  do_filp_open+0x1e2/0x410
[   27.749657][  T370]  do_sys_openat2+0x15e/0x7f0
[   27.754343][  T370]  __x64_sys_openat+0x136/0x160
[   27.759202][  T370]  x64_sys_call+0x219/0x9a0
[   27.763716][  T370]  do_syscall_64+0x4c/0xa0
[   27.768144][  T370] 
[   27.770479][  T370] Memory state around the buggy address:
[   27.776246][  T370]  ffff88810e191480: fc 06 fc fc fc fc fa fc fc fc fc fb fc fc fc fc
[   27.784331][  T370]  ffff88810e191500: fb fc fc fc fc 00 fc fc fc fc 00 fc fc fc fc fb
[   27.792405][  T370] >ffff88810e191580: fc fc fc fc 01 fc fc fc fc fb fc fc fc fc fb fc
[   27.800474][  T370]                                ^
[   27.805596][  T370]  ffff88810e191600: fc fc fc fb fc fc fc fc 05 fc fc fc fc fb fc fc
[   27.813681][  T370]  ffff88810e191680: fc fc fb fc fc fc fc fa fc fc fc fc fb fc fc fc
[   27.821749][  T370] ==================================================================
[   27.830341][  T370] Disabling lock debugging due to kernel taint