Warning: Permanently added '10.128.0.202' (ED25519) to the list of known hosts. 2025/03/29 22:57:29 ignoring optional flag "sandboxArg"="0" 2025/03/29 22:57:30 parsed 1 programs [ 52.004926][ T29] kauditd_printk_skb: 29 callbacks suppressed [ 52.004934][ T29] audit: type=1400 audit(1743289050.831:105): avc: denied { module_request } for pid=398 comm="syz-executor" kmod="netdev-wpan0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 52.056673][ T29] audit: type=1400 audit(1743289050.891:106): avc: denied { unlink } for pid=398 comm="syz-executor" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 52.102927][ T398] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 52.699019][ T433] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.705842][ T433] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.713227][ T433] device bridge_slave_0 entered promiscuous mode [ 52.720762][ T433] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.727613][ T433] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.734696][ T433] device bridge_slave_1 entered promiscuous mode [ 52.772780][ T433] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.779627][ T433] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.786732][ T433] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.793495][ T433] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.810816][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.818170][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.825110][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.833639][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.841547][ T10] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.848306][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.857303][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.865212][ T10] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.871953][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.883302][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.891843][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.903778][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 52.913728][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 52.921435][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 52.928668][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 52.937547][ T433] device veth0_vlan entered promiscuous mode [ 52.946379][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 52.954953][ T433] device veth1_macvtap entered promiscuous mode [ 52.964415][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 52.973636][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 53.015651][ T29] audit: type=1401 audit(1743289051.841:107): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768" 2025/03/29 22:57:32 executed programs: 0 [ 53.219976][ T448] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.227169][ T448] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.234282][ T448] device bridge_slave_0 entered promiscuous mode [ 53.241083][ T448] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.247970][ T448] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.255124][ T448] device bridge_slave_1 entered promiscuous mode [ 53.301413][ T448] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.308253][ T448] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.315374][ T448] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.322155][ T448] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.343967][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 53.351281][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.358492][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.367100][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 53.374997][ T10] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.381751][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.394694][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 53.402627][ T10] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.409449][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.420499][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 53.429153][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 53.441469][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 53.456612][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 53.464259][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 53.471481][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 53.479152][ T448] device veth0_vlan entered promiscuous mode [ 53.488319][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 53.499125][ T448] device veth1_macvtap entered promiscuous mode [ 53.510089][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 53.521974][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 53.546502][ T29] audit: type=1400 audit(1743289052.381:108): avc: denied { create } for pid=454 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 53.557831][ T455] ================================================================== [ 53.566657][ T29] audit: type=1400 audit(1743289052.381:109): avc: denied { setopt } for pid=454 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 53.573397][ T455] BUG: KASAN: slab-out-of-bounds in xfrm_policy_inexact_list_reinsert.constprop.0+0x3e4/0x560 [ 53.573421][ T455] Read of size 1 at addr ffff888112fdb3f8 by task syz.2.16/455 [ 53.573426][ T455] [ 53.573430][ T455] CPU: 0 PID: 455 Comm: syz.2.16 Not tainted 5.15.178-syzkaller #0 [ 53.573436][ T455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 53.573444][ T455] Call Trace: [ 53.573446][ T455] [ 53.573450][ T455] dump_stack_lvl+0x38/0x49 [ 53.573459][ T455] print_address_description.constprop.0+0x24/0x160 [ 53.573468][ T455] ? xfrm_policy_inexact_list_reinsert.constprop.0+0x3e4/0x560 [ 53.573477][ T455] kasan_report.cold+0x82/0xdb [ 53.573484][ T455] ? kasan_enable_current+0x20/0x20 [ 53.573490][ T455] ? xfrm_policy_inexact_list_reinsert.constprop.0+0x3e4/0x560 [ 53.573498][ T455] __asan_report_load1_noabort+0x14/0x20 [ 53.573505][ T455] xfrm_policy_inexact_list_reinsert.constprop.0+0x3e4/0x560 [ 53.573513][ T455] ? __sock_sendmsg+0xb5/0xf0 [ 53.573522][ T455] xfrm_policy_inexact_insert_node.constprop.0+0x392/0xb40 [ 53.573530][ T455] ? kmem_cache_free+0x105/0x2a0 [ 53.573539][ T455] xfrm_policy_inexact_alloc_chain.isra.0+0x2a2/0x620 [ 53.573548][ T455] xfrm_policy_inexact_insert+0x63/0xb50 [ 53.573554][ T455] ? __kasan_check_write+0x14/0x20 [ 53.573561][ T455] ? _raw_spin_lock_bh+0x86/0x110 [ 53.573568][ T455] ? __kasan_kmalloc+0xae/0xe0 [ 53.573574][ T455] ? _raw_write_lock_irq+0xd0/0xd0 [ 53.573580][ T455] ? kmem_cache_alloc_trace+0x30c/0x4e0 [ 53.573587][ T455] xfrm_policy_insert+0x468/0x770 [ 53.573593][ T455] ? xfrm_policy_construct+0x121/0x7d0 [ 53.573602][ T455] xfrm_add_policy+0x3bf/0x830 [ 53.573610][ T455] ? xfrm_policy_construct+0x7d0/0x7d0 [ 53.573616][ T455] ? selinux_capable+0x44/0x70 [ 53.573625][ T455] ? security_capable+0x56/0xa0 [ 53.573635][ T455] xfrm_user_rcv_msg+0x2d9/0x850 [ 53.573642][ T455] ? create_prof_cpu_mask+0x20/0x20 [ 53.573650][ T455] ? xfrm_user_state_lookup.constprop.0+0x320/0x320 [ 53.573663][ T455] ? __sys_sendmsg+0xc3/0x160 [ 53.573670][ T455] ? __x64_sys_sendmsg+0x73/0xb0 [ 53.573675][ T455] ? x64_sys_call+0x840/0x990 [ 53.573683][ T455] ? do_syscall_64+0x33/0xb0 [ 53.573691][ T455] ? entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 53.573700][ T455] netlink_rcv_skb+0x133/0x3c0 [ 53.573708][ T455] ? memset+0x3c/0x50 [ 53.573714][ T455] ? xfrm_user_state_lookup.constprop.0+0x320/0x320 [ 53.573722][ T455] ? netlink_ack+0xa00/0xa00 [ 53.573730][ T455] ? netlink_deliver_tap+0xa2/0x890 [ 53.573738][ T455] xfrm_netlink_rcv+0x68/0x90 [ 53.573745][ T455] netlink_unicast+0x4f8/0x810 [ 53.573753][ T455] ? netlink_attachskb+0x760/0x760 [ 53.573761][ T455] netlink_sendmsg+0x810/0xd10 [ 53.573769][ T455] ? netlink_unicast+0x810/0x810 [ 53.573777][ T455] ? netlink_unicast+0x810/0x810 [ 53.573791][ T455] __sock_sendmsg+0xb5/0xf0 [ 53.573797][ T455] ____sys_sendmsg+0x694/0x990 [ 53.573804][ T455] ? kernel_sendmsg+0x30/0x30 [ 53.573809][ T455] ? do_recvmmsg+0x5a0/0x5a0 [ 53.573816][ T455] ? debug_smp_processor_id+0x17/0x20 [ 53.573822][ T455] ? ___slab_alloc.constprop.0+0x493/0x890 [ 53.573829][ T455] ___sys_sendmsg+0xfc/0x190 [ 53.573836][ T455] ? sendmsg_copy_msghdr+0x110/0x110 [ 53.573843][ T455] ? security_file_alloc+0x2a/0x120 [ 53.573851][ T455] ? futex_exit_release+0x200/0x200 [ 53.573858][ T455] ? percpu_counter_add_batch+0x82/0x160 [ 53.573864][ T455] ? __alloc_file+0x1a4/0x2a0 [ 53.573871][ T455] ? alloc_empty_file+0x8d/0xf0 [ 53.573879][ T455] ? __fget_light+0x22c/0x550 [ 53.573888][ T455] ? __fdget+0xe/0x10 [ 53.573895][ T455] ? sockfd_lookup_light+0x1c/0x150 [ 53.573902][ T455] __sys_sendmsg+0xc3/0x160 [ 53.573908][ T455] ? __sys_sendmsg_sock+0x20/0x20 [ 53.573915][ T455] ? perf_clear_dirty_counters+0x1a0/0x340 [ 53.573924][ T455] ? __kasan_check_write+0x14/0x20 [ 53.573931][ T455] ? switch_fpu_return+0xec/0x1f0 [ 53.573941][ T455] __x64_sys_sendmsg+0x73/0xb0 [ 53.573948][ T455] x64_sys_call+0x840/0x990 [ 53.573954][ T455] do_syscall_64+0x33/0xb0 [ 53.573960][ T455] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 53.573967][ T455] RIP: 0033:0x7f8354cf6da9 [ 53.573974][ T455] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 53.573981][ T455] RSP: 002b:00007f8354769038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 53.600155][ T29] audit: type=1400 audit(1743289052.381:110): avc: denied { write } for pid=454 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 53.602842][ T455] RAX: ffffffffffffffda RBX: 00007f8354f0ffa0 RCX: 00007f8354cf6da9 [ 53.602849][ T455] RDX: 0000000000004000 RSI: 0000000020000580 RDI: 0000000000000005 [ 53.602853][ T455] RBP: 00007f8354d782a0 R08: 0000000000000000 R09: 0000000000000000 [ 53.602857][ T455] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 53.602861][ T455] R13: 0000000000000000 R14: 00007f8354f0ffa0 R15: 00007ffef21db3e8 [ 53.602869][ T455] [ 53.610639][ T29] audit: type=1400 audit(1743289052.381:111): avc: denied { create } for pid=454 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 53.612393][ T455] [ 53.612396][ T455] Allocated by task 455: [ 53.612400][ T455] kasan_save_stack+0x26/0x50 [ 53.612410][ T455] __kasan_kmalloc+0xae/0xe0 [ 53.620460][ T29] audit: type=1400 audit(1743289052.381:112): avc: denied { write } for pid=454 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 53.630011][ T455] __kmalloc+0x2e6/0x550 [ 53.630020][ T455] sk_prot_alloc+0xf9/0x2d0 [ 53.630027][ T455] sk_alloc+0x2c/0x520 [ 53.630033][ T455] pfkey_create+0x111/0x600 [ 53.630039][ T455] __sock_create+0x1c8/0x490 [ 53.630043][ T455] __sys_socket+0xdd/0x1d0 [ 53.630048][ T455] __x64_sys_socket+0x6e/0xb0 [ 53.630053][ T455] x64_sys_call+0x863/0x990 [ 53.633865][ T29] audit: type=1400 audit(1743289052.381:113): avc: denied { nlmsg_write } for pid=454 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 53.635909][ T455] do_syscall_64+0x33/0xb0 [ 53.635918][ T455] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 53.635926][ T455] [ 53.635928][ T455] The buggy address belongs to the object at ffff888112fdb000 [ 53.635928][ T455] which belongs to the cache kmalloc-1k of size 1024 [ 54.206852][ T455] The