Warning: Permanently added '10.128.0.200' (ED25519) to the list of known hosts. 2026/03/03 16:34:22 parsed 1 programs Setting up swapspace version 1, size = 127995904 bytes [ 43.691810][ T30] audit: type=1400 audit(1772555663.075:105): avc: denied { unlink } for pid=389 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 43.739531][ T389] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 44.163311][ T393] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.170818][ T393] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.178716][ T393] device bridge_slave_0 entered promiscuous mode [ 44.186390][ T393] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.193846][ T393] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.201579][ T393] device bridge_slave_1 entered promiscuous mode [ 44.234559][ T393] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.241930][ T393] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.250403][ T393] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.257669][ T393] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.273741][ T342] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.281521][ T342] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.290109][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 44.298569][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 44.308597][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 44.316782][ T342] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.324399][ T342] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.333530][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 44.342284][ T342] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.350350][ T342] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.362220][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 44.372753][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 44.386130][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 44.397647][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 44.406416][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 44.415598][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 44.425066][ T393] device veth0_vlan entered promiscuous mode [ 44.435545][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 44.445127][ T393] device veth1_macvtap entered promiscuous mode [ 44.454927][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 44.465401][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 44.759331][ T30] audit: type=1401 audit(1772555664.135:106): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768" [ 44.778552][ T30] audit: type=1400 audit(1772555664.155:107): avc: denied { create } for pid=422 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 45.032374][ T342] device bridge_slave_1 left promiscuous mode [ 45.039688][ T342] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.050581][ T342] device bridge_slave_0 left promiscuous mode [ 45.057187][ T342] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.066956][ T342] device veth1_macvtap left promiscuous mode [ 45.073747][ T342] device veth0_vlan left promiscuous mode 2026/03/03 16:34:24 executed programs: 0 [ 45.407205][ T453] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.415818][ T453] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.424904][ T453] device bridge_slave_0 entered promiscuous mode [ 45.432642][ T453] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.439881][ T453] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.447936][ T453] device bridge_slave_1 entered promiscuous mode [ 45.483449][ T453] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.491029][ T453] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.498654][ T453] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.506072][ T453] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.523700][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 45.532510][ T341] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.539816][ T341] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.549900][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 45.558845][ T341] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.566904][ T341] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.576610][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 45.585770][ T341] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.594310][ T341] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.606394][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 45.617144][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 45.630586][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 45.643402][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 45.652698][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 45.662211][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 45.672184][ T453] device veth0_vlan entered promiscuous mode [ 45.682934][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 45.693503][ T453] device veth1_macvtap entered promiscuous mode [ 45.703894][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 45.715206][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 45.741329][ T30] audit: type=1400 audit(1772555665.125:108): avc: denied { prog_load } for pid=457 comm="syz.2.17" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 45.762108][ T30] audit: type=1400 audit(1772555665.125:109): avc: denied { bpf } for pid=457 comm="syz.2.17" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 45.792191][ T30] audit: type=1400 audit(1772555665.175:110): avc: denied { setopt } for pid=457 comm="syz.2.17" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 45.860247][ T30] audit: type=1400 audit(1772555665.235:111): avc: denied { perfmon } for pid=457 comm="syz.2.17" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 45.886514][ T30] audit: type=1400 audit(1772555665.265:112): avc: denied { prog_run } for pid=457 comm="syz.2.17" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 45.913331][ T461] ================================================================== [ 45.922775][ T461] BUG: KASAN: slab-out-of-bounds in hci_sock_setsockopt+0x7f1/0x820 [ 45.931802][ T461] Read of size 4 at addr ffff88812c170a03 by task syz.2.18/461 [ 45.941155][ T461] [ 45.943751][ T461] CPU: 0 PID: 461 Comm: syz.2.18 Not tainted syzkaller #0 [ 45.951199][ T461] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 45.962270][ T461] Call Trace: [ 45.965598][ T461] [ 45.968603][ T461] __dump_stack+0x21/0x30 [ 45.973505][ T461] dump_stack_lvl+0x110/0x170 [ 45.978984][ T461] ? show_regs_print_info+0x20/0x20 [ 45.984858][ T461] ? load_image+0x3e0/0x3e0 [ 45.989871][ T461] ? lock_sock_nested+0x21c/0x2a0 [ 45.995248][ T461] print_address_description+0x7f/0x2c0 [ 46.001303][ T461] ? hci_sock_setsockopt+0x7f1/0x820 [ 46.006971][ T461] kasan_report+0xf1/0x140 [ 46.011461][ T461] ? hci_sock_setsockopt+0x7f1/0x820 [ 46.016906][ T461] __asan_report_load_n_noabort+0xf/0x20 [ 46.023107][ T461] hci_sock_setsockopt+0x7f1/0x820 [ 46.028583][ T461] ? __fget_files+0x2c4/0x320 [ 46.033881][ T461] ? hci_sock_compat_ioctl+0x50/0x50 [ 46.039462][ T461] ? security_socket_setsockopt+0x82/0xa0 [ 46.045538][ T461] ? hci_sock_compat_ioctl+0x50/0x50 [ 46.051438][ T461] __sys_setsockopt+0x2e9/0x470 [ 46.056494][ T461] ? __ia32_sys_recv+0xb0/0xb0 [ 46.061493][ T461] ? __kasan_check_write+0x14/0x20 [ 46.066777][ T461] __x64_sys_setsockopt+0xbf/0xd0 [ 46.071876][ T461] x64_sys_call+0x982/0x9a0 [ 46.076605][ T461] do_syscall_64+0x4c/0xa0 [ 46.081096][ T461] ? clear_bhb_loop+0x50/0xa0 [ 46.085982][ T461] ? clear_bhb_loop+0x50/0xa0 [ 46.090727][ T461] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 46.096863][ T461] RIP: 0033:0x7faed97c4f79 [ 46.101626][ T461] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 46.122554][ T461] RSP: 002b:00007faed9628028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 46.131939][ T461] RAX: ffffffffffffffda RBX: 00007faed9a3efa0 RCX: 00007faed97c4f79 [ 46.140989][ T461] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000008 [ 46.149390][ T461] RBP: 00007faed985b7e0 R08: 0000000000000001 R09: 0000000000000000 [ 46.157984][ T461] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 46.166848][ T461] R13: 00007faed9a3f038 