Warning: Permanently added '10.128.1.88' (ED25519) to the list of known hosts.
2026/05/04 17:44:09 parsed 1 programs
[   26.751783][   T24] audit: type=1400 audit(1777916649.650:64): avc:  denied  { node_bind } for  pid=287 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[   26.773090][   T24] audit: type=1400 audit(1777916649.650:65): avc:  denied  { create } for  pid=287 comm="syz-execprog" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   26.792985][   T24] audit: type=1400 audit(1777916649.650:66): avc:  denied  { module_request } for  pid=287 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[   27.455623][   T24] audit: type=1400 audit(1777916650.350:67): avc:  denied  { mounton } for  pid=294 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2024 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   27.456609][  T294] cgroup: Unknown subsys name 'net'
[   27.478534][   T24] audit: type=1400 audit(1777916650.350:68): avc:  denied  { mount } for  pid=294 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   27.506486][   T24] audit: type=1400 audit(1777916650.390:69): avc:  denied  { unmount } for  pid=294 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   27.506838][  T294] cgroup: Unknown subsys name 'devices'
[   27.740181][  T294] cgroup: Unknown subsys name 'hugetlb'
[   27.746271][  T294] cgroup: Unknown subsys name 'rlimit'
[   27.948347][   T24] audit: type=1400 audit(1777916650.840:70): avc:  denied  { setattr } for  pid=294 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=253 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   27.972045][   T24] audit: type=1400 audit(1777916650.870:71): avc:  denied  { create } for  pid=294 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[   27.993274][   T24] audit: type=1400 audit(1777916650.870:72): avc:  denied  { write } for  pid=294 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   28.003308][  T297] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   28.013985][   T24] audit: type=1400 audit(1777916650.870:73): avc:  denied  { read } for  pid=294 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   28.062728][  T294] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   28.475000][  T299] request_module fs-gadgetfs succeeded, but still no fs?
[   28.486191][  T299] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation
[   28.909630][  T329] bridge0: port 1(bridge_slave_0) entered blocking state
[   28.916920][  T329] bridge0: port 1(bridge_slave_0) entered disabled state
[   28.924628][  T329] device bridge_slave_0 entered promiscuous mode
[   28.932447][  T329] bridge0: port 2(bridge_slave_1) entered blocking state
[   28.939648][  T329] bridge0: port 2(bridge_slave_1) entered disabled state
[   28.947207][  T329] device bridge_slave_1 entered promiscuous mode
[   28.981767][  T329] bridge0: port 2(bridge_slave_1) entered blocking state
[   28.988843][  T329] bridge0: port 2(bridge_slave_1) entered forwarding state
[   28.996181][  T329] bridge0: port 1(bridge_slave_0) entered blocking state
[   29.003442][  T329] bridge0: port 1(bridge_slave_0) entered forwarding state
[   29.019698][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   29.027978][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[   29.035890][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[   29.045537][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   29.054745][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[   29.062073][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[   29.079665][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   29.088100][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[   29.095163][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[   29.102800][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   29.111371][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   29.123060][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   29.133810][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   29.142017][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   29.149959][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   29.158140][  T329] device veth0_vlan entered promiscuous mode
[   29.169004][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   29.178029][  T329] device veth1_macvtap entered promiscuous mode
[   29.187142][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   29.196856][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
2026/05/04 17:44:12 executed programs: 0
[   29.637417][  T364] bridge0: port 1(bridge_slave_0) entered blocking state
[   29.644954][  T364] bridge0: port 1(bridge_slave_0) entered disabled state
[   29.652555][  T364] device bridge_slave_0 entered promiscuous mode
[   29.659962][  T364] bridge0: port 2(bridge_slave_1) entered blocking state
