Warning: Permanently added '10.128.1.151' (ED25519) to the list of known hosts.
2026/01/23 11:13:30 parsed 1 programs
[   20.753767][   T24] audit: type=1400 audit(1769166810.440:64): avc:  denied  { node_bind } for  pid=275 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[   20.761513][   T24] audit: type=1400 audit(1769166810.440:65): avc:  denied  { create } for  pid=275 comm="syz-execprog" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   20.768107][   T24] audit: type=1400 audit(1769166810.440:66): avc:  denied  { module_request } for  pid=275 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[   21.394344][   T24] audit: type=1400 audit(1769166811.080:67): avc:  denied  { mounton } for  pid=281 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   21.395259][  T281] cgroup: Unknown subsys name 'net'
[   21.422607][   T24] audit: type=1400 audit(1769166811.080:68): avc:  denied  { mount } for  pid=281 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   21.444760][   T24] audit: type=1400 audit(1769166811.110:69): avc:  denied  { unmount } for  pid=281 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   21.444989][  T281] cgroup: Unknown subsys name 'devices'
[   21.617084][  T281] cgroup: Unknown subsys name 'hugetlb'
[   21.622692][  T281] cgroup: Unknown subsys name 'rlimit'
[   21.794690][   T24] audit: type=1400 audit(1769166811.480:70): avc:  denied  { setattr } for  pid=281 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=253 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   21.817926][   T24] audit: type=1400 audit(1769166811.480:71): avc:  denied  { create } for  pid=281 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[   21.838621][   T24] audit: type=1400 audit(1769166811.480:72): avc:  denied  { write } for  pid=281 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   21.858950][   T24] audit: type=1400 audit(1769166811.480:73): avc:  denied  { read } for  pid=281 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   21.864657][  T286] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   21.907721][  T281] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   22.336858][  T288] request_module fs-gadgetfs succeeded, but still no fs?
[   22.347770][  T288] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation
[   22.446764][  T297] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.453802][  T297] bridge0: port 1(bridge_slave_0) entered disabled state
[   22.461290][  T297] device bridge_slave_0 entered promiscuous mode
[   22.468958][  T297] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.476073][  T297] bridge0: port 2(bridge_slave_1) entered disabled state
[   22.483346][  T297] device bridge_slave_1 entered promiscuous mode
[   22.515772][  T297] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.522812][  T297] bridge0: port 2(bridge_slave_1) entered forwarding state
[   22.530184][  T297] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.537257][  T297] bridge0: port 1(bridge_slave_0) entered forwarding state
[   22.554128][    T7] bridge0: port 1(bridge_slave_0) entered disabled state
[   22.561378][    T7] bridge0: port 2(bridge_slave_1) entered disabled state
[   22.568680][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   22.576179][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   22.586095][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   22.594172][    T7] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.601215][    T7] bridge0: port 1(bridge_slave_0) entered forwarding state
[   22.609540][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   22.617812][    T7] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.624836][    T7] bridge0: port 2(bridge_slave_1) entered forwarding state
[   22.636138][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   22.646059][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   22.658869][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   22.669359][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   22.677925][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   22.685321][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   22.694338][  T297] device veth0_vlan entered promiscuous mode
[   22.703515][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   22.712738][  T297] device veth1_macvtap entered promiscuous mode
[   22.722304][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   22.731831][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
2026/01/23 11:13:33 executed programs: 0
[   23.477909][  T353] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.485037][  T353] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.492814][  T353] device bridge_slave_0 entered promiscuous mode
