Warning: Permanently added '10.128.0.109' (ED25519) to the list of known hosts.
2025/11/03 02:39:20 parsed 1 programs
[   21.793193][   T24] audit: type=1400 audit(1762137560.060:64): avc:  denied  { node_bind } for  pid=275 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[   21.813854][   T24] audit: type=1400 audit(1762137560.060:65): avc:  denied  { create } for  pid=275 comm="syz-execprog" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   21.833610][   T24] audit: type=1400 audit(1762137560.060:66): avc:  denied  { module_request } for  pid=275 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[   22.491146][   T24] audit: type=1400 audit(1762137560.760:67): avc:  denied  { mounton } for  pid=284 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   22.492038][  T284] cgroup: Unknown subsys name 'net'
[   22.513825][   T24] audit: type=1400 audit(1762137560.760:68): avc:  denied  { mount } for  pid=284 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   22.541078][   T24] audit: type=1400 audit(1762137560.790:69): avc:  denied  { unmount } for  pid=284 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   22.541275][  T284] cgroup: Unknown subsys name 'devices'
[   22.768688][  T284] cgroup: Unknown subsys name 'hugetlb'
[   22.774319][  T284] cgroup: Unknown subsys name 'rlimit'
[   22.946318][   T24] audit: type=1400 audit(1762137561.210:70): avc:  denied  { setattr } for  pid=284 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=253 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   22.969506][   T24] audit: type=1400 audit(1762137561.210:71): avc:  denied  { create } for  pid=284 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   22.989360][  T286] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   22.998416][   T24] audit: type=1400 audit(1762137561.210:72): avc:  denied  { write } for  pid=284 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   23.018878][   T24] audit: type=1400 audit(1762137561.210:73): avc:  denied  { read } for  pid=284 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   23.041121][  T284] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   23.497037][  T289] request_module fs-gadgetfs succeeded, but still no fs?
[   23.507415][  T289] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation
[   24.075679][  T338] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.082822][  T338] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.090296][  T338] device bridge_slave_0 entered promiscuous mode
[   24.098226][  T338] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.105248][  T338] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.112613][  T338] device bridge_slave_1 entered promiscuous mode
[   24.141748][  T338] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.148816][  T338] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.156038][  T338] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.163080][  T338] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.179642][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   24.187314][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.194595][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.203531][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   24.212412][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.219486][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.228147][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   24.236315][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.243370][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.255009][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   24.264457][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   24.277520][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   24.293840][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   24.302053][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   24.309703][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   24.318033][  T338] device veth0_vlan entered promiscuous mode
[   24.327002][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   24.339954][  T338] device veth1_macvtap entered promiscuous mode
[   24.348667][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   24.358259][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
2025/11/03 02:39:22 executed programs: 0
[   24.536139][  T353] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.543219][  T353] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.551087][  T353] device bridge_slave_0 entered promiscuous mode
