Warning: Permanently added '10.128.0.122' (ED25519) to the list of known hosts. 2025/02/14 19:45:55 ignoring optional flag "sandboxArg"="0" 2025/02/14 19:45:56 parsed 1 programs [ 51.548919][ T24] kauditd_printk_skb: 31 callbacks suppressed [ 51.548933][ T24] audit: type=1400 audit(1739562357.770:107): avc: denied { unlink } for pid=444 comm="syz-executor" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 51.591578][ T444] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 52.377469][ T477] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.384833][ T477] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.392322][ T477] device bridge_slave_0 entered promiscuous mode [ 52.399369][ T477] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.406508][ T477] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.414599][ T477] device bridge_slave_1 entered promiscuous mode [ 52.452200][ T477] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.459351][ T477] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.466689][ T477] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.473644][ T477] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.491246][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.499089][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.506338][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.521455][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.529465][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.536477][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.544121][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.552576][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.559496][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.575670][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.583642][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.593627][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 52.604957][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 52.612866][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 52.620333][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 52.628583][ T477] device veth0_vlan entered promiscuous mode [ 52.638684][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 52.648492][ T477] device veth1_macvtap entered promiscuous mode [ 52.657970][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 52.668037][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 52.792130][ T24] audit: type=1400 audit(1739562359.020:108): avc: denied { create } for pid=489 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 52.851642][ T24] audit: type=1401 audit(1739562359.080:109): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768" 2025/02/14 19:45:59 executed programs: 0 [ 53.226483][ T509] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.233477][ T509] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.240895][ T509] device bridge_slave_0 entered promiscuous mode [ 53.247632][ T509] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.254553][ T509] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.261824][ T509] device bridge_slave_1 entered promiscuous mode [ 53.306904][ T509] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.313764][ T509] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.320896][ T509] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.327720][ T509] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.346066][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 53.353851][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.361293][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.371959][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 53.380549][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 53.388846][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.396030][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.405160][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 53.414377][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 53.422591][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.429814][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.441091][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 53.449716][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 53.459276][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 53.467650][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 53.481015][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 53.489212][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 53.501031][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 53.508758][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 