Warning: Permanently added '10.128.0.171' (ED25519) to the list of known hosts.
2025/09/20 20:08:14 parsed 1 programs
[   24.358983][   T24] audit: type=1400 audit(1758398894.910:64): avc:  denied  { node_bind } for  pid=275 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[   24.379961][   T24] audit: type=1400 audit(1758398894.910:65): avc:  denied  { create } for  pid=275 comm="syz-execprog" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   24.399843][   T24] audit: type=1400 audit(1758398894.910:66): avc:  denied  { module_request } for  pid=275 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[   25.292494][   T24] audit: type=1400 audit(1758398895.840:67): avc:  denied  { mounton } for  pid=284 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   25.293887][  T284] cgroup: Unknown subsys name 'net'
[   25.315222][   T24] audit: type=1400 audit(1758398895.840:68): avc:  denied  { mount } for  pid=284 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   25.342528][   T24] audit: type=1400 audit(1758398895.870:69): avc:  denied  { unmount } for  pid=284 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   25.342780][  T284] cgroup: Unknown subsys name 'devices'
[   25.520748][  T284] cgroup: Unknown subsys name 'hugetlb'
[   25.526381][  T284] cgroup: Unknown subsys name 'rlimit'
[   25.705177][   T24] audit: type=1400 audit(1758398896.250:70): avc:  denied  { setattr } for  pid=284 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=253 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   25.728394][   T24] audit: type=1400 audit(1758398896.250:71): avc:  denied  { create } for  pid=284 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   25.732139][  T286] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   25.749138][   T24] audit: type=1400 audit(1758398896.250:72): avc:  denied  { write } for  pid=284 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   25.777680][   T24] audit: type=1400 audit(1758398896.250:73): avc:  denied  { read } for  pid=284 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   25.798048][  T284] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   26.258467][  T288] request_module fs-gadgetfs succeeded, but still no fs?
[   26.269368][  T288] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation
[   26.642734][  T311] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.649806][  T311] bridge0: port 1(bridge_slave_0) entered disabled state
[   26.657158][  T311] device bridge_slave_0 entered promiscuous mode
[   26.664094][  T311] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.671154][  T311] bridge0: port 2(bridge_slave_1) entered disabled state
[   26.678504][  T311] device bridge_slave_1 entered promiscuous mode
[   26.714343][  T311] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.721406][  T311] bridge0: port 2(bridge_slave_1) entered forwarding state
[   26.728701][  T311] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.735728][  T311] bridge0: port 1(bridge_slave_0) entered forwarding state
[   26.753255][    T7] bridge0: port 1(bridge_slave_0) entered disabled state
[   26.760675][    T7] bridge0: port 2(bridge_slave_1) entered disabled state
[   26.767924][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   26.775632][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   26.785122][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   26.793411][    T7] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.800465][    T7] bridge0: port 1(bridge_slave_0) entered forwarding state
[   26.809211][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   26.817419][    T7] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.824462][    T7] bridge0: port 2(bridge_slave_1) entered forwarding state
[   26.836462][  T315] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   26.845847][  T315] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   26.860306][  T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   26.871494][  T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   26.879650][  T315] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   26.887050][  T315] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   26.895535][  T311] device veth0_vlan entered promiscuous mode