R14: 00007faed9a3efa0 R15: 00007ffeaedf21a8 [ 46.175700][ T461] [ 46.178708][ T461] [ 46.181366][ T461] Allocated by task 461: [ 46.186195][ T461] __kasan_kmalloc+0xda/0x110 [ 46.191565][ T461] __kmalloc+0x13d/0x2c0 [ 46.196069][ T461] __cgroup_bpf_run_filter_setsockopt+0x8e7/0xaa0 [ 46.202732][ T461] __sys_setsockopt+0x40e/0x470 [ 46.207776][ T461] __x64_sys_setsockopt+0xbf/0xd0 [ 46.213048][ T461] x64_sys_call+0x982/0x9a0 [ 46.217806][ T461] do_syscall_64+0x4c/0xa0 [ 46.222383][ T461] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 46.228521][ T461] [ 46.231012][ T461] The buggy address belongs to the object at ffff88812c170a00 [ 46.231012][ T461] which belongs to the cache kmalloc-8 of size 8 [ 46.245127][ T461] The buggy address is located 3 bytes inside of [ 46.245127][ T461] 8-byte region [ffff88812c170a00, ffff88812c170a08) [ 46.258299][ T461] The buggy address belongs to the page: [ 46.264009][ T461] page:ffffea0004b05c00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12c170 [ 46.274939][ T461] flags: 0x4000000000000200(slab|zone=1) [ 46.280854][ T461] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888100042300 [ 46.290310][ T461] raw: 0000000000000000 0000000080660066 00000001ffffffff 0000000000000000 [ 46.299228][ T461] page dumped because: kasan: bad access detected [ 46.305794][ T461] page_owner tracks the page as allocated [ 46.311840][ T461] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 453, ts 45479671920, free_ts 44904868616 [ 46.328828][ T461] post_alloc_hook+0x192/0x1b0 [ 46.333583][ T461] prep_new_page+0x1c/0x110 [ 46.338687][ T461] get_page_from_freelist+0x2d3a/0x2dc0 [ 46.344312][ T461] __alloc_pages+0x1a2/0x460 [ 46.349231][ T461] new_slab+0xa1/0x4d0 [ 46.354101][ T461] ___slab_alloc+0x381/0x810 [ 46.359199][ T461] __slab_alloc+0x49/0x90 [ 46.363874][ T461] __kmalloc_track_caller+0x169/0x2c0 [ 46.369398][ T461] kstrdup_const+0x55/0x90 [ 46.373915][ T461] __kernfs_new_node+0xa8/0x6b0 [ 46.378922][ T461] kernfs_new_node+0x150/0x260 [ 46.384315][ T461] kernfs_create_link+0xa4/0x200 [ 46.389682][ T461] sysfs_do_create_link_sd+0x8a/0x110 [ 46.395385][ T461] sysfs_create_link+0x68/0x80 [ 46.400474][ T461] device_add+0x7a0/0xed0 [ 46.405827][ T461] netdev_register_kobject+0x1bc/0x360 [ 46.411977][ T461] page last free stack trace: [ 46.417773][ T461] free_unref_page_prepare+0x542/0x550 [ 46.423945][ T461] free_unref_page+0xae/0x540 [ 46.428987][ T461] __free_pages+0x6c/0x100 [ 46.433764][ T461] __vunmap+0x86d/0xa00 [ 46.438298][ T461] vfree+0x8b/0xc0 [ 46.442090][ T461] kcov_close+0x2b/0x50 [ 46.446638][ T461] __fput+0x20b/0x8b0 [ 46.450686][ T461] ____fput+0x15/0x20 [ 46.454824][ T461] task_work_run+0x127/0x190 [ 46.459485][ T461] do_exit+0xa9e/0x27e0 [ 46.463994][ T461] do_group_exit+0x141/0x310 [ 46.468841][ T461] get_signal+0x66a/0x1480 [ 46.473692][ T461] arch_do_signal_or_restart+0xdf/0x11c0 [ 46.480193][ T461] exit_to_user_mode_loop+0xa7/0xe0 [ 46.485891][ T461] exit_to_user_mode_prepare+0x87/0xd0 [ 46.491603][ T461] syscall_exit_to_user_mode+0x1a/0x30 [ 46.497230][ T461] [ 46.499669][ T461] Memory state around the buggy address: [ 46.505395][ T461] ffff88812c170900: fc fc 05 fc fc fc fc fa fc fc fc fc fa fc fc fc [ 46.514179][ T461] ffff88812c170980: fc fa fc fc fc fc 00 fc fc fc fc 00 fc fc fc fc [ 46.522702][ T461] >ffff88812c170a00: 01 fc fc fc fc 00 fc fc fc fc fa fc fc fc fc fc [ 46.531178][ T461] ^ [ 46.535249][ T461] ffff88812c170a80: fc fc fc fc fa fc fc fc fc 05 fc fc fc fc fa fc [ 46.543826][ T461] ffff88812c170b00: fc fc fc fa fc fc fc fc fa fc fc fc fc fa fc fc [ 46.552762][ T461] ================================================================== [ 46.561322][ T461] Disabling lock debugging due to kernel taint [ 46.574284][ T30] audit: type=1400 audit(1772555665.955:113): avc: denied { read } for pid=83 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 46.598422][ T30] audit: type=1400 audit(1772555665.955:114): avc: denied { search } for pid=83 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 2026/03/03 16:34:29 executed programs: 230 2026/03/03 16:34:34 executed programs: 530