Warning: Permanently added '10.128.1.190' (ED25519) to the list of known hosts.
2025/07/20 14:32:10 ignoring optional flag "sandboxArg"="0"
2025/07/20 14:32:11 parsed 1 programs
[   49.794389][   T24] kauditd_printk_skb: 27 callbacks suppressed
[   49.794399][   T24] audit: type=1400 audit(1753021932.260:101): avc:  denied  { create } for  pid=414 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   49.821440][   T24] audit: type=1400 audit(1753021932.260:102): avc:  denied  { write } for  pid=414 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   49.841950][   T24] audit: type=1400 audit(1753021932.260:103): avc:  denied  { read } for  pid=414 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   49.862656][   T24] audit: type=1400 audit(1753021932.290:104): avc:  denied  { unlink } for  pid=414 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   49.906913][  T414] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   50.332095][   T24] audit: type=1400 audit(1753021932.800:105): avc:  denied  { create } for  pid=424 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   50.736460][   T24] audit: type=1401 audit(1753021933.210:106): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
[   50.802939][  T456] bridge0: port 1(bridge_slave_0) entered blocking state
[   50.810144][  T456] bridge0: port 1(bridge_slave_0) entered disabled state
[   50.818004][  T456] device bridge_slave_0 entered promiscuous mode
[   50.824701][  T456] bridge0: port 2(bridge_slave_1) entered blocking state
[   50.832410][  T456] bridge0: port 2(bridge_slave_1) entered disabled state
[   50.840089][  T456] device bridge_slave_1 entered promiscuous mode
[   50.880755][  T456] bridge0: port 2(bridge_slave_1) entered blocking state
[   50.887992][  T456] bridge0: port 2(bridge_slave_1) entered forwarding state
[   50.895312][  T456] bridge0: port 1(bridge_slave_0) entered blocking state
[   50.902387][  T456] bridge0: port 1(bridge_slave_0) entered forwarding state
[   50.918087][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   50.925630][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[   50.933037][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[   50.942136][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   50.950572][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[   50.957643][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[   50.968478][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   50.976703][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[   50.983913][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[   50.994336][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   51.004699][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   51.017295][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   51.028163][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   51.036685][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   51.044074][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   51.052463][  T456] device veth0_vlan entered promiscuous mode
[   51.061889][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   51.070814][  T456] device veth1_macvtap entered promiscuous mode
[   51.079761][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   51.089247][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
2025/07/20 14:32:13 executed programs: 0
[   51.343029][  T474] bridge0: port 1(bridge_slave_0) entered blocking state
[   51.350367][  T474] bridge0: port 1(bridge_slave_0) entered disabled state
[   51.358068][  T474] device bridge_slave_0 entered promiscuous mode
[   51.365093][  T474] bridge0: port 2(bridge_slave_1) entered blocking state
[   51.372374][  T474] bridge0: port 2(bridge_slave_1) entered disabled state
[   51.379692][  T474] device bridge_slave_1 entered promiscuous mode
[   51.416401][  T474] bridge0: port 2(bridge_slave_1) entered blocking state
[   51.423438][  T474] bridge0: port 2(bridge_slave_1) entered forwarding state
[   51.430716][  T474] bridge0: port 1(bridge_slave_0) entered blocking state
[   51.437934][  T474] bridge0: port 1(bridge_slave_0) entered forwarding state
[   51.453915][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   51.461955][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[   51.469421][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[   51.482132][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   51.490470][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[   51.497615][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[   51.506967][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   51.515359][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[   51.522484][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[   51.539149][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   51.548232][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   51.565890][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   51.576889][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   51.584808][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   51.592625][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   51.600895][  T474] device veth0_vlan entered promiscuous mode
