Warning: Permanently added '10.128.0.159' (ED25519) to the list of known hosts.
2025/12/26 09:00:57 parsed 1 programs
[   25.770614][   T24] audit: type=1400 audit(1766739657.450:64): avc:  denied  { node_bind } for  pid=275 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[   25.791397][   T24] audit: type=1400 audit(1766739657.450:65): avc:  denied  { create } for  pid=275 comm="syz-execprog" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   25.811321][   T24] audit: type=1400 audit(1766739657.450:66): avc:  denied  { module_request } for  pid=275 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[   26.722353][   T24] audit: type=1400 audit(1766739658.400:67): avc:  denied  { mounton } for  pid=284 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   26.723667][  T284] cgroup: Unknown subsys name 'net'
[   26.745040][   T24] audit: type=1400 audit(1766739658.400:68): avc:  denied  { mount } for  pid=284 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   26.772344][   T24] audit: type=1400 audit(1766739658.430:69): avc:  denied  { unmount } for  pid=284 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   26.772559][  T284] cgroup: Unknown subsys name 'devices'
[   26.942115][  T284] cgroup: Unknown subsys name 'hugetlb'
[   26.947721][  T284] cgroup: Unknown subsys name 'rlimit'
[   27.128480][   T24] audit: type=1400 audit(1766739658.800:70): avc:  denied  { setattr } for  pid=284 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=253 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   27.151829][   T24] audit: type=1400 audit(1766739658.800:71): avc:  denied  { create } for  pid=284 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[   27.159286][  T286] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   27.172339][   T24] audit: type=1400 audit(1766739658.800:72): avc:  denied  { write } for  pid=284 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   27.201151][   T24] audit: type=1400 audit(1766739658.800:73): avc:  denied  { read } for  pid=284 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   27.230096][  T284] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   27.651106][  T288] request_module fs-gadgetfs succeeded, but still no fs?
[   27.662191][  T288] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation
[   27.955399][  T306] bridge0: port 1(bridge_slave_0) entered blocking state
[   27.962618][  T306] bridge0: port 1(bridge_slave_0) entered disabled state
[   27.970642][  T306] device bridge_slave_0 entered promiscuous mode
[   27.978432][  T306] bridge0: port 2(bridge_slave_1) entered blocking state
[   27.985547][  T306] bridge0: port 2(bridge_slave_1) entered disabled state
[   27.993156][  T306] device bridge_slave_1 entered promiscuous mode
[   28.030033][  T306] bridge0: port 2(bridge_slave_1) entered blocking state
[   28.037075][  T306] bridge0: port 2(bridge_slave_1) entered forwarding state
[   28.044424][  T306] bridge0: port 1(bridge_slave_0) entered blocking state
[   28.051471][  T306] bridge0: port 1(bridge_slave_0) entered forwarding state
[   28.069214][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[   28.076876][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[   28.084258][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   28.092048][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   28.101947][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   28.110230][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[   28.117270][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[   28.126288][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   28.134652][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[   28.141701][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[   28.153496][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   28.163437][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   28.176670][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   28.187682][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   28.196102][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   28.203610][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   28.211904][  T306] device veth0_vlan entered promiscuous mode
[   28.222975][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   28.232149][  T306] device veth1_macvtap entered promiscuous mode
[   28.247544][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   28.256190][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
2025/12/26 09:01:00 executed programs: 0
[   28.896827][   T49] device bridge_slave_1 left promiscuous mode
[   28.903184][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[   28.910695][   T49] device bridge_slave_0 left promiscuous mode
[   28.916820][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[   28.924786][   T49] device veth1_macvtap left promiscuous mode
