Warning: Permanently added '10.128.0.48' (ED25519) to the list of known hosts.
2026/01/27 08:06:37 parsed 1 programs
[   31.122045][   T24] audit: type=1400 audit(1769501197.370:64): avc:  denied  { node_bind } for  pid=275 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[   31.143717][   T24] audit: type=1400 audit(1769501197.370:65): avc:  denied  { create } for  pid=275 comm="syz-execprog" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   31.163613][   T24] audit: type=1400 audit(1769501197.370:66): avc:  denied  { module_request } for  pid=275 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[   31.770283][   T24] audit: type=1400 audit(1769501198.010:67): avc:  denied  { mounton } for  pid=281 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   31.771199][  T281] cgroup: Unknown subsys name 'net'
[   31.798455][   T24] audit: type=1400 audit(1769501198.010:68): avc:  denied  { mount } for  pid=281 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   31.821009][   T24] audit: type=1400 audit(1769501198.040:69): avc:  denied  { unmount } for  pid=281 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   31.821045][  T281] cgroup: Unknown subsys name 'devices'
[   31.963050][  T281] cgroup: Unknown subsys name 'hugetlb'
[   31.968745][  T281] cgroup: Unknown subsys name 'rlimit'
[   32.171580][   T24] audit: type=1400 audit(1769501198.420:70): avc:  denied  { setattr } for  pid=281 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=253 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   32.195073][   T24] audit: type=1400 audit(1769501198.420:71): avc:  denied  { create } for  pid=281 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[   32.216018][   T24] audit: type=1400 audit(1769501198.420:72): avc:  denied  { write } for  pid=281 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   32.221769][  T286] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   32.236377][   T24] audit: type=1400 audit(1769501198.420:73): avc:  denied  { read } for  pid=281 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   32.296496][  T281] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   32.732912][  T288] request_module fs-gadgetfs succeeded, but still no fs?
[   32.744330][  T288] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation
[   32.956662][  T306] bridge0: port 1(bridge_slave_0) entered blocking state
[   32.964487][  T306] bridge0: port 1(bridge_slave_0) entered disabled state
[   32.971971][  T306] device bridge_slave_0 entered promiscuous mode
[   32.979485][  T306] bridge0: port 2(bridge_slave_1) entered blocking state
[   32.986728][  T306] bridge0: port 2(bridge_slave_1) entered disabled state
[   32.994226][  T306] device bridge_slave_1 entered promiscuous mode
[   33.028665][  T306] bridge0: port 2(bridge_slave_1) entered blocking state
[   33.035938][  T306] bridge0: port 2(bridge_slave_1) entered forwarding state
[   33.043236][  T306] bridge0: port 1(bridge_slave_0) entered blocking state
[   33.050366][  T306] bridge0: port 1(bridge_slave_0) entered forwarding state
[   33.066821][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[   33.074318][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[   33.082430][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   33.089816][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   33.099717][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   33.107889][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[   33.115042][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[   33.124031][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   33.132344][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[   33.139370][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[   33.150499][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   33.159521][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   33.172459][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   33.184183][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   33.192467][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   33.200140][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   33.210012][  T306] device veth0_vlan entered promiscuous mode
[   33.220511][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   33.229415][  T306] device veth1_macvtap entered promiscuous mode
[   33.238202][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   33.248140][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
2026/01/27 08:06:40 executed programs: 0
[   33.896675][  T353] bridge0: port 1(bridge_slave_0) entered blocking state
[   33.904166][  T353] bridge0: port 1(bridge_slave_0) entered disabled state
[   33.911795][  T353] device bridge_slave_0 entered promiscuous mode