53.516798][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 53.524387][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 53.532483][ T509] device veth0_vlan entered promiscuous mode [ 53.543573][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 53.551806][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 53.561052][ T509] device veth1_macvtap entered promiscuous mode [ 53.569602][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 53.577492][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 53.586727][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 53.597548][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 53.606130][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 53.633835][ T24] audit: type=1400 audit(1739562359.860:110): avc: denied { create } for pid=513 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 53.652486][ T514] ================================================================== [ 53.654288][ T24] audit: type=1400 audit(1739562359.880:111): avc: denied { write } for pid=513 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 53.661809][ T514] BUG: KASAN: slab-out-of-bounds in xfrm_policy_inexact_list_reinsert+0x5b0/0x660 [ 53.661820][ T514] Read of size 1 at addr ffff888117c3bbd8 by task syz.2.16/514 [ 53.661822][ T514] [ 53.661835][ T514] CPU: 1 PID: 514 Comm: syz.2.16 Not tainted 5.10.234-syzkaller-1006629-g6686f2996d23 #0 [ 53.661842][ T514] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 53.661851][ T514] Call Trace: [ 53.661867][ T514] dump_stack_lvl+0x1e2/0x24b [ 53.661877][ T514] ? printk+0xd1/0x111 [ 53.661887][ T514] ? bfq_pos_tree_add_move+0x43b/0x43b [ 53.661910][ T514] ? wake_up_klogd+0xb8/0xf0 [ 53.683346][ T24] audit: type=1400 audit(1739562359.880:112): avc: denied { nlmsg_write } for pid=513 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 53.690534][ T514] ? panic+0x812/0x812 [ 53.690549][ T514] print_address_description+0x81/0x3b0 [ 53.690572][ T514] ? stack_trace_save+0x113/0x1c0 [ 53.698253][ T24] audit: type=1400 audit(1739562359.880:113): avc: denied { create } for pid=513 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 53.700244][ T514] kasan_report+0x179/0x1c0 [ 53.700258][ T514] ? xfrm_policy_inexact_list_reinsert+0x5b0/0x660 [ 53.700279][ T514] ? xfrm_policy_inexact_list_reinsert+0x5b0/0x660 [ 53.711729][ T24] audit: type=1400 audit(1739562359.880:114): avc: denied { setopt } for pid=513 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 53.720446][ T514] __asan_report_load1_noabort+0x14/0x20 [ 53.720460][ T514] xfrm_policy_inexact_list_reinsert+0x5b0/0x660 [ 53.720480][ T514] ? ____kasan_kmalloc+0xed/0x110 [ 53.723908][ T24] audit: type=1400 audit(1739562359.880:115): avc: denied { write } for pid=513 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 53.728167][ T514] ? ____kasan_kmalloc+0xdb/0x110 [ 53.874186][ T514] xfrm_policy_inexact_insert_node+0x917/0xb00 [ 53.880176][ T514] ? xfrm_policy_inexact_alloc_bin+0x5ad/0x13f0 [ 53.886295][ T514] xfrm_policy_inexact_alloc_chain+0x4ec/0xaf0 [ 53.892277][ T514] xfrm_policy_inexact_insert+0x6a/0x1160 [ 53.898008][ T514] ? __kasan_check_write+0x14/0x20 [ 53.903208][ T514] ? _raw_spin_lock_bh+0xa4/0x1b0 [ 53.908070][ T514] ? policy_hash_bysel+0x137/0x700 [ 53.913153][ T514] xfrm_policy_insert+0xe7/0x940 [ 53.917997][ T514] xfrm_add_policy+0x4f2/0x980 [ 53.922701][ T514] ? cap_capable+0x1ce/0x270 [ 53.927126][ T514] ? xfrm_dump_sa_done+0xc0/0xc0 [ 53.931998][ T514] xfrm_user_rcv_msg+0x4e7/0x7c0 [ 53.936868][ T514] ? xfrm_netlink_rcv+0x90/0x90 [ 53.941554][ T514] ? stack_trace_save+0x113/0x1c0 [ 53.946454][ T514] ? avc_has_perm_noaudit+0x240/0x240 [ 53.951627][ T514] ? iov_iter_advance+0x258/0xb20 [ 53.956598][ T514] netlink_rcv_skb+0x1cf/0x410 [ 53.961167][ T514] ? xfrm_netlink_rcv+0x90/0x90 [ 53.965854][ T514] ? netlink_ack+0xb30/0xb30 [ 53.970284][ T514] ? mutex_trylock+0xa0/0xa0 [ 53.974795][ T514] ? __netlink_lookup+0x37b/0x3a0 [ 53.979822][ T514] xfrm_netlink_rcv+0x72/0x90 [ 53.984522][ T514] netlink_unicast+0x8df/0xac0 [ 53.989214][ T514] ? netlink_detachskb+0x90/0x90 [ 53.993985][ T514] ? security_netlink_send+0x7b/0xa0 [ 53.999191][ T514] netlink_sendmsg+0xa46/0xd00 [ 54.003890][ T514] ? netlink_getsockopt+0x5c0/0x5c0 [ 54.008958][ T514] ? security_socket_sendmsg+0x82/0xb0 [ 54.014226][ T514] ? netlink_getsockopt+0x5c0/0x5c0 [ 54.019469][ T514] ____sys_sendmsg+0x59e/0x8f0 [ 54.024140][ T514] ? __sys_sendmsg_sock+0x40/0x40 [ 54.029092][ T514] ? import_iovec+0xe5/0x120 [ 54.033527][ T514] ___sys_sendmsg+0x252/0x2e0 [ 54.038038][ T514] ? __sys_sendmsg+0x280/0x280 [ 