[   28.931176][   T49] device veth0_vlan left promiscuous mode
[   29.015243][  T355] bridge0: port 1(bridge_slave_0) entered blocking state
[   29.022309][  T355] bridge0: port 1(bridge_slave_0) entered disabled state
[   29.029617][  T355] device bridge_slave_0 entered promiscuous mode
[   29.037524][  T355] bridge0: port 2(bridge_slave_1) entered blocking state
[   29.044588][  T355] bridge0: port 2(bridge_slave_1) entered disabled state
[   29.052311][  T355] device bridge_slave_1 entered promiscuous mode
[   29.099158][  T299] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   29.106635][  T299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   29.115303][  T299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   29.123724][  T299] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   29.132761][  T299] bridge0: port 1(bridge_slave_0) entered blocking state
[   29.139791][  T299] bridge0: port 1(bridge_slave_0) entered forwarding state
[   29.147468][  T299] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   29.156238][  T299] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   29.164606][  T299] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   29.172761][  T299] bridge0: port 2(bridge_slave_1) entered blocking state
[   29.179772][  T299] bridge0: port 2(bridge_slave_1) entered forwarding state
[   29.192055][  T299] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   29.201030][  T299] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   29.214310][  T299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   29.226099][  T299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   29.234807][  T299] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   29.242304][  T299] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   29.250783][  T355] device veth0_vlan entered promiscuous mode
[   29.262040][  T299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   29.271525][  T355] device veth1_macvtap entered promiscuous mode
[   29.281453][  T299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   29.292741][  T299] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   29.316046][  T373] ==================================================================
[   29.324178][  T373] BUG: KASAN: slab-out-of-bounds in xfrm_policy_inexact_list_reinsert+0x620/0x6d0
[   29.333428][  T373] Read of size 1 at addr ffff8881108263d8 by task syz.2.17/373
[   29.340959][  T373] 
[   29.343289][  T373] CPU: 0 PID: 373 Comm: syz.2.17 Not tainted syzkaller #0
[   29.350388][  T373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   29.360428][  T373] Call Trace:
[   29.363719][  T373]  __dump_stack+0x21/0x24
[   29.368037][  T373]  dump_stack_lvl+0x169/0x1d8
[   29.372703][  T373]  ? show_regs_print_info+0x18/0x18
[   29.379469][  T373]  ? thaw_kernel_threads+0x220/0x220
[   29.384747][  T373]  ? unwind_get_return_address+0x4d/0x90
[   29.390368][  T373]  print_address_description+0x7f/0x2c0
[   29.395915][  T373]  ? xfrm_policy_inexact_list_reinsert+0x620/0x6d0
[   29.402443][  T373]  kasan_report+0xe2/0x130
[   29.406933][  T373]  ? xfrm_policy_inexact_list_reinsert+0x620/0x6d0
[   29.413423][  T373]  __asan_report_load1_noabort+0x14/0x20
[   29.419059][  T373]  xfrm_policy_inexact_list_reinsert+0x620/0x6d0
[   29.425467][  T373]  xfrm_policy_inexact_insert_node+0x938/0xb50
[   29.431702][  T373]  ? xfrm_netlink_rcv+0x72/0x90
[   29.436625][  T373]  ? netlink_unicast+0x876/0xa40
[   29.441546][  T373]  ? netlink_sendmsg+0x88d/0xb30
[   29.446468][  T373]  ? ____sys_sendmsg+0x5a2/0x8c0
[   29.451397][  T373]  ? ___sys_sendmsg+0x1f0/0x260
[   29.456233][  T373]  ? do_syscall_64+0x31/0x40
[   29.460813][  T373]  xfrm_policy_inexact_alloc_chain+0x53a/0xb30
[   29.467057][  T373]  xfrm_policy_inexact_insert+0x70/0x1130
[   29.472779][  T373]  ? __get_hash_thresh+0x10c/0x420
[   29.477891][  T373]  ? policy_hash_bysel+0x110/0x4f0
[   29.483184][  T373]  xfrm_policy_insert+0x126/0x9a0
[   29.488325][  T373]  ? xfrm_policy_construct+0x54f/0x1f00
[   29.493878][  T373]  xfrm_add_policy+0x4d1/0x830
[   29.498657][  T373]  ? xfrm_dump_sa_done+0xc0/0xc0
[   29.503588][  T373]  xfrm_user_rcv_msg+0x450/0x6d0
[   29.508610][  T373]  ? xfrm_netlink_rcv+0x90/0x90
[   29.513445][  T373]  ? do_syscall_64+0x31/0x40
[   29.518026][  T373]  ? selinux_nlmsg_lookup+0x219/0x4a0
[   29.523388][  T373]  netlink_rcv_skb+0x1e0/0x430
[   29.528138][  T373]  ? xfrm_netlink_rcv+0x90/0x90
[   29.532980][  T373]  ? netlink_ack+0xb80/0xb80
[   29.537555][  T373]  ? mutex_trylock+0xa0/0xa0
[   29.542128][  T373]  ? __netlink_lookup+0x387/0x3b0
[   29.547137][  T373]  xfrm_netlink_rcv+0x72/0x90
[   29.551808][  T373]  netlink_unicast+0x876/0xa40
[   29.556562][  T373]  netlink_sendmsg+0x88d/0xb30
[   29.561309][  T373]  ? netlink_getsockopt+0x530/0x530