[   51.615805][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   51.625009][  T474] device veth1_macvtap entered promiscuous mode
[   51.633846][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   51.656344][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   51.663897][   T24] audit: type=1400 audit(1753021934.130:107): avc:  denied  { create } for  pid=478 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   51.679449][  T479] ==================================================================
[   51.684014][   T24] audit: type=1400 audit(1753021934.130:108): avc:  denied  { setopt } for  pid=478 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   51.691737][  T479] BUG: KASAN: slab-out-of-bounds in xfrm_policy_inexact_list_reinsert+0x620/0x6d0
[   51.691748][  T479] Read of size 1 at addr ffff8881173cfbd8 by task syz.2.16/479
[   51.691750][  T479] 
[   51.691763][  T479] CPU: 0 PID: 479 Comm: syz.2.16 Not tainted 5.10.239-syzkaller-1007860-g6de38b5f6c2b #0
[   51.691768][  T479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   51.691772][  T479] Call Trace:
[   51.691788][  T479]  __dump_stack+0x21/0x24
[   51.691807][  T479]  dump_stack_lvl+0x169/0x1d8
[   51.712581][   T24] audit: type=1400 audit(1753021934.130:109): avc:  denied  { write } for  pid=478 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   51.720651][  T479]  ? show_regs_print_info+0x18/0x18
[   51.720663][  T479]  ? thaw_kernel_threads+0x220/0x220
[   51.720676][  T479]  ? unwind_get_return_address+0x4d/0x90
[   51.720686][  T479]  print_address_description+0x7f/0x2c0
[   51.720699][  T479]  ? xfrm_policy_inexact_list_reinsert+0x620/0x6d0
[   51.720708][  T479]  kasan_report+0xe2/0x130
[   51.720720][  T479]  ? xfrm_policy_inexact_list_reinsert+0x620/0x6d0
[   51.720730][  T479]  __asan_report_load1_noabort+0x14/0x20
[   51.720740][  T479]  xfrm_policy_inexact_list_reinsert+0x620/0x6d0
[   51.720753][  T479]  xfrm_policy_inexact_insert_node+0x938/0xb50
[   51.720761][  T479]  ? xfrm_netlink_rcv+0x72/0x90
[   51.720772][  T479]  ? netlink_unicast+0x87c/0xa40
[   51.720781][  T479]  ? netlink_sendmsg+0x88d/0xb30
[   51.720791][  T479]  ? ____sys_sendmsg+0x5a2/0x8c0
[   51.720800][  T479]  ? ___sys_sendmsg+0x1f0/0x260
[   51.720821][  T479]  ? do_syscall_64+0x31/0x40
[   51.729665][   T24] audit: type=1400 audit(1753021934.130:110): avc:  denied  { create } for  pid=478 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   51.731099][  T479]  xfrm_policy_inexact_alloc_chain+0x53a/0xb30
[   51.897269][  T479]  xfrm_policy_inexact_insert+0x70/0x1130
[   51.903057][  T479]  ? __get_hash_thresh+0x10c/0x420
[   51.908159][  T479]  ? policy_hash_bysel+0x110/0x4f0
[   51.913338][  T479]  xfrm_policy_insert+0x126/0x9a0
[   51.918364][  T479]  ? xfrm_policy_construct+0x54f/0x1f00
[   51.923979][  T479]  xfrm_add_policy+0x4d1/0x830
[   51.928726][  T479]  ? xfrm_dump_sa_done+0xc0/0xc0
[   51.933669][  T479]  xfrm_user_rcv_msg+0x450/0x6d0
[   51.938601][  T479]  ? xfrm_netlink_rcv+0x90/0x90
[   51.943435][  T479]  ? selinux_nlmsg_lookup+0x219/0x4a0
[   51.948790][  T479]  netlink_rcv_skb+0x1e0/0x430
[   51.953616][  T479]  ? xfrm_netlink_rcv+0x90/0x90
[   51.958452][  T479]  ? netlink_ack+0xb80/0xb80
[   51.963029][  T479]  ? mutex_trylock+0xa0/0xa0
[   51.967603][  T479]  ? __netlink_lookup+0x387/0x3b0
[   51.972706][  T479]  xfrm_netlink_rcv+0x72/0x90
[   51.977496][  T479]  netlink_unicast+0x87c/0xa40
[   51.982245][  T479]  netlink_sendmsg+0x88d/0xb30
[   51.987085][  T479]  ? schedule_preempt_disabled+0x20/0x20
[   51.992707][  T479]  ? netlink_getsockopt+0x530/0x530
[   51.997891][  T479]  ? security_socket_sendmsg+0x82/0xa0
[   52.003368][  T479]  ? netlink_getsockopt+0x530/0x530
[   52.008547][  T479]  ____sys_sendmsg+0x5a2/0x8c0
[   52.013417][  T479]  ? __sys_sendmsg_sock+0x40/0x40
[   52.018523][  T479]  ? import_iovec+0x7c/0xb0
[   52.023005][  T479]  ___sys_sendmsg+0x1f0/0x260
[   52.027661][  T479]  ? __sys_sendmsg+0x250/0x250
[   52.032517][  T479]  ? __fdget+0x1a1/0x230
[   52.036841][  T479]  __x64_sys_sendmsg+0x1e2/0x2a0
[   52.041766][  T479]  ? ___sys_sendmsg+0x260/0x260
[   52.046617][  T479]  ? switch_fpu_return+0x197/0x340
[   52.051712][  T479]  do_syscall_64+0x31/0x40