[   26.906849][  T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   26.915970][  T311] device veth1_macvtap entered promiscuous mode
[   26.925741][  T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   26.935557][  T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
2025/09/20 20:08:17 executed programs: 0
[   27.398234][  T353] bridge0: port 1(bridge_slave_0) entered blocking state
[   27.405474][  T353] bridge0: port 1(bridge_slave_0) entered disabled state
[   27.413026][  T353] device bridge_slave_0 entered promiscuous mode
[   27.423230][  T353] bridge0: port 2(bridge_slave_1) entered blocking state
[   27.430300][  T353] bridge0: port 2(bridge_slave_1) entered disabled state
[   27.437656][  T353] device bridge_slave_1 entered promiscuous mode
[   27.476004][  T353] bridge0: port 2(bridge_slave_1) entered blocking state
[   27.483237][  T353] bridge0: port 2(bridge_slave_1) entered forwarding state
[   27.490526][  T353] bridge0: port 1(bridge_slave_0) entered blocking state
[   27.497677][  T353] bridge0: port 1(bridge_slave_0) entered forwarding state
[   27.515771][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   27.523737][    T7] bridge0: port 1(bridge_slave_0) entered disabled state
[   27.531598][    T7] bridge0: port 2(bridge_slave_1) entered disabled state
[   27.540407][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   27.548629][    T7] bridge0: port 1(bridge_slave_0) entered blocking state
[   27.555651][    T7] bridge0: port 1(bridge_slave_0) entered forwarding state
[   27.567784][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   27.576262][    T7] bridge0: port 2(bridge_slave_1) entered blocking state
[   27.583421][    T7] bridge0: port 2(bridge_slave_1) entered forwarding state
[   27.595004][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   27.604512][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   27.620090][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   27.632878][  T353] device veth0_vlan entered promiscuous mode
[   27.639521][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   27.647469][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   27.655897][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   27.663703][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   27.674647][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   27.682867][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   27.692158][  T353] device veth1_macvtap entered promiscuous mode
[   27.702146][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   27.709911][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   27.718088][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   27.728009][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   27.736310][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   27.763856][  T369] ==================================================================
[   27.771976][  T369] BUG: KASAN: slab-out-of-bounds in tc_setup_flow_action+0x842/0x3280
[   27.780116][  T369] Read of size 8 at addr ffff88810f67c3c0 by task syz.2.17/369
[   27.787638][  T369] 
[   27.789972][  T369] CPU: 0 PID: 369 Comm: syz.2.17 Not tainted syzkaller #0
[   27.797065][  T369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025
[   27.807106][  T369] Call Trace:
[   27.810397][  T369]  __dump_stack+0x21/0x24
[   27.814731][  T369]  dump_stack_lvl+0x169/0x1d8
[   27.819565][  T369]  ? show_regs_print_info+0x18/0x18
[   27.824775][  T369]  ? thaw_kernel_threads+0x220/0x220
[   27.830058][  T369]  print_address_description+0x7f/0x2c0
[   27.835612][  T369]  ? tc_setup_flow_action+0x842/0x3280
[   27.841064][  T369]  kasan_report+0xe2/0x130
[   27.845592][  T369]  ? flow_action_cookie_create+0x28/0x90
[   27.851250][  T369]  ? tc_setup_flow_action+0x842/0x3280
[   27.856705][  T369]  __asan_report_load8_noabort+0x14/0x20
[   27.862336][  T369]  tc_setup_flow_action+0x842/0x3280
[   27.867612][  T369]  ? __kmalloc+0x1a7/0x330
[   27.872044][  T369]  ? flow_rule_alloc+0x32/0x2c0
[   27.876884][  T369]  mall_replace_hw_filter+0x293/0x810