[   29.566491][  T373]  ? security_socket_sendmsg+0x82/0xa0
[   29.572111][  T373]  ? netlink_getsockopt+0x530/0x530
[   29.577317][  T373]  ____sys_sendmsg+0x5a2/0x8c0
[   29.582064][  T373]  ? __sys_sendmsg_sock+0x40/0x40
[   29.587075][  T373]  ? import_iovec+0x7c/0xb0
[   29.591564][  T373]  ___sys_sendmsg+0x1f0/0x260
[   29.596228][  T373]  ? __sys_sendmsg+0x250/0x250
[   29.601077][  T373]  ? alloc_file_pseudo+0x1a4/0x1f0
[   29.606190][  T373]  ? __kasan_check_read+0x11/0x20
[   29.611288][  T373]  ? __fdget+0x15b/0x230
[   29.615520][  T373]  __x64_sys_sendmsg+0x1e2/0x2a0
[   29.620444][  T373]  ? ___sys_sendmsg+0x260/0x260
[   29.625280][  T373]  ? __fd_install+0x13b/0x270
[   29.629942][  T373]  ? debug_smp_processor_id+0x17/0x20
[   29.635300][  T373]  ? fpregs_assert_state_consistent+0xb1/0xe0
[   29.641351][  T373]  ? exit_to_user_mode_prepare+0x2f/0xa0
[   29.646966][  T373]  do_syscall_64+0x31/0x40
[   29.651415][  T373]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   29.657302][  T373] RIP: 0033:0x7f657f0d4749
[   29.661712][  T373] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   29.681391][  T373] RSP: 002b:00007ffd52368438 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   29.689996][  T373] RAX: ffffffffffffffda RBX: 00007f657f32afa0 RCX: 00007f657f0d4749
[   29.697968][  T373] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000006
[   29.705966][  T373] RBP: 00007f657f158f91 R08: 0000000000000000 R09: 0000000000000000
[   29.713931][  T373] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   29.722004][  T373] R13: 00007f657f32afa0 R14: 00007f657f32afa0 R15: 0000000000000003
[   29.729962][  T373] 
[   29.732277][  T373] Allocated by task 373:
[   29.736508][  T373]  __kasan_kmalloc+0xda/0x110
[   29.741172][  T373]  __kmalloc+0x1a7/0x330
[   29.745400][  T373]  sk_prot_alloc+0xb2/0x340
[   29.749887][  T373]  sk_alloc+0x38/0x4e0
[   29.753962][  T373]  pfkey_create+0x12a/0x660
[   29.758446][  T373]  __sock_create+0x38d/0x770
[   29.763021][  T373]  __sys_socket+0xec/0x190
[   29.767423][  T373]  __x64_sys_socket+0x7a/0x90
[   29.772083][  T373]  do_syscall_64+0x31/0x40
[   29.776487][  T373]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   29.782355][  T373] 
[   29.784794][  T373] The buggy address belongs to the object at ffff888110826000
[   29.784794][  T373]  which belongs to the cache kmalloc-1k of size 1024
[   29.798851][  T373] The buggy address is located 984 bytes inside of
[   29.798851][  T373]  1024-byte region [ffff888110826000, ffff888110826400)
[   29.812205][  T373] The buggy address belongs to the page:
[   29.817856][  T373] page:ffffea0004420800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x110820
[   29.828086][  T373] head:ffffea0004420800 order:3 compound_mapcount:0 compound_pincount:0
[   29.836409][  T373] flags: 0x4000000000010200(slab|head)
[   29.841865][  T373] raw: 4000000000010200 0000000000000000 0000000100000001 ffff888100042f00
[   29.850450][  T373] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[   29.859022][  T373] page dumped because: kasan: bad access detected
[   29.865425][  T373] page_owner tracks the page as allocated
[   29.871231][  T373] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 95, ts 5202549209, free_ts 0
[   29.889220][  T373]  prep_new_page+0x179/0x180
[   29.893803][  T373]  get_page_from_freelist+0x2235/0x23d0
[   29.899345][  T373]  __alloc_pages_nodemask+0x268/0x5f0
[   29.904742][  T373]  new_slab+0x84/0x3f0
[   29.908805][  T373]  ___slab_alloc+0x2a6/0x450
[   29.913418][  T373]  __slab_alloc+0x63/0xa0
[   29.917746][  T373]  __kmalloc_track_caller+0x1ef/0x320
[   29.923199][  T373]  __alloc_skb+0xdc/0x520
[   29.927524][  T373]  netlink_sendmsg+0x5f6/0xb30
[   29.932277][  T373]  ____sys_sendmsg+0x5a2/0x8c0
[   29.937035][  T373]  ___sys_sendmsg+0x1f0/0x260
[   29.941718][  T373]  __x64_sys_sendmsg+0x1e2/0x2a0
[   29.946657][  T373]  do_syscall_64+0x31/0x40
[   29.951075][  T373]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   29.956981][  T373] page_owner free stack trace missing
[   29.962376][  T373] 
[   29.964694][  T373] Memory state around the buggy address:
[   29.970320][  T373]  ffff888110826280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.978445][  T373]  ffff888110826300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.986682][  T373] >ffff888110826380: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   29.994757][  T373]                                                     ^
[   30.001687][  T373]  ffff888110826400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.009742][  T373]  ffff888110826480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.017803][  T373] ==================================================================
[   30.025882][  T373] Disabling lock debugging due to kernel taint