Warning: Permanently added '10.128.1.130' (ED25519) to the list of known hosts. 2025/02/14 22:41:33 ignoring optional flag "sandboxArg"="0" 2025/02/14 22:41:34 parsed 1 programs [ 53.320244][ T30] kauditd_printk_skb: 32 callbacks suppressed [ 53.320260][ T30] audit: type=1400 audit(1739572895.794:108): avc: denied { unlink } for pid=414 comm="syz-executor" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 53.379187][ T414] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 54.437105][ T464] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.444017][ T464] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.451334][ T464] device bridge_slave_0 entered promiscuous mode [ 54.457994][ T464] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.464883][ T464] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.472379][ T464] device bridge_slave_1 entered promiscuous mode [ 54.518736][ T464] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.525734][ T464] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.532887][ T464] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.539769][ T464] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.568930][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.576753][ T318] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.584858][ T318] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.603256][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.611952][ T318] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.618915][ T318] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.627046][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.636085][ T318] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.642999][ T318] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.652345][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 54.661703][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 54.675211][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 54.686368][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 54.694599][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 54.702216][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 54.710350][ T464] device veth0_vlan entered promiscuous mode [ 54.721076][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 54.730855][ T464] device veth1_macvtap entered promiscuous mode [ 54.740194][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 54.752264][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 54.830176][ T30] audit: type=1401 audit(1739572897.304:109): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768" 2025/02/14 22:41:37 executed programs: 0 [ 55.073120][ T478] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.080125][ T478] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.087289][ T478] device bridge_slave_0 entered promiscuous mode [ 55.094292][ T478] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.101153][ T478] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.108310][ T478] device bridge_slave_1 entered promiscuous mode [ 55.160525][ T478] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.167385][ T478] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.174516][ T478] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.181286][ T478] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.206452][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.214331][ T373] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.221793][ T373] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.240954][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.249307][ T373] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.256297][ T373] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.263799][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.272731][ T373] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.279615][ T373] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.289211][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 55.297221][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 55.312423][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 55.324588][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 55.333188][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 55.342816][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 55.351462][ T478] device veth0_vlan entered promiscuous mode [ 55.363767][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 55.373038][ T478] device veth1_macvtap entered promiscuous mode [ 55.383614][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 55.393306][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 55.417958][ T30] audit: type=1400 audit(1739572897.884:110): avc: denied { create } for pid=482 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 55.431904][ T483] ================================================================== [ 55.437223][ T30] audit: type=1400 audit(1739572897.884:111): avc: denied { setopt } for pid=482 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 55.444697][ T483] BUG: KASAN: slab-out-of-bounds in xfrm_policy_inexact_list_reinsert+0x5b0/0x660 [ 55.444744][ T483] Read of size 1 at addr ffff888118559bf8 by task syz.2.16/483 [ 55.444760][ T483] [ 55.444766][ T483] CPU: 1 PID: 483 Comm: syz.2.16 Not tainted 5.15.178-syzkaller-1079134-g058abb720bd1 #0 [ 55.444785][ T483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 55.444801][ T483] Call Trace: [ 55.444808][ T483] [ 55.465209][ T30] audit: type=1400 audit(1739572897.884:112): avc: denied { write } for pid=482 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 55.472738][ T483] dump_stack_lvl+0x151/0x1c0 [ 55.472768][ T483] ? io_uring_drop_tctx_refs+0x190/0x190 [ 55.472788][ T483] ? panic+0x760/0x760 [ 55.480959][ T30] audit: type=1400 audit(1739572897.884:113): avc: denied { create } for pid=482 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 55.482367][ T483] print_address_description+0x87/0x3b0 [ 55.492575][ T30] audit: type=1400 audit(1739572897.884:114): avc: denied { write } for pid=482 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 55.502075][ T483] ? stack_trace_save+0x113/0x1c0 [ 55.502109][ T483] ? ___sys_sendmsg+0x252/0x2e0 [ 55.502133][ T483] kasan_report+0x179/0x1c0 [ 55.502153][ T483] ? xfrm_policy_inexact_list_reinsert+0x5b0/0x660 [ 55.505984][ T30] audit: type=1400 audit(1739572897.884:115): avc: denied { nlmsg_write } for pid=482 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 55.508078][ T483] ? xfrm_policy_inexact_list_reinsert+0x5b0/0x660 [ 55.632909][ T483] __asan_report_load1_noabort+0x14/0x20 [ 55.638759][ T483] xfrm_policy_inexact_list_reinsert+0x5b0/0x660 [ 55.644851][ T483] ? ____kasan_kmalloc+0xed/0x110 [ 55.649744][ T483] ? ____kasan_kmalloc+0xdb/0x110 [ 55.654665][ T483] ? xfrm_policy_addr_delta+0x23b/0x370 [ 55.660130][ T483] xfrm_policy_inexact_insert_node+0x917/0xb00 [ 55.666108][ T483] ? entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 55.672041][ T483] ? xfrm_policy_inexact_alloc_bin+0x5ad/0x13f0 [ 55.678086][ T483] xfrm_policy_inexact_alloc_chain+0x4ec/0xaf0 [ 55.684163][ T483] xfrm_policy_inexact_insert+0x6a/0x1160 [ 55.689772][ T483] ? __kasan_check_write+0x14/0x20 [ 55.694662][ T483] ? _raw_spin_lock_bh+0xa4/0x1b0 [ 55.699526][ T483] ? policy_hash_bysel+0x137/0x700 [ 55.704473][ T483] xfrm_policy_insert+0xe7/0x940 [ 55.709252][ T483] xfrm_add_policy+0x4f2/0x980 [ 55.714043][ T483] ? cap_capable+0x1d2/0x270 [ 55.718537][ T483] ? xfrm_dump_sa_done+0xc0/0xc0 [ 55.723309][ T483] xfrm_user_rcv_msg+0x4f3/0x7d0 [ 55.728081][ T483] ? xfrm_netlink_rcv+0x90/0x90 [ 55.732775][ T483] ? avc_has_perm+0x16f/0x260 [ 55.737362][ T483] ? ____kasan_kmalloc+0xed/0x110 [ 55.742322][ T483] ? avc_has_perm_noaudit+0x430/0x430 [ 55.747533][ T483] ? x64_sys_call+0x16a/0x9a0 [ 55.752041][ T483] netlink_rcv_skb+0x1cf/0x410 [ 55.756721][ T483] ? xfrm_netlink_rcv+0x90/0x90 [ 55.761408][ T483] ? netlink_ack+0xb10/0xb10 [ 55.765838][ T483] ? mutex_lock+0xb6/0x1e0 [ 55.770174][ T483] ? wait_for_completion_killable_timeout+0x10/0x10 [ 55.776604][ T483] ? __netlink_lookup+0x37b/0x3a0 [ 55.781460][ T483] xfrm_netlink_rcv+0x72/0x90 [ 55.786503][ T483] netlink_unicast+0x8df/0xac0 [ 55.791095][ T483] ? netlink_detachskb+0x90/0x90 [ 55.795863][ T483] ? security_netlink_send+0x7b/0xa0 [ 55.800986][ T483] netlink_sendmsg+0xa0a/0xd20 [ 55.805619][ T483] ? netlink_getsockopt+0x560/0x560 [ 55.810713][ T483] ? x64_sys_call+0x147/0x9a0 [ 55.815223][ T483] ? security_socket_sendmsg+0x82/0xb0 [ 55.820701][ T483] ? netlink_getsockopt+0x560/0x560 [ 55.825743][ T483] ____sys_sendmsg+0x59e/0x8f0 [ 55.830376][ T483] ? __sys_sendmsg_sock+0x40/0x40 [ 55.835192][ T483] ? import_iovec+0xe5/0x120 [ 55.839703][ T483] ___sys_sendmsg+0x252/0x2e0 [ 55.844436][ T483] ? __sys_sendmsg+0x260/0x260 [ 55.849024][ T483] ? percpu_counter_add_batch+0x13d/0x160 [ 55.854689][ T483] ? __fdget+0x1bc/0x240 [ 55.858926][ T483] __se_sys_sendmsg+0x19a/0x260 [ 55.863788][ T483] ? __x64_sys_sendmsg+0x90/0x90 [ 55.868564][ T483] ? __kasan_check_write+0x14/0x20 [ 55.873599][ T483] ? switch_fpu_return+0x15f/0x2e0 [ 55.878553][ T483] __x64_sys_sendmsg+0x7b/0x90 [ 55.883145][ T483] x64_sys_call+0x16a/0x9a0 [ 55.887481][ T483] do_syscall_64+0x3b/0xb0 [ 55.891735][ T483] ? clear_bhb_loop+0x35/0x90 [ 55.896338][ T483] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 55.902083][ T483] RIP: 0033:0x7fb3671b0da9 [ 55.906406][ T483] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 55.926020][ T483] RSP: 002b:00007fb366c23038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 55.934353][ T483] RAX: ffffffffffffffda RBX: 00007fb3673c9fa0 RCX: 00007fb3671b0da9 [ 55.942168][ T483] RDX: 0000000000004000 RSI: 0000000020000580 RDI: 0000000000000005 [ 55.950581][ T483] RBP: 00007fb3672322a0 R08: 0000000000000000 R09: 0000000000000000 [ 55.959045][ T483] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 55.966931][ T483] R13: 0000000000000000 R14: 00007fb3673c9fa0 R15: 00007ffeb7364788 [ 55.974741][ T483] [ 55.977602][ T483] [ 55.979791][ T483] Allocated by task 483: [ 55.983935][ T483] ____kasan_kmalloc+0xdb/0x110 [ 55.988885][ T483] __kasan_kmalloc+0x9/0x10 [ 55.993222][ T483] __kmalloc+0x13f/0x2c0 [ 55.997386][ T483] sk_prot_alloc+0xf9/0x330 [ 56.001725][ T483] sk_alloc+0x38/0x430 [ 56.005650][ T483] pfkey_create+0x12c/0x620 [ 56.010095][ T483] __sock_create+0x3be/0x7e0 [ 56.014506][ T483] __sys_socket+0x132/0x370 [ 56.018850][ T483] __x64_sys_socket+0x7a/0x90 [ 56.023360][ T483] x64_sys_call+0x147/0x9a0 [ 56.027704][ T483] do_syscall_64+0x3b/0xb0 [ 56.031957][ T483] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 56.037692][ T483] [ 56.039858][ T483] The buggy address belongs to the object at ffff888118559800 [ 56.039858][ T483] which belongs to the cache kmalloc-1k of size 1024 [ 56.053748][ T483] The buggy address is located 1016 bytes inside of [ 56.053748][ T483] 1024-byte region [ffff888118559800, ffff888118559c00) [ 56.067734][ T483] The buggy address belongs to the page: [ 56.073432][ T483] page:ffffea0004615600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x118558 [ 56.083466][ T483] head:ffffea0004615600 order:3 compound_mapcount:0 compound_pincount:0 [ 56.091718][ T483] flags: 0x4000000000010200(slab|head|zone=1) [ 56.097627][ T483] raw: 4000000000010200 ffffea0004612800 0000000300000003 ffff888100043080 [ 56.106120][ T483] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 56.114710][ T483] page dumped because: kasan: bad access detected [ 56.120975][ T483] page_owner tracks the page as allocated [ 56.126519][ T483] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 111, ts 5324323647, free_ts 0 [ 56.145040][ T483] post_alloc_hook+0x1a3/0x1b0 [ 56.149644][ T483] prep_new_page+0x1b/0x110 [ 56.154059][ T483] get_page_from_freelist+0x3550/0x35d0 [ 56.159444][ T483] __alloc_pages+0x27e/0x8f0 [ 56.163885][ T483] new_slab+0x9a/0x4e0 [ 56.167944][ T483] ___slab_alloc+0x39e/0x830 [ 56.172591][ T483] __slab_alloc+0x4a/0x90 [ 56.176753][ T483] __kmalloc_track_caller+0x171/0x2c0 [ 56.181957][ T483] __alloc_skb+0x10c/0x550 [ 56.186232][ T483] netlink_sendmsg+0x797/0xd20 [ 56.190808][ T483] ____sys_sendmsg+0x59e/0x8f0 [ 56.195407][ T483] ___sys_sendmsg+0x252/0x2e0 [ 56.200015][ T483] __se_sys_sendmsg+0x19a/0x260 [ 56.204919][ T483] __x64_sys_sendmsg+0x7b/0x90 [ 56.209631][ T483] x64_sys_call+0x16a/0x9a0 [ 56.214023][ T483] do_syscall_64+0x3b/0xb0 [ 56.218612][ T483] page_owner free stack trace missing [ 56.224133][ T483] [ 56.226450][ T483] Memory state around the buggy address: [ 56.232011][ T483] ffff888118559a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 56.239989][ T483] ffff888118559b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 56.247889][ T483] >ffff888118559b80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 56.255897][ T483] ^ [ 56.263799][ T483] ffff888118559c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 56.271769][ T483] ffff888118559c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 56.279660][ T483] ================================================================== [ 56.287557][ T483] Disabling lock debugging due to kernel taint [ 56.304568][ T30] audit: type=1400 audit(1739572898.774:116): avc: denied { append } for pid=83 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 56.327340][ T30] audit: type=1400 audit(1739572898.774:117): avc: denied { open } for pid=83 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 56.880654][ T8] device bridge_slave_1 left promiscuous mode [ 56.886603][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.894616][ T8] device bridge_slave_0 left promiscuous mode [ 56.900818][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.908832][ T8] device veth1_macvtap left promiscuous mode [ 56.920866][ T8] device veth0_vlan left promiscuous mode 2025/02/14 22:41:42 executed programs: 221 2025/02/14 22:41:47 executed programs: 522