Warning: Permanently added '10.128.0.212' (ED25519) to the list of known hosts.
2025/06/06 14:24:10 ignoring optional flag "sandboxArg"="0"
2025/06/06 14:24:11 parsed 1 programs
[   51.435880][   T24] kauditd_printk_skb: 30 callbacks suppressed
[   51.435894][   T24] audit: type=1400 audit(1749219852.410:104): avc:  denied  { unlink } for  pid=409 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   51.517347][  T409] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   51.927102][  T421] bridge0: port 1(bridge_slave_0) entered blocking state
[   51.935203][  T421] bridge0: port 1(bridge_slave_0) entered disabled state
[   51.943061][  T421] device bridge_slave_0 entered promiscuous mode
[   51.951242][  T421] bridge0: port 2(bridge_slave_1) entered blocking state
[   51.958291][  T421] bridge0: port 2(bridge_slave_1) entered disabled state
[   51.965918][  T421] device bridge_slave_1 entered promiscuous mode
[   52.014662][  T421] bridge0: port 2(bridge_slave_1) entered blocking state
[   52.021864][  T421] bridge0: port 2(bridge_slave_1) entered forwarding state
[   52.029406][  T421] bridge0: port 1(bridge_slave_0) entered blocking state
[   52.037272][  T421] bridge0: port 1(bridge_slave_0) entered forwarding state
[   52.060227][    T7] bridge0: port 1(bridge_slave_0) entered disabled state
[   52.067952][    T7] bridge0: port 2(bridge_slave_1) entered disabled state
[   52.076182][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   52.084527][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   52.094413][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   52.102938][    T7] bridge0: port 1(bridge_slave_0) entered blocking state
[   52.110032][    T7] bridge0: port 1(bridge_slave_0) entered forwarding state
[   52.118981][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   52.127391][    T7] bridge0: port 2(bridge_slave_1) entered blocking state
[   52.134724][    T7] bridge0: port 2(bridge_slave_1) entered forwarding state
[   52.147781][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   52.157945][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   52.173123][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   52.186278][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   52.194538][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   52.202737][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   52.211411][  T421] device veth0_vlan entered promiscuous mode
[   52.221663][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   52.230878][  T421] device veth1_macvtap entered promiscuous mode
[   52.241437][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   52.251707][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   52.331213][   T24] audit: type=1401 audit(1749219853.310:105): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
[   52.390014][   T24] audit: type=1400 audit(1749219853.360:106): avc:  denied  { create } for  pid=438 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
2025/06/06 14:24:13 executed programs: 0
[   52.929683][   T24] audit: type=1400 audit(1749219853.900:107): avc:  denied  { write } for  pid=404 comm="syz-execprog" path="pipe:[14805]" dev="pipefs" ino=14805 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[   52.955575][   T48] device bridge_slave_1 left promiscuous mode
[   52.961862][   T48] bridge0: port 2(bridge_slave_1) entered disabled state
[   52.969479][   T48] device bridge_slave_0 left promiscuous mode
[   52.976152][   T48] bridge0: port 1(bridge_slave_0) entered disabled state
[   52.984334][   T48] device veth1_macvtap left promiscuous mode
[   52.990978][   T48] device veth0_vlan left promiscuous mode
[   53.106697][  T471] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.113873][  T471] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.121308][  T471] device bridge_slave_0 entered promiscuous mode
[   53.128396][  T471] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.136051][  T471] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.144421][  T471] device bridge_slave_1 entered promiscuous mode
[   53.182080][  T471] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.189319][  T471] bridge0: port 2(bridge_slave_1) entered forwarding state
[   53.196697][  T471] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.203856][  T471] bridge0: port 1(bridge_slave_0) entered forwarding state
[   53.222292][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   53.229927][    T7] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.237513][    T7] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.246986][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   53.255680][    T7] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.262905][    T7] bridge0: port 1(bridge_slave_0) entered forwarding state
[   53.272031][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   53.280314][    T7] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.287354][    T7] bridge0: port 2(bridge_slave_1) entered forwarding state
