Warning: Permanently added '10.128.0.76' (ED25519) to the list of known hosts. executing program [ 43.739848][ T4019] ================================================================== [ 43.741973][ T4019] BUG: KASAN: slab-out-of-bounds in xfrm_policy_inexact_list_reinsert+0x518/0x568 [ 43.744200][ T4019] Read of size 1 at addr ffff0000c2abb600 by task syz-executor160/4019 [ 43.746209][ T4019] [ 43.746792][ T4019] CPU: 0 PID: 4019 Comm: syz-executor160 Not tainted 5.15.177-syzkaller #0 [ 43.749018][ T4019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 43.751470][ T4019] Call trace: [ 43.752252][ T4019] dump_backtrace+0x0/0x530 [ 43.753348][ T4019] show_stack+0x2c/0x3c [ 43.754441][ T4019] dump_stack_lvl+0x108/0x170 [ 43.755581][ T4019] print_address_description+0x7c/0x3f0 [ 43.757238][ T4019] kasan_report+0x174/0x1e4 [ 43.758391][ T4019] __asan_report_load1_noabort+0x44/0x50 [ 43.759822][ T4019] xfrm_policy_inexact_list_reinsert+0x518/0x568 [ 43.761349][ T4019] xfrm_policy_inexact_insert_node+0x77c/0x924 [ 43.762898][ T4019] xfrm_policy_inexact_alloc_chain+0x57c/0x1078 [ 43.764535][ T4019] xfrm_policy_inexact_insert+0xdc/0x1084 [ 43.765933][ T4019] xfrm_policy_insert+0xd0/0x870 [ 43.767159][ T4019] xfrm_add_policy+0x424/0x82c [ 43.768384][ T4019] xfrm_user_rcv_msg+0x4a8/0x72c [ 43.769594][ T4019] netlink_rcv_skb+0x20c/0x3b8 [ 43.770745][ T4019] xfrm_netlink_rcv+0x80/0x9c [ 43.771957][ T4019] netlink_unicast+0x664/0x938 [ 43.773175][ T4019] netlink_sendmsg+0x844/0xb38 [ 43.774374][ T4019] ____sys_sendmsg+0x584/0x870 [ 43.775592][ T4019] ___sys_sendmsg+0x214/0x294 [ 43.776729][ T4019] __arm64_sys_sendmsg+0x1ac/0x25c [ 43.777989][ T4019] invoke_syscall+0x98/0x2b8 [ 43.779122][ T4019] el0_svc_common+0x138/0x258 [ 43.780261][ T4019] do_el0_svc+0x58/0x14c [ 43.781383][ T4019] el0_svc+0x7c/0x1f0 [ 43.782397][ T4019] el0t_64_sync_handler+0x84/0xe4 [ 43.783608][ T4019] el0t_64_sync+0x1a0/0x1a4 [ 43.784699][ T4019] [ 43.785291][ T4019] Allocated by task 4019: [ 43.786388][ T4019] ____kasan_kmalloc+0xbc/0xfc [ 43.787522][ T4019] __kasan_kmalloc+0x10/0x1c [ 43.788683][ T4019] __kmalloc+0x29c/0x4c8 [ 43.789710][ T4019] sk_prot_alloc+0xc4/0x1f0 [ 43.790844][ T4019] sk_alloc+0x40/0x3e0 [ 43.791842][ T4019] pfkey_create+0xcc/0x53c [ 43.792937][ T4019] __sock_create+0x43c/0x8a0 [ 43.794086][ T4019] __sys_socket+0x168/0x310 [ 43.795196][ T4019] __arm64_sys_socket+0x7c/0x94 [ 43.796491][ T4019] invoke_syscall+0x98/0x2b8 [ 43.797618][ T4019] el0_svc_common+0x138/0x258 [ 43.798796][ T4019] do_el0_svc+0x58/0x14c [ 43.799819][ T4019] el0_svc+0x7c/0x1f0 [ 43.800770][ T4019] el0t_64_sync_handler+0x84/0xe4 [ 43.802038][ T4019] el0t_64_sync+0x1a0/0x1a4 [ 43.803117][ T4019] [ 43.803672][ T4019] The buggy address belongs to the object at ffff0000c2abb000 [ 43.803672][ T4019] which belongs to the cache kmalloc-2k of size 2048 [ 43.807176][ T4019] The buggy address is located 1536 bytes inside of [ 43.807176][ T4019] 2048-byte region [ffff0000c2abb000, ffff0000c2abb800) [ 43.810525][ T4019] The buggy address belongs to the page: [ 43.812065][ T4019] page:000000001f79c778 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ab8 [ 43.814601][ T4019] head:000000001f79c778 order:3 compound_mapcount:0 compound_pincount:0 [ 43.816641][ T4019] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 43.818673][ T4019] raw: 05ffc00000010200 0000000000000000 dead000000000122 ffff0000c0002900 [ 43.820690][ T4019] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 43.822825][ T4019] page dumped because: kasan: bad access detected [ 43.824460][ T4019] [ 43.825024][ T4019] Memory state around the buggy address: [ 43.826419][ T4019] ffff0000c2abb500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 43.828374][ T4019] ffff0000c2abb580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 43.830206][ T4019] >ffff0000c2abb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.832074][ T4019] ^ [ 43.833108][ T4019] ffff0000c2abb680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.835017][ T4019] ffff0000c2abb700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.836987][ T4019] ================================================================== [ 43.839019][ T4019] Disabling lock debugging due to kernel taint