[   24.564026][  T353] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.571222][  T353] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.578650][  T353] device bridge_slave_1 entered promiscuous mode
[   24.608394][  T353] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.615432][  T353] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.622710][  T353] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.629748][  T353] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.649909][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   24.657581][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.664713][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.673889][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   24.682212][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.689271][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.708486][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   24.716574][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.723617][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.731272][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   24.739336][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   24.749992][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   24.766463][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   24.774537][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   24.781938][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   24.790740][  T353] device veth0_vlan entered promiscuous mode
[   24.802275][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   24.811495][  T353] device veth1_macvtap entered promiscuous mode
[   24.821015][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   24.839376][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   24.866493][  T388] ==================================================================
[   24.874577][  T388] BUG: KASAN: slab-out-of-bounds in xfrm_policy_inexact_list_reinsert+0x620/0x6d0
[   24.883868][  T388] Read of size 1 at addr ffff8881101433d8 by task syz.2.17/388
[   24.891393][  T388] 
[   24.893730][  T388] CPU: 0 PID: 388 Comm: syz.2.17 Not tainted syzkaller #0
[   24.900835][  T388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   24.910876][  T388] Call Trace:
[   24.914152][  T388]  __dump_stack+0x21/0x24
[   24.918481][  T388]  dump_stack_lvl+0x169/0x1d8
[   24.923150][  T388]  ? show_regs_print_info+0x18/0x18
[   24.928331][  T388]  ? thaw_kernel_threads+0x220/0x220
[   24.933617][  T388]  ? unwind_get_return_address+0x4d/0x90
[   24.939233][  T388]  print_address_description+0x7f/0x2c0
[   24.944761][  T388]  ? xfrm_policy_inexact_list_reinsert+0x620/0x6d0
[   24.951242][  T388]  kasan_report+0xe2/0x130
[   24.955656][  T388]  ? xfrm_policy_inexact_list_reinsert+0x620/0x6d0
[   24.962138][  T388]  __asan_report_load1_noabort+0x14/0x20
[   24.967765][  T388]  xfrm_policy_inexact_list_reinsert+0x620/0x6d0
[   24.974087][  T388]  xfrm_policy_inexact_insert_node+0x938/0xb50
[   24.980225][  T388]  ? xfrm_netlink_rcv+0x72/0x90
[   24.985057][  T388]  ? netlink_unicast+0x876/0xa40
[   24.989992][  T388]  ? netlink_sendmsg+0x88d/0xb30
[   24.994913][  T388]  ? ____sys_sendmsg+0x5a2/0x8c0
[   24.999827][  T388]  ? ___sys_sendmsg+0x1f0/0x260
[   25.004660][  T388]  ? do_syscall_64+0x31/0x40
[   25.009236][  T388]  xfrm_policy_inexact_alloc_chain+0x53a/0xb30
[   25.015374][  T388]  xfrm_policy_inexact_insert+0x70/0x1130
[   25.021073][  T388]  ? __get_hash_thresh+0x10c/0x420
[   25.026179][  T388]  ? policy_hash_bysel+0x110/0x4f0
[   25.031277][  T388]  xfrm_policy_insert+0x126/0x9a0
[   25.036285][  T388]  ? xfrm_policy_construct+0x54f/0x1f00
[   25.041820][  T388]  xfrm_add_policy+0x4d1/0x830
[   25.046739][  T388]  ? xfrm_dump_sa_done+0xc0/0xc0
[   25.051657][  T388]  xfrm_user_rcv_msg+0x450/0x6d0
[   25.056575][  T388]  ? xfrm_netlink_rcv+0x90/0x90
[   25.061410][  T388]  ? do_syscall_64+0x31/0x40
[   25.065985][  T388]  ? selinux_nlmsg_lookup+0x219/0x4a0
[   25.071343][  T388]  netlink_rcv_skb+0x1e0/0x430
[   25.076090][  T388]  ? xfrm_netlink_rcv+0x90/0x90
[   25.080922][  T388]  ? netlink_ack+0xb80/0xb80
[   25.085492][  T388]  ? mutex_trylock+0xa0/0xa0
[   25.090065][  T388]  ? __netlink_lookup+0x387/0x3b0
[   25.095070][  T388]  xfrm_netlink_rcv+0x72/0x90
[   25.099728][  T388]  netlink_unicast+0x876/0xa40
[   25.104471][  T388]  netlink_sendmsg+0x88d/0xb30
[   25.109230][  T388]  ? netlink_getsockopt+0x530/0x530
[   25.114409][  T388]  ? security_socket_sendmsg+0x82/0xa0
[   25.119849][  T388]  ? netlink_getsockopt+0x530/0x530
[   25.125033][  T388]  ____sys_sendmsg+0x5a2/0x8c0
[   25.129779][  T388]  ? __sys_sendmsg_sock+0x40/0x40
