xt_hashlimit: max too large, truncated to 1048576
==================================================================
BUG: KCSAN: data-race in avc_policy_seqno / avc_ss_reset

write to 0xffffffff88f03c28 of 4 bytes by task 7133 on cpu 1:
 avc_latest_notif_update security/selinux/avc.c:582 [inline]
 avc_ss_reset+0x20c/0x240 security/selinux/avc.c:971
 selinux_notify_policy_change security/selinux/ss/services.c:2231 [inline]
 security_set_bools+0x301/0x340 security/selinux/ss/services.c:3166
 sel_commit_bools_write+0x1ea/0x270 security/selinux/selinuxfs.c:1355
 do_loop_readv_writev fs/read_write.c:850 [inline]
 vfs_writev+0x406/0x8b0 fs/read_write.c:1059
 do_writev+0xe7/0x210 fs/read_write.c:1103
 __do_sys_writev fs/read_write.c:1171 [inline]
 __se_sys_writev fs/read_write.c:1168 [inline]
 __x64_sys_writev+0x45/0x50 fs/read_write.c:1168
 x64_sys_call+0x1ba5/0x3000 arch/x86/include/generated/asm/syscalls_64.h:21
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd8/0x2a0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffffffff88f03c28 of 4 bytes by task 7131 on cpu 0:
 avc_policy_seqno+0x15/0x30 security/selinux/avc.c:1207
 task_avdcache_search security/selinux/hooks.c:3157 [inline]
 selinux_inode_permission+0x3bc/0x7c0 security/selinux/hooks.c:3243
 security_inode_permission+0x6d/0xb0 security/security.c:1816
 inode_permission+0x20e/0x3c0 fs/namei.c:604
 lookup_inode_permission_may_exec fs/namei.c:639 [inline]
 may_lookup fs/namei.c:1900 [inline]
 link_path_walk+0x899/0xe30 fs/namei.c:2537
 path_lookupat+0x8c/0x500 fs/namei.c:2745
 filename_lookup+0x147/0x340 fs/namei.c:2775
 kern_path+0x3b/0x130 fs/namei.c:2987
 bpf_prog_get_type_path+0x45/0x1c0 kernel/bpf/inode.c:582
 __bpf_mt_check_path net/netfilter/xt_bpf.c:60 [inline]
 bpf_mt_check_v1+0xee/0x260 net/netfilter/xt_bpf.c:84
 xt_check_match+0x2ad/0x4f0 net/netfilter/x_tables.c:523
 check_match net/ipv4/netfilter/ip_tables.c:471 [inline]
 find_check_match net/ipv4/netfilter/ip_tables.c:487 [inline]
 find_check_entry net/ipv4/netfilter/ip_tables.c:537 [inline]
 translate_table+0xa9c/0xf90 net/ipv4/netfilter/ip_tables.c:716
 do_replace net/ipv4/netfilter/ip_tables.c:1137 [inline]
 do_ipt_set_ctl+0x66f/0x820 net/ipv4/netfilter/ip_tables.c:1635
 nf_setsockopt+0x199/0x1b0 net/netfilter/nf_sockopt.c:101
 ip_setsockopt+0x102/0x110 net/ipv4/ip_sockglue.c:1424
 udp_setsockopt+0x99/0xb0 net/ipv4/udp.c:3110
 sock_common_setsockopt+0x69/0x80 net/core/sock.c:3972
 do_sock_setsockopt net/socket.c:2322 [inline]
 __sys_setsockopt+0x184/0x200 net/socket.c:2347
 __do_sys_setsockopt net/socket.c:2353 [inline]
 __se_sys_setsockopt net/socket.c:2350 [inline]
 __x64_sys_setsockopt+0x64/0x80 net/socket.c:2350
 x64_sys_call+0x21d5/0x3000 arch/x86/include/generated/asm/syscalls_64.h:55
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd8/0x2a0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x0000001f -> 0x00000020

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 7131 Comm: syz.3.852 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
==================================================================