[   27.882245][  T369]  ? pcpu_block_update_hint_alloc+0x8bc/0xc50
[   27.888307][  T369]  ? mall_set_parms+0x410/0x410
[   27.893183][  T369]  ? tcf_exts_destroy+0xb0/0xb0
[   27.898043][  T369]  ? pcpu_alloc+0xf8a/0x16b0
[   27.902636][  T369]  ? mall_set_parms+0x19d/0x410
[   27.907480][  T369]  mall_change+0x528/0x750
[   27.911893][  T369]  ? __kasan_check_write+0x14/0x20
[   27.917044][  T369]  ? mall_get+0xa0/0xa0
[   27.921196][  T369]  ? tcf_chain_tp_insert_unique+0xac1/0xc10
[   27.927081][  T369]  ? nla_strcmp+0xf4/0x140
[   27.931492][  T369]  tc_new_tfilter+0x13f6/0x1a10
[   27.936362][  T369]  ? mall_get+0xa0/0xa0
[   27.940518][  T369]  ? tcf_gate_entry_destructor+0x20/0x20
[   27.946153][  T369]  ? security_capable+0x87/0xb0
[   27.950998][  T369]  ? ns_capable+0x8c/0xf0
[   27.955369][  T369]  ? netlink_net_capable+0x125/0x160
[   27.960681][  T369]  ? tcf_gate_entry_destructor+0x20/0x20
[   27.966336][  T369]  rtnetlink_rcv_msg+0x800/0xb90
[   27.971286][  T369]  ? rtnetlink_bind+0x80/0x80
[   27.975966][  T369]  ? arch_stack_walk+0xee/0x140
[   27.980823][  T369]  ? stack_trace_save+0x98/0xe0
[   27.985673][  T369]  ? stack_trace_snprint+0xf0/0xf0
[   27.990780][  T369]  ? do_syscall_64+0x31/0x40
[   27.995369][  T369]  ? memcpy+0x56/0x70
[   27.999350][  T369]  ? avc_has_perm+0x234/0x360
[   28.004025][  T369]  ? __kasan_slab_alloc+0xbd/0xf0
[   28.009048][  T369]  ? slab_post_alloc_hook+0x5d/0x2f0
[   28.014330][  T369]  ? ___sys_sendmsg+0x1f0/0x260
[   28.019178][  T369]  ? avc_has_perm_noaudit+0x240/0x240
[   28.024546][  T369]  ? selinux_nlmsg_lookup+0x3fb/0x4a0
[   28.029913][  T369]  netlink_rcv_skb+0x1e0/0x430
[   28.034669][  T369]  ? rtnetlink_bind+0x80/0x80
[   28.039349][  T369]  ? netlink_ack+0xb80/0xb80
[   28.043937][  T369]  ? __netlink_lookup+0x387/0x3b0
[   28.048951][  T369]  rtnetlink_rcv+0x1c/0x20
[   28.053363][  T369]  netlink_unicast+0x876/0xa40
[   28.058120][  T369]  netlink_sendmsg+0x88d/0xb30
[   28.062995][  T369]  ? __memcg_kmem_charge+0x140/0x140
[   28.068278][  T369]  ? netlink_getsockopt+0x530/0x530
[   28.073475][  T369]  ? check_preemption_disabled+0x70/0x100
[   28.079278][  T369]  ? security_socket_sendmsg+0x82/0xa0
[   28.084731][  T369]  ? netlink_getsockopt+0x530/0x530
[   28.089924][  T369]  ____sys_sendmsg+0x5a2/0x8c0
[   28.094687][  T369]  ? __sys_sendmsg_sock+0x40/0x40
[   28.099705][  T369]  ? import_iovec+0x7c/0xb0
[   28.104292][  T369]  ___sys_sendmsg+0x1f0/0x260
[   28.109000][  T369]  ? __sys_sendmsg+0x250/0x250
[   28.113858][  T369]  ? __kasan_check_read+0x11/0x20
[   28.118873][  T369]  ? __fdget+0x15b/0x230
[   28.123116][  T369]  __x64_sys_sendmsg+0x1e2/0x2a0
[   28.128058][  T369]  ? ___sys_sendmsg+0x260/0x260
[   28.132908][  T369]  ? debug_smp_processor_id+0x17/0x20
[   28.138287][  T369]  ? fpregs_assert_state_consistent+0xb1/0xe0
[   28.144435][  T369]  ? exit_to_user_mode_prepare+0x2f/0xa0
[   28.150069][  T369]  do_syscall_64+0x31/0x40
[   28.154479][  T369]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   28.160375][  T369] RIP: 0033:0x7f56f9d3ec29
[   28.164784][  T369] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   28.184379][  T369] RSP: 002b:00007ffdc73dc318 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   28.192793][  T369] RAX: ffffffffffffffda RBX: 00007f56f9f85fa0 RCX: 00007f56f9d3ec29
[   28.200776][  T369] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000004
[   28.208949][  T369] RBP: 00007f56f9dc1e41 R08: 0000000000000000 R09: 0000000000000000
[   28.216924][  T369] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   28.224893][  T369] R13: 00007f56f9f85fa0 R14: 00007f56f9f85fa0 R15: 0000000000000003
[   28.232866][  T369] 
[   28.235190][  T369] Allocated by task 369:
[   28.239432][  T369]  __kasan_kmalloc+0xda/0x110
[   28.244104][  T369]  __kmalloc+0x1a7/0x330
[   28.248351][  T369]  tcf_idr_create+0x5f/0x790
[   28.252948][  T369]  tcf_idr_create_from_flags+0x61/0x70
[   28.258398][  T369]  tcf_gact_init+0x2b4/0x520
[   28.262981][  T369]  tcf_action_init_1+0x3e1/0x670
[   28.267910][  T369]  tcf_action_init+0x1e6/0x700