[   23.500324][  T353] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.507469][  T353] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.514726][  T353] device bridge_slave_1 entered promiscuous mode
[   23.559747][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   23.567388][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   23.576358][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   23.584744][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   23.593242][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.600271][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.607731][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   23.617541][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   23.625861][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   23.633924][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.641047][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.654744][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   23.663748][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   23.672782][  T112] device bridge_slave_1 left promiscuous mode
[   23.679213][  T112] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.686703][  T112] device bridge_slave_0 left promiscuous mode
[   23.692804][  T112] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.700665][  T112] device veth1_macvtap left promiscuous mode
[   23.706683][  T112] device veth0_vlan left promiscuous mode
[   23.779625][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   23.790339][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   23.798387][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   23.805804][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   23.813871][  T353] device veth0_vlan entered promiscuous mode
[   23.823580][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   23.832639][  T353] device veth1_macvtap entered promiscuous mode
[   23.841504][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   23.851286][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   23.872086][  T357] ==================================================================
[   23.880214][  T357] BUG: KASAN: slab-out-of-bounds in xfrm_policy_inexact_list_reinsert+0x606/0x6c0
[   23.889432][  T357] Read of size 1 at addr ffff88810fb97bd8 by task syz.2.17/357
[   23.896951][  T357] 
[   23.899287][  T357] CPU: 0 PID: 357 Comm: syz.2.17 Not tainted syzkaller #0
[   23.906373][  T357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   23.916413][  T357] Call Trace:
[   23.919773][  T357]  __dump_stack+0x21/0x24
[   23.924169][  T357]  dump_stack_lvl+0x1a7/0x208
[   23.928831][  T357]  ? show_regs_print_info+0x18/0x18
[   23.934008][  T357]  ? thaw_kernel_threads+0x220/0x220
[   23.939272][  T357]  ? unwind_get_return_address+0x4d/0x90
[   23.944907][  T357]  print_address_description+0x7f/0x2c0
[   23.950442][  T357]  ? xfrm_policy_inexact_list_reinsert+0x606/0x6c0
[   23.956938][  T357]  kasan_report+0xe2/0x130
[   23.961335][  T357]  ? xfrm_policy_inexact_list_reinsert+0x606/0x6c0
[   23.967816][  T357]  __asan_report_load1_noabort+0x14/0x20
[   23.973429][  T357]  xfrm_policy_inexact_list_reinsert+0x606/0x6c0
[   23.979760][  T357]  xfrm_policy_inexact_insert_node+0x938/0xb50
[   23.985912][  T357]  ? xfrm_netlink_rcv+0x72/0x90
[   23.990767][  T357]  ? netlink_unicast+0x876/0xa40
[   23.995689][  T357]  ? ____sys_sendmsg+0x5b7/0x8f0
[   24.000613][  T357]  ? do_syscall_64+0x31/0x40
[   24.005287][  T357]  xfrm_policy_inexact_alloc_chain+0x53d/0xb30
[   24.011451][  T357]  xfrm_policy_inexact_insert+0x70/0x1130
[   24.017589][  T357]  ? __kasan_check_write+0x14/0x20
[   24.022678][  T357]  ? _raw_spin_lock_bh+0x94/0xf0
[   24.027593][  T357]  ? policy_hash_bysel+0x13f/0x6f0
[   24.032684][  T357]  xfrm_policy_insert+0x126/0x9a0
[   24.037687][  T357]  ? xfrm_policy_construct+0x54f/0x1f00
[   24.043229][  T357]  xfrm_add_policy+0x4ed/0x850
[   24.047984][  T357]  ? xfrm_dump_sa_done+0xc0/0xc0
[   24.052937][  T357]  xfrm_user_rcv_msg+0x4d0/0x7b0
[   24.057863][  T357]  ? xfrm_netlink_rcv+0x90/0x90
[   24.062904][  T357]  ? do_syscall_64+0x31/0x40
[   24.067502][  T357]  ? selinux_nlmsg_lookup+0x219/0x4a0
[   24.072865][  T357]  netlink_rcv_skb+0x1f5/0x440
[   24.077822][  T357]  ? xfrm_netlink_rcv+0x90/0x90
[   24.082707][  T357]  ? netlink_ack+0xb70/0xb70
[   24.087283][  T357]  ? mutex_trylock+0xa0/0xa0
[   24.091873][  T357]  ? __netlink_lookup+0x387/0x3b0
[   24.096958][  T357]  xfrm_netlink_rcv+0x72/0x90
[   24.101634][  T357]  netlink_unicast+0x876/0xa40
[   24.106384][  T357]  netlink_sendmsg+0x89c/0xb50
[   24.111133][  T357]  ? netlink_getsockopt+0x530/0x530
[   24.116319][  T357]  ? get_futex_key+0x718/0xc70
[   24.121074][  T357]  ? security_socket_sendmsg+0x82/0xa0
[   24.126521][  T357]  ? netlink_getsockopt+0x530/0x530
