Warning: Permanently added '10.128.1.147' (ED25519) to the list of known hosts.
2026/05/08 10:47:51 parsed 1 programs
[   25.016405][   T30] audit: type=1400 audit(1778237271.308:64): avc:  denied  { node_bind } for  pid=293 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[   25.037564][   T30] audit: type=1400 audit(1778237271.308:65): avc:  denied  { module_request } for  pid=293 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[   25.989371][   T30] audit: type=1400 audit(1778237272.288:66): avc:  denied  { mounton } for  pid=299 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2024 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   25.992842][  T299] cgroup: Unknown subsys name 'net'
[   26.012188][   T30] audit: type=1400 audit(1778237272.288:67): avc:  denied  { mount } for  pid=299 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   26.039416][   T30] audit: type=1400 audit(1778237272.308:68): avc:  denied  { unmount } for  pid=299 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   26.039764][  T299] cgroup: Unknown subsys name 'devices'
[   26.180508][  T299] cgroup: Unknown subsys name 'hugetlb'
[   26.186153][  T299] cgroup: Unknown subsys name 'rlimit'
[   26.333172][   T30] audit: type=1400 audit(1778237272.628:69): avc:  denied  { setattr } for  pid=299 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   26.356512][   T30] audit: type=1400 audit(1778237272.628:70): avc:  denied  { create } for  pid=299 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   26.376950][   T30] audit: type=1400 audit(1778237272.628:71): avc:  denied  { write } for  pid=299 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   26.397196][  T303] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   26.405914][   T30] audit: type=1400 audit(1778237272.628:72): avc:  denied  { read } for  pid=299 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[   26.426124][   T30] audit: type=1400 audit(1778237272.628:73): avc:  denied  { mounton } for  pid=299 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   26.452450][  T299] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   26.919951][  T305] request_module fs-gadgetfs succeeded, but still no fs?
[   27.207602][  T325] bridge0: port 1(bridge_slave_0) entered blocking state
[   27.214717][  T325] bridge0: port 1(bridge_slave_0) entered disabled state
[   27.222340][  T325] device bridge_slave_0 entered promiscuous mode
[   27.229342][  T325] bridge0: port 2(bridge_slave_1) entered blocking state
[   27.236372][  T325] bridge0: port 2(bridge_slave_1) entered disabled state
[   27.243856][  T325] device bridge_slave_1 entered promiscuous mode
[   27.287621][  T325] bridge0: port 2(bridge_slave_1) entered blocking state
[   27.294689][  T325] bridge0: port 2(bridge_slave_1) entered forwarding state
[   27.302060][  T325] bridge0: port 1(bridge_slave_0) entered blocking state
[   27.309203][  T325] bridge0: port 1(bridge_slave_0) entered forwarding state
[   27.329041][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[   27.336313][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[   27.343749][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   27.351342][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   27.361181][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   27.369435][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[   27.376567][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[   27.385320][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   27.393533][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[   27.400616][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[   27.413948][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   27.423056][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   27.436887][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   27.449783][  T325] device veth0_vlan entered promiscuous mode