[   29.667136][  T364] bridge0: port 2(bridge_slave_1) entered disabled state
[   29.674952][  T364] device bridge_slave_1 entered promiscuous mode
[   29.714891][  T364] bridge0: port 2(bridge_slave_1) entered blocking state
[   29.722044][  T364] bridge0: port 2(bridge_slave_1) entered forwarding state
[   29.729408][  T364] bridge0: port 1(bridge_slave_0) entered blocking state
[   29.736441][  T364] bridge0: port 1(bridge_slave_0) entered forwarding state
[   29.756044][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   29.763798][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[   29.771459][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[   29.783494][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   29.791769][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[   29.798812][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[   29.807968][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   29.816396][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[   29.823548][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[   29.839026][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   29.848157][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   29.860972][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   29.875258][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   29.883451][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   29.890903][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   29.899347][  T364] device veth0_vlan entered promiscuous mode
[   29.908013][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   29.916185][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   29.925660][  T364] device veth1_macvtap entered promiscuous mode
[   29.935968][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   29.943960][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   29.952464][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   29.970910][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   29.979863][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   30.002225][  T394] ==================================================================
[   30.010337][  T394] BUG: KASAN: slab-out-of-bounds in xfrm_policy_inexact_list_reinsert+0x606/0x6c0
[   30.019526][  T394] Read of size 1 at addr ffff8881103913d8 by task syz.2.17/394
[   30.027051][  T394] 
[   30.029389][  T394] CPU: 1 PID: 394 Comm: syz.2.17 Not tainted syzkaller #0
[   30.036562][  T394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[   30.046912][  T394] Call Trace:
[   30.050200][  T394]  __dump_stack+0x21/0x24
[   30.054515][  T394]  dump_stack_lvl+0x1a7/0x208
[   30.059276][  T394]  ? show_regs_print_info+0x18/0x18
[   30.064456][  T394]  ? thaw_kernel_threads+0x220/0x220
[   30.069809][  T394]  ? unwind_get_return_address+0x4d/0x90
[   30.075434][  T394]  print_address_description+0x7f/0x2c0
[   30.081258][  T394]  ? xfrm_policy_inexact_list_reinsert+0x606/0x6c0
[   30.087918][  T394]  kasan_report+0xe2/0x130
[   30.092319][  T394]  ? xfrm_policy_inexact_list_reinsert+0x606/0x6c0
[   30.098978][  T394]  __asan_report_load1_noabort+0x14/0x20
[   30.104593][  T394]  xfrm_policy_inexact_list_reinsert+0x606/0x6c0
[   30.110912][  T394]  xfrm_policy_inexact_insert_node+0x938/0xb50
[   30.117080][  T394]  ? xfrm_netlink_rcv+0x72/0x90
[   30.121929][  T394]  ? netlink_unicast+0x876/0xa40
[   30.126851][  T394]  ? ____sys_sendmsg+0x5b7/0x8f0
[   30.131778][  T394]  ? do_syscall_64+0x31/0x40
[   30.136485][  T394]  xfrm_policy_inexact_alloc_chain+0x53d/0xb30
[   30.142717][  T394]  xfrm_policy_inexact_insert+0x70/0x1130
[   30.148517][  T394]  ? __kasan_check_write+0x14/0x20
[   30.153647][  T394]  ? _raw_spin_lock_bh+0x94/0xf0
[   30.158694][  T394]  ? policy_hash_bysel+0x13f/0x6f0
[   30.164091][  T394]  xfrm_policy_insert+0x126/0x9a0
[   30.169481][  T394]  ? xfrm_policy_construct+0x54f/0x1f00
[   30.175026][  T394]  xfrm_add_policy+0x4ed/0x850
[   30.179894][  T394]  ? xfrm_dump_sa_done+0xc0/0xc0
[   30.184851][  T394]  xfrm_user_rcv_msg+0x4d0/0x7b0
[   30.190051][  T394]  ? xfrm_netlink_rcv+0x90/0x90
[   30.194922][  T394]  ? do_syscall_64+0x31/0x40
[   30.199520][  T394]  ? selinux_nlmsg_lookup+0x219/0x4a0
[   30.204886][  T394]  netlink_rcv_skb+0x1f5/0x440
[   30.209759][  T394]  ? xfrm_netlink_rcv+0x90/0x90
[   30.215028][  T394]  ? netlink_ack+0xb70/0xb70
[   30.219601][  T394]  ? mutex_trylock+0xa0/0xa0
[   30.224240][  T394]  ? __netlink_lookup+0x387/0x3b0
[   30.229366][  T394]  xfrm_netlink_rcv+0x72/0x90
[   30.234135][  T394]  netlink_unicast+0x876/0xa40
[   30.238906][  T394]  netlink_sendmsg+0x89c/0xb50
[   30.243718][  T394]  ? netlink_getsockopt+0x530/0x530
[   30.249057][  T394]  ? get_futex_key+0x718/0xc70
[   30.253979][  T394]  ? security_socket_sendmsg+0x82/0xa0
