Warning: Permanently added '10.128.1.231' (ED25519) to the list of known hosts.
2025/07/20 14:52:23 ignoring optional flag "sandboxArg"="0"
2025/07/20 14:52:24 parsed 1 programs
[   52.949731][   T24] kauditd_printk_skb: 27 callbacks suppressed
[   52.949742][   T24] audit: type=1400 audit(1753023145.310:101): avc:  denied  { create } for  pid=408 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   52.976622][   T24] audit: type=1400 audit(1753023145.310:102): avc:  denied  { write } for  pid=408 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   52.997362][   T24] audit: type=1400 audit(1753023145.310:103): avc:  denied  { read } for  pid=408 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   53.017824][   T24] audit: type=1400 audit(1753023145.340:104): avc:  denied  { unlink } for  pid=408 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   53.049346][  T408] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   53.689522][  T429] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.697098][  T429] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.704482][  T429] device bridge_slave_0 entered promiscuous mode
[   53.711889][  T429] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.719162][  T429] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.726594][  T429] device bridge_slave_1 entered promiscuous mode
[   53.755743][  T429] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.763051][  T429] bridge0: port 2(bridge_slave_1) entered forwarding state
[   53.770613][  T429] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.778046][  T429] bridge0: port 1(bridge_slave_0) entered forwarding state
[   53.795249][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   53.803300][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.810692][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.819490][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   53.827970][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.835205][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[   53.844553][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   53.852830][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.859901][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[   53.870915][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   53.880056][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   53.893200][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   53.904054][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   53.912152][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   53.919769][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   53.928722][  T429] device veth0_vlan entered promiscuous mode
[   53.938499][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   53.947353][  T429] device veth1_macvtap entered promiscuous mode
[   53.956560][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   53.967509][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   54.045269][   T24] audit: type=1401 audit(1753023146.400:105): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
[   54.166757][   T24] audit: type=1400 audit(1753023146.530:106): avc:  denied  { create } for  pid=449 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
2025/07/20 14:52:26 executed programs: 0
[   54.539100][  T468] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.546463][  T468] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.553710][  T468] device bridge_slave_0 entered promiscuous mode
[   54.560681][  T468] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.567762][  T468] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.575076][  T468] device bridge_slave_1 entered promiscuous mode
[   54.609132][  T468] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.616373][  T468] bridge0: port 2(bridge_slave_1) entered forwarding state
[   54.623744][  T468] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.630911][  T468] bridge0: port 1(bridge_slave_0) entered forwarding state
[   54.645995][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   54.653508][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.660744][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.673376][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   54.681953][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   54.690271][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.697323][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[   54.707385][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   54.715906][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   54.724635][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.732399][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[   54.745863][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   54.754098][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   54.763599][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   54.771915][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   54.784754][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   54.793521][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   54.803141][  T112] device bridge_slave_1 left promiscuous mode
