Warning: Permanently added '10.128.1.61' (ED25519) to the list of known hosts. 2025/06/07 23:29:15 ignoring optional flag "sandboxArg"="0" 2025/06/07 23:29:16 parsed 1 programs [ 50.786901][ T30] audit: type=1400 audit(1749338957.015:105): avc: denied { unlink } for pid=379 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 50.908047][ T379] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 51.682559][ T412] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.689687][ T412] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.697467][ T412] device bridge_slave_0 entered promiscuous mode [ 51.705255][ T412] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.712354][ T412] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.719949][ T412] device bridge_slave_1 entered promiscuous mode [ 51.774864][ T412] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.781971][ T412] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.789489][ T412] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.796649][ T412] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.815018][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.822883][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.830340][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.841087][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 51.849381][ T10] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.856461][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.863824][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 51.872225][ T10] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.879312][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.890962][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 51.900332][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 51.913760][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 51.925180][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 51.933662][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 51.941286][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 51.949593][ T412] device veth0_vlan entered promiscuous mode [ 51.959494][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 51.968605][ T412] device veth1_macvtap entered promiscuous mode [ 51.977970][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 51.987935][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 52.172028][ T30] audit: type=1401 audit(1749338958.395:106): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768" 2025/06/07 23:29:18 executed programs: 0 [ 52.642794][ T441] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.650629][ T441] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.658550][ T441] device bridge_slave_0 entered promiscuous mode [ 52.665662][ T441] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.672855][ T441] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.680486][ T441] device bridge_slave_1 entered promiscuous mode [ 52.728468][ T441] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.735523][ T441] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.742972][ T441] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.750028][ T441] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.769474][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.777214][ T306] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.784474][ T306] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.793659][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.801854][ T306] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.808916][ T306] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.817677][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.825976][ T306] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.833033][ T306] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.845417][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.854828][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.874182][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 52.885725][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 52.894028][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 52.901721][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 52.910366][ T441] device veth0_vlan entered promiscuous mode [ 52.925966][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 52.935252][ T441] device veth1_macvtap entered promiscuous mode [ 52.944641][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 52.954956][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 52.979330][ T30] audit: type=1400 audit(1749338959.205:107): avc: denied { create } for pid=445 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 52.980183][ T446] ================================================================== [ 53.006649][ T446] BUG: KASAN: slab-out-of-bounds in xfrm_policy_inexact_list_reinsert+0x620/0x6d0 [ 53.015990][ T446] Read of size 1 at addr ffff8881180783f8 by task syz.2.16/446 [ 53.016226][ T30] audit: type=1400 audit(1749338959.205:108): avc: denied { setopt } for pid=445 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 53.023561][ T446] [ 53.023582][ T446] CPU: 1 PID: 446 Comm: syz.2.16 Not tainted 5.15.185-syzkaller-1080583-ge678c93d43cc #0 [ 53.043310][ T30] audit: type=1400 audit(1749338959.205:109): avc: denied { write } for pid=445 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 53.044989][ T446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 53.054949][ T30] audit: type=1400 audit(1749338959.205:110): avc: denied { create } for pid=445 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 53.073816][ T446] Call Trace: [ 53.073824][ T446] [ 53.073832][ T446] __dump_stack+0x21/0x30 [ 53.073855][ T446] dump_stack_lvl+0xee/0x150 [ 53.084150][ T30] audit: type=1400 audit(1749338959.205:111): avc: denied { write } for pid=445 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 53.103799][ T446] ? show_regs_print_info+0x20/0x20 [ 53.103823][ T446] ? load_image+0x3a0/0x3a0 [ 53.103844][ T446] ? unwind_get_return_address+0x4d/0x90 [ 53.107305][ T30] audit: type=1400 audit(1749338959.205:112): avc: denied { nlmsg_write } for pid=445 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 53.110063][ T446] print_address_description+0x7f/0x2c0 [ 53.179810][ T446] ? xfrm_policy_inexact_list_reinsert+0x620/0x6d0 [ 53.186313][ T446] kasan_report+0xf1/0x140 [ 53.190723][ T446] ? xfrm_policy_inexact_list_reinsert+0x620/0x6d0 [ 53.197216][ T446] __asan_report_load1_noabort+0x14/0x20 [ 53.202872][ T446] xfrm_policy_inexact_list_reinsert+0x620/0x6d0 [ 53.209282][ T446] xfrm_policy_inexact_insert_node+0x938/0xb50 [ 53.215516][ T446] ? xfrm_netlink_rcv+0x72/0x90 [ 53.220374][ T446] ? netlink_unicast+0x87c/0xa40 [ 53.225321][ T446] ? netlink_sendmsg+0x86a/0xb70 [ 53.230339][ T446] ? ____sys_sendmsg+0x5a2/0x8c0 [ 53.235269][ T446] ? ___sys_sendmsg+0x1f0/0x260 [ 53.240325][ T446] ? x64_sys_call+0x4b/0x9a0 [ 53.244908][ T446] ? entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 53.251042][ T446] xfrm_policy_inexact_alloc_chain+0x53a/0xb30 [ 53.257189][ T446] xfrm_policy_inexact_insert+0x70/0x1130 [ 53.262896][ T446] ? __get_hash_thresh+0x10c/0x420 [ 53.268000][ T446] ? policy_hash_bysel+0x110/0x4f0 [ 53.273104][ T446] xfrm_policy_insert+0x126/0x9a0 [ 53.278121][ T446] ? xfrm_policy_construct+0x54f/0x1f00 [ 53.283654][ T446] xfrm_add_policy+0x4d1/0x830 [ 53.288410][ T446] ? xfrm_dump_sa_done+0xc0/0xc0 [ 53.293353][ T446] xfrm_user_rcv_msg+0x45c/0x6e0 [ 53.298291][ T446] ? xfrm_netlink_rcv+0x90/0x90 [ 53.303156][ T446] ? avc_has_perm_noaudit+0x460/0x460 [ 53.308807][ T446] ? x64_sys_call+0x4b/0x9a0 [ 53.313395][ T446] ? selinux_nlmsg_lookup+0x237/0x4c0 [ 53.318760][ T446] netlink_rcv_skb+0x1e0/0x430 [ 53.323532][ T446] ? xfrm_netlink_rcv+0x90/0x90 [ 53.328560][ T446] ? netlink_ack+0xb60/0xb60 [ 53.333141][ T446] ? wait_for_completion_killable_timeout+0x10/0x10 [ 53.339719][ T446] ? __netlink_lookup+0x387/0x3b0 [ 53.344739][ T446] xfrm_netlink_rcv+0x72/0x90 [ 53.349493][ T446] netlink_unicast+0x87c/0xa40 [ 53.354255][ T446] netlink_sendmsg+0x86a/0xb70 [ 53.359162][ T446] ? netlink_getsockopt+0x530/0x530 [ 53.364370][ T446] ? sock_alloc_file+0xba/0x260 [ 53.369238][ T446] ? security_socket_sendmsg+0x82/0xa0 [ 53.374697][ T446] ? netlink_getsockopt+0x530/0x530 [ 53.379983][ T446] ____sys_sendmsg+0x5a2/0x8c0 [ 53.384745][ T446] ? __sys_sendmsg_sock+0x40/0x40 [ 53.389765][ T446] ? import_iovec+0x7c/0xb0 [ 53.394272][ T446] ___sys_sendmsg+0x1f0/0x260 [ 53.398972][ T446] ? __sys_sendmsg+0x250/0x250 [ 53.403731][ T446] ? __fdget+0x1a1/0x230 [ 53.408008][ T446] __x64_sys_sendmsg+0x1e2/0x2a0 [ 53.412950][ T446] ? ___sys_sendmsg+0x260/0x260 [ 53.417836][ T446] ? __kasan_check_write+0x14/0x20 [ 53.422939][ T446] ? switch_fpu_return+0x15d/0x2c0 [ 53.428045][ T446] x64_sys_call+0x4b/0x9a0 [ 53.432460][ T446] do_syscall_64+0x4c/0xa0 [ 53.436972][ T446] ? clear_bhb_loop+0x50/0xa0 [ 53.441642][ T446] ? clear_bhb_loop+0x50/0xa0 [ 53.446308][ T446] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 53.452201][ T446] RIP: 0033:0x7f5905283da9 [ 53.456631][ T446] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 53.476238][ T446] RSP: 002b:00007f5904cf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 53.484855][ T446] RAX: ffffffffffffffda RBX: 00007f590549cfa0 RCX: 00007f5905283da9 [ 53.492828][ T446] RDX: 0000000000004000 RSI: 0000000020000580 RDI: 0000000000000005 [ 53.500795][ T446] RBP: 00007f59053052a0 R08: 0000000000000000 R09: 0000000000000000 [ 53.508757][ T446] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 