Warning: Permanently added '10.128.1.107' (ED25519) to the list of known hosts.
2026/04/03 23:23:42 parsed 1 programs
[   23.858700][   T24] audit: type=1400 audit(1775258622.220:64): avc:  denied  { node_bind } for  pid=275 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[   23.868165][   T24] audit: type=1400 audit(1775258622.220:65): avc:  denied  { create } for  pid=275 comm="syz-execprog" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   23.875975][   T24] audit: type=1400 audit(1775258622.220:66): avc:  denied  { module_request } for  pid=275 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[   24.777557][   T24] audit: type=1400 audit(1775258623.140:67): avc:  denied  { mounton } for  pid=282 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   24.781188][  T282] cgroup: Unknown subsys name 'net'
[   24.800487][   T24] audit: type=1400 audit(1775258623.140:68): avc:  denied  { mount } for  pid=282 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   24.827717][   T24] audit: type=1400 audit(1775258623.170:69): avc:  denied  { unmount } for  pid=282 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   24.828214][  T282] cgroup: Unknown subsys name 'devices'
[   24.968738][  T282] cgroup: Unknown subsys name 'hugetlb'
[   24.974462][  T282] cgroup: Unknown subsys name 'rlimit'
[   25.153490][   T24] audit: type=1400 audit(1775258623.510:70): avc:  denied  { setattr } for  pid=282 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=253 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   25.176822][   T24] audit: type=1400 audit(1775258623.510:71): avc:  denied  { create } for  pid=282 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[   25.197935][   T24] audit: type=1400 audit(1775258623.510:72): avc:  denied  { write } for  pid=282 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   25.215979][  T285] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   25.218506][   T24] audit: type=1400 audit(1775258623.510:73): avc:  denied  { read } for  pid=282 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   25.259467][  T282] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   25.662982][  T288] request_module fs-gadgetfs succeeded, but still no fs?
[   25.674307][  T288] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation
[   25.959369][  T306] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.966552][  T306] bridge0: port 1(bridge_slave_0) entered disabled state
[   25.974255][  T306] device bridge_slave_0 entered promiscuous mode
[   25.982455][  T306] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.989512][  T306] bridge0: port 2(bridge_slave_1) entered disabled state
[   25.996972][  T306] device bridge_slave_1 entered promiscuous mode
[   26.037231][  T306] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.044550][  T306] bridge0: port 2(bridge_slave_1) entered forwarding state
[   26.051991][  T306] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.059182][  T306] bridge0: port 1(bridge_slave_0) entered forwarding state
[   26.078774][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[   26.086269][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[   26.093674][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   26.101324][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   26.112446][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   26.121094][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.128324][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[   26.139350][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   26.147605][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.155490][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[   26.167362][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   26.177670][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   26.192790][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   26.204151][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   26.212399][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   26.220311][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   26.228604][  T306] device veth0_vlan entered promiscuous mode