[   52.056366][  T479]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   52.062239][  T479] RIP: 0033:0x7facd5351169
[   52.066633][  T479] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   52.086526][  T479] RSP: 002b:00007facd4dc2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   52.094938][  T479] RAX: ffffffffffffffda RBX: 00007facd5578fa0 RCX: 00007facd5351169
[   52.103063][  T479] RDX: 0000000000004000 RSI: 0000200000000580 RDI: 0000000000000005
[   52.111116][  T479] RBP: 00007facd53d3a68 R08: 0000000000000000 R09: 0000000000000000
[   52.119185][  T479] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   52.127161][  T479] R13: 0000000000000000 R14: 00007facd5578fa0 R15: 00007fff8c53e918
[   52.135117][  T479] 
[   52.137486][  T479] Allocated by task 479:
[   52.141716][  T479]  __kasan_kmalloc+0xda/0x110
[   52.146397][  T479]  __kmalloc+0x1a7/0x330
[   52.150641][  T479]  sk_prot_alloc+0xb2/0x340
[   52.155147][  T479]  sk_alloc+0x38/0x4e0
[   52.159199][  T479]  pfkey_create+0x12a/0x660
[   52.163793][  T479]  __sock_create+0x38d/0x770
[   52.168374][  T479]  __sys_socket+0xec/0x190
[   52.173223][  T479]  __x64_sys_socket+0x7a/0x90
[   52.177897][  T479]  do_syscall_64+0x31/0x40
[   52.182301][  T479]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   52.188169][  T479] 
[   52.190486][  T479] The buggy address belongs to the object at ffff8881173cf800
[   52.190486][  T479]  which belongs to the cache kmalloc-1k of size 1024
[   52.204539][  T479] The buggy address is located 984 bytes inside of
[   52.204539][  T479]  1024-byte region [ffff8881173cf800, ffff8881173cfc00)
[   52.218140][  T479] The buggy address belongs to the page:
[   52.223849][  T479] page:ffffea00045cf200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1173c8
[   52.234577][  T479] head:ffffea00045cf200 order:3 compound_mapcount:0 compound_pincount:0
[   52.242909][  T479] flags: 0x4000000000010200(slab|head)
[   52.248361][  T479] raw: 4000000000010200 ffffea00045cb000 0000000500000005 ffff888100042f00
[   52.257046][  T479] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[   52.265717][  T479] page dumped because: kasan: bad access detected
[   52.272113][  T479] page_owner tracks the page as allocated
[   52.277919][  T479] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 108, ts 4574396748, free_ts 0
[   52.296040][  T479]  prep_new_page+0x179/0x180
[   52.300627][  T479]  get_page_from_freelist+0x2235/0x23d0
[   52.306168][  T479]  __alloc_pages_nodemask+0x268/0x5f0
[   52.311684][  T479]  new_slab+0x84/0x3f0
[   52.315866][  T479]  ___slab_alloc+0x2a6/0x450
[   52.320532][  T479]  __slab_alloc+0x63/0xa0
[   52.324855][  T479]  __kmalloc_track_caller+0x1ef/0x320
[   52.330475][  T479]  __alloc_skb+0xdc/0x520
[   52.334784][  T479]  netlink_sendmsg+0x5f6/0xb30
[   52.339545][  T479]  ____sys_sendmsg+0x5a2/0x8c0
[   52.344325][  T479]  ___sys_sendmsg+0x1f0/0x260
[   52.348986][  T479]  __x64_sys_sendmsg+0x1e2/0x2a0
[   52.353915][  T479]  do_syscall_64+0x31/0x40
[   52.358331][  T479]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   52.364197][  T479] page_owner free stack trace missing
[   52.369552][  T479] 
[   52.371868][  T479] Memory state around the buggy address:
[   52.377477][  T479]  ffff8881173cfa80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   52.385618][  T479]  ffff8881173cfb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   52.393659][  T479] >ffff8881173cfb80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   52.401804][  T479]                                                     ^
[   52.408730][  T479]  ffff8881173cfc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   52.416781][  T479]  ffff8881173cfc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   52.425263][  T479] ==================================================================
[   52.433441][  T479] Disabling lock debugging due to kernel taint
[   53.147551][    T7] device bridge_slave_1 left promiscuous mode
[   53.153770][    T7] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.161681][    T7] device bridge_slave_0 left promiscuous mode
[   53.167974][    T7] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.176577][    T7] device veth1_macvtap left promiscuous mode
[   53.182614][    T7] device veth0_vlan left promiscuous mode
2025/07/20 14:32:18 executed programs: 231
[   56.316907][   T24] kauditd_printk_skb: 9 callbacks suppressed
[   56.316917][   T24] audit: type=1400 audit(1753021938.790:120): avc:  denied  { write } for  pid=407 comm="syz-execprog" path="pipe:[15073]" dev="pipefs" ino=15073 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
2025/07/20 14:32:23 executed programs: 531