[   25.134782][  T388]  ? import_iovec+0x7c/0xb0
[   25.139355][  T388]  ___sys_sendmsg+0x1f0/0x260
[   25.144018][  T388]  ? __sys_sendmsg+0x250/0x250
[   25.148781][  T388]  ? alloc_file_pseudo+0x1a4/0x1f0
[   25.153994][  T388]  ? __kasan_check_read+0x11/0x20
[   25.159008][  T388]  ? __fdget+0x15b/0x230
[   25.163233][  T388]  __x64_sys_sendmsg+0x1e2/0x2a0
[   25.168152][  T388]  ? ___sys_sendmsg+0x260/0x260
[   25.172995][  T388]  ? __fd_install+0x13b/0x270
[   25.177657][  T388]  ? debug_smp_processor_id+0x17/0x20
[   25.183016][  T388]  ? fpregs_assert_state_consistent+0xb1/0xe0
[   25.189172][  T388]  ? exit_to_user_mode_prepare+0x2f/0xa0
[   25.194809][  T388]  do_syscall_64+0x31/0x40
[   25.199228][  T388]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   25.205129][  T388] RIP: 0033:0x7f08d07b3fc9
[   25.209532][  T388] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   25.229131][  T388] RSP: 002b:00007ffcc14aa048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   25.237536][  T388] RAX: ffffffffffffffda RBX: 00007f08d0a0afa0 RCX: 00007f08d07b3fc9
[   25.245492][  T388] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000006
[   25.253451][  T388] RBP: 00007f08d0836f91 R08: 0000000000000000 R09: 0000000000000000
[   25.261418][  T388] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   25.269375][  T388] R13: 00007f08d0a0afa0 R14: 00007f08d0a0afa0 R15: 0000000000000003
[   25.277343][  T388] 
[   25.279658][  T388] Allocated by task 388:
[   25.283892][  T388]  __kasan_kmalloc+0xda/0x110
[   25.288560][  T388]  __kmalloc+0x1a7/0x330
[   25.292781][  T388]  sk_prot_alloc+0xb2/0x340
[   25.297263][  T388]  sk_alloc+0x38/0x4e0
[   25.301330][  T388]  pfkey_create+0x12a/0x660
[   25.305811][  T388]  __sock_create+0x38d/0x770
[   25.310379][  T388]  __sys_socket+0xec/0x190
[   25.314775][  T388]  __x64_sys_socket+0x7a/0x90
[   25.319433][  T388]  do_syscall_64+0x31/0x40
[   25.323827][  T388]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   25.329695][  T388] 
[   25.332010][  T388] The buggy address belongs to the object at ffff888110143000
[   25.332010][  T388]  which belongs to the cache kmalloc-1k of size 1024
[   25.346043][  T388] The buggy address is located 984 bytes inside of
[   25.346043][  T388]  1024-byte region [ffff888110143000, ffff888110143400)
[   25.359375][  T388] The buggy address belongs to the page:
[   25.364990][  T388] page:ffffea0004405000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x110140
[   25.375200][  T388] head:ffffea0004405000 order:3 compound_mapcount:0 compound_pincount:0
[   25.383517][  T388] flags: 0x4000000000010200(slab|head)
[   25.388956][  T388] raw: 4000000000010200 0000000000000000 0000000100000001 ffff888100042f00
[   25.397521][  T388] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[   25.406078][  T388] page dumped because: kasan: bad access detected
[   25.412470][  T388] page_owner tracks the page as allocated
[   25.418172][  T388] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 103, ts 4577460338, free_ts 0
[   25.436199][  T388]  prep_new_page+0x179/0x180
[   25.440770][  T388]  get_page_from_freelist+0x2235/0x23d0
[   25.446290][  T388]  __alloc_pages_nodemask+0x268/0x5f0
[   25.451642][  T388]  new_slab+0x84/0x3f0
[   25.455698][  T388]  ___slab_alloc+0x2a6/0x450
[   25.460268][  T388]  __slab_alloc+0x63/0xa0
[   25.464577][  T388]  __kmalloc_track_caller+0x1ef/0x320
[   25.469942][  T388]  __alloc_skb+0xdc/0x520
[   25.474264][  T388]  netlink_sendmsg+0x5f6/0xb30
[   25.479031][  T388]  ____sys_sendmsg+0x5a2/0x8c0
[   25.483778][  T388]  ___sys_sendmsg+0x1f0/0x260
[   25.488465][  T388]  __x64_sys_sendmsg+0x1e2/0x2a0
[   25.493401][  T388]  do_syscall_64+0x31/0x40
[   25.497815][  T388]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   25.503686][  T388] page_owner free stack trace missing
[   25.509049][  T388] 
[   25.511355][  T388] Memory state around the buggy address:
[   25.516970][  T388]  ffff888110143280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.525012][  T388]  ffff888110143300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.533055][  T388] >ffff888110143380: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   25.541098][  T388]                                                     ^
[   25.548010][  T388]  ffff888110143400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.556150][  T388]  ffff888110143480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.564189][  T388] ==================================================================
[   25.572227][  T388] Disabling lock debugging due to kernel taint