[   30.259624][  T394]  ? netlink_getsockopt+0x530/0x530
[   30.264889][  T394]  ____sys_sendmsg+0x5b7/0x8f0
[   30.269662][  T394]  ? __sys_sendmsg_sock+0x40/0x40
[   30.275420][  T394]  ? import_iovec+0x7c/0xb0
[   30.280012][  T394]  ___sys_sendmsg+0x236/0x2e0
[   30.284795][  T394]  ? slab_post_alloc_hook+0x7d/0x2f0
[   30.290081][  T394]  ? __sys_sendmsg+0x280/0x280
[   30.294852][  T394]  ? alloc_file+0x82/0x540
[   30.299368][  T394]  ? __kasan_check_read+0x11/0x20
[   30.304530][  T394]  ? __fdget+0x15b/0x230
[   30.308955][  T394]  __x64_sys_sendmsg+0x1f9/0x2c0
[   30.313881][  T394]  ? ___sys_sendmsg+0x2e0/0x2e0
[   30.318728][  T394]  ? __fd_install+0x13b/0x270
[   30.323407][  T394]  ? debug_smp_processor_id+0x17/0x20
[   30.328796][  T394]  ? fpregs_assert_state_consistent+0xb1/0xe0
[   30.334843][  T394]  ? exit_to_user_mode_prepare+0x2f/0xa0
[   30.340464][  T394]  do_syscall_64+0x31/0x40
[   30.344951][  T394]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   30.350842][  T394] RIP: 0033:0x7f49ef02cdd9
[   30.355254][  T394] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   30.374893][  T394] RSP: 002b:00007ffff95124e8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   30.383578][  T394] RAX: ffffffffffffffda RBX: 00007f49ef2a5fa0 RCX: 00007f49ef02cdd9
[   30.391545][  T394] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000007
[   30.399615][  T394] RBP: 00007f49ef0c2d69 R08: 0000000000000000 R09: 0000000000000000
[   30.407834][  T394] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   30.416016][  T394] R13: 00007f49ef2a5fac R14: 00007f49ef2a5fa0 R15: 00007f49ef2a5fa0
[   30.423984][  T394] 
[   30.426307][  T394] Allocated by task 394:
[   30.430561][  T394]  __kasan_kmalloc+0xda/0x110
[   30.435231][  T394]  __kmalloc+0x1a4/0x330
[   30.439464][  T394]  sk_prot_alloc+0xb2/0x340
[   30.443950][  T394]  sk_alloc+0x38/0x4e0
[   30.448031][  T394]  pfkey_create+0x12a/0x660
[   30.452542][  T394]  __sock_create+0x38d/0x770
[   30.457150][  T394]  __sys_socket+0xec/0x190
[   30.461593][  T394]  __x64_sys_socket+0x7a/0x90
[   30.466383][  T394]  do_syscall_64+0x31/0x40
[   30.470799][  T394]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   30.476671][  T394] 
[   30.478990][  T394] The buggy address belongs to the object at ffff888110391000
[   30.478990][  T394]  which belongs to the cache kmalloc-1k of size 1024
[   30.493452][  T394] The buggy address is located 984 bytes inside of
[   30.493452][  T394]  1024-byte region [ffff888110391000, ffff888110391400)
[   30.506971][  T394] The buggy address belongs to the page:
[   30.512595][  T394] page:ffffea000440e400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x110390
[   30.522999][  T394] head:ffffea000440e400 order:3 compound_mapcount:0 compound_pincount:0
[   30.531413][  T394] flags: 0x4000000000010200(slab|head)
[   30.536862][  T394] raw: 4000000000010200 ffffea00043d6200 0000000300000003 ffff888100042f00
[   30.545441][  T394] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[   30.554023][  T394] page dumped because: kasan: bad access detected
[   30.560446][  T394] page_owner tracks the page as allocated
[   30.566162][  T394] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 95, ts 5432485348, free_ts 0
[   30.584308][  T394]  prep_new_page+0x179/0x180
[   30.588988][  T394]  get_page_from_freelist+0x223b/0x23d0
[   30.594673][  T394]  __alloc_pages_nodemask+0x290/0x620
[   30.600130][  T394]  new_slab+0x84/0x3f0
[   30.604190][  T394]  ___slab_alloc+0x2a6/0x450
[   30.609020][  T394]  __slab_alloc+0x63/0xa0
[   30.613355][  T394]  __kmalloc_track_caller+0x1ec/0x320
[   30.618850][  T394]  __alloc_skb+0xdc/0x520
[   30.623186][  T394]  netlink_sendmsg+0x605/0xb50
[   30.628386][  T394]  ____sys_sendmsg+0x5b7/0x8f0
[   30.633155][  T394]  ___sys_sendmsg+0x236/0x2e0
[   30.637840][  T394]  __x64_sys_sendmsg+0x1f9/0x2c0
[   30.642956][  T394]  do_syscall_64+0x31/0x40
[   30.647365][  T394]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   30.653271][  T394] page_owner free stack trace missing
[   30.658725][  T394] 
[   30.661053][  T394] Memory state around the buggy address:
[   30.666783][  T394]  ffff888110391280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.675362][  T394]  ffff888110391300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.683526][  T394] >ffff888110391380: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   30.691682][  T394]                                                     ^
[   30.698610][  T394]  ffff888110391400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.706662][  T394]  ffff888110391480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.714727][  T394] ==================================================================
[   30.722772][  T394] Disabling lock debugging due to kernel taint