Warning: Permanently added '10.128.0.153' (ED25519) to the list of known hosts. 2025/07/17 17:37:01 ignoring optional flag "sandboxArg"="0" 2025/07/17 17:37:02 parsed 1 programs [ 52.478726][ T30] kauditd_printk_skb: 30 callbacks suppressed [ 52.478743][ T30] audit: type=1400 audit(1752773823.639:104): avc: denied { unlink } for pid=392 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 52.551980][ T392] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 53.139929][ T30] audit: type=1401 audit(1752773824.299:105): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768" [ 53.263590][ T418] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.270691][ T418] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.278303][ T418] device bridge_slave_0 entered promiscuous mode [ 53.285177][ T418] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.292270][ T418] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.299695][ T418] device bridge_slave_1 entered promiscuous mode [ 53.346467][ T418] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.354153][ T418] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.361446][ T418] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.368502][ T418] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.387514][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.394783][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.402900][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 53.411199][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 53.423273][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 53.431452][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.438502][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.445854][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 53.454373][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.461462][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.479151][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 53.487277][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 53.498889][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 53.510381][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 53.518609][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 53.526173][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 53.534617][ T418] device veth0_vlan entered promiscuous mode [ 53.545537][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 53.554667][ T418] device veth1_macvtap entered promiscuous mode [ 53.563968][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 53.573972][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 53.790557][ T30] audit: type=1400 audit(1752773824.949:106): avc: denied { create } for pid=444 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 2025/07/17 17:37:05 executed programs: 0 [ 54.048309][ T30] audit: type=1400 audit(1752773825.209:107): avc: denied { write } for pid=383 comm="syz-execprog" path="pipe:[15703]" dev="pipefs" ino=15703 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 54.099270][ T457] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.106523][ T457] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.114073][ T457] device bridge_slave_0 entered promiscuous mode [ 54.123683][ T457] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.130774][ T457] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.138229][ T457] device bridge_slave_1 entered promiscuous mode [ 54.189164][ T457] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.196246][ T457] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.203589][ T457] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.210777][ T457] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.234789][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.242560][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.250230][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.259279][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.267614][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.276700][ T10] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.283805][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.292848][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 54.301292][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.309570][ T10] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.316614][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.329874][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 54.338357][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 54.347693][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 54.356157][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 54.370232][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 54.378678][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 54.389942][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 54.397978][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 54.406000][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 54.413563][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 54.422052][ T457] device