Warning: Permanently added '10.128.1.116' (ED25519) to the list of known hosts. 2025/05/08 15:11:59 ignoring optional flag "sandboxArg"="0" 2025/05/08 15:12:00 parsed 1 programs [ 53.007736][ T30] audit: type=1400 audit(1746717121.743:105): avc: denied { unlink } for pid=381 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 53.043948][ T381] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 53.753342][ T408] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.760576][ T408] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.768146][ T408] device bridge_slave_0 entered promiscuous mode [ 53.775717][ T408] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.782907][ T408] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.790543][ T408] device bridge_slave_1 entered promiscuous mode [ 53.835829][ T408] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.842909][ T408] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.850455][ T408] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.857528][ T408] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.878844][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.886457][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.894748][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 53.902550][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 53.912589][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 53.920954][ T10] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.928006][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.937208][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 53.945489][ T10] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.952585][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.965546][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 53.975147][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 53.993171][ T408] device veth0_vlan entered promiscuous mode [ 53.999629][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 54.008348][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 54.016456][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 54.024114][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 54.038343][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 54.047114][ T408] device veth1_macvtap entered promiscuous mode [ 54.056070][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 54.066436][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 54.103133][ T30] audit: type=1400 audit(1746717122.833:106): avc: denied { create } for pid=415 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 54.474635][ T30] audit: type=1401 audit(1746717123.203:107): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768" 2025/05/08 15:12:03 executed programs: 0 [ 54.752449][ T443] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.759726][ T443] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.767439][ T443] device bridge_slave_0 entered promiscuous mode [ 54.774748][ T443] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.782027][ T443] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.789676][ T443] device bridge_slave_1 entered promiscuous mode [ 54.884714][ T199] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.892506][ T199] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.901858][ T199] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.910478][ T199] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.918774][ T199] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.925804][ T199] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.934156][ T199] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 54.943060][ T199] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 54.951628][ T199] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.960103][ T199] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.967376][ T199] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.979653][ T199] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 54.988973][ T199] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 55.006728][ T199] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 55.018583][ T199] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 55.026742][ T199] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 55.034441][ T199] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 55.043110][ T443] device veth0_vlan entered promiscuous mode [ 55.053951][ T199] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 55.070963][ T443] device veth1_macvtap entered promiscuous mode [ 55.080584][ T199] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 55.091397][ T199] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 55.116908][ T30] audit: type=1400 audit(1746717123.843:108): avc: denied { create } for pid=449 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 55.119016][ T450] ================================================================== [ 55.137506][ T30] audit: type=1400 audit(1746717123.843:109): avc: denied { setopt } for pid=449 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 55.144221][ T450] BUG: KASAN: slab-out-of-bounds in xfrm_policy_inexact_list_reinsert+0x620/0x6d0 [ 55.163803][ T30] audit: type=1400 audit(1746717123.843:110): avc: denied { write } for pid=449 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 55.172488][ T450] Read of size 1 at addr ffff888117d67bf8 by task syz.2.16/450 [ 55.172508][ T450] [ 55.172522][ T450] CPU: 0 PID: 450 Comm: syz.2.16 Not tainted 5.15.180-syzkaller-1080241-g57b1420d5e49 #0 [ 55.172542][ T450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 55.172562][ T450] Call Trace: [ 55.192388][ T30] audit: type=1400 audit(1746717123.843:111): avc: denied { create } for pid=449 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 55.199202][ T450] [ 55.199211][ T450] __dump_stack+0x21/0x30 [ 55.199239][ T450] dump_stack_lvl+0xee/0x150 [ 55.201894][ T30] audit: type=1400 audit(1746717123.843:112): avc: denied { write } for pid=449 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 55.211384][ T450] ? show_regs_print_info+0x20/0x20 [ 55.211411][ T450] ? load_image+0x3a0/0x3a0 [ 55.211430][ T450] ? unwind_get_return_address+0x4d/0x90 [ 55.211453][ T450] print_address_description+0x7f/0x2c0 [ 55.222388][ T30] audit: type=1400 audit(1746717123.843:113): avc: denied { nlmsg_write } for pid=449 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 55.224912][ T450] ? xfrm_policy_inexact_list_reinsert+0x620/0x6d0 [ 55.324549][ T450] kasan_report+0xf1/0x140 [ 55.328960][ T450] ? xfrm_policy_inexact_list_reinsert+0x620/0x6d0 [ 55.335472][ T450] __asan_report_load1_noabort+0x14/0x20 [ 55.341111][ T450] xfrm_policy_inexact_list_reinsert+0x620/0x6d0 [ 55.347437][ T450] xfrm_policy_inexact_insert_node+0x938/0xb50 [ 55.353582][ T450] ? netlink_unicast+0x87c/0xa40 [ 55.358525][ T450] ? netlink_sendmsg+0x86a/0xb70 [ 55.363553][ T450] ? ____sys_sendmsg+0x5a2/0x8c0 [ 55.368573][ T450] ? ___sys_sendmsg+0x1f0/0x260 [ 55.373551][ T450] ? __x64_sys_sendmsg+0x1e2/0x2a0 [ 55.378745][ T450] ? do_syscall_64+0x4c/0xa0 [ 55.383787][ T450] xfrm_policy_inexact_alloc_chain+0x53a/0xb30 [ 55.389938][ T450] xfrm_policy_inexact_insert+0x70/0x1130 [ 55.395650][ T450] ? __get_hash_thresh+0x10c/0x420 [ 55.400775][ T450] ? policy_hash_bysel+0x110/0x4f0 [ 55.405878][ T450] xfrm_policy_insert+0xe0/0x930 [ 55.410804][ T450] xfrm_add_policy+0x4d1/0x830 [ 55.415587][ T450] ? xfrm_dump_sa_done+0xc0/0xc0 [ 55.420522][ T450] xfrm_user_rcv_msg+0x45c/0x6e0 [ 55.425456][ T450] ? xfrm_netlink_rcv+0x90/0x90 [ 55.430330][ T450] ? avc_has_perm_noaudit+0x460/0x460 [ 55.435696][ T450] ? x64_sys_call+0x4b/0x9a0 [ 55.440279][ T450] ? selinux_nlmsg_lookup+0x237/0x4c0 [ 55.445646][ T450] netlink_rcv_skb+0x1e0/0x430 [ 55.450493][ T450] ? xfrm_netlink_rcv+0x90/0x90 [ 55.455773][ T450] ? netlink_ack+0xb60/0xb60 [ 55.460357][ T450] ? wait_for_completion_killable_timeout+0x10/0x10 [ 55.467028][ T450] ? __netlink_lookup+0x387/0x3b0 [ 55.472045][ T450] xfrm_netlink_rcv+0x72/0x90 [ 55.476798][ T450] netlink_unicast+0x87c/0xa40 [ 55.481551][ T450] netlink_sendmsg+0x86a/0xb70 [ 55.486438][ T450] ? netlink_getsockopt+0x530/0x530 [ 55.491629][ T450] ? sock_alloc_file+0xba/0x260 [ 55.496474][ T450] ? security_socket_sendmsg+0x82/0xa0 [ 55.501929][ T450] ? netlink_getsockopt+0x530/0x530 [ 55.507233][ T450] ____sys_sendmsg+0x5a2/0x8c0 [ 55.512011][ T450] ? __sys_sendmsg_sock+0x40/0x40 [ 55.517173][ T450] ? import_iovec+0x7c/0xb0 [ 55.521692][ T450] ___sys_sendmsg+0x1f0/0x260 [ 55.526380][ T450] ? __sys_sendmsg+0x250/0x250 [ 55.531168][ T450] ? __fdget+0x1a1/0x230 [ 55.535416][ T450] __x64_sys_sendmsg+0x1e2/0x2a0 [ 55.540353][ T450] ? ___sys_sendmsg+0x260/0x260 [ 55.545200][ T450] ? __kasan_check_write+0x14/0x20 [ 55.550406][ T450] ? switch_fpu_return+0x15d/0x2c0 [ 55.555523][ T450] x64_sys_call+0x4b/0x9a0 [ 55.559942][ T450] do_syscall_64+0x4c/0xa0 [ 55.564615][ T450] ? clear_bhb_loop+0x35/0x90 [ 55.569283][ T450] ? clear_bhb_loop+0x35/0x90 [ 55.573963][ T450] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 55.579864][ T450] RIP: 0033:0x7f6720204da9 [ 55.584274][ T450] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 55.603987][ T450] RSP: 002b:00007f671fc77038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 55.612410][ T450] RAX: ffffffffffffffda RBX: 00007f672041dfa0 RCX: 00007f6720204da9 [ 55.620379][ T450] RDX: 0000000000004000 RSI: 0000000020000580 RDI: 0000000000000005 [ 55.628344][ T450] RBP: 00007f67202862a0 R08: 