[   26.240325][  T306] device veth1_macvtap entered promiscuous mode
[   26.247558][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   26.268786][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   26.277655][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
2026/04/03 23:23:45 executed programs: 0
[   26.839695][  T352] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.846761][  T352] bridge0: port 1(bridge_slave_0) entered disabled state
[   26.855024][  T352] device bridge_slave_0 entered promiscuous mode
[   26.865556][  T352] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.872761][  T352] bridge0: port 2(bridge_slave_1) entered disabled state
[   26.880481][  T352] device bridge_slave_1 entered promiscuous mode
[   26.929541][  T352] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.936614][  T352] bridge0: port 2(bridge_slave_1) entered forwarding state
[   26.944122][  T352] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.951274][  T352] bridge0: port 1(bridge_slave_0) entered forwarding state
[   26.970770][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   26.978627][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[   26.985932][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[   26.995947][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   27.004629][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   27.013069][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[   27.020158][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[   27.030190][    T7] device bridge_slave_1 left promiscuous mode
[   27.036364][    T7] bridge0: port 2(bridge_slave_1) entered disabled state
[   27.044086][    T7] device bridge_slave_0 left promiscuous mode
[   27.050406][    T7] bridge0: port 1(bridge_slave_0) entered disabled state
[   27.058668][    T7] device veth1_macvtap left promiscuous mode
[   27.064711][    T7] device veth0_vlan left promiscuous mode
[   27.153493][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   27.162153][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   27.170801][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[   27.178065][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[   27.190125][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   27.199086][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   27.209734][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   27.218008][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   27.231590][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   27.240162][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   27.251812][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   27.259950][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   27.268192][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   27.275860][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   27.284604][  T352] device veth0_vlan entered promiscuous mode
[   27.294828][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   27.303375][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   27.313584][  T352] device veth1_macvtap entered promiscuous mode
[   27.323243][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   27.331488][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   27.340901][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   27.352210][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   27.360960][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   27.395550][  T372] ==================================================================
[   27.403706][  T372] BUG: KASAN: slab-out-of-bounds in xfrm_policy_inexact_list_reinsert+0x606/0x6c0
[   27.412912][  T372] Read of size 1 at addr ffff888110b053d8 by task syz.2.17/372
[   27.420636][  T372] 
[   27.422985][  T372] CPU: 0 PID: 372 Comm: syz.2.17 Not tainted syzkaller #0
[   27.430085][  T372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[   27.440202][  T372] Call Trace:
