Warning: Permanently added '10.128.1.68' (ED25519) to the list of known hosts. 2025/02/14 22:52:13 ignoring optional flag "sandboxArg"="0" 2025/02/14 22:52:13 parsed 1 programs [ 53.940827][ T30] kauditd_printk_skb: 32 callbacks suppressed [ 53.940843][ T30] audit: type=1400 audit(1739573535.017:108): avc: denied { unlink } for pid=411 comm="syz-executor" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 53.983430][ T411] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 54.542261][ T422] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.549132][ T422] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.556761][ T422] device bridge_slave_0 entered promiscuous mode [ 54.569393][ T422] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.576395][ T422] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.583773][ T422] device bridge_slave_1 entered promiscuous mode [ 54.629283][ T422] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.636158][ T422] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.643292][ T422] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.650338][ T422] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.675134][ T332] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.683211][ T332] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.691426][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.699327][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.724843][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.736915][ T332] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.743926][ T332] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.751330][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.759554][ T332] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.766624][ T332] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.779249][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 54.788715][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 54.805097][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 54.817429][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 54.825630][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 54.833843][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 54.842997][ T422] device veth0_vlan entered promiscuous mode [ 54.855299][ T422] device veth1_macvtap entered promiscuous mode [ 54.862079][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 54.873887][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 54.883392][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 55.124757][ T30] audit: type=1401 audit(1739573536.197:109): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768" [ 55.422048][ T10] device bridge_slave_1 left promiscuous mode [ 55.428046][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.440514][ T10] device bridge_slave_0 left promiscuous mode [ 55.446698][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.462288][ T10] device veth1_macvtap left promiscuous mode [ 55.468335][ T10] device veth0_vlan left promiscuous mode 2025/02/14 22