[   54.809304][  T112] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.817022][  T112] device bridge_slave_0 left promiscuous mode
[   54.823214][  T112] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.831237][  T112] device veth1_macvtap left promiscuous mode
[   54.837514][  T112] device veth0_vlan left promiscuous mode
[   54.911277][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   54.919436][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   54.928277][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   54.935990][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   54.943869][  T468] device veth0_vlan entered promiscuous mode
[   54.953224][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   54.961661][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   54.971680][  T468] device veth1_macvtap entered promiscuous mode
[   54.980958][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   54.988632][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   54.997043][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   55.006310][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   55.014618][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   55.037103][  T473] ==================================================================
[   55.037139][   T24] audit: type=1400 audit(1753023147.400:107): avc:  denied  { create } for  pid=472 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   55.045298][  T473] BUG: KASAN: slab-out-of-bounds in xfrm_policy_inexact_list_reinsert+0x620/0x6d0
[   55.045307][  T473] Read of size 1 at addr ffff8881176b4bd8 by task syz.2.16/473
[   55.045318][  T473] 
[   55.084197][  T473] CPU: 1 PID: 473 Comm: syz.2.16 Not tainted 5.10.239-syzkaller-1007860-g6de38b5f6c2b #0
[   55.094088][  T473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   55.104145][  T473] Call Trace:
[   55.107428][  T473]  __dump_stack+0x21/0x24
[   55.111745][  T473]  dump_stack_lvl+0x169/0x1d8
[   55.116430][  T473]  ? show_regs_print_info+0x18/0x18
[   55.121668][  T473]  ? thaw_kernel_threads+0x220/0x220
[   55.127272][  T473]  ? unwind_get_return_address+0x4d/0x90
[   55.133031][  T473]  print_address_description+0x7f/0x2c0
[   55.138596][  T473]  ? xfrm_policy_inexact_list_reinsert+0x620/0x6d0
[   55.145090][  T473]  kasan_report+0xe2/0x130
[   55.149496][  T473]  ? xfrm_policy_inexact_list_reinsert+0x620/0x6d0
[   55.155984][  T473]  __asan_report_load1_noabort+0x14/0x20
[   55.161691][  T473]  xfrm_policy_inexact_list_reinsert+0x620/0x6d0
[   55.168183][  T473]  xfrm_policy_inexact_insert_node+0x938/0xb50
[   55.174344][  T473]  ? xfrm_netlink_rcv+0x72/0x90
[   55.179201][  T473]  ? netlink_unicast+0x87c/0xa40
[   55.184393][  T473]  ? netlink_sendmsg+0x88d/0xb30
[   55.189627][  T473]  ? ____sys_sendmsg+0x5a2/0x8c0
[   55.194573][  T473]  ? ___sys_sendmsg+0x1f0/0x260
[   55.199430][  T473]  ? do_syscall_64+0x31/0x40
[   55.204015][  T473]  xfrm_policy_inexact_alloc_chain+0x53a/0xb30
[   55.210264][  T473]  xfrm_policy_inexact_insert+0x70/0x1130
[   55.215991][  T473]  ? __get_hash_thresh+0x10c/0x420
[   55.221097][  T473]  ? policy_hash_bysel+0x110/0x4f0
[   55.226200][  T473]  xfrm_policy_insert+0x126/0x9a0
[   55.231213][  T473]  ? xfrm_policy_construct+0x54f/0x1f00
[   55.236752][  T473]  xfrm_add_policy+0x4d1/0x830
[   55.241503][  T473]  ? xfrm_dump_sa_done+0xc0/0xc0
[   55.246864][  T473]  xfrm_user_rcv_msg+0x450/0x6d0
[   55.251800][  T473]  ? xfrm_netlink_rcv+0x90/0x90
[   55.256667][  T473]  ? selinux_nlmsg_lookup+0x219/0x4a0
[   55.262157][  T473]  netlink_rcv_skb+0x1e0/0x430
[   55.267059][  T473]  ? xfrm_netlink_rcv+0x90/0x90
[   55.271909][  T473]  ? netlink_ack+0xb80/0xb80
[   55.276500][  T473]  ? mutex_trylock+0xa0/0xa0
[   55.281088][  T473]  ? __netlink_lookup+0x387/0x3b0
[   55.286107][  T473]  xfrm_netlink_rcv+0x72/0x90
[   55.290944][  T473]  netlink_unicast+0x87c/0xa40
[   55.295971][  T473]  netlink_sendmsg+0x88d/0xb30
[   55.300727][  T473]  ? schedule_preempt_disabled+0x20/0x20
[   55.306449][  T473]  ? netlink_getsockopt+0x530/0x530
[   55.311901][  T473]  ? security_socket_sendmsg+0x82/0xa0
[   55.317524][  T473]  ? netlink_getsockopt+0x530/0x530
[   55.322849][  T473]  ____sys_sendmsg+0x5a2/0x8c0
[   55.327626][  T473]  ? __sys_sendmsg_sock+0x40/0x40
[   55.332645][  T473]  ? import_iovec+0x7c/0xb0
[   55.337155][  T473]  ___sys_sendmsg+0x1f0/0x260
[   55.341838][  T473]  ? __sys_sendmsg+0x250/0x250
[   55.346615][  T473]  ? __fdget+0x1a1/0x230
[   55.350860][  T473]  __x64_sys_sendmsg+0x1e2/0x2a0
[   55.355788][  T473]  ? ___sys_sendmsg+0x260/0x260
[   55.360716][  T473]  ? switch_fpu_return+0x197/0x340
[   55.365824][  T473]  do_syscall_64+0x31/0x40
[   55.370229][  T473]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   55.376222][  T473] RIP: 0033:0x7fdd0db86169
[   55.380635][  T473] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   55.400268][  T473] RSP: 002b:00007fdd0d5f7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   55.408683][  T473] RAX: ffffffffffffffda RBX: 00007fdd0ddadfa0 RCX: 00007fdd0db86169
[   55.416818][  T473] RDX: 0000000000004000 RSI: 0000200000000580 RDI: 0000000000000005