[   27.456351][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   27.465029][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   27.472737][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   27.486061][  T325] device veth1_macvtap entered promiscuous mode
[   27.492992][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   27.504139][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   27.514069][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   27.546878][  T325] syz-executor (325) used greatest stack depth: 21664 bytes left
2026/05/08 10:47:54 executed programs: 0
[   28.140157][  T367] bridge0: port 1(bridge_slave_0) entered blocking state
[   28.147245][  T367] bridge0: port 1(bridge_slave_0) entered disabled state
[   28.154770][  T367] device bridge_slave_0 entered promiscuous mode
[   28.161775][  T367] bridge0: port 2(bridge_slave_1) entered blocking state
[   28.168883][  T367] bridge0: port 2(bridge_slave_1) entered disabled state
[   28.176467][  T367] device bridge_slave_1 entered promiscuous mode
[   28.221497][  T367] bridge0: port 2(bridge_slave_1) entered blocking state
[   28.228702][  T367] bridge0: port 2(bridge_slave_1) entered forwarding state
[   28.236120][  T367] bridge0: port 1(bridge_slave_0) entered blocking state
[   28.243276][  T367] bridge0: port 1(bridge_slave_0) entered forwarding state
[   28.260394][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[   28.267673][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[   28.278638][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   28.286188][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   28.295687][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   28.304250][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   28.312446][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[   28.319482][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[   28.327987][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   28.336730][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   28.345664][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[   28.352827][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[   28.364317][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   28.372473][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   28.381848][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   28.390103][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   28.403287][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   28.411775][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   28.423242][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   28.431207][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   28.439525][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   28.447074][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   28.455496][  T367] device veth0_vlan entered promiscuous mode
[   28.465833][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   28.474161][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   28.483567][  T367] device veth1_macvtap entered promiscuous mode
[   28.493253][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   28.501078][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   28.509607][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   28.525682][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   28.534149][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   28.560455][  T371] ==================================================================
[   28.568574][  T371] BUG: KASAN: slab-out-of-bounds in xfrm_policy_inexact_list_reinsert+0x606/0x6c0
[   28.577835][  T371] Read of size 1 at addr ffff8881108a33f8 by task syz.2.17/371
[   28.585405][  T371] 
[   28.587745][  T371] CPU: 0 PID: 371 Comm: syz.2.17 Not tainted syzkaller #0
[   28.594850][  T371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[   28.604914][  T371] Call Trace:
[   28.608211][  T371]  <TASK>
[   28.611156][  T371]  __dump_stack+0x21/0x30
[   28.615490][  T371]  dump_stack_lvl+0x110/0x170
[   28.620171][  T371]  ? show_regs_print_info+0x20/0x20
[   28.625365][  T371]  ? load_image+0x3e0/0x3e0
[   28.629900][  T371]  ? unwind_get_return_address+0x4d/0x90
[   28.635553][  T371]  print_address_description+0x7f/0x2c0
[   28.641095][  T371]  ? xfrm_policy_inexact_list_reinsert+0x606/0x6c0
[   28.647592][  T371]  kasan_report+0xf1/0x140
[   28.652004][  T371]  ? xfrm_policy_inexact_list_reinsert+0x606/0x6c0
[   28.658519][  T371]  __asan_report_load1_noabort+0x14/0x20
[   28.664148][  T371]  xfrm_policy_inexact_list_reinsert+0x606/0x6c0
[   28.670504][  T371]  xfrm_policy_inexact_insert_node+0x5a7/0xb50
[   28.676660][  T371]  xfrm_policy_inexact_alloc_chain+0x53d/0xb30
[   28.682828][  T371]  xfrm_policy_inexact_insert+0x70/0x1130
[   28.688550][  T371]  ? __kasan_check_write+0x14/0x20
[   28.693660][  T371]  ? _raw_spin_lock_bh+0x94/0xf0
[   28.698593][  T371]  ? policy_hash_bysel+0x13f/0x6f0
[   28.703700][  T371]  xfrm_policy_insert+0x126/0x9a0
[   28.708716][  T371]  ? xfrm_policy_construct+0x54f/0x1f00
[   28.714466][  T371]  xfrm_add_policy+0x4ed/0x850
[   28.719244][  T371]  ? xfrm_dump_sa_done+0xc0/0xc0
[   28.724213][  T371]  xfrm_user_rcv_msg+0x4dc/0x7b0
[   28.729155][  T371]  ? xfrm_netlink_rcv+0x90/0x90
[   28.734012][  T371]  ? avc_has_perm_noaudit+0x490/0x490
[   28.739556][  T371]  ? x64_sys_call+0x4b/0x9a0
[   28.744194][  T371]  ? selinux_nlmsg_lookup+0x237/0x4c0
[   28.749585][  T371]  netlink_rcv_skb+0x1f5/0x440
[   28.754353][  T371]  ? xfrm_netlink_rcv+0x90/0x90
[   28.759209][  T371]  ? netlink_ack+0xb50/0xb50
[   28.763946][  T371]  ? wait_for_completion_killable_timeout+0x10/0x10
[   28.770545][  T371]  ? __netlink_lookup+0x387/0x3b0
[   28.775580][  T371]  xfrm_netlink_rcv+0x72/0x90
[   28.780280][  T371]  netlink_unicast+0x876/0xa40
[   28.785049][  T371]  netlink_sendmsg+0x879/0xb80
[   28.789815][  T371]  ? netlink_getsockopt+0x530/0x530
[   28.795012][  T371]  ? do_futex+0xde8/0x2800
[   28.799427][  T371]  ? security_socket_sendmsg+0x82/0xa0
[   28.804882][  T371]  ? netlink_getsockopt+0x530/0x530
[   28.810076][  T371]  ____sys_sendmsg+0x5b7/0x8f0
[   28.814854][  T371]  ? __sys_sendmsg_sock+0x40/0x40
[   28.819879][  T371]  ? import_iovec+0x7c/0xb0
[   28.824393][  T371]  ___sys_sendmsg+0x236/0x2e0
[   28.829073][  T371]  ? __sys_sendmsg+0x280/0x280
[   28.833928][  T371]  ? __kasan_check_read+0x11/0x20
[   28.838976][  T371]  ? __fdget+0x15b/0x230
[   28.843216][  T371]  __x64_sys_sendmsg+0x206/0x2f0
[   28.848149][  T371]  ? ___sys_sendmsg+0x2e0/0x2e0
[   28.853032][  T371]  ? fpregs_assert_state_consistent+0xb1/0xe0
[   28.859099][  T371]  x64_sys_call+0x4b/0x9a0
[   28.863523][  T371]  do_syscall_64+0x4c/0xa0
[   28.867963][  T371]  ? clear_bhb_loop+0x50/0xa0
[   28.872641][  T371]  ? clear_bhb_loop+0x50/0xa0
[   28.877315][  T371]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   28.883275][  T371] RIP: 0033:0x7f53bd49cdd9
[   28.887696][  T371] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   28.907304][  T371] RSP: 002b:00007ffc1f1d53c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   28.915725][  T371] RAX: ffffffffffffffda RBX: 00007f53bd715fa0 RCX: 00007f53bd49cdd9
[   28.923705][  T371] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000006
[   28.931711][  T371] RBP: 00007f53bd532d69 R08: 0000000000000000 R09: 0000000000000000
[   28.939684][  T371] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   28.947656][  T371] R13: 00007f53bd715fac R14: 00007f53bd715fa0 R15: 00007f53bd715fa0
[   28.955629][  T371]  </TASK>
[   28.958646][  T371] 
[   28.960960][  T371] Allocated by task 371:
[   28.965193][  T371]  __kasan_kmalloc+0xda/0x110
[   28.969872][  T371]  __kmalloc+0x13d/0x2c0
[   28.974111][  T371]  sk_prot_alloc+0xed/0x320
[   28.978609][  T371]  sk_alloc+0x38/0x430
