Warning: Permanently added '10.128.0.132' (ED25519) to the list of known hosts. 2026/05/04 21:41:32 parsed 1 programs [ 22.682004][ T24] audit: type=1400 audit(1777930892.659:64): avc: denied { node_bind } for pid=287 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 22.702707][ T24] audit: type=1400 audit(1777930892.659:65): avc: denied { create } for pid=287 comm="syz-execprog" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 22.722434][ T24] audit: type=1400 audit(1777930892.659:66): avc: denied { module_request } for pid=287 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 23.286229][ T24] audit: type=1400 audit(1777930893.259:67): avc: denied { mounton } for pid=295 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2024 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 23.287205][ T295] cgroup: Unknown subsys name 'net' [ 23.308898][ T24] audit: type=1400 audit(1777930893.259:68): avc: denied { mount } for pid=295 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 23.336155][ T24] audit: type=1400 audit(1777930893.289:69): avc: denied { unmount } for pid=295 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 23.336343][ T295] cgroup: Unknown subsys name 'devices' [ 23.571978][ T295] cgroup: Unknown subsys name 'hugetlb' [ 23.577567][ T295] cgroup: Unknown subsys name 'rlimit' [ 23.753364][ T24] audit: type=1400 audit(1777930893.729:70): avc: denied { setattr } for pid=295 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=253 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 23.775345][ T298] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 23.776546][ T24] audit: type=1400 audit(1777930893.729:71): avc: denied { create } for pid=295 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 23.805518][ T24] audit: type=1400 audit(1777930893.729:72): avc: denied { write } for pid=295 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 23.825790][ T24] audit: type=1400 audit(1777930893.729:73): avc: denied { read } for pid=295 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 23.846017][ T295] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 24.250764][ T300] request_module fs-gadgetfs succeeded, but still no fs? [ 24.261412][ T300] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 24.828728][ T350] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.836065][ T350] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.843514][ T350] device bridge_slave_0 entered promiscuous mode [ 24.850289][ T350] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.857371][ T350] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.864653][ T350] device bridge_slave_1 entered promiscuous mode [ 24.895278][ T350] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.902346][ T350] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.909561][ T350] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.916762][ T350] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.932162][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.939756][ T112] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.947046][ T112] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.955997][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.964385][ T112] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.971459][ T112] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.983516][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.991686][ T112] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.998714][ T112] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.009419][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 25.023330][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 25.035439][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.045940][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.053942][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 25.061409][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 25.074454][ T350] device veth0_vlan entered promiscuous mode [ 25.083520][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.096612][ T350] device veth1_macvtap entered promiscuous mode [ 25.105084][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.114553][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 2026/05/04 21:41:35 executed programs: 0 [ 25.373319][ T365] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.380520][ T365] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.387805][ T365] device bridge_slave_0 entered promiscuous mode [ 25.396170][ T365] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.403236][ T365] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.411144][ T365] device bridge_slave_1 entered promiscuous mode [ 25.454959][ T365] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.462009][ T365] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.469321][ T365] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.476432][ T365] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.492188][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 25.499983][ T112] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.507596][ T112] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.516792][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 25.525088][ T112] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.532124][ T112] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.541385][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 25.549557][ T112] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.556596][ T112] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.567572][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 25.578021][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 25.595631][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.606885][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.615109][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 25.622644][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 25.630829][ T365] device veth0_vlan entered promiscuous mode [ 25.643690][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.652812][ T365] device veth1_macvtap entered promiscuous mode [ 25.661685][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.671676][ T112] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.695292][ T395] ================================================================== [ 25.703412][ T395] BUG: KASAN: slab-out-of-bounds in xfrm_policy_inexact_list_reinsert+0x606/0x6c0 [ 25.712589][ T395] Read of size 1 at addr ffff888111711bd8 by task syz.2.17/395 [ 25.720098][ T395] [ 25.722410][ T395] CPU: 0 PID: 395 Comm: syz.2.17 Not tainted syzkaller #0 [ 25.729489][ T395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 25.739519][ T395] Call Trace: [ 25.742790][ T395] __dump_stack+0x21/0x24 [ 25.747092][ T395] dump_stack_lvl+0x1a7/0x208 [ 25.751738][ T395] ? show_regs_print_info+0x18/0x18 [ 25.756905][ T395] ? thaw_kernel_threads+0x220/0x220 [ 25.762160][ T395] ? unwind_get_return_address+0x4d/0x90 [ 25.767771][ T395] print_address_description+0x7f/0x2c0 [ 25.773288][ T395] ? xfrm_policy_inexact_list_reinsert+0x606/0x6c0 [ 25.779761][ T395] kasan_report+0xe2/0x130 [ 25.784147][ T395] ? xfrm_policy_inexact_list_reinsert+0x606/0x6c0 [ 25.790617][ T395] __asan_report_load1_noabort+0x14/0x20 [ 25.796219][ T395] xfrm_policy_inexact_list_reinsert+0x606/0x6c0 [ 25.802602][ T395] xfrm_policy_inexact_insert_node+0x938/0xb50 [ 25.808731][ T395] ? xfrm_netlink_rcv+0x72/0x90 [ 25.813561][ T395] ? netlink_unicast+0x876/0xa40 [ 25.818469][ T395] ? ____sys_sendmsg+0x5b7/0x8f0 [ 25.823384][ T395] ? do_syscall_64+0x31/0x40 [ 25.827954][ T395] xfrm_policy_inexact_alloc_chain+0x53d/0xb30 [ 25.834077][ T395] xfrm_policy_inexact_insert+0x70/0x1130 [ 25.839769][ T395] ? __kasan_check_write+0x14/0x20 [ 25.844853][ T395] ? _raw_spin_lock_bh+0x94/0xf0 [ 25.849759][ T395] ? policy_hash_bysel+0x13f/0x6f0 [ 25.854837][ T395] xfrm_policy_insert+0x126/0x9a0 [ 25.859833][ T395] ? xfrm_policy_construct+0x54f/0x1f00 [ 25.865383][ T395] xfrm_add_policy+0x4ed/0x850 [ 25.870131][ T395] ? xfrm_dump_sa_done+0xc0/0xc0 [ 25.875045][ T395] xfrm_user_rcv_msg+0x4d0/0x7b0 [ 25.879950][ T395] ? xfrm_netlink_rcv+0x90/0x90 [ 25.884774][ T395] ? do_syscall_64+0x31/0x40 [ 25.889339][ T395] ? selinux_nlmsg_lookup+0x219/0x4a0 [ 25.894684][ T395] netlink_rcv_skb+0x1f5/0x440 [ 25.899433][ T395] ? xfrm_netlink_rcv+0x90/0x90 [ 25.904263][ T395] ? netlink_ack+0xb70/0xb70 [ 25.908833][ T395] ? mutex_trylock+0xa0/0xa0 [ 25.913489][ T395] ? __netlink_lookup+0x387/0x3b0 [ 25.918512][ T395] xfrm_netlink_rcv+0x72/0x90 [ 25.923162][ T395] netlink_unicast+0x876/0xa40 [ 25.927920][ T395] netlink_sendmsg+0x89c/0xb50 [ 25.932664][ T395] ? netlink_getsockopt+0x530/0x530 [ 25.937837][ T395] ? get_futex_key+0x718/0xc70 [ 25.942576][ T395] ? security_socket_sendmsg+0x82/0xa0 [ 25.948002][ T395] ? netlink_getsockopt+0x530/0x530 [ 25.953170][ T395] ____sys_sendmsg+0x5b7/0x8f0 [ 25.957902][ T395] ? __sys_sendmsg_sock+0x40/0x40 [ 25.962902][ T395] ? import_iovec+0x7c/0xb0 [ 25.967371][ T395] ___sys_sendmsg+0x236/0x2e0 [ 25.972017][ T395] ? slab_post_alloc_hook+0x7d/0x2f0 [ 25.977286][ T395] ? __sys_sendmsg+0x280/0x280 [ 25.982037][ T395] ? alloc_file+0x82/0x540 [ 25.986434][ T395] ? __kasan_check_read+0x11/0x20 [ 25.991435][ T395] ? __fdget+0x15b/0x230 [ 25.995658][ T395] __x64_sys_sendmsg+0x1f9/0x2c0 [ 26.000566][ T395] ? ___sys_sendmsg+0x2e0/0x2e0 [ 26.005384][ T395] ? __fd_install+0x13b/0x270 [ 26.010031][ T395] ? debug_smp_processor_id+0x17/0x20 [ 26.015372][ T395] ? fpregs_assert_state_consistent+0xb1/0xe0 [ 26.021422][ T395] ? exit_to_user_mode_prepare+0x2f/0xa0 [ 26.027024][ T395] do_syscall_64+0x31/0x40 [ 26.031416][ T395] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 26.037310][ T395] RIP: 0033:0x7fa6b62c4dd9 [ 26.041707][ T395] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 26.061377][ T395] RSP: 002b:00007ffcc448c198 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 26.069766][ T395] RAX: ffffffffffffffda RBX: 00007fa6b653dfa0 RCX: 00007fa6b62c4dd9 [ 26.077710][ T395] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000007 [ 26.085652][ T395] RBP: 00007fa6b635ad69 R08: 0000000000000000 R09: 0000000000000000 [ 26.093594][ T395] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 26.101541][ T395] R13: 00007fa6b653dfac R14: 00007fa6b653dfa0 R15: 00007fa6b653dfa0 [ 26.109492][ T395] [ 26.111797][ T395] Allocated by task 395: [ 26.116011][ T395] __kasan_kmalloc+0xda/0x110 [ 26.120681][ T395] __kmalloc+0x1a4/0x330 [ 26.124907][ T395] sk_prot_alloc+0xb2/0x340 [ 26.129377][ T395] sk_alloc+0x38/0x4e0 [ 26.133439][ T395] pfkey_create+0x12a/0x660 [ 26.137910][ T395] __sock_create+0x38d/0x770 [ 26.142469][ T395] __sys_socket+0xec/0x190 [ 26.146852][ T395] __x64_sys_socket+0x7a/0x90 [ 26.151506][ T395] do_syscall_64+0x31/0x40 [ 26.155900][ T395] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 26.161755][ T395] [ 26.164063][ T395] The buggy address belongs to the object at ffff888111711800 [ 26.164063][ T395] which belongs to the cache kmalloc-1k of size 1024 [ 26.178092][ T395] The buggy address is located 984 bytes inside of [ 26.178092][ T395] 1024-byte region [ffff888111711800, ffff888111711c00) [ 26.191424][ T395] The buggy address belongs to the page: [ 26.197042][ T395] page:ffffea000445c400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x111710 [ 26.207246][ T395] head:ffffea000445c400 order:3 compound_mapcount:0 compound_pincount:0 [ 26.215542][ T395] flags: 0x4000000000010200(slab|head) [ 26.220970][ T395] raw: 4000000000010200 dead000000000100 dead000000000122 ffff888100042f00 [ 26.229519][ T395] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 26.238073][ T395] page dumped because: kasan: bad access detected [ 26.244452][ T395] page_owner tracks the page as allocated [ 26.250140][ T395] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 365, ts 25690309387, free_ts 25652064891 [ 26.270505][ T395] prep_new_page+0x179/0x180 [ 26.275085][ T395] get_page_from_freelist+0x223b/0x23d0 [ 26.280598][ T395] __alloc_pages_nodemask+0x290/0x620 [ 26.285938][ T395] new_slab+0x84/0x3f0 [ 26.289977][ T395] ___slab_alloc+0x2a6/0x450 [ 26.294533][ T395] __slab_alloc+0x63/0xa0 [ 26.298830][ T395] __kmalloc+0x1fe/0x330 [ 26.303043][ T395] kvmalloc_node+0x88/0x130 [ 26.307513][ T395] xt_alloc_table_info+0x3b/0xa0 [ 26.312418][ T395] ipt_register_table+0xd2/0x4e0 [ 26.317321][ T395] iptable_security_table_init+0x7b/0xa0 [ 26.322920][ T395] xt_find_table_lock+0x251/0x3f0 [ 26.327921][ T395] xt_request_find_table_lock+0x27/0x100 [ 26.333526][ T395] do_ipt_get_ctl+0x6ce/0x1100 [ 26.338256][ T395] nf_getsockopt+0x26d/0x290 [ 26.342811][ T395] ip_getsockopt+0x137a/0x17d0 [ 26.347557][ T395] page last free stack trace: [ 26.352207][ T395] __free_pages_ok+0x80b/0x830 [ 26.356942][ T395] __free_pages+0xd8/0x3b0 [ 26.361327][ T395] __free_slab+0xcf/0x190 [ 26.365622][ T395] unfreeze_partials+0x15f/0x190 [ 26.370525][ T395] put_cpu_partial+0xc1/0x180 [ 26.375168][ T395] __slab_free+0x2c9/0x3a0 [ 26.379566][ T395] ___cache_free+0x10e/0x130 [ 26.384123][ T395] qlink_free+0x50/0x90 [ 26.388248][ T395] qlist_free_all+0x5f/0xb0 [ 26.392724][ T395] kasan_quarantine_reduce+0x14a/0x160 [ 26.398240][ T395] __kasan_slab_alloc+0x2f/0xf0 [ 26.403076][ T395] slab_post_alloc_hook+0x5d/0x2f0 [ 26.408153][ T395] kmem_cache_alloc+0x162/0x2d0 [ 26.412973][ T395] __alloc_skb+0x9e/0x520 [ 26.417355][ T395] netlink_ack+0x372/0xb70 [ 26.421746][ T395] netlink_rcv_skb+0x27a/0x440 [ 26.426474][ T395] [ 26.428855][ T395] Memory state around the buggy address: [ 26.434474][ T395] ffff888111711a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.442596][ T395] ffff888111711b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.450634][ T395] >ffff888111711b80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 26.458667][ T395] ^ [ 26.465576][ T395] ffff888111711c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.473614][ T395] ffff888111711c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.481644][ T395] ================================================================== [ 26.489686][ T395] Disabling lock debugging due to kernel taint