[   55.424782][  T473] RBP: 00007fdd0dc08a68 R08: 0000000000000000 R09: 0000000000000000
[   55.432741][  T473] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   55.440703][  T473] R13: 0000000000000000 R14: 00007fdd0ddadfa0 R15: 00007ffe51786f78
[   55.448923][  T473] 
[   55.451244][  T473] Allocated by task 473:
[   55.455481][  T473]  __kasan_kmalloc+0xda/0x110
[   55.460317][  T473]  __kmalloc+0x1a7/0x330
[   55.464552][  T473]  sk_prot_alloc+0xb2/0x340
[   55.469044][  T473]  sk_alloc+0x38/0x4e0
[   55.473098][  T473]  pfkey_create+0x12a/0x660
[   55.477587][  T473]  __sock_create+0x38d/0x770
[   55.482161][  T473]  __sys_socket+0xec/0x190
[   55.486564][  T473]  __x64_sys_socket+0x7a/0x90
[   55.491227][  T473]  do_syscall_64+0x31/0x40
[   55.495720][  T473]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   55.501681][  T473] 
[   55.504002][  T473] The buggy address belongs to the object at ffff8881176b4800
[   55.504002][  T473]  which belongs to the cache kmalloc-1k of size 1024
[   55.518218][  T473] The buggy address is located 984 bytes inside of
[   55.518218][  T473]  1024-byte region [ffff8881176b4800, ffff8881176b4c00)
[   55.531653][  T473] The buggy address belongs to the page:
[   55.537363][  T473] page:ffffea00045dac00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1176b0
[   55.547585][  T473] head:ffffea00045dac00 order:3 compound_mapcount:0 compound_pincount:0
[   55.555908][  T473] flags: 0x4000000000010200(slab|head)
[   55.561357][  T473] raw: 4000000000010200 dead000000000100 dead000000000122 ffff888100042f00
[   55.570369][  T473] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   55.578950][  T473] page dumped because: kasan: bad access detected
[   55.585369][  T473] page_owner tracks the page as allocated
[   55.591087][  T473] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 405, ts 55032929217, free_ts 54979512607
[   55.611593][  T473]  prep_new_page+0x179/0x180
[   55.616275][  T473]  get_page_from_freelist+0x2235/0x23d0
[   55.621821][  T473]  __alloc_pages_nodemask+0x268/0x5f0
[   55.627182][  T473]  new_slab+0x84/0x3f0
[   55.631239][  T473]  ___slab_alloc+0x2a6/0x450
[   55.635830][  T473]  __slab_alloc+0x63/0xa0
[   55.640246][  T473]  __kmalloc_track_caller+0x1ef/0x320
[   55.645715][  T473]  __alloc_skb+0xdc/0x520
[   55.650060][  T473]  sk_stream_alloc_skb+0x21a/0xb70
[   55.655163][  T473]  tcp_sendmsg_locked+0xc43/0x3750
[   55.660261][  T473]  tcp_sendmsg+0x2f/0x50
[   55.664495][  T473]  inet6_sendmsg+0xa5/0xc0
[   55.668910][  T473]  sock_write_iter+0x29c/0x380
[   55.673753][  T473]  vfs_write+0x725/0xd60
[   55.678090][  T473]  ksys_write+0x140/0x240
[   55.682417][  T473]  __x64_sys_write+0x7b/0x90
[   55.687004][  T473] page last free stack trace:
[   55.691676][  T473]  __free_pages_ok+0x7fc/0x820
[   55.696428][  T473]  __free_pages+0xdd/0x380
[   55.700919][  T473]  __free_slab+0xcf/0x190
[   55.705255][  T473]  unfreeze_partials+0x15f/0x190
[   55.710182][  T473]  put_cpu_partial+0xc1/0x180
[   55.714848][  T473]  __slab_free+0x2c9/0x3a0
[   55.719344][  T473]  ___cache_free+0x111/0x130
[   55.724034][  T473]  qlink_free+0x50/0x90
[   55.728266][  T473]  qlist_free_all+0x5f/0xb0
[   55.732968][  T473]  kasan_quarantine_reduce+0x14a/0x160
[   55.738423][  T473]  __kasan_slab_alloc+0x2f/0xf0
[   55.743269][  T473]  slab_post_alloc_hook+0x5d/0x2f0
[   55.748369][  T473]  __kmalloc+0x183/0x330
[   55.752600][  T473]  qdisc_alloc+0x79/0x740
[   55.756918][  T473]  qdisc_create_dflt+0x6b/0x3a0
[   55.761931][  T473]  dev_activate+0x292/0x11c0
[   55.766590][  T473] 
[   55.768908][  T473] Memory state around the buggy address:
[   55.774584][  T473]  ffff8881176b4a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   55.782739][  T473]  ffff8881176b4b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   55.790924][  T473] >ffff8881176b4b80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   55.798985][  T473]                                                     ^
[   55.805907][  T473]  ffff8881176b4c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   55.813957][  T473]  ffff8881176b4c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   55.822191][  T473] ==================================================================
[   55.830252][  T473] Disabling lock debugging due to kernel taint
[   55.848895][   T24] audit: type=1400 audit(1753023147.400:108): avc:  denied  { setopt } for  pid=472 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   55.869421][   T24] audit: type=1400 audit(1753023147.400:109): avc:  denied  { write } for  pid=472 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   55.889519][   T24] audit: type=1400 audit(1753023147.400:110): avc:  denied  { create } for  pid=472 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
2025/07/20 14:52:31 executed programs: 216
[   59.527179][   T24] kauditd_printk_skb: 9 callbacks suppressed
[   59.527191][   T24] audit: type=1400 audit(1753023151.890:120): avc:  denied  { write } for  pid=399 comm="syz-execprog" path="pipe:[15082]" dev="pipefs" ino=15082 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
2025/07/20 14:52:36 executed programs: 516