[   53.299189][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   53.309881][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   53.323152][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   53.334713][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   53.343236][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   53.351603][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   53.360259][  T471] device veth0_vlan entered promiscuous mode
[   53.372162][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   53.382004][  T471] device veth1_macvtap entered promiscuous mode
[   53.393072][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   53.413260][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   53.425345][   T24] audit: type=1400 audit(1749219854.400:108): avc:  denied  { create } for  pid=475 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   53.448288][   T24] audit: type=1400 audit(1749219854.430:109): avc:  denied  { write } for  pid=475 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   53.449725][  T476] ==================================================================
[   53.469649][   T24] audit: type=1400 audit(1749219854.430:110): avc:  denied  { nlmsg_write } for  pid=475 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   53.477575][  T476] BUG: KASAN: slab-out-of-bounds in xfrm_policy_inexact_list_reinsert+0x620/0x6d0
[   53.477587][  T476] Read of size 1 at addr ffff8881172abbd8 by task syz.2.16/476
[   53.477589][  T476] 
[   53.477608][  T476] CPU: 0 PID: 476 Comm: syz.2.16 Not tainted 5.10.238-syzkaller-1007479-gd76d4cd0623a #0
[   53.477614][  T476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   53.477630][  T476] Call Trace:
[   53.499055][   T24] audit: type=1400 audit(1749219854.430:111): avc:  denied  { create } for  pid=475 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   53.508016][  T476]  __dump_stack+0x21/0x24
[   53.508029][  T476]  dump_stack_lvl+0x169/0x1d8
[   53.508041][  T476]  ? show_regs_print_info+0x18/0x18
[   53.508053][  T476]  ? thaw_kernel_threads+0x220/0x220
[   53.508066][  T476]  ? unwind_get_return_address+0x4d/0x90
[   53.508077][  T476]  print_address_description+0x7f/0x2c0
[   53.508100][  T476]  ? xfrm_policy_inexact_list_reinsert+0x620/0x6d0
[   53.516746][   T24] audit: type=1400 audit(1749219854.430:112): avc:  denied  { setopt } for  pid=475 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   53.518530][  T476]  kasan_report+0xe2/0x130
[   53.529261][   T24] audit: type=1400 audit(1749219854.430:113): avc:  denied  { write } for  pid=475 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   53.539543][  T476]  ? xfrm_policy_inexact_list_reinsert+0x620/0x6d0
[   53.539558][  T476]  __asan_report_load1_noabort+0x14/0x20
[   53.539570][  T476]  xfrm_policy_inexact_list_reinsert+0x620/0x6d0
[   53.539583][  T476]  xfrm_policy_inexact_insert_node+0x938/0xb50
[   53.539602][  T476]  ? xfrm_netlink_rcv+0x72/0x90
[   53.679040][  T476]  ? netlink_unicast+0x87c/0xa40
[   53.684428][  T476]  ? ____sys_sendmsg+0x5a2/0x8c0
[   53.689619][  T476]  ? do_syscall_64+0x31/0x40
[   53.694814][  T476]  xfrm_policy_inexact_alloc_chain+0x53a/0xb30
[   53.700968][  T476]  xfrm_policy_inexact_insert+0x70/0x1130
[   53.706713][  T476]  ? __get_hash_thresh+0x10c/0x420
[   53.711824][  T476]  ? policy_hash_bysel+0x110/0x4f0
[   53.717318][  T476]  xfrm_policy_insert+0x126/0x9a0
[   53.722455][  T476]  ? xfrm_policy_construct+0x54f/0x1f00
[   53.728084][  T476]  xfrm_add_policy+0x4d1/0x830
[   53.732950][  T476]  ? xfrm_dump_sa_done+0xc0/0xc0
[   53.737874][  T476]  xfrm_user_rcv_msg+0x450/0x6d0
[   53.742936][  T476]  ? xfrm_netlink_rcv+0x90/0x90
[   53.747783][  T476]  ? selinux_nlmsg_lookup+0x219/0x4a0
[   53.753442][  T476]  netlink_rcv_skb+0x1e0/0x430
[   53.758194][  T476]  ? xfrm_netlink_rcv+0x90/0x90
[   53.763211][  T476]  ? netlink_ack+0xb80/0xb80
[   53.767884][  T476]  ? mutex_trylock+0xa0/0xa0
[   53.772461][  T476]  ? __netlink_lookup+0x387/0x3b0
[   53.777480][  T476]  xfrm_netlink_rcv+0x72/0x90
[   53.782377][  T476]  netlink_unicast+0x87c/0xa40
[   53.787213][  T476]  netlink_sendmsg+0x88d/0xb30
[   53.792015][  T476]  ? netlink_getsockopt+0x530/0x530
[   53.797388][  T476]  ? security_socket_sendmsg+0x82/0xa0
[   53.803137][  T476]  ? netlink_getsockopt+0x530/0x530
[   53.808698][  T476]  ____sys_sendmsg+0x5a2/0x8c0
[   53.814121][  T476]  ? __sys_sendmsg_sock+0x40/0x40
[   53.819574][  T476]  ? import_iovec+0x7c/0xb0
[   53.824204][  T476]  ___sys_sendmsg+0x1f0/0x260
[   53.828986][  T476]  ? __sys_sendmsg+0x250/0x250
[   53.834009][  T476]  ? __fdget+0x1a1/0x230
[   53.838237][  T476]  __x64_sys_sendmsg+0x1e2/0x2a0
[   53.843251][  T476]  ? ___sys_sendmsg+0x260/0x260
[   53.848398][  T476]  ? switch_fpu_return+0x197/0x340
[   53.853750][  T476]  do_syscall_64+0x31/0x40