veth0_vlan entered promiscuous mode [ 54.432217][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 54.440517][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 54.449927][ T457] device veth1_macvtap entered promiscuous mode [ 54.459187][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 54.466869][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 54.475187][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 54.484546][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 54.493048][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 54.517123][ T30] audit: type=1400 audit(1752773825.669:108): avc: denied { create } for pid=468 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 54.529698][ T469] ================================================================== [ 54.536610][ T30] audit: type=1400 audit(1752773825.689:109): avc: denied { setopt } for pid=468 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 54.544465][ T469] BUG: KASAN: slab-out-of-bounds in xfrm_policy_inexact_list_reinsert+0x620/0x6d0 [ 54.544512][ T469] Read of size 1 at addr ffff88811789e3f8 by task syz.2.16/469 [ 54.564641][ T30] audit: type=1400 audit(1752773825.689:110): avc: denied { write } for pid=468 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 54.573404][ T469] [ 54.573420][ T469] CPU: 1 PID: 469 Comm: syz.2.16 Not tainted 5.15.188-syzkaller-1081189-g6b619c45dff5 #0 [ 54.573442][ T469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 54.581453][ T30] audit: type=1400 audit(1752773825.689:111): avc: denied { create } for pid=468 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 54.599907][ T469] Call Trace: [ 54.599917][ T469] [ 54.599925][ T469] __dump_stack+0x21/0x30 [ 54.599950][ T469] dump_stack_lvl+0xee/0x150 [ 54.599968][ T469] ? show_regs_print_info+0x20/0x20 [ 54.599985][ T469] ? load_image+0x3a0/0x3a0 [ 54.600006][ T469] ? unwind_get_return_address+0x4d/0x90 [ 54.600029][ T469] print_address_description+0x7f/0x2c0 [ 54.600048][ T469] ? xfrm_policy_inexact_list_reinsert+0x620/0x6d0 [ 54.603615][ T30] audit: type=1400 audit(1752773825.689:112): avc: denied { write } for pid=468 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 54.612373][ T469] kasan_report+0xf1/0x140 [ 54.612400][ T469] ? xfrm_policy_inexact_list_reinsert+0x620/0x6d0 [ 54.623065][ T30] audit: type=1400 audit(1752773825.689:113): avc: denied { nlmsg_write } for pid=468 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 54.642464][ T469] __asan_report_load1_noabort+0x14/0x20 [ 54.642494][ T469] xfrm_policy_inexact_list_reinsert+0x620/0x6d0 [ 54.748468][ T469] xfrm_policy_inexact_insert_node+0x938/0xb50 [ 54.754632][ T469] ? xfrm_netlink_rcv+0x72/0x90 [ 54.759493][ T469] ? netlink_unicast+0x87c/0xa40 [ 54.764537][ T469] ? netlink_sendmsg+0x86a/0xb70 [ 54.769650][ T469] ? ____sys_sendmsg+0x5a2/0x8c0 [ 54.774585][ T469] ? ___sys_sendmsg+0x1f0/0x260 [ 54.779435][ T469] ? x64_sys_call+0x4b/0x9a0 [ 54.784022][ T469] ? entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 54.790086][ T469] xfrm_policy_inexact_alloc_chain+0x53a/0xb30 [ 54.796247][ T469] xfrm_policy_inexact_insert+0x70/0x1130 [ 54.801979][ T469] ? __get_hash_thresh+0x10c/0x420 [ 54.807104][ T469] ? policy_hash_bysel+0x110/0x4f0 [ 54.812216][ T469] xfrm_policy_insert+0x126/0x9a0 [ 54.817257][ T469] ? xfrm_policy_construct+0x54f/0x1f00 [ 54.822923][ T469] xfrm_add_policy+0x4d1/0x830 [ 54.827704][ T469] ? xfrm_dump_sa_done+0xc0/0xc0 [ 54.832651][ T469] xfrm_user_rcv_msg+0x45c/0x6e0 [ 54.837592][ T469] ? xfrm_netlink_rcv+0x90/0x90 [ 54.842447][ T469] ? avc_has_perm_noaudit+0x460/0x460 [ 54.847826][ T469] ? x64_sys_call+0x4b/0x9a0 [ 54.852427][ T469] ? selinux_nlmsg_lookup+0x237/0x4c0 [ 54.857796][ T469] netlink_rcv_skb+0x1e0/0x430 [ 54.862558][ T469] ? xfrm_netlink_rcv+0x90/0x90 [ 54.867404][ T469] ? netlink_ack+0xb60/0xb60 [ 54.871998][ T469] ? wait_for_completion_killable_timeout+0x10/0x10 [ 54.878581][ T469] ? __netlink_lookup+0x387/0x3b0 [ 54.883601][ T469] xfrm_netlink_rcv+0x72/0x90 [ 54.888303][ T469] netlink_unicast+0x87c/0xa40 [ 54.893095][ T469] netlink_sendmsg+0x86a/0xb70 [ 54.897871][ T469] ? netlink_getsockopt+0x530/0x530 [ 54.903079][ T469] ? sock_alloc_file+0xba/0x260 [ 54.907932][ T469] ? security_socket_sendmsg+0x82/0xa0 [ 54.913395][ T469] ? netlink_getsockopt+0x530/0x530 [ 54.918597][ T469] ____sys_sendmsg+0x5a2/0x8c0 [ 54.923376][ T469] ? __sys_sendmsg_sock+0x40/0x40 [ 54.928755][ T469] ? import_iovec+0x7c/0xb0 [ 54.933270][ T469] ___sys_sendmsg+0x1f0/0x260 [ 54.937942][ T469] ? __sys_sendmsg+0x250/0x250 [ 54.942706][ T469] ? __fdget+0x1a1/0x230 [ 54.947159][ T469] __x64_sys_sendmsg+0x1e2/0x2a0 [ 54.952105][ T469] ? ___sys_sendmsg+0x260/0x260 [ 54.956976][ T469] ? __kasan_check_write+0x14/0x20 [ 54.962090][ T469] ? switch_fpu_return+0x15d/0x2c0 [ 54.967207][ T469] x64_sys_call+0x4b/0x9a0 [ 54.971638][ T469] do_syscall_64+0x4c/0xa0 [ 54.976055][ T469] ? clear_bhb_loop+0x50/0xa0 [ 54.980790][ T469] ? clear_bhb_loop+0x50/0xa0 [ 54.985468][ T469] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 