Warning: Permanently added '10.128.1.95' (ED25519) to the list of known hosts. 2025/06/28 20:34:19 ignoring optional flag "sandboxArg"="0" 2025/06/28 20:34:20 parsed 1 programs [ 51.803298][ T30] audit: type=1400 audit(1751142861.392:105): avc: denied { unlink } for pid=381 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 51.861114][ T381] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 52.633226][ T414] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.640279][ T414] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.647772][ T414] device bridge_slave_0 entered promiscuous mode [ 52.654518][ T414] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.661617][ T414] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.669121][ T414] device bridge_slave_1 entered promiscuous mode [ 52.712981][ T414] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.720006][ T414] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.727298][ T414] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.734328][ T414] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.749622][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.756787][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.764095][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.771474][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.780533][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.788773][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.795810][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.805055][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.813234][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.820246][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.831277][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.840200][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.852739][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 52.863257][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 52.871192][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 52.878763][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 52.886765][ T414] device veth0_vlan entered promiscuous mode [ 52.895658][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 52.904628][ T414] device veth1_macvtap entered promiscuous mode [ 52.913030][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 52.922423][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 52.953176][ T30] audit: type=1400 audit(1751142862.542:106): avc: denied { create } for pid=421 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 53.103999][ T30] audit: type=1401 audit(1751142862.692:107): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768" 2025/06/28 20:34:22 executed programs: 0 [ 53.298133][ T441] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.305203][ T441] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.312477][ T441] device bridge_slave_0 entered promiscuous mode [ 53.319750][ T441] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.326941][ T441] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.334268][ T441] device bridge_slave_1 entered promiscuous mode [ 53.375261][ T441] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.382290][ T441] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.389552][ T441] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.396591][ T441] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.417009][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 53.424649][ T328] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.431803][ T328] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.440420][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 53.448734][ T328] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.455896][ T328] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.473732][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 53.481954][ T328] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.489033][ T328] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.496794][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 53.505390][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 53.516898][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 53.528835][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 53.537131][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 53.544656][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 53.553318][ T441] device veth0_vlan entered promiscuous mode [ 53.563611][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 53.572844][ T441] device veth1_macvtap entered promiscuous mode [ 53.581298][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 53.591133][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 53.613023][ T30] audit: type=1400 audit(1751142863.202:108): avc: denied { create } for pid=446 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 53.633565][ T30] audit: type=1400 audit(1751142863.222:109): avc: denied { setopt } for pid=446 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 53.634144][ T447] ================================================================== [ 53.652664][ T30] audit: type=1400 audit(1751142863.222:110): avc: denied { write } for pid=446 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 53.660624][ T447] BUG: KASAN: slab-out-of-bounds in xfrm_policy_inexact_list_reinsert+0x620/0x6d0 [ 53.679921][ T30] audit: type=1400 audit(1751142863.222:111): avc: denied { create } for pid=446 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 53.688987][ T447] Read of size 1 at addr ffff88811798ebf8 by task syz.2.16/447 [ 53.689002][ T447] [ 53.689016][ T447] CPU: 0 PID: 447 Comm: syz.2.16 Not tainted 5.15.185-syzkaller-1080615-g0d918fa8e88d #0 [ 53.708912][ T30] audit: type=1400 audit(1751142863.222:112): avc: denied { write } for pid=446 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 53.716370][ T447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 53.716389][ T447] Call Trace: [ 53.716394][ T447] [ 53.716401][ T447] __dump_stack+0x21/0x30 [ 53.716420][ T447] dump_stack_lvl+0xee/0x150 [ 53.716435][ T447] ? show_regs_print_info+0x20/0x20 [ 53.716449][ T447] ? load_image+0x3a0/0x3a0 [ 53.716465][ T447] ? unwind_get_return_address+0x4d/0x90 [ 53.720376][ T30] audit: type=1400 audit(1751142863.222:113): avc: denied { nlmsg_write } for pid=446 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 53.728630][ T447] print_address_description+0x7f/0x2c0 [ 53.728653][ T447] ? xfrm_policy_inexact_list_reinsert+0x620/0x6d0 [ 53.821031][ T447] kasan_report+0xf1/0x140 [ 53.825435][ T447] ? xfrm_policy_inexact_list_reinsert+0x620/0x6d0 [ 53.831915][ T447] __asan_report_load1_noabort+0x14/0x20 [ 53.837530][ T447] xfrm_policy_inexact_list_reinsert+0x620/0x6d0 [ 53.843838][ T447] xfrm_policy_inexact_insert_node+0x938/0xb50 [ 53.849967][ T447] ? xfrm_netlink_rcv+0x72/0x90 [ 53.854792][ T447] ? netlink_unicast+0x87c/0xa40 [ 53.859706][ T447] ? netlink_sendmsg+0x86a/0xb70 [ 53.864618][ T447] ? ____sys_sendmsg+0x5a2/0x8c0 [ 53.869532][ T447] ? ___sys_sendmsg+0x1f0/0x260 [ 53.874359][ T447] ? x64_sys_call+0x4b/0x9a0 [ 53.878924][ T447] ? entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 53.884965][ T447] xfrm_policy_inexact_alloc_chain+0x53a/0xb30 [ 53.891097][ T447] xfrm_policy_inexact_insert+0x70/0x1130 [ 53.896793][ T447] ? __get_hash_thresh+0x10c/0x420 [ 53.901876][ T447] ? policy_hash_bysel+0x110/0x4f0 [ 53.906962][ T447] xfrm_policy_insert+0x126/0x9a0 [ 53.911962][ T447] ? xfrm_policy_construct+0x54f/0x1f00 [ 53.917482][ T447] xfrm_add_policy+0x4d1/0x830 [ 53.922241][ T447] ? xfrm_dump_sa_done+0xc0/0xc0 [ 53.927151][ T447] xfrm_user_rcv_msg+0x45c/0x6e0 [ 53.932160][ T447] ? xfrm_netlink_rcv+0x90/0x90 [ 53.936986][ T447] ? avc_has_perm_noaudit+0x460/0x460 [ 53.942348][ T447] ? x64_sys_call+0x4b/0x9a0 [ 53.946912][ T447] ? selinux_nlmsg_lookup+0x237/0x4c0 [ 53.952274][ T447] netlink_rcv_skb+0x1e0/0x430 [ 53.957036][ T447] ? xfrm_netlink_rcv+0x90/0x90 [ 53.961858][ T447] ? netlink_ack+0xb60/0xb60 [ 53.966423][ T447] ? wait_for_completion_killable_timeout+0x10/0x10 [ 53.972984][ T447] ? __netlink_lookup+0x387/0x3b0 [ 53.977982][ T447] xfrm_netlink_rcv+0x72/0x90 [ 53.982630][ T447] netlink_unicast+0x87c/0xa40 [ 53.987366][ T447] netlink_sendmsg+0x86a/0xb70 [ 53.992101][ T447] ? netlink_getsockopt+0x530/0x530 [ 53.997271][ T447] ? sock_alloc_file+0xba/0x260 [ 54.002093][ T447] ? security_socket_sendmsg+0x82/0xa0 [ 54.007530][ T447] ? netlink_getsockopt+0x530/0x530 [ 54.012710][ T447] ____sys_sendmsg+0x5a2/0x8c0 [ 54.017446][ T447] ? __sys_sendmsg_sock+0x40/0x40 [ 54.022441][ T447] ? import_iovec+0x7c/0xb0 [ 54.026919][ T447] ___sys_sendmsg+0x1f0/0x260 [ 54.031568][ T447] ? __sys_sendmsg+0x250/0x250 [ 54.036307][ T447] ? __fdget+0x1a1/0x230 [ 54.040524][ T447] __x64_sys_sendmsg+0x1e2/0x2a0 [ 54.045431][ T447] ? ___sys_sendmsg+0x260/0x260 [ 54.050254][ T447] ? __kasan_check_write+0x14/0x20 [ 54.055339][ T447] ? switch_fpu_return+0x15d/0x2c0 [ 54.060427][ T447] x64_sys_call+0x4b/0x9a0 [ 54.064814][ T447] do_syscall_64+0x4c/0xa0 [ 54.069209][ T447] ? clear_bhb_loop+0x50/0xa0 [ 54.073858][ T447] ? clear_bhb_loop+0x50/0xa0 [ 54.078505][ T447] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 54.084367][ T447] RIP: 0033:0x7f6b9ba74929 [ 54.088753][ T447] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 54.108332][ T447] RSP: 002b:00007f6b9b4e5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 54.116736][ T447] RAX: ffffffffffffffda RBX: 00007f6b9bc9bfa0 RCX: 00007f6b9ba74929 [ 54.124693][ T447] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000005 [ 54.132639][ T447] RBP: 00007f6b9baf6b39 R08: 0000000000000000 R09: 0000000000000000 [ 54.140586][ T447] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 54.148535][ T447] R13: 0000000000000000 R14: 00007f6b9bc9bfa0 R15: 00007ffd53544458 [ 54.156487][ T447] [ 54.159483][ T447] [ 54.161782][ T447] Allocated by task 447: [ 54.166002][ T447] __kasan_kmalloc+0xda/0x110 [ 54.170669][ T447] __kmalloc+0x13d/0x2c0 [ 54.174891][ T447] sk_prot_alloc+0xed/0x320 [ 54.179369][ T447] sk_alloc+0x38/0x430 [ 54.183412][ T447] pfkey_create+0x12a/0x660 [ 54.187889][ T447] __sock_create+0x38d/0x7a0 [ 54.192454][ T447] __sys_socket+0xec/0x190 [ 54.196847][ T447] __x64_sys_socket+0x7a/0x90 [ 54.201506][ T447] x64_sys_call+0x8c5/0x9a0 [ 54.206070][ T447] do_syscall_64+0x4c/0xa0 [ 54.210461][ T447] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 54.216329][ T447] [ 54.218626][ T447] The buggy address belongs to the object at ffff88811798e800 [ 54.218626][ T447] which belongs to the cache kmalloc-1k of size 1024 [ 54.232651][ T447] The buggy address is located 1016 bytes inside of [ 54.232651][ T447] 1024-byte region [ffff88811798e800, ffff88811798ec00) [ 54.246245][ T447] The buggy address belongs to the page: [ 54.251958][ T447] page:ffffea00045e6200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x117988 [ 54.262174][ T447] head:ffffea00045e6200 order:3 compound_mapcount:0 compound_pincount:0 [ 54.270471][ T447] flags: 0x4000000000010200(slab|head|zone=1) [ 54.276525][ T447] raw: 4000000000010200 0000000000000000 dead000000000122 ffff888100043080 [ 54.285158][ T447] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 54.293711][ T447] page dumped because: kasan: bad access detected [ 54.300103][ T447] page_owner tracks the page as allocated [ 54.306046][ T447] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 381, ts 53609930636, free_ts 53562136491 [ 54.326598][ T447] post_alloc_hook+0x192/0x1b0 [ 54.331346][ T447] prep_new_page+0x1c/0x110 [ 54.335824][ T447] get_page_from_freelist+0x2cc5/0x2d50 [ 54.341344][ T447] __alloc_pages+0x18f/0x440 [ 54.345914][ T447] new_slab+0xa1/0x4d0 [ 54.349960][ T447] ___slab_alloc+0x381/0x810 [ 54.354527][ T447] __slab_alloc+0x49/0x90 [ 54.358832][ T447] __kmalloc_track_caller+0x169/0x2c0 [ 54.364180][ T447] __alloc_skb+0x21a/0x740 [ 54.368576][ T447] sk_stream_alloc_skb+0x21a/0xb60 [ 54.373666][ T447] tcp_sendmsg_locked+0xc3e/0x3590 [ 54.378750][ T447] tcp_sendmsg+0x2f/0x50 [ 54.382968][ T447] inet_sendmsg+0xa5/0xc0 [ 54.387276][ T447] sock_write_iter+0x29c/0x380 [ 54.392018][ T447] vfs_write+0x802/0xf70 [ 54.396243][ T447] ksys_write+0x140/0x240 [ 54.400550][ T447] page last free stack trace: [ 54.405196][ T447] free_unref_page_prepare+0x542/0x550 [ 54.410635][ T447] free_unref_page+0xa2/0x550 [ 54.415288][ T447] __free_pages+0x6c/0x100 [ 54.419682][ T447] __free_slab+0xe8/0x1e0 [ 54.423989][ T447] __unfreeze_partials+0x160/0x190 [ 54.429081][ T447] put_cpu_partial+0xc6/0x120 [ 54.433930][ T447] __slab_free+0x1d4/0x290 [ 54.438324][ T447] ___cache_free+0x104/0x120 [ 54.442915][ T447] qlink_free+0x4d/0x90 [ 54.447051][ T447] qlist_free_all+0x5f/0xb0 [ 54.451618][ T447] kasan_quarantine_reduce+0x14a/0x170 [ 54.457053][ T447] __kasan_slab_alloc+0x2f/0xf0 [ 54.461878][ T447] slab_post_alloc_hook+0x4f/0x2b0 [ 54.466996][ T447] __kmalloc+0x120/0x2c0 [ 54.471217][ T447] qdisc_alloc+0x78/0x770 [ 54.475524][ T447] qdisc_create_dflt+0x6b/0x3a0 [ 54.480354][ T447] [ 54.482654][ T447] Memory state around the buggy address: [ 54.488295][ T447] ffff88811798ea80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 54.496336][ T447] ffff88811798eb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 54.504384][ T447] >ffff88811798eb80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 54.512424][ T447] ^ [ 54.520379][ T447] ffff88811798ec00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.528416][ T447] ffff88811798ec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.536534][ T447] ================================================================== [ 54.544567][ T447] Disabling lock debugging due to kernel taint [ 54.562900][ T30] audit: type=1400 audit(1751142864.142:114): avc: denied { read } for pid=83 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 55.184303][ T8] device bridge_slave_1 left promiscuous mode [ 55.190628][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.199043][ T8] device bridge_slave_0 left promiscuous mode [ 55.205312][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.215668][ T8] device veth1_macvtap left promiscuous mode [ 55.221672][ T8] device veth0_vlan left promiscuous mode 2025/06/28 20:34:27 executed programs: 222 2025/06/28 20:34:32 executed programs: 523