[   27.443496][  T372]  __dump_stack+0x21/0x24
[   27.447846][  T372]  dump_stack_lvl+0x1a7/0x208
[   27.452524][  T372]  ? show_regs_print_info+0x18/0x18
[   27.457719][  T372]  ? thaw_kernel_threads+0x220/0x220
[   27.463015][  T372]  ? unwind_get_return_address+0x4d/0x90
[   27.468694][  T372]  print_address_description+0x7f/0x2c0
[   27.474349][  T372]  ? xfrm_policy_inexact_list_reinsert+0x606/0x6c0
[   27.480962][  T372]  kasan_report+0xe2/0x130
[   27.485486][  T372]  ? xfrm_policy_inexact_list_reinsert+0x606/0x6c0
[   27.492192][  T372]  __asan_report_load1_noabort+0x14/0x20
[   27.497963][  T372]  xfrm_policy_inexact_list_reinsert+0x606/0x6c0
[   27.504331][  T372]  xfrm_policy_inexact_insert_node+0x938/0xb50
[   27.510491][  T372]  ? xfrm_netlink_rcv+0x72/0x90
[   27.515426][  T372]  ? netlink_unicast+0x876/0xa40
[   27.520370][  T372]  ? netlink_sendmsg+0x89c/0xb50
[   27.525436][  T372]  ? ____sys_sendmsg+0x5b7/0x8f0
[   27.530572][  T372]  ? ___sys_sendmsg+0x236/0x2e0
[   27.535483][  T372]  ? do_syscall_64+0x31/0x40
[   27.540313][  T372]  xfrm_policy_inexact_alloc_chain+0x53d/0xb30
[   27.546783][  T372]  xfrm_policy_inexact_insert+0x70/0x1130
[   27.552519][  T372]  ? __kasan_check_write+0x14/0x20
[   27.557938][  T372]  ? _raw_spin_lock_bh+0x94/0xf0
[   27.562898][  T372]  ? policy_hash_bysel+0x13f/0x6f0
[   27.568189][  T372]  xfrm_policy_insert+0x126/0x9a0
[   27.573440][  T372]  ? xfrm_policy_construct+0x54f/0x1f00
[   27.579378][  T372]  xfrm_add_policy+0x4ed/0x850
[   27.584163][  T372]  ? xfrm_dump_sa_done+0xc0/0xc0
[   27.589210][  T372]  xfrm_user_rcv_msg+0x4d0/0x7b0
[   27.594477][  T372]  ? xfrm_netlink_rcv+0x90/0x90
[   27.599323][  T372]  ? do_syscall_64+0x31/0x40
[   27.603913][  T372]  ? selinux_nlmsg_lookup+0x219/0x4a0
[   27.609650][  T372]  netlink_rcv_skb+0x1f5/0x440
[   27.614466][  T372]  ? xfrm_netlink_rcv+0x90/0x90
[   27.620365][  T372]  ? netlink_ack+0xb70/0xb70
[   27.624991][  T372]  ? mutex_trylock+0xa0/0xa0
[   27.630044][  T372]  ? __netlink_lookup+0x387/0x3b0
[   27.635204][  T372]  xfrm_netlink_rcv+0x72/0x90
[   27.639917][  T372]  netlink_unicast+0x876/0xa40
[   27.644801][  T372]  netlink_sendmsg+0x89c/0xb50
[   27.649578][  T372]  ? netlink_getsockopt+0x530/0x530
[   27.654911][  T372]  ? get_futex_key+0x718/0xc70
[   27.660053][  T372]  ? security_socket_sendmsg+0x82/0xa0
[   27.665517][  T372]  ? netlink_getsockopt+0x530/0x530
[   27.671412][  T372]  ____sys_sendmsg+0x5b7/0x8f0
[   27.676223][  T372]  ? __sys_sendmsg_sock+0x40/0x40
[   27.681346][  T372]  ? import_iovec+0x7c/0xb0
[   27.686242][  T372]  ___sys_sendmsg+0x236/0x2e0
[   27.690919][  T372]  ? slab_post_alloc_hook+0x7d/0x2f0
[   27.696539][  T372]  ? __sys_sendmsg+0x280/0x280
[   27.701389][  T372]  ? alloc_file+0x82/0x540
[   27.705804][  T372]  ? __kasan_check_read+0x11/0x20
[   27.710911][  T372]  ? __fdget+0x15b/0x230
[   27.715163][  T372]  __x64_sys_sendmsg+0x1f9/0x2c0
[   27.720197][  T372]  ? ___sys_sendmsg+0x2e0/0x2e0
[   27.725249][  T372]  ? __fd_install+0x13b/0x270
[   27.729922][  T372]  ? debug_smp_processor_id+0x17/0x20
[   27.735352][  T372]  ? fpregs_assert_state_consistent+0xb1/0xe0
[   27.741515][  T372]  ? exit_to_user_mode_prepare+0x2f/0xa0
[   27.747306][  T372]  do_syscall_64+0x31/0x40
[   27.751914][  T372]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   27.757804][  T372] RIP: 0033:0x7f066264d819
[   27.762212][  T372] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   27.782013][  T372] RSP: 002b:00007ffe39b9b0e8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   27.790605][  T372] RAX: ffffffffffffffda RBX: 00007f06628c6fa0 RCX: 00007f066264d819
[   27.798572][  T372] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000006
[   27.806659][  T372] RBP: 00007f06626e3c91 R08: 0000000000000000 R09: 0000000000000000
[   27.814797][  T372] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   27.823229][  T372] R13: 00007f06628c6fac R14: 00007f06628c6fa0 R15: 00007f06628c6fa0
[   27.831204][  T372] 
[   27.833693][  T372] Allocated by task 372:
[   27.837956][  T372]  __kasan_kmalloc+0xda/0x110
[   27.842764][  T372]  __kmalloc+0x1a4/0x330
[   27.847032][  T372]  sk_prot_alloc+0xb2/0x340
[   27.851553][  T372]  sk_alloc+0x38/0x4e0
[   27.855632][  T372]  pfkey_create+0x12a/0x660
[   27.860147][  T372]  __sock_create+0x38d/0x770
[   27.864744][  T372]  __sys_socket+0xec/0x190
[   27.869168][  T372]  __x64_sys_socket+0x7a/0x90
[   27.873853][  T372]  do_syscall_64+0x31/0x40
[   27.878369][  T372]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   27.884346][  T372] 
[   27.886688][  T372] The buggy address belongs to the object at ffff888110b05000
[   27.886688][  T372]  which belongs to the cache kmalloc-1k of size 1024
[   27.901248][  T372] The buggy address is located 984 bytes inside of
[   27.901248][  T372]  1024-byte region [ffff888110b05000, ffff888110b05400)
[   27.914617][  T372] The buggy address belongs to the page:
[   27.920404][  T372] page:ffffea000442c000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x110b00
[   27.930732][  T372] head:ffffea000442c000 order:3 compound_mapcount:0 compound_pincount:0
[   27.939495][  T372] flags: 0x4000000000010200(slab|head)
[   27.944991][  T372] raw: 4000000000010200 dead000000000100 dead000000000122 ffff888100042f00
[   27.953700][  T372] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[   27.962296][  T372] page dumped because: kasan: bad access detected
[   27.968799][  T372] page_owner tracks the page as allocated
[   27.974619][  T372] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 352, ts 27388686075, free_ts 27376600349
[   27.995033][  T372]  prep_new_page+0x179/0x180
[   27.999629][  T372]  get_page_from_freelist+0x223b/0x23d0
[   28.005176][  T372]  __alloc_pages_nodemask+0x290/0x620
[   28.010547][  T372]  new_slab+0x84/0x3f0
[   28.014624][  T372]  ___slab_alloc+0x2a6/0x450
[   28.019224][  T372]  __slab_alloc+0x63/0xa0
[   28.023555][  T372]  __kmalloc+0x1fe/0x330
[   28.027800][  T372]  kvmalloc_node+0x88/0x130
[   28.032305][  T372]  xt_alloc_table_info+0x3b/0xa0
[   28.037251][  T372]  ipt_register_table+0xd2/0x4e0
[   28.042203][  T372]  iptable_mangle_table_init+0x7b/0xa0
[   28.047663][  T372]  xt_find_table_lock+0x251/0x3f0
[   28.052695][  T372]  xt_request_find_table_lock+0x27/0x100
[   28.058329][  T372]  do_ipt_get_ctl+0x6ce/0x1100
[   28.063093][  T372]  nf_getsockopt+0x26d/0x290
[   28.067775][  T372]  ip_getsockopt+0x137a/0x17d0
[   28.072575][  T372] page last free stack trace:
[   28.077264][  T372]  __free_pages_ok+0x80b/0x830
[   28.082034][  T372]  __free_pages+0xd8/0x3b0
[   28.086462][  T372]  __free_slab+0xcf/0x190
[   28.090795][  T372]  unfreeze_partials+0x15f/0x190
[   28.095733][  T372]  put_cpu_partial+0xc1/0x180
[   28.100410][  T372]  __slab_free+0x2c9/0x3a0
[   28.104839][  T372]  ___cache_free+0x10e/0x130
[   28.109429][  T372]  qlink_free+0x50/0x90
[   28.113593][  T372]  qlist_free_all+0x5f/0xb0
[   28.118096][  T372]  kasan_quarantine_reduce+0x14a/0x160
[   28.123557][  T372]  __kasan_slab_alloc+0x2f/0xf0
[   28.128409][  T372]  slab_post_alloc_hook+0x5d/0x2f0
[   28.133516][  T372]  __kmalloc+0x180/0x330
[   28.137765][  T372]  qdisc_alloc+0x79/0x740
[   28.142190][  T372]  qdisc_create_dflt+0x6b/0x3a0
[   28.147044][  T372]  dev_activate+0x292/0x11c0
[   28.151632][  T372] 
[   28.153975][  T372] Memory state around the buggy address:
[   28.159899][  T372]  ffff888110b05280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   28.167980][  T372]  ffff888110b05300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   28.176720][  T372] >ffff888110b05380: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   28.184803][  T372]                                                     ^
[   28.191937][  T372]  ffff888110b05400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.200016][  T372]  ffff888110b05480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.208120][  T372] ==================================================================
[   28.216448][  T372] Disabling lock debugging due to kernel taint