0000000000000000 R09: 0000000000000000 [ 55.636313][ T450] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 55.644277][ T450] R13: 0000000000000000 R14: 00007f672041dfa0 R15: 00007ffe005a34c8 [ 55.652247][ T450] [ 55.655257][ T450] [ 55.657564][ T450] Allocated by task 450: [ 55.661788][ T450] __kasan_kmalloc+0xda/0x110 [ 55.666456][ T450] __kmalloc+0x13d/0x2c0 [ 55.670683][ T450] sk_prot_alloc+0xed/0x320 [ 55.675174][ T450] sk_alloc+0x38/0x430 [ 55.679228][ T450] pfkey_create+0x12a/0x660 [ 55.683720][ T450] __sock_create+0x38d/0x7a0 [ 55.688391][ T450] __sys_socket+0xec/0x190 [ 55.692814][ T450] __x64_sys_socket+0x7a/0x90 [ 55.697588][ T450] x64_sys_call+0x8c5/0x9a0 [ 55.702090][ T450] do_syscall_64+0x4c/0xa0 [ 55.706696][ T450] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 55.712596][ T450] [ 55.714912][ T450] The buggy address belongs to the object at ffff888117d67800 [ 55.714912][ T450] which belongs to the cache kmalloc-1k of size 1024 [ 55.728952][ T450] The buggy address is located 1016 bytes inside of [ 55.728952][ T450] 1024-byte region [ffff888117d67800, ffff888117d67c00) [ 55.742388][ T450] The buggy address belongs to the page: [ 55.748020][ T450] page:ffffea00045f5800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x117d60 [ 55.758270][ T450] head:ffffea00045f5800 order:3 compound_mapcount:0 compound_pincount:0 [ 55.766590][ T450] flags: 0x4000000000010200(slab|head|zone=1) [ 55.772657][ T450] raw: 4000000000010200 0000000000000000 dead000000000122 ffff888100043080 [ 55.781232][ T450] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 55.789795][ T450] page dumped because: kasan: bad access detected [ 55.796276][ T450] page_owner tracks the page as allocated [ 55.801973][ T450] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d2a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 443, ts 55103349127, free_ts 55068127397 [ 55.821928][ T450] post_alloc_hook+0x192/0x1b0 [ 55.826693][ T450] prep_new_page+0x1c/0x110 [ 55.831183][ T450] get_page_from_freelist+0x2cc5/0x2d50 [ 55.836715][ T450] __alloc_pages+0x18f/0x440 [ 55.841303][ T450] new_slab+0xa1/0x4d0 [ 55.845384][ T450] ___slab_alloc+0x381/0x810 [ 55.850066][ T450] __slab_alloc+0x49/0x90 [ 55.854584][ T450] __kmalloc_track_caller+0x169/0x2c0 [ 55.859985][ T450] __alloc_skb+0x21a/0x740 [ 55.864636][ T450] wg_packet_send_keepalive+0x62/0x1d0 [ 55.870201][ T450] wg_open+0x214/0x300 [ 55.874360][ T450] __dev_open+0x33f/0x4c0 [ 55.878690][ T450] __dev_change_flags+0x20a/0x6a0 [ 55.883715][ T450] dev_change_flags+0x88/0x1a0 [ 55.888591][ T450] do_setlink+0xbed/0x3990 [ 55.893089][ T450] rtnl_newlink+0x13fa/0x17b0 [ 55.897864][ T450] page last free stack trace: [ 55.902516][ T450] free_unref_page_prepare+0x542/0x550 [ 55.907962][ T450] free_unref_page+0xa2/0x550 [ 55.912649][ T450] __free_pages+0x6c/0x100 [ 55.917053][ T450] __free_slab+0xe8/0x1e0 [ 55.921390][ T450] __unfreeze_partials+0x160/0x190 [ 55.926488][ T450] put_cpu_partial+0xc6/0x120 [ 55.931154][ T450] __slab_free+0x1d4/0x290 [ 55.935689][ T450] ___cache_free+0x104/0x120 [ 55.940288][ T450] qlink_free+0x4d/0x90 [ 55.944531][ T450] qlist_free_all+0x5f/0xb0 [ 55.949063][ T450] kasan_quarantine_reduce+0x14a/0x170 [ 55.954735][ T450] __kasan_slab_alloc+0x2f/0xf0 [ 55.959951][ T450] slab_post_alloc_hook+0x4f/0x2b0 [ 55.965067][ T450] kmem_cache_alloc+0xf7/0x260 [ 55.969843][ T450] __alloc_skb+0xe0/0x740 [ 55.974179][ T450] inet_netconf_notify_devconf+0x169/0x220 [ 55.979978][ T450] [ 55.982293][ T450] Memory state around the buggy address: [ 55.987913][ T450] ffff888117d67a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 55.995963][ T450] ffff888117d67b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 56.004033][ T450] >ffff888117d67b80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 56.012175][ T450] ^ [ 56.020240][ T450] ffff888117d67c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 56.028295][ T450] ffff888117d67c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 56.036340][ T450] ================================================================== [ 56.044396][ T450] Disabling lock debugging due to kernel taint [ 56.061605][ T30] audit: type=1400 audit(1746717124.783:114): avc: denied { read } for pid=83 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 56.539193][ T45] device bridge_slave_1 left promiscuous mode [ 56.547144][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.555199][ T45] device bridge_slave_0 left promiscuous mode [ 56.561790][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.570333][ T45] device veth1_macvtap left promiscuous mode [ 56.576549][ T45] device veth0_vlan left promiscuous mode 2025/05/08 15:12:08 executed programs: 219 2025/05/08 15:12:13 executed programs: 519