[   33.919224][  T353] bridge0: port 2(bridge_slave_1) entered blocking state
[   33.926412][  T353] bridge0: port 2(bridge_slave_1) entered disabled state
[   33.933865][  T353] device bridge_slave_1 entered promiscuous mode
[   33.943682][   T49] device bridge_slave_1 left promiscuous mode
[   33.949822][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[   33.957587][   T49] device bridge_slave_0 left promiscuous mode
[   33.963800][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[   33.971903][   T49] device veth1_macvtap left promiscuous mode
[   33.978235][   T49] device veth0_vlan left promiscuous mode
[   34.100751][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   34.108568][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   34.117588][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   34.126229][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   34.134629][  T312] bridge0: port 1(bridge_slave_0) entered blocking state
[   34.141974][  T312] bridge0: port 1(bridge_slave_0) entered forwarding state
[   34.149354][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   34.159015][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   34.167396][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   34.175709][  T312] bridge0: port 2(bridge_slave_1) entered blocking state
[   34.183222][  T312] bridge0: port 2(bridge_slave_1) entered forwarding state
[   34.194947][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   34.204750][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   34.218164][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   34.229327][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   34.237497][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   34.245148][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   34.253832][  T353] device veth0_vlan entered promiscuous mode
[   34.264838][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   34.274486][  T353] device veth1_macvtap entered promiscuous mode
[   34.285439][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   34.300310][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   34.322614][  T372] ==================================================================
[   34.330847][  T372] BUG: KASAN: slab-out-of-bounds in xfrm_policy_inexact_list_reinsert+0x606/0x6c0
[   34.340053][  T372] Read of size 1 at addr ffff888110b21bd8 by task syz.2.17/372
[   34.347582][  T372] 
[   34.349915][  T372] CPU: 0 PID: 372 Comm: syz.2.17 Not tainted syzkaller #0
[   34.357000][  T372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   34.367191][  T372] Call Trace:
[   34.370565][  T372]  __dump_stack+0x21/0x24
[   34.374974][  T372]  dump_stack_lvl+0x1a7/0x208
[   34.379675][  T372]  ? show_regs_print_info+0x18/0x18
[   34.384887][  T372]  ? thaw_kernel_threads+0x220/0x220
[   34.390168][  T372]  ? unwind_get_return_address+0x4d/0x90
[   34.395795][  T372]  print_address_description+0x7f/0x2c0
[   34.401348][  T372]  ? xfrm_policy_inexact_list_reinsert+0x606/0x6c0
[   34.407844][  T372]  kasan_report+0xe2/0x130
[   34.412277][  T372]  ? xfrm_policy_inexact_list_reinsert+0x606/0x6c0
[   34.418861][  T372]  __asan_report_load1_noabort+0x14/0x20
[   34.424484][  T372]  xfrm_policy_inexact_list_reinsert+0x606/0x6c0
[   34.430814][  T372]  xfrm_policy_inexact_insert_node+0x5a7/0xb50
[   34.436968][  T372]  xfrm_policy_inexact_alloc_chain+0x53d/0xb30
[   34.443119][  T372]  xfrm_policy_inexact_insert+0x70/0x1130
[   34.448933][  T372]  ? __kasan_check_write+0x14/0x20
[   34.454039][  T372]  ? _raw_spin_lock_bh+0x94/0xf0
[   34.458970][  T372]  ? policy_hash_bysel+0x13f/0x6f0
[   34.464078][  T372]  xfrm_policy_insert+0x126/0x9a0
[   34.469103][  T372]  ? xfrm_policy_construct+0x54f/0x1f00
[   34.474740][  T372]  xfrm_add_policy+0x4ed/0x850
[   34.479497][  T372]  ? xfrm_dump_sa_done+0xc0/0xc0
[   34.484437][  T372]  xfrm_user_rcv_msg+0x4d0/0x7b0
[   34.489382][  T372]  ? xfrm_netlink_rcv+0x90/0x90
[   34.494227][  T372]  ? do_syscall_64+0x31/0x40
[   34.498812][  T372]  ? selinux_nlmsg_lookup+0x219/0x4a0
[   34.504278][  T372]  netlink_rcv_skb+0x1f5/0x440
[   34.509031][  T372]  ? xfrm_netlink_rcv+0x90/0x90
[   34.513872][  T372]  ? netlink_ack+0xb70/0xb70
[   34.518452][  T372]  ? mutex_trylock+0xa0/0xa0
[   34.523045][  T372]  ? __netlink_lookup+0x387/0x3b0
[   34.528175][  T372]  xfrm_netlink_rcv+0x72/0x90
[   34.532951][  T372]  netlink_unicast+0x876/0xa40
[   34.537809][  T372]  netlink_sendmsg+0x89c/0xb50
[   34.542570][  T372]  ? netlink_getsockopt+0x530/0x530
[   34.547847][  T372]  ? get_futex_key+0x718/0xc70
[   34.552604][  T372]  ? security_socket_sendmsg+0x82/0xa0
[   34.558154][  T372]  ? netlink_getsockopt+0x530/0x530
[   34.563384][  T372]  ____sys_sendmsg+0x5b7/0x8f0