54.991465][ T469] RIP: 0033:0x7f1024c0bda9 [ 54.995880][ T469] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 55.015582][ T469] RSP: 002b:00007f102467e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 55.024102][ T469] RAX: ffffffffffffffda RBX: 00007f1024e24fa0 RCX: 00007f1024c0bda9 [ 55.032102][ T469] RDX: 0000000000004000 RSI: 0000000020000580 RDI: 0000000000000005 [ 55.040074][ T469] RBP: 00007f1024c8d2a0 R08: 0000000000000000 R09: 0000000000000000 [ 55.048052][ T469] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 55.056022][ T469] R13: 0000000000000000 R14: 00007f1024e24fa0 R15: 00007fffed2e8478 [ 55.064020][ T469] [ 55.067035][ T469] [ 55.069352][ T469] Allocated by task 469: [ 55.073576][ T469] __kasan_kmalloc+0xda/0x110 [ 55.078257][ T469] __kmalloc+0x13d/0x2c0 [ 55.082512][ T469] sk_prot_alloc+0xed/0x320 [ 55.087009][ T469] sk_alloc+0x38/0x430 [ 55.091244][ T469] pfkey_create+0x12a/0x660 [ 55.095740][ T469] __sock_create+0x38d/0x7a0 [ 55.100321][ T469] __sys_socket+0xec/0x190 [ 55.104805][ T469] __x64_sys_socket+0x7a/0x90 [ 55.109489][ T469] x64_sys_call+0x8c5/0x9a0 [ 55.113993][ T469] do_syscall_64+0x4c/0xa0 [ 55.118443][ T469] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 55.124342][ T469] [ 55.126663][ T469] The buggy address belongs to the object at ffff88811789e000 [ 55.126663][ T469] which belongs to the cache kmalloc-1k of size 1024 [ 55.140707][ T469] The buggy address is located 1016 bytes inside of [ 55.140707][ T469] 1024-byte region [ffff88811789e000, ffff88811789e400) [ 55.154606][ T469] The buggy address belongs to the page: [ 55.160234][ T469] page:ffffea00045e2600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x117898 [ 55.170469][ T469] head:ffffea00045e2600 order:3 compound_mapcount:0 compound_pincount:0 [ 55.178801][ T469] flags: 0x4000000000010200(slab|head|zone=1) [ 55.184888][ T469] raw: 4000000000010200 0000000000000000 dead000000000122 ffff888100043080 [ 55.193562][ T469] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 55.202147][ T469] page dumped because: kasan: bad access detected [ 55.208572][ T469] page_owner tracks the page as allocated [ 55.214284][ T469] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d2a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 457, ts 54505240268, free_ts 54364959718 [ 55.234210][ T469] post_alloc_hook+0x192/0x1b0 [ 55.239119][ T469] prep_new_page+0x1c/0x110 [ 55.243625][ T469] get_page_from_freelist+0x2cc5/0x2d50 [ 55.249167][ T469] __alloc_pages+0x18f/0x440 [ 55.254255][ T469] new_slab+0xa1/0x4d0 [ 55.258328][ T469] ___slab_alloc+0x381/0x810 [ 55.262916][ T469] __slab_alloc+0x49/0x90 [ 55.267244][ T469] __kmalloc_track_caller+0x169/0x2c0 [ 55.272631][ T469] __alloc_skb+0x21a/0x740 [ 55.277039][ T469] inet6_rt_notify+0x287/0x470 [ 55.281845][ T469] fib6_add+0x2279/0x3d10 [ 55.286182][ T469] ip6_route_add+0x89/0x130 [ 55.290682][ T469] addrconf_add_dev+0x329/0x430 [ 55.295575][ T469] addrconf_init_auto_addrs+0x806/0xcd0 [ 55.301132][ T469] addrconf_notify+0x95d/0xde0 [ 55.305898][ T469] raw_notifier_call_chain+0x90/0x100 [ 55.311275][ T469] page last free stack trace: [ 55.315944][ T469] free_unref_page_prepare+0x542/0x550 [ 55.321429][ T469] free_unref_page+0xa2/0x550 [ 55.326196][ T469] __free_pages+0x6c/0x100 [ 55.330604][ T469] __free_slab+0xe8/0x1e0 [ 55.334929][ T469] __unfreeze_partials+0x160/0x190 [ 55.340032][ T469] put_cpu_partial+0xc6/0x120 [ 55.344706][ T469] __slab_free+0x1d4/0x290 [ 55.349115][ T469] ___cache_free+0x104/0x120 [ 55.353695][ T469] qlink_free+0x4d/0x90 [ 55.357878][ T469] qlist_free_all+0x5f/0xb0 [ 55.362416][ T469] kasan_quarantine_reduce+0x14a/0x170 [ 55.367870][ T469] __kasan_slab_alloc+0x2f/0xf0 [ 55.372819][ T469] slab_post_alloc_hook+0x4f/0x2b0 [ 55.377926][ T469] __kmalloc+0x120/0x2c0 [ 55.382160][ T469] fib6_info_alloc+0x34/0xe0 [ 55.386743][ T469] ip6_route_info_create+0x526/0x1510 [ 55.392161][ T469] [ 55.394485][ T469] Memory state around the buggy address: [ 55.400123][ T469] ffff88811789e280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 55.408208][ T469] ffff88811789e300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 55.416263][ T469] >ffff88811789e380: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 55.424424][ T469] ^ [ 55.432391][ T469] ffff88811789e400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.440473][ T469] ffff88811789e480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.448630][ T469] ================================================================== [ 55.456855][ T469] Disabling lock debugging due to kernel taint [ 55.870355][ T55] device bridge_slave_1 left promiscuous mode [ 55.876499][ T55] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.884493][ T55] device bridge_slave_0 left promiscuous mode [ 55.890827][ T55] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.899206][ T55] device veth1_macvtap left promiscuous mode [ 55.910029][ T55] device veth0_vlan left promiscuous mode 2025/07/17 17:37:10 executed programs: 213 2025/07/17 17:37:15 executed programs: 513