[   24.131705][  T357]  ____sys_sendmsg+0x5b7/0x8f0
[   24.136542][  T357]  ? __sys_sendmsg_sock+0x40/0x40
[   24.141548][  T357]  ? import_iovec+0x7c/0xb0
[   24.146030][  T357]  ___sys_sendmsg+0x236/0x2e0
[   24.150705][  T357]  ? slab_post_alloc_hook+0x7d/0x2f0
[   24.155975][  T357]  ? __sys_sendmsg+0x280/0x280
[   24.160731][  T357]  ? alloc_file+0x82/0x540
[   24.165128][  T357]  ? __kasan_check_read+0x11/0x20
[   24.170310][  T357]  ? __fdget+0x15b/0x230
[   24.174527][  T357]  __x64_sys_sendmsg+0x1f9/0x2c0
[   24.179442][  T357]  ? ___sys_sendmsg+0x2e0/0x2e0
[   24.184269][  T357]  ? __fd_install+0x13b/0x270
[   24.188936][  T357]  ? debug_smp_processor_id+0x17/0x20
[   24.194288][  T357]  ? fpregs_assert_state_consistent+0xb1/0xe0
[   24.200333][  T357]  ? exit_to_user_mode_prepare+0x2f/0xa0
[   24.205948][  T357]  do_syscall_64+0x31/0x40
[   24.210348][  T357]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   24.216302][  T357] RIP: 0033:0x7fd49acf9cb9
[   24.220701][  T357] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   24.240392][  T357] RSP: 002b:00007fff4bb53648 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   24.248959][  T357] RAX: ffffffffffffffda RBX: 00007fd49af74fa0 RCX: 00007fd49acf9cb9
[   24.256911][  T357] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000007
[   24.264967][  T357] RBP: 00007fd49ad67bf7 R08: 0000000000000000 R09: 0000000000000000
[   24.273174][  T357] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   24.281150][  T357] R13: 00007fd49af74fac R14: 00007fd49af74fa0 R15: 00007fd49af74fa0
[   24.289114][  T357] 
[   24.291429][  T357] Allocated by task 357:
[   24.295675][  T357]  __kasan_kmalloc+0xda/0x110
[   24.300336][  T357]  __kmalloc+0x1a4/0x330
[   24.304560][  T357]  sk_prot_alloc+0xb2/0x340
[   24.309044][  T357]  sk_alloc+0x38/0x4e0
[   24.313117][  T357]  pfkey_create+0x12a/0x660
[   24.317599][  T357]  __sock_create+0x38d/0x770
[   24.322182][  T357]  __sys_socket+0xec/0x190
[   24.326585][  T357]  __x64_sys_socket+0x7a/0x90
[   24.331265][  T357]  do_syscall_64+0x31/0x40
[   24.335755][  T357]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   24.341636][  T357] 
[   24.343957][  T357] The buggy address belongs to the object at ffff88810fb97800
[   24.343957][  T357]  which belongs to the cache kmalloc-1k of size 1024
[   24.358012][  T357] The buggy address is located 984 bytes inside of
[   24.358012][  T357]  1024-byte region [ffff88810fb97800, ffff88810fb97c00)
[   24.371353][  T357] The buggy address belongs to the page:
[   24.376981][  T357] page:ffffea00043ee400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10fb90
[   24.387198][  T357] head:ffffea00043ee400 order:3 compound_mapcount:0 compound_pincount:0
[   24.395504][  T357] flags: 0x4000000000010200(slab|head)
[   24.400943][  T357] raw: 4000000000010200 0000000000000000 0000000100000001 ffff888100042f00
[   24.409526][  T357] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[   24.418085][  T357] page dumped because: kasan: bad access detected
[   24.424474][  T357] page_owner tracks the page as allocated
[   24.430174][  T357] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 94, ts 4389951262, free_ts 0
[   24.448193][  T357]  prep_new_page+0x179/0x180
[   24.452775][  T357]  get_page_from_freelist+0x223b/0x23d0
[   24.458308][  T357]  __alloc_pages_nodemask+0x290/0x620
[   24.463937][  T357]  new_slab+0x84/0x3f0
[   24.467994][  T357]  ___slab_alloc+0x2a6/0x450
[   24.472589][  T357]  __slab_alloc+0x63/0xa0
[   24.476906][  T357]  __kmalloc_track_caller+0x1ec/0x320
[   24.482260][  T357]  __alloc_skb+0xdc/0x520
[   24.486581][  T357]  netlink_sendmsg+0x605/0xb50
[   24.491334][  T357]  ____sys_sendmsg+0x5b7/0x8f0
[   24.496085][  T357]  ___sys_sendmsg+0x236/0x2e0
[   24.500855][  T357]  __x64_sys_sendmsg+0x1f9/0x2c0
[   24.505793][  T357]  do_syscall_64+0x31/0x40
[   24.510194][  T357]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   24.516066][  T357] page_owner free stack trace missing
[   24.521411][  T357] 
[   24.523720][  T357] Memory state around the buggy address:
[   24.529341][  T357]  ffff88810fb97a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.537386][  T357]  ffff88810fb97b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.545441][  T357] >ffff88810fb97b80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   24.553485][  T357]                                                     ^
[   24.560493][  T357]  ffff88810fb97c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.568539][  T357]  ffff88810fb97c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.576582][  T357] ==================================================================
[   24.584627][  T357] Disabling lock debugging due to kernel taint