buggy address is located 1016 bytes inside of [ 54.206852][ T455] 1024-byte region [ffff888112fdb000, ffff888112fdb400) [ 54.220133][ T455] The buggy address belongs to the page: [ 54.225601][ T455] page:ffffea00044bf600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x112fd8 [ 54.235680][ T455] head:ffffea00044bf600 order:3 compound_mapcount:0 compound_pincount:0 [ 54.243824][ T455] flags: 0x4000000000010200(slab|head|zone=1) [ 54.249727][ T455] raw: 4000000000010200 0000000000000000 dead000000000122 ffff888100043080 [ 54.258173][ T455] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 54.266563][ T455] page dumped because: kasan: bad access detected [ 54.272818][ T455] page_owner tracks the page as allocated [ 54.278370][ T455] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d2a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 338, ts 53539860986, free_ts 53437407664 [ 54.297984][ T455] prep_new_page+0x1a2/0x310 [ 54.302408][ T455] get_page_from_freelist+0x1ce2/0x30a0 [ 54.307794][ T455] __alloc_pages+0x2d5/0x2620 [ 54.312302][ T455] allocate_slab+0x39d/0x530 [ 54.316737][ T455] ___slab_alloc.constprop.0+0x3ca/0x890 [ 54.322197][ T455] __slab_alloc.constprop.0+0x42/0x80 [ 54.327406][ T455] __kmalloc_track_caller+0x501/0x540 [ 54.332700][ T455] __alloc_skb+0x8b/0x250 [ 54.336865][ T455] wg_socket_send_buffer_to_peer+0x31/0x190 [ 54.342600][ T455] wg_packet_send_handshake_initiation+0x1d8/0x210 [ 54.348932][ T455] wg_packet_handshake_send_worker+0x15/0x30 [ 54.354747][ T455] process_one_work+0x62c/0xec0 [ 54.359430][ T455] worker_thread+0x48e/0xdb0 [ 54.363859][ T455] kthread+0x324/0x3e0 [ 54.367763][ T455] ret_from_fork+0x1f/0x30 [ 54.372019][ T455] page last free stack trace: [ 54.376538][ T455] free_pcp_prepare+0x1b6/0x4c0 [ 54.381219][ T455] free_unref_page+0x84/0x760 [ 54.385733][ T455] __free_pages+0xd7/0xf0 [ 54.389899][ T455] __free_slab+0xdb/0x1c0 [ 54.394063][ T455] discard_slab+0x2b/0x40 [ 54.398235][ T455] __unfreeze_partials+0x1e2/0x230 [ 54.403176][ T455] put_cpu_partial+0x96/0xb0 [ 54.407604][ T455] __slab_free+0x21e/0x4d0 [ 54.411857][ T455] ___cache_free+0x1ee/0x230 [ 54.416282][ T455] qlist_free_all+0x6e/0x150 [ 54.420711][ T455] kasan_quarantine_reduce+0x15f/0x1c0 [ 54.426003][ T455] __kasan_slab_alloc+0xaa/0xc0 [ 54.430689][ T455] kmem_cache_alloc+0x179/0x4d0 [ 54.435982][ T455] __alloc_skb+0x14b/0x250 [ 54.440233][ T455] netlink_sendmsg+0x89f/0xd10 [ 54.444839][ T455] __sock_sendmsg+0xb5/0xf0 [ 54.449177][ T455] [ 54.451361][ T455] Memory state around the buggy address: [ 54.456814][ T455] ffff888112fdb280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 54.464711][ T455] ffff888112fdb300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 54.472610][ T455] >ffff888112fdb380: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 54.480507][ T455] ^ [ 54.488321][ T455] ffff888112fdb400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.496220][ T455] ffff888112fdb480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.504301][ T455] ================================================================== [ 54.512199][ T455] Disabling lock debugging due to kernel taint [ 54.526183][ T29] audit: type=1400 audit(1743289053.351:114): avc: denied { append } for pid=78 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 54.708032][ T8] device bridge_slave_1 left promiscuous mode [ 54.713934][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.721207][ T8] device bridge_slave_0 left promiscuous mode [ 54.727298][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.735014][ T8] device veth1_macvtap left promiscuous mode [ 54.741071][ T8] device veth0_vlan left promiscuous mode 2025/03/29 22:57:37 executed programs: 221 2025/03/29 22:57:42 executed programs: 521