Warning: Permanently added '10.128.0.99' (ED25519) to the list of known hosts. 2026/05/11 01:52:46 parsed 1 programs Setting up swapspace version 1, size = 127995904 bytes [ 49.149181][ T30] audit: type=1400 audit(1778464367.358:105): avc: denied { unlink } for pid=411 comm="syz-executor" name="swap-file" dev="sda1" ino=2027 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 49.198299][ T411] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 49.651058][ T416] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.658155][ T416] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.665967][ T416] device bridge_slave_0 entered promiscuous mode [ 49.673176][ T416] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.680720][ T416] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.688776][ T416] device bridge_slave_1 entered promiscuous mode [ 49.749293][ T416] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.756536][ T416] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.763993][ T416] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.771330][ T416] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.788233][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.796104][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.804147][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 49.812249][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 49.822222][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 49.830848][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.837887][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.846750][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 49.855078][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.862317][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.873768][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 49.883208][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 49.896153][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 49.906845][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 49.915040][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 49.922736][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 49.931028][ T416] device veth0_vlan entered promiscuous mode [ 49.940420][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 49.949440][ T416] device veth1_macvtap entered promiscuous mode [ 49.958137][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 49.968121][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 50.045732][ T30] audit: type=1401 audit(1778464368.248:106): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768" [ 50.409397][ T8] device bridge_slave_1 left promiscuous mode [ 50.415540][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.423079][ T8] device bridge_slave_0 left promiscuous mode [ 50.429314][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.436945][ T8] device veth1_macvtap left promiscuous mode [ 50.443188][ T8] device veth0_vlan left promiscuous mode 2026/05/11 01:52:49 executed programs: 0 [ 50.822080][ T476] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.829329][ T476] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.836700][ T476] device bridge_slave_0 entered promiscuous mode [ 50.843681][ T476] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.850873][ T476] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.858207][ T476] device bridge_slave_1 entered promiscuous mode [ 50.895307][ T476] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.902391][ T476] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.909677][ T476] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.917113][ T476] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.933865][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 50.941632][ T337] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.949018][ T337] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.957822][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 50.966169][ T337] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.973302][ T337] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.981968][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 50.990166][ T337] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.997339][ T337] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.009157][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 51.019050][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 51.031613][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 51.042559][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 51.050751][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 51.058179][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 51.066304][ T476] device veth0_vlan entered promiscuous mode [ 51.076370][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 51.085739][ T476] device veth1_macvtap entered promiscuous mode [ 51.095015][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 51.105636][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 51.130704][ T30] audit: type=1400 audit(1778464369.328:107): avc: denied { prog_load } for pid=480 comm="syz.2.17" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 51.158339][ T30] audit: type=1400 audit(1778464369.328:108): avc: denied { bpf } for pid=480 comm="syz.2.17" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 51.179492][ T30] audit: type=1400 audit(1778464369.388:109): avc: denied { setopt } for pid=480 comm="syz.2.17" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 51.260121][ T30] audit: type=1400 audit(1778464369.468:110): avc: denied { perfmon } for pid=480 comm="syz.2.17" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 51.284685][ T30] audit: type=1400 audit(1778464369.488:111): avc: denied { prog_run } for pid=480 comm="syz.2.17" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 51.313441][ T484] ================================================================== [ 51.321858][ T484] BUG: KASAN: slab-out-of-bounds in l2cap_sock_setsockopt+0x1a1f/0x1df0 [ 51.330298][ T484] Read of size 4 at addr ffff888122e4811b by task syz.2.18/484 [ 51.337935][ T484] [ 51.340366][ T484] CPU: 1 PID: 484 Comm: syz.2.18 Not tainted syzkaller #0 [ 51.347475][ T484] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 51.357527][ T484] Call Trace: [ 51.360811][ T484] [ 51.363826][ T484] __dump_stack+0x21/0x30 [ 51.368160][ T484] dump_stack_lvl+0x110/0x170 [ 51.372915][ T484] ? show_regs_print_info+0x20/0x20 [ 51.378103][ T484] ? load_image+0x3e0/0x3e0 [ 51.382713][ T484] ? lock_sock_nested+0x21c/0x2a0 [ 51.387744][ T484] print_address_description+0x7f/0x2c0 [ 51.393293][ T484] ? l2cap_sock_setsockopt+0x1a1f/0x1df0 [ 51.398943][ T484] kasan_report+0xf1/0x140 [ 51.403484][ T484] ? memcpy+0x56/0x70 [ 51.407478][ T484] ? l2cap_sock_setsockopt+0x1a1f/0x1df0 [ 51.413277][ T484] __asan_report_load_n_noabort+0xf/0x20 [ 51.419000][ T484] l2cap_sock_setsockopt+0x1a1f/0x1df0 [ 51.424457][ T484] ? selinux_socket_setsockopt+0x282/0x360 [ 51.430255][ T484] ? __cgroup_bpf_run_filter_sysctl+0x760/0x760 [ 51.436484][ T484] ? l2cap_sock_shutdown+0xba0/0xba0 [ 51.441789][ T484] ? __fget_files+0x2c4/0x320 [ 51.446463][ T484] ? security_socket_setsockopt+0x82/0xa0 [ 51.452272][ T484] ? l2cap_sock_shutdown+0xba0/0xba0 [ 51.457547][ T484] __sys_setsockopt+0x2e9/0x470 [ 51.462389][ T484] ? __ia32_sys_recv+0xb0/0xb0 [ 51.467147][ T484] ? __kasan_check_write+0x14/0x20 [ 51.472377][ T484] __x64_sys_setsockopt+0xbf/0xd0 [ 51.477393][ T484] x64_sys_call+0x982/0x9a0 [ 51.482051][ T484] do_syscall_64+0x4c/0xa0 [ 51.486513][ T484] ? clear_bhb_loop+0x50/0xa0 [ 51.491193][ T484] ? clear_bhb_loop+0x50/0xa0 [ 51.495900][ T484] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 51.501806][ T484] RIP: 0033:0x7fdde62b7ef9 [ 51.506248][ T484] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 51.526810][ T484] RSP: 002b:00007fdde611c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 51.535220][ T484] RAX: ffffffffffffffda RBX: 00007fdde6522fa0 RCX: 00007fdde62b7ef9 [ 51.543282][ T484] RDX: 0000000000000008 RSI: 0000000000000112 RDI: 0000000000000004 [ 51.551245][ T484] RBP: 00007fdde634cee0 R08: 0000000000000001 R09: 0000000000000000 [ 51.559205][ T484] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000000 [ 51.567173][ T484] R13: 00007fdde6523038 R14: 00007fdde6522fa0 R15: 00007ffe0cc27b88 [ 51.575445][ T484] [ 51.578517][ T484] [ 51.580880][ T484] Allocated by task 484: [ 51.585814][ T484] __kasan_kmalloc+0xda/0x110 [ 51.590498][ T484] __kmalloc+0x13d/0x2c0 [ 51.594737][ T484] __cgroup_bpf_run_filter_setsockopt+0x8e7/0xaa0 [ 51.601145][ T484] __sys_setsockopt+0x40e/0x470 [ 51.606079][ T484] __x64_sys_setsockopt+0xbf/0xd0 [ 51.611093][ T484] x64_sys_call+0x982/0x9a0 [ 51.615587][ T484] do_syscall_64+0x4c/0xa0 [ 51.620366][ T484] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 51.626562][ T484] [ 51.628889][ T484] The buggy address belongs to the object at ffff888122e48118 [ 51.628889][ T484] which belongs to the cache kmalloc-8 of size 8 [ 51.642679][ T484] The buggy address is located 3 bytes inside of [ 51.642679][ T484] 8-byte region [ffff888122e48118, ffff888122e48120) [ 51.655625][ T484] The buggy address belongs to the page: [ 51.661253][ T484] page:ffffea00048b9200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x122e48 [ 51.671952][ T484] flags: 0x4000000000000200(slab|zone=1) [ 51.677720][ T484] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888100042300 [ 51.686481][ T484] raw: 0000000000000000 0000000080660066 00000001ffffffff 0000000000000000 [ 51.695064][ T484] page dumped because: kasan: bad access detected [ 51.701464][ T484] page_owner tracks the page as allocated [ 51.707166][ T484] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 476, ts 51125672926, free_ts 51125561065 [ 51.723254][ T484] post_alloc_hook+0x192/0x1b0 [ 51.728215][ T484] prep_new_page+0x1c/0x110 [ 51.732799][ T484] get_page_from_freelist+0x2d3a/0x2dc0 [ 51.738401][ T484] __alloc_pages+0x1a2/0x460 [ 51.743075][ T484] new_slab+0xa1/0x4d0 [ 51.747134][ T484] ___slab_alloc+0x381/0x810 [ 51.751718][ T484] __slab_alloc+0x49/0x90 [ 51.756352][ T484] __kmalloc+0x16a/0x2c0 [ 51.760584][ T484] __vmalloc_node_range+0x375/0xaf0 [ 51.765782][ T484] vzalloc+0x78/0x90 [ 51.769675][ T484] alloc_counters+0x66/0x540 [ 51.774258][ T484] do_ip6t_get_ctl+0xa25/0x1110 [ 51.779117][ T484] nf_getsockopt+0x26d/0x290 [ 51.783784][ T484] ipv6_getsockopt+0x1b40/0x2210 [ 51.788810][ T484] tcp_getsockopt+0x205/0x2360 [ 51.793578][ T484] sock_common_getsockopt+0x98/0xb0 [ 51.798864][ T484] page last free stack trace: [ 51.803531][ T484] free_unref_page_prepare+0x542/0x550 [ 51.809102][ T484] free_unref_page+0xae/0x540 [ 51.814115][ T484] __free_pages+0x6c/0x100 [ 51.818538][ T484] __vunmap+0x86d/0xa00 [ 51.822693][ T484] vfree+0x8b/0xc0 [ 51.826407][ T484] do_ipt_get_ctl+0xe4d/0x1100 [ 51.831164][ T484] nf_getsockopt+0x26d/0x290 [ 51.835743][ T484] ip_getsockopt+0x137b/0x17d0 [ 51.840495][ T484] tcp_getsockopt+0x205/0x2360 [ 51.845260][ T484] sock_common_getsockopt+0x98/0xb0 [ 51.850447][ T484] __sys_getsockopt+0x207/0x410 [ 51.855285][ T484] __x64_sys_getsockopt+0xbf/0xd0 [ 51.860387][ T484] x64_sys_call+0x6db/0x9a0 [ 51.864882][ T484] do_syscall_64+0x4c/0xa0 [ 51.869285][ T484] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 51.875185][ T484] [ 51.877508][ T484] Memory state around the buggy address: [ 51.883139][ T484] ffff888122e48000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fa [ 51.891298][ T484] ffff888122e48080: fc fc fc fc fa fc fc fc fc fc fc fc fc fc fa fc [ 51.899356][ T484] >ffff888122e48100: fc fc fc 01 fc fc fc fc fc fc fc fc fc fc fc fc [ 51.907448][ T484] ^ [ 51.912301][ T484] ffff888122e48180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 51.920478][ T484] ffff888122e48200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 51.928545][ T484] ================================================================== [ 51.936796][ T484] Disabling lock debugging due to kernel taint [ 51.949209][ T30] audit: type=1400 audit(1778464370.158:112): avc: denied { read } for pid=83 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 51.973370][ T30] audit: type=1400 audit(1778464370.158:113): avc: denied { search } for pid=83 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 51.996492][ T30] audit: type=1400 audit(1778464370.158:114): avc: denied { write } for pid=83 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 2026/05/11 01:52:54 executed programs: 232 2026/05/11 01:52:59 executed programs: 532