[   53.858428][  T476]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   53.864415][  T476] RIP: 0033:0x7ff908b31d29
[   53.869097][  T476] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   53.889347][  T476] RSP: 002b:00007ff9085a4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   53.898406][  T476] RAX: ffffffffffffffda RBX: 00007ff908d4afa0 RCX: 00007ff908b31d29
[   53.906614][  T476] RDX: 0000000000000000 RSI: 0000000020000580 RDI: 0000000000000003
[   53.916275][  T476] RBP: 00007ff908bb32a0 R08: 0000000000000000 R09: 0000000000000000
[   53.924701][  T476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   53.933027][  T476] R13: 0000000000000000 R14: 00007ff908d4afa0 R15: 00007ffe636646b8
[   53.941259][  T476] 
[   53.943577][  T476] Allocated by task 476:
[   53.948103][  T476]  __kasan_kmalloc+0xda/0x110
[   53.953417][  T476]  __kmalloc+0x1a7/0x330
[   53.957653][  T476]  sk_prot_alloc+0xb2/0x340
[   53.962429][  T476]  sk_alloc+0x38/0x4e0
[   53.966842][  T476]  pfkey_create+0x12a/0x660
[   53.971998][  T476]  __sock_create+0x38d/0x770
[   53.976759][  T476]  __sys_socket+0xec/0x190
[   53.981987][  T476]  __x64_sys_socket+0x7a/0x90
[   53.987118][  T476]  do_syscall_64+0x31/0x40
[   53.991622][  T476]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   53.997681][  T476] 
[   54.000304][  T476] The buggy address belongs to the object at ffff8881172ab800
[   54.000304][  T476]  which belongs to the cache kmalloc-1k of size 1024
[   54.014741][  T476] The buggy address is located 984 bytes inside of
[   54.014741][  T476]  1024-byte region [ffff8881172ab800, ffff8881172abc00)
[   54.028439][  T476] The buggy address belongs to the page:
[   54.034397][  T476] page:ffffea00045caa00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1172a8
[   54.044717][  T476] head:ffffea00045caa00 order:3 compound_mapcount:0 compound_pincount:0
[   54.053333][  T476] flags: 0x4000000000010200(slab|head)
[   54.059469][  T476] raw: 4000000000010200 dead000000000100 dead000000000122 ffff888100042f00
[   54.068182][  T476] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   54.076928][  T476] page dumped because: kasan: bad access detected
[   54.083582][  T476] page_owner tracks the page as allocated
[   54.089300][  T476] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d2a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 476, ts 53447784805, free_ts 53424163907
[   54.109238][  T476]  prep_new_page+0x179/0x180
[   54.113826][  T476]  get_page_from_freelist+0x2235/0x23d0
[   54.119458][  T476]  __alloc_pages_nodemask+0x268/0x5f0
[   54.125254][  T476]  new_slab+0x84/0x3f0
[   54.129310][  T476]  ___slab_alloc+0x2a6/0x450
[   54.133898][  T476]  __slab_alloc+0x63/0xa0
[   54.138256][  T476]  __kmalloc_track_caller+0x1ef/0x320
[   54.144277][  T476]  __alloc_skb+0xdc/0x520
[   54.149333][  T476]  xfrm_send_policy_notify+0x309/0x1e90
[   54.154882][  T476]  km_policy_notify+0x71/0xd0
[   54.159728][  T476]  xfrm_add_policy+0x5a9/0x830
[   54.164514][  T476]  xfrm_user_rcv_msg+0x450/0x6d0
[   54.169903][  T476]  netlink_rcv_skb+0x1e0/0x430
[   54.174733][  T476]  xfrm_netlink_rcv+0x72/0x90
[   54.179597][  T476]  netlink_unicast+0x87c/0xa40
[   54.184670][  T476]  netlink_sendmsg+0x88d/0xb30
[   54.189511][  T476] page last free stack trace:
[   54.194292][  T476]  __free_pages_ok+0x7fc/0x820
[   54.199756][  T476]  __free_pages+0xdd/0x380
[   54.204638][  T476]  __free_slab+0xcf/0x190
[   54.209151][  T476]  unfreeze_partials+0x15f/0x190
[   54.214401][  T476]  put_cpu_partial+0xc1/0x180
[   54.219278][  T476]  __slab_free+0x2c9/0x3a0
[   54.224867][  T476]  ___cache_free+0x111/0x130
[   54.230828][  T476]  qlink_free+0x50/0x90
[   54.235057][  T476]  qlist_free_all+0x5f/0xb0
[   54.240364][  T476]  kasan_quarantine_reduce+0x14a/0x160
[   54.246280][  T476]  __kasan_slab_alloc+0x2f/0xf0
[   54.251820][  T476]  slab_post_alloc_hook+0x5d/0x2f0
[   54.257183][  T476]  kmem_cache_alloc+0x165/0x2e0
[   54.262048][  T476]  getname_flags+0xb9/0x500
[   54.266920][  T476]  do_symlinkat+0x48/0x3b0
[   54.271355][  T476]  __x64_sys_symlinkat+0x7b/0x90
[   54.276378][  T476] 
[   54.278694][  T476] Memory state around the buggy address:
[   54.284348][  T476]  ffff8881172aba80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   54.292594][  T476]  ffff8881172abb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   54.300787][  T476] >ffff8881172abb80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   54.309071][  T476]                                                     ^
[   54.316529][  T476]  ffff8881172abc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   54.324810][  T476]  ffff8881172abc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   54.333806][  T476] ==================================================================
[   54.342858][  T476] Disabling lock debugging due to kernel taint
2025/06/06 14:24:18 executed programs: 216
2025/06/06 14:24:23 executed programs: 518