[   28.982675][  T371]  pfkey_create+0x12a/0x660
[   28.987170][  T371]  __sock_create+0x38d/0x7a0
[   28.991753][  T371]  __sys_socket+0xec/0x190
[   28.996264][  T371]  __x64_sys_socket+0x7a/0x90
[   29.000936][  T371]  x64_sys_call+0x8c5/0x9a0
[   29.005432][  T371]  do_syscall_64+0x4c/0xa0
[   29.009849][  T371]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   29.015741][  T371] 
[   29.018059][  T371] The buggy address belongs to the object at ffff8881108a3000
[   29.018059][  T371]  which belongs to the cache kmalloc-1k of size 1024
[   29.032104][  T371] The buggy address is located 1016 bytes inside of
[   29.032104][  T371]  1024-byte region [ffff8881108a3000, ffff8881108a3400)
[   29.045545][  T371] The buggy address belongs to the page:
[   29.051163][  T371] page:ffffea0004422800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1108a0
[   29.061392][  T371] head:ffffea0004422800 order:3 compound_mapcount:0 compound_pincount:0
[   29.069714][  T371] flags: 0x4000000000010200(slab|head|zone=1)
[   29.075900][  T371] raw: 4000000000010200 0000000000000000 dead000000000122 ffff888100043080
[   29.084504][  T371] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[   29.093235][  T371] page dumped because: kasan: bad access detected
[   29.099659][  T371] page_owner tracks the page as allocated
[   29.105377][  T371] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 367, ts 28553122999, free_ts 28256470085
[   29.125955][  T371]  post_alloc_hook+0x192/0x1b0
[   29.130745][  T371]  prep_new_page+0x1c/0x110
[   29.135276][  T371]  get_page_from_freelist+0x2d3a/0x2dc0
[   29.140841][  T371]  __alloc_pages+0x1a2/0x460
[   29.145455][  T371]  new_slab+0xa1/0x4d0
[   29.149534][  T371]  ___slab_alloc+0x381/0x810
[   29.154146][  T371]  __slab_alloc+0x49/0x90
[   29.158486][  T371]  __kmalloc+0x16a/0x2c0
[   29.162740][  T371]  ipt_alloc_initial_table+0x6d/0x630
[   29.168134][  T371]  iptable_filter_table_init+0x1d/0xb0
[   29.173610][  T371]  xt_find_table_lock+0x2a5/0x400
[   29.178645][  T371]  xt_request_find_table_lock+0x27/0x100
[   29.184291][  T371]  do_ipt_get_ctl+0x6ce/0x1100
[   29.189070][  T371]  nf_getsockopt+0x26d/0x290
[   29.193675][  T371]  ip_getsockopt+0x137b/0x17d0
[   29.198451][  T371]  tcp_getsockopt+0x205/0x2360
[   29.203225][  T371] page last free stack trace:
[   29.207902][  T371]  free_unref_page_prepare+0x542/0x550
[   29.213372][  T371]  free_unref_page+0xae/0x540
[   29.218056][  T371]  __free_pages+0x6c/0x100
[   29.222486][  T371]  __free_slab+0xe8/0x1e0
[   29.226830][  T371]  __unfreeze_partials+0x160/0x190
[   29.231952][  T371]  put_cpu_partial+0xc6/0x120
[   29.236654][  T371]  __slab_free+0x1d4/0x290
[   29.241171][  T371]  ___cache_free+0x104/0x120
[   29.245778][  T371]  qlink_free+0x4d/0x90
[   29.250040][  T371]  qlist_free_all+0x5f/0xb0
[   29.254556][  T371]  kasan_quarantine_reduce+0x14a/0x170
[   29.260019][  T371]  __kasan_slab_alloc+0x2f/0xf0
[   29.264875][  T371]  slab_post_alloc_hook+0x4f/0x2b0
[   29.270089][  T371]  kmem_cache_alloc+0xf7/0x260
[   29.274864][  T371]  __alloc_skb+0xe0/0x740
[   29.279203][  T371]  netlink_ack+0x372/0xb50
[   29.283630][  T371] 
[   29.285963][  T371] Memory state around the buggy address:
[   29.291596][  T371]  ffff8881108a3280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.299870][  T371]  ffff8881108a3300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.307942][  T371] >ffff8881108a3380: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[   29.316007][  T371]                                                                 ^
[   29.323993][  T371]  ffff8881108a3400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.332064][  T371]  ffff8881108a3480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.340137][  T371] ==================================================================
[   29.348204][  T371] Disabling lock debugging due to kernel taint