53.516722][ T446] R13: 0000000000000000 R14: 00007f590549cfa0 R15: 00007ffd282fa2f8 [ 53.524691][ T446] [ 53.527703][ T446] [ 53.530028][ T446] Allocated by task 446: [ 53.534362][ T446] __kasan_kmalloc+0xda/0x110 [ 53.539031][ T446] __kmalloc+0x13d/0x2c0 [ 53.543262][ T446] sk_prot_alloc+0xed/0x320 [ 53.547754][ T446] sk_alloc+0x38/0x430 [ 53.551826][ T446] pfkey_create+0x12a/0x660 [ 53.556512][ T446] __sock_create+0x38d/0x7a0 [ 53.561132][ T446] __sys_socket+0xec/0x190 [ 53.565553][ T446] __x64_sys_socket+0x7a/0x90 [ 53.570336][ T446] x64_sys_call+0x8c5/0x9a0 [ 53.574849][ T446] do_syscall_64+0x4c/0xa0 [ 53.579262][ T446] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 53.585156][ T446] [ 53.587474][ T446] The buggy address belongs to the object at ffff888118078000 [ 53.587474][ T446] which belongs to the cache kmalloc-1k of size 1024 [ 53.601526][ T446] The buggy address is located 1016 bytes inside of [ 53.601526][ T446] 1024-byte region [ffff888118078000, ffff888118078400) [ 53.614980][ T446] The buggy address belongs to the page: [ 53.620760][ T446] page:ffffea0004601e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x118078 [ 53.631007][ T446] head:ffffea0004601e00 order:3 compound_mapcount:0 compound_pincount:0 [ 53.639531][ T446] flags: 0x4000000000010200(slab|head|zone=1) [ 53.645989][ T446] raw: 4000000000010200 0000000000000000 dead000000000122 ffff888100043080 [ 53.654581][ T446] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 53.663175][ T446] page dumped because: kasan: bad access detected [ 53.669576][ T446] page_owner tracks the page as allocated [ 53.675283][ T446] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 441, ts 52972786308, free_ts 52921129982 [ 53.695904][ T446] post_alloc_hook+0x192/0x1b0 [ 53.700661][ T446] prep_new_page+0x1c/0x110 [ 53.705157][ T446] get_page_from_freelist+0x2cc5/0x2d50 [ 53.710782][ T446] __alloc_pages+0x18f/0x440 [ 53.715373][ T446] new_slab+0xa1/0x4d0 [ 53.719437][ T446] ___slab_alloc+0x381/0x810 [ 53.724052][ T446] __slab_alloc+0x49/0x90 [ 53.728842][ T446] __kmalloc+0x16a/0x2c0 [ 53.733077][ T446] kvmalloc_node+0x242/0x330 [ 53.737659][ T446] xt_alloc_table_info+0x3b/0xa0 [ 53.742596][ T446] arpt_register_table+0xc1/0x690 [ 53.747737][ T446] arptable_filter_table_init+0x41/0x60 [ 53.753399][ T446] xt_find_table_lock+0x2a5/0x400 [ 53.758609][ T446] xt_request_find_table_lock+0x27/0x100 [ 53.764252][ T446] do_arpt_get_ctl+0x65c/0xf30 [ 53.769026][ T446] nf_getsockopt+0x26d/0x290 [ 53.773654][ T446] page last free stack trace: [ 53.778486][ T446] free_unref_page_prepare+0x542/0x550 [ 53.783941][ T446] free_unref_page+0xa2/0x550 [ 53.788705][ T446] __free_pages+0x6c/0x100 [ 53.793131][ T446] __free_slab+0xe8/0x1e0 [ 53.797456][ T446] __unfreeze_partials+0x160/0x190 [ 53.802578][ T446] put_cpu_partial+0xc6/0x120 [ 53.807248][ T446] __slab_free+0x1d4/0x290 [ 53.811687][ T446] ___cache_free+0x104/0x120 [ 53.816290][ T446] qlink_free+0x4d/0x90 [ 53.820434][ T446] qlist_free_all+0x5f/0xb0 [ 53.824932][ T446] kasan_quarantine_reduce+0x14a/0x170 [ 53.830391][ T446] __kasan_slab_alloc+0x2f/0xf0 [ 53.835240][ T446] slab_post_alloc_hook+0x4f/0x2b0 [ 53.840467][ T446] kmem_cache_alloc+0xf7/0x260 [ 53.845238][ T446] __alloc_skb+0xe0/0x740 [ 53.849650][ T446] inet6_netconf_notify_devconf+0xd6/0x190 [ 53.855471][ T446] [ 53.857784][ T446] Memory state around the buggy address: [ 53.863398][ T446] ffff888118078280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 53.871455][ T446] ffff888118078300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 53.879506][ T446] >ffff888118078380: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 53.887553][ T446] ^ [ 53.895514][ T446] ffff888118078400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 53.903582][ T446] ffff888118078480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 53.911656][ T446] ================================================================== [ 53.919705][ T446] Disabling lock debugging due to kernel taint [ 53.937541][ T30] audit: type=1400 audit(1749338960.165:113): avc: denied { read } for pid=83 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 53.960428][ T30] audit: type=1400 audit(1749338960.165:114): avc: denied { search } for pid=83 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 54.227579][ T45] device bridge_slave_1 left promiscuous mode [ 54.233922][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.242060][ T45] device bridge_slave_0 left promiscuous mode [ 54.248287][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.256637][ T45] device veth1_macvtap left promiscuous mode [ 54.262761][ T45] device veth0_vlan left promiscuous mode 2025/06/07 23:29:23 executed programs: 216 2025/06/07 23:29:28 executed programs: 516