[   28.272668][  T369]  tcf_exts_validate+0x215/0x510
[   28.277598][  T369]  mall_set_parms+0x4b/0x410
[   28.282180][  T369]  mall_change+0x45c/0x750
[   28.286596][  T369]  tc_new_tfilter+0x13f6/0x1a10
[   28.291440][  T369]  rtnetlink_rcv_msg+0x800/0xb90
[   28.296370][  T369]  netlink_rcv_skb+0x1e0/0x430
[   28.301128][  T369]  rtnetlink_rcv+0x1c/0x20
[   28.305537][  T369]  netlink_unicast+0x876/0xa40
[   28.310290][  T369]  netlink_sendmsg+0x88d/0xb30
[   28.315047][  T369]  ____sys_sendmsg+0x5a2/0x8c0
[   28.319811][  T369]  ___sys_sendmsg+0x1f0/0x260
[   28.324500][  T369]  __x64_sys_sendmsg+0x1e2/0x2a0
[   28.329446][  T369]  do_syscall_64+0x31/0x40
[   28.333863][  T369]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   28.339746][  T369] 
[   28.342080][  T369] The buggy address belongs to the object at ffff88810f67c300
[   28.342080][  T369]  which belongs to the cache kmalloc-192 of size 192
[   28.356131][  T369] The buggy address is located 0 bytes to the right of
[   28.356131][  T369]  192-byte region [ffff88810f67c300, ffff88810f67c3c0)
[   28.369738][  T369] The buggy address belongs to the page:
[   28.375374][  T369] page:ffffea00043d9f00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10f67c
[   28.385597][  T369] flags: 0x4000000000000200(slab)
[   28.390618][  T369] raw: 4000000000000200 ffffea00043d9d80 0000000600000006 ffff888100043380
[   28.399198][  T369] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   28.407773][  T369] page dumped because: kasan: bad access detected
[   28.414176][  T369] page_owner tracks the page as allocated
[   28.419891][  T369] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 96, ts 5863729433, free_ts 5863707497
[   28.435609][  T369]  prep_new_page+0x179/0x180
[   28.440202][  T369]  get_page_from_freelist+0x2235/0x23d0
[   28.445743][  T369]  __alloc_pages_nodemask+0x268/0x5f0
[   28.451106][  T369]  new_slab+0x84/0x3f0
[   28.455171][  T369]  ___slab_alloc+0x2a6/0x450
[   28.459754][  T369]  __slab_alloc+0x63/0xa0
[   28.464098][  T369]  kmem_cache_alloc_trace+0x1b3/0x2e0
[   28.469464][  T369]  kernfs_fop_open+0x343/0xb30
[   28.474218][  T369]  do_dentry_open+0x793/0x1090
[   28.478974][  T369]  vfs_open+0x73/0x80
[   28.482946][  T369]  path_openat+0x27ad/0x3160
[   28.487532][  T369]  do_filp_open+0x1b3/0x3e0
[   28.492038][  T369]  do_sys_openat2+0x14c/0x6d0
[   28.496707][  T369]  __x64_sys_openat+0x136/0x160
[   28.501554][  T369]  do_syscall_64+0x31/0x40
[   28.505967][  T369]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   28.511867][  T369] page last free stack trace:
[   28.516556][  T369]  free_unref_page_prepare+0x2b7/0x2d0
[   28.522031][  T369]  __free_pages+0x14b/0x380
[   28.526537][  T369]  free_pages+0x82/0x90
[   28.530694][  T369]  selinux_genfs_get_sid+0x20b/0x250
[   28.535996][  T369]  inode_doinit_with_dentry+0x86d/0xd70
[   28.541540][  T369]  selinux_d_instantiate+0x27/0x40
[   28.546640][  T369]  security_d_instantiate+0x9e/0xf0
[   28.551831][  T369]  d_splice_alias+0x6d/0x390
[   28.556414][  T369]  kernfs_iop_lookup+0x2c5/0x310
[   28.561346][  T369]  path_openat+0x1127/0x3160
[   28.565954][  T369]  do_filp_open+0x1b3/0x3e0
[   28.570450][  T369]  do_sys_openat2+0x14c/0x6d0
[   28.575130][  T369]  __x64_sys_openat+0x136/0x160
[   28.579972][  T369]  do_syscall_64+0x31/0x40
[   28.584386][  T369]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   28.590287][  T369] 
[   28.592605][  T369] Memory state around the buggy address:
[   28.598230][  T369]  ffff88810f67c280: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.606283][  T369]  ffff88810f67c300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   28.614348][  T369] >ffff88810f67c380: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   28.622404][  T369]                                            ^
[   28.628545][  T369]  ffff88810f67c400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   28.636603][  T369]  ffff88810f67c480: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.644656][  T369] ==================================================================
[   28.652719][  T369] Disabling lock debugging due to kernel taint