[   34.568275][  T372]  ? __sys_sendmsg_sock+0x40/0x40
[   34.573305][  T372]  ? import_iovec+0x7c/0xb0
[   34.577805][  T372]  ___sys_sendmsg+0x236/0x2e0
[   34.582478][  T372]  ? slab_post_alloc_hook+0x7d/0x2f0
[   34.587967][  T372]  ? __sys_sendmsg+0x280/0x280
[   34.592724][  T372]  ? alloc_file+0x82/0x540
[   34.597157][  T372]  ? __kasan_check_read+0x11/0x20
[   34.602187][  T372]  ? __fdget+0x15b/0x230
[   34.606422][  T372]  __x64_sys_sendmsg+0x1f9/0x2c0
[   34.611352][  T372]  ? ___sys_sendmsg+0x2e0/0x2e0
[   34.616398][  T372]  ? __fd_install+0x13b/0x270
[   34.621264][  T372]  ? debug_smp_processor_id+0x17/0x20
[   34.626653][  T372]  ? fpregs_assert_state_consistent+0xb1/0xe0
[   34.632713][  T372]  ? exit_to_user_mode_prepare+0x2f/0xa0
[   34.638350][  T372]  do_syscall_64+0x31/0x40
[   34.642767][  T372]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   34.648750][  T372] RIP: 0033:0x7fc163f99eb9
[   34.653157][  T372] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   34.673186][  T372] RSP: 002b:00007ffc3ca36988 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   34.681597][  T372] RAX: ffffffffffffffda RBX: 00007fc164214fa0 RCX: 00007fc163f99eb9
[   34.689739][  T372] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000006
[   34.697915][  T372] RBP: 00007fc164007c1f R08: 0000000000000000 R09: 0000000000000000
[   34.706070][  T372] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   34.714049][  T372] R13: 00007fc164214fac R14: 00007fc164214fa0 R15: 00007fc164214fa0
[   34.722196][  T372] 
[   34.724606][  T372] Allocated by task 372:
[   34.728910][  T372]  __kasan_kmalloc+0xda/0x110
[   34.733585][  T372]  __kmalloc+0x1a4/0x330
[   34.737924][  T372]  sk_prot_alloc+0xb2/0x340
[   34.742508][  T372]  sk_alloc+0x38/0x4e0
[   34.746668][  T372]  pfkey_create+0x12a/0x660
[   34.751264][  T372]  __sock_create+0x38d/0x770
[   34.755970][  T372]  __sys_socket+0xec/0x190
[   34.760392][  T372]  __x64_sys_socket+0x7a/0x90
[   34.765077][  T372]  do_syscall_64+0x31/0x40
[   34.769501][  T372]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   34.775994][  T372] 
[   34.778401][  T372] The buggy address belongs to the object at ffff888110b21800
[   34.778401][  T372]  which belongs to the cache kmalloc-1k of size 1024
[   34.792446][  T372] The buggy address is located 984 bytes inside of
[   34.792446][  T372]  1024-byte region [ffff888110b21800, ffff888110b21c00)
[   34.805883][  T372] The buggy address belongs to the page:
[   34.811773][  T372] page:ffffea000442c800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x110b20
[   34.822109][  T372] head:ffffea000442c800 order:3 compound_mapcount:0 compound_pincount:0
[   34.830612][  T372] flags: 0x4000000000010200(slab|head)
[   34.836066][  T372] raw: 4000000000010200 0000000000000000 0000000100000001 ffff888100042f00
[   34.844646][  T372] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[   34.853390][  T372] page dumped because: kasan: bad access detected
[   34.859799][  T372] page_owner tracks the page as allocated
[   34.865510][  T372] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 107, ts 4890509300, free_ts 0
[   34.883553][  T372]  prep_new_page+0x179/0x180
[   34.888135][  T372]  get_page_from_freelist+0x223b/0x23d0
[   34.893675][  T372]  __alloc_pages_nodemask+0x290/0x620
[   34.899036][  T372]  new_slab+0x84/0x3f0
[   34.903093][  T372]  ___slab_alloc+0x2a6/0x450
[   34.907677][  T372]  __slab_alloc+0x63/0xa0
[   34.911997][  T372]  __kmalloc_track_caller+0x1ec/0x320
[   34.917365][  T372]  __alloc_skb+0xdc/0x520
[   34.921701][  T372]  netlink_sendmsg+0x605/0xb50
[   34.926455][  T372]  ____sys_sendmsg+0x5b7/0x8f0
[   34.931222][  T372]  ___sys_sendmsg+0x236/0x2e0
[   34.935887][  T372]  __x64_sys_sendmsg+0x1f9/0x2c0
[   34.940815][  T372]  do_syscall_64+0x31/0x40
[   34.945221][  T372]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   34.951235][  T372] page_owner free stack trace missing
[   34.956592][  T372] 
[   34.959029][  T372] Memory state around the buggy address:
[   34.964874][  T372]  ffff888110b21a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   34.973045][  T372]  ffff888110b21b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   34.981138][  T372] >ffff888110b21b80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   34.989448][  T372]                                                     ^
[   34.996386][  T372]  ffff888110b21c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   35.004435][  T372]  ffff888110b21c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   35.012750][  T372] ==================================================================
[   35.020908][  T372] Disabling lock debugging due to kernel taint