54.042624][ T514] ? sock_setsockopt+0x1f96/0x2e00 [ 54.047657][ T514] ? __fdget+0x1bc/0x240 [ 54.051740][ T514] __se_sys_sendmsg+0x1b1/0x280 [ 54.056418][ T514] ? __x64_sys_sendmsg+0x90/0x90 [ 54.061198][ T514] ? fpu__clear_all+0x20/0x20 [ 54.066273][ T514] ? __kasan_check_read+0x11/0x20 [ 54.071129][ T514] __x64_sys_sendmsg+0x7b/0x90 [ 54.075886][ T514] do_syscall_64+0x34/0x70 [ 54.080157][ T514] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 54.085867][ T514] RIP: 0033:0x7f225829fd29 [ 54.090217][ T514] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 54.109982][ T514] RSP: 002b:00007f2257d12038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 54.118174][ T514] RAX: ffffffffffffffda RBX: 00007f22584b8fa0 RCX: 00007f225829fd29 [ 54.126081][ T514] RDX: 0000000000000000 RSI: 0000000020000580 RDI: 0000000000000003 [ 54.133879][ T514] RBP: 00007f22583212a0 R08: 0000000000000000 R09: 0000000000000000 [ 54.141696][ T514] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 54.149500][ T514] R13: 0000000000000000 R14: 00007f22584b8fa0 R15: 00007ffed5578968 [ 54.157314][ T514] [ 54.159481][ T514] Allocated by task 514: [ 54.163566][ T514] ____kasan_kmalloc+0xdb/0x110 [ 54.168252][ T514] __kasan_kmalloc+0x9/0x10 [ 54.172588][ T514] __kmalloc+0x1aa/0x330 [ 54.176687][ T514] sk_prot_alloc+0xbe/0x370 [ 54.181022][ T514] sk_alloc+0x38/0x4d0 [ 54.185139][ T514] pfkey_create+0x12c/0x620 [ 54.189455][ T514] __sock_create+0x3a6/0x760 [ 54.193905][ T514] __sys_socket+0x132/0x370 [ 54.198226][ T514] __x64_sys_socket+0x7a/0x90 [ 54.202745][ T514] do_syscall_64+0x34/0x70 [ 54.206993][ T514] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 54.212970][ T514] [ 54.215142][ T514] The buggy address belongs to the object at ffff888117c3b800 [ 54.215142][ T514] which belongs to the cache kmalloc-1k of size 1024 [ 54.229310][ T514] The buggy address is located 984 bytes inside of [ 54.229310][ T514] 1024-byte region [ffff888117c3b800, ffff888117c3bc00) [ 54.242672][ T514] The buggy address belongs to the page: [ 54.248462][ T514] page:ffffea00045f0e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x117c38 [ 54.258751][ T514] head:ffffea00045f0e00 order:3 compound_mapcount:0 compound_pincount:0 [ 54.267205][ T514] flags: 0x4000000000010200(slab|head) [ 54.272580][ T514] raw: 4000000000010200 ffffea00045e8000 0000000300000003 ffff888100042f00 [ 54.281190][ T514] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 54.289799][ T514] page dumped because: kasan: bad access detected [ 54.296313][ T514] page_owner tracks the page as allocated [ 54.302121][ T514] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 95, ts 5613131789, free_ts 0 [ 54.320056][ T514] prep_new_page+0x166/0x180 [ 54.324550][ T514] get_page_from_freelist+0x2d8c/0x2f30 [ 54.330291][ T514] __alloc_pages_nodemask+0x435/0xaf0 [ 54.335510][ T514] new_slab+0x80/0x400 [ 54.339665][ T514] ___slab_alloc+0x302/0x4b0 [ 54.344091][ T514] __slab_alloc+0x63/0xa0 [ 54.348482][ T514] __kmalloc_track_caller+0x1f8/0x320 [ 54.353708][ T514] __alloc_skb+0xbc/0x510 [ 54.357843][ T514] netlink_sendmsg+0x7a4/0xd00 [ 54.362625][ T514] ____sys_sendmsg+0x59e/0x8f0 [ 54.367205][ T514] ___sys_sendmsg+0x252/0x2e0 [ 54.371951][ T514] __se_sys_sendmsg+0x1b1/0x280 [ 54.376719][ T514] __x64_sys_sendmsg+0x7b/0x90 [ 54.381563][ T514] do_syscall_64+0x34/0x70 [ 54.385835][ T514] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 54.391826][ T514] page_owner free stack trace missing [ 54.397034][ T514] [ 54.399544][ T514] Memory state around the buggy address: [ 54.405041][ T514] ffff888117c3ba80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 54.413117][ T514] ffff888117c3bb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 54.421089][ T514] >ffff888117c3bb80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 54.429192][ T514] ^ [ 54.436241][ T514] ffff888117c3bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.444408][ T514] ffff888117c3bc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.452833][ T514] ================================================================== [ 54.461107][ T514] Disabling lock debugging due to kernel taint [ 54.853236][ T49] device bridge_slave_1 left promiscuous mode [ 54.859918][ T49] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.867761][ T49] device bridge_slave_0 left promiscuous mode [ 54.874197][ T49] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.884802][ T49] device veth1_macvtap left promiscuous mode [ 54.890725][ T49] device veth0_vlan left promiscuous mode 2025/02/14 19:46:04 executed programs: 222 2025/02/14 19:46:09 executed programs: 524