Warning: Permanently added '10.128.1.250' (ED25519) to the list of known hosts. 2025/11/18 12:40:26 parsed 1 programs [ 47.308732][ T30] audit: type=1400 audit(1763469627.334:105): avc: denied { unlink } for pid=399 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 47.361507][ T399] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 47.806645][ T30] audit: type=1400 audit(1763469627.834:106): avc: denied { create } for pid=408 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 48.140655][ T428] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.147775][ T428] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.155351][ T428] device bridge_slave_0 entered promiscuous mode [ 48.162926][ T428] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.170119][ T428] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.177545][ T428] device bridge_slave_1 entered promiscuous mode [ 48.223665][ T428] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.230717][ T428] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.238048][ T428] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.245187][ T428] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.264432][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 48.272106][ T313] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.279430][ T313] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.289953][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.298326][ T313] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.305383][ T313] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.314379][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.322576][ T313] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.329638][ T313] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.350192][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 48.358483][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 48.372406][ T428] device veth0_vlan entered promiscuous mode [ 48.379389][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 48.388022][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 48.396494][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 48.404166][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 48.415641][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 48.425002][ T428] device veth1_macvtap entered promiscuous mode [ 48.434565][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 48.445119][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 48.711207][ T30] audit: type=1401 audit(1763469628.734:107): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768" 2025/11/18 12:40:29 executed programs: 0 [ 49.010677][ T467] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.018223][ T467] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.025866][ T467] device bridge_slave_0 entered promiscuous mode [ 49.032738][ T467] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.039941][ T467] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.047545][ T467] device bridge_slave_1 entered promiscuous mode [ 49.093659][ T467] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.100703][ T467] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.108040][ T467] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.115266][ T467] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.133607][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 49.141284][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.148617][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.157714][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 49.166149][ T10] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.173192][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.182610][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 49.190978][ T10] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.198256][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.210348][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 49.219859][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 49.233594][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 49.245881][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 49.254014][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 49.261690][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 49.270181][ T467] device veth0_vlan entered promiscuous mode [ 49.286428][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 49.295625][ T467] device veth1_macvtap entered promiscuous mode [ 49.310484][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 49.320541][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 49.350745][ T30] audit: type=1400 audit(1763469629.374:108): avc: denied { create } for pid=477 comm="syz.2.17" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 49.356173][ T478] ================================================================== [ 49.370149][ T30] audit: type=1400 audit(1763469629.374:109): avc: denied { setopt } for pid=477 comm="syz.2.17" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 49.378179][ T478] BUG: KASAN: slab-out-of-bounds in xfrm_policy_inexact_list_reinsert+0x620/0x6d0 [ 49.378226][ T478] Read of size 1 at addr ffff8881180e6bf8 by task syz.2.17/478 [ 49.378245][ T478] [ 49.378256][ T478] CPU: 1 PID: 478 Comm: syz.2.17 Not tainted syzkaller #0 [ 49.398082][ T30] audit: type=1400 audit(1763469629.374:110): avc: denied { write } for pid=477 comm="syz.2.17" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 49.406728][ T478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 49.406755][ T478] Call Trace: [ 49.406762][ T478] [ 49.406770][ T478] __dump_stack+0x21/0x30 [ 49.406800][ T478] dump_stack_lvl+0xee/0x150 [ 49.414826][ T30] audit: type=1400 audit(1763469629.374:111): avc: denied { create } for pid=477 comm="syz.2.17" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 49.416670][ T478] ? show_regs_print_info+0x20/0x20 [ 49.424147][ T30] audit: type=1400 audit(1763469629.374:112): avc: denied { write } for pid=477 comm="syz.2.17" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 49.442969][ T478] ? load_image+0x3a0/0x3a0 [ 49.442998][ T478] ? unwind_get_return_address+0x4d/0x90 [ 49.443026][ T478] print_address_description+0x7f/0x2c0 [ 49.453529][ T30] audit: type=1400 audit(1763469629.374:113): avc: denied { nlmsg_write } for pid=477 comm="syz.2.17" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 49.456379][ T478] ? xfrm_policy_inexact_list_reinsert+0x620/0x6d0 [ 49.555972][ T478] kasan_report+0xf1/0x140 [ 49.560409][ T478] ? xfrm_policy_inexact_list_reinsert+0x620/0x6d0 [ 49.566948][ T478] __asan_report_load1_noabort+0x14/0x20 [ 49.572686][ T478] xfrm_policy_inexact_list_reinsert+0x620/0x6d0 [ 49.579012][ T478] xfrm_policy_inexact_insert_node+0x938/0xb50 [ 49.585160][ T478] ? xfrm_netlink_rcv+0x72/0x90 [ 49.590036][ T478] ? netlink_unicast+0x876/0xa40 [ 49.595301][ T478] ? netlink_sendmsg+0x86a/0xb70 [ 49.600261][ T478] ? ____sys_sendmsg+0x5a2/0x8c0 [ 49.605207][ T478] ? ___sys_sendmsg+0x1f0/0x260 [ 49.610092][ T478] ? x64_sys_call+0x4b/0x9a0 [ 49.614689][ T478] ? entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 49.620767][ T478] xfrm_policy_inexact_alloc_chain+0x53a/0xb30 [ 49.626937][ T478] xfrm_policy_inexact_insert+0x70/0x1130 [ 49.632663][ T478] ? __get_hash_thresh+0x10c/0x420 [ 49.637773][ T478] ? policy_hash_bysel+0x110/0x4f0 [ 49.642894][ T478] xfrm_policy_insert+0x126/0x9a0 [ 49.648048][ T478] ? xfrm_policy_construct+0x54f/0x1f00 [ 49.653633][ T478] xfrm_add_policy+0x4d1/0x830 [ 49.658413][ T478] ? xfrm_dump_sa_done+0xc0/0xc0 [ 49.663376][ T478] xfrm_user_rcv_msg+0x45c/0x6e0 [ 49.668332][ T478] ? xfrm_netlink_rcv+0x90/0x90 [ 49.673205][ T478] ? avc_has_perm_noaudit+0x460/0x460 [ 49.678601][ T478] ? x64_sys_call+0x4b/0x9a0 [ 49.683290][ T478] ? selinux_nlmsg_lookup+0x237/0x4c0 [ 49.688718][ T478] netlink_rcv_skb+0x1e0/0x430 [ 49.693657][ T478] ? xfrm_netlink_rcv+0x90/0x90 [ 49.698518][ T478] ? netlink_ack+0xb60/0xb60 [ 49.703106][ T478] ? wait_for_completion_killable_timeout+0x10/0x10 [ 49.709694][ T478] ? __netlink_lookup+0x387/0x3b0 [ 49.714718][ T478] xfrm_netlink_rcv+0x72/0x90 [ 49.719392][ T478] netlink_unicast+0x876/0xa40 [ 49.724151][ T478] netlink_sendmsg+0x86a/0xb70 [ 49.728915][ T478] ? netlink_getsockopt+0x530/0x530 [ 49.734116][ T478] ? sock_alloc_file+0xba/0x260 [ 49.738963][ T478] ? security_socket_sendmsg+0x82/0xa0 [ 49.744618][ T478] ? netlink_getsockopt+0x530/0x530 [ 49.749841][ T478] ____sys_sendmsg+0x5a2/0x8c0 [ 49.754613][ T478] ? __sys_sendmsg_sock+0x40/0x40 [ 49.759644][ T478] ? import_iovec+0x7c/0xb0 [ 49.764262][ T478] ___sys_sendmsg+0x1f0/0x260 [ 49.768946][ T478] ? __sys_sendmsg+0x250/0x250 [ 49.773716][ T478] ? __fdget+0x1a1/0x230 [ 49.778044][ T478] __x64_sys_sendmsg+0x1e2/0x2a0 [ 49.783000][ T478] ? ___sys_sendmsg+0x260/0x260 [ 49.787856][ T478] ? __kasan_check_write+0x14/0x20 [ 49.792979][ T478] ? switch_fpu_return+0x15d/0x2c0 [ 49.798110][ T478] x64_sys_call+0x4b/0x9a0 [ 49.802539][ T478] do_syscall_64+0x4c/0xa0 [ 49.807052][ T478] ? clear_bhb_loop+0x50/0xa0 [ 49.811753][ T478] ? clear_bhb_loop+0x50/0xa0 [ 49.816543][ T478] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 49.822549][ T478] RIP: 0033:0x7f4f29c91be9 [ 49.826973][ T478] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 49.846595][ T478] RSP: 002b:00007f4f29b02038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 49.855021][ T478] RAX: ffffffffffffffda RBX: 00007f4f29eb8fa0 RCX: 00007f4f29c91be9 [ 49.863081][ T478] RDX: 0000000000004000 RSI: 0000200000000580 RDI: 0000000000000005 [ 49.871152][ T478] RBP: 00007f4f29d14e19 R08: 0000000000000000 R09: 0000000000000000 [ 49.879332][ T478] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 49.887314][ T478] R13: 00007f4f29eb9038 R14: 00007f4f29eb8fa0 R15: 00007fffbcd71b78 [ 49.895303][ T478] [ 49.898323][ T478] [ 49.900660][ T478] Allocated by task 478: [ 49.904914][ T478] __kasan_kmalloc+0xda/0x110 [ 49.909603][ T478] __kmalloc+0x13d/0x2c0 [ 49.913849][ T478] sk_prot_alloc+0xed/0x320 [ 49.918364][ T478] sk_alloc+0x38/0x430 [ 49.922432][ T478] pfkey_create+0x12a/0x660 [ 49.926936][ T478] __sock_create+0x38d/0x7a0 [ 49.931528][ T478] __sys_socket+0xec/0x190 [ 49.935961][ T478] __x64_sys_socket+0x7a/0x90 [ 49.940641][ T478] x64_sys_call+0x8c5/0x9a0 [ 49.945176][ T478] do_syscall_64+0x4c/0xa0 [ 49.949598][ T478] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 49.955681][ T478] [ 49.958008][ T478] The buggy address belongs to the object at ffff8881180e6800 [ 49.958008][ T478] which belongs to the cache kmalloc-1k of size 1024 [ 49.972062][ T478] The buggy address is located 1016 bytes inside of [ 49.972062][ T478] 1024-byte region [ffff8881180e6800, ffff8881180e6c00) [ 49.985514][ T478] The buggy address belongs to the page: [ 49.991234][ T478] page:ffffea0004603800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1180e0 [ 50.001473][ T478] head:ffffea0004603800 order:3 compound_mapcount:0 compound_pincount:0 [ 50.009881][ T478] flags: 0x4000000000010200(slab|head|zone=1) [ 50.016051][ T478] raw: 4000000000010200 0000000000000000 dead000000000122 ffff888100043080 [ 50.024642][ T478] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 50.033218][ T478] page dumped because: kasan: bad access detected [ 50.039624][ T478] page_owner tracks the page as allocated [ 50.045331][ T478] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d2a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 8, ts 49335240625, free_ts 49286516681 [ 50.065042][ T478] post_alloc_hook+0x192/0x1b0 [ 50.069835][ T478] prep_new_page+0x1c/0x110 [ 50.074343][ T478] get_page_from_freelist+0x2cc5/0x2d50 [ 50.079975][ T478] __alloc_pages+0x18f/0x440 [ 50.084622][ T478] new_slab+0xa1/0x4d0 [ 50.088700][ T478] ___slab_alloc+0x381/0x810 [ 50.093287][ T478] __slab_alloc+0x49/0x90 [ 50.097660][ T478] __kmalloc_track_caller+0x169/0x2c0 [ 50.103033][ T478] __alloc_skb+0x21a/0x740 [ 50.107457][ T478] inet6_rt_notify+0x287/0x470 [ 50.112227][ T478] fib6_del+0xbf9/0xf60 [ 50.116386][ T478] fib6_clean_node+0x296/0x520 [ 50.121146][ T478] fib6_walk_continue+0x4fc/0x700 [ 50.126180][ T478] fib6_walk+0x153/0x290 [ 50.130690][ T478] fib6_clean_all+0x16a/0x230 [ 50.135458][ T478] rt6_disable_ip+0x119/0x700 [ 50.140135][ T478] page last free stack trace: [ 50.144811][ T478] free_unref_page_prepare+0x542/0x550 [ 50.150277][ T478] free_unref_page+0xa2/0x550 [ 50.155050][ T478] __free_pages+0x6c/0x100 [ 50.159463][ T478] __free_slab+0xe8/0x1e0 [ 50.163798][ T478] __unfreeze_partials+0x160/0x190 [ 50.168942][ T478] put_cpu_partial+0xc6/0x120 [ 50.173620][ T478] __slab_free+0x1d4/0x290 [ 50.178036][ T478] ___cache_free+0x104/0x120 [ 50.182626][ T478] qlink_free+0x4d/0x90 [ 50.186867][ T478] qlist_free_all+0x5f/0xb0 [ 50.191375][ T478] kasan_quarantine_reduce+0x14a/0x170 [ 50.196851][ T478] __kasan_slab_alloc+0x2f/0xf0 [ 50.201704][ T478] slab_post_alloc_hook+0x4f/0x2b0 [ 50.206827][ T478] kmem_cache_alloc+0xf7/0x260 [ 50.211688][ T478] sock_alloc_inode+0x1b/0xb0 [ 50.216363][ T478] new_inode_pseudo+0x62/0x210 [ 50.221164][ T478] [ 50.223514][ T478] Memory state around the buggy address: [ 50.229178][ T478] ffff8881180e6a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 50.237260][ T478] ffff8881180e6b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 50.245322][ T478] >ffff8881180e6b80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 50.253378][ T478] ^ [ 50.261435][ T478] ffff8881180e6c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 50.269498][ T478] ffff8881180e6c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 50.277559][ T478] ================================================================== [ 50.285628][ T478] Disabling lock debugging due to kernel taint [ 50.303790][ T30] audit: type=1400 audit(1763469630.324:114): avc: denied { read } for pid=83 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 50.655203][ T8] device bridge_slave_1 left promiscuous mode [ 50.661520][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.672091][ T8] device bridge_slave_0 left promiscuous mode [ 50.678755][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.695852][ T8] device veth1_macvtap left promiscuous mode [ 50.702125][ T8] device veth0_vlan left promiscuous mode 2025/11/18 12:40:34 executed programs: 219 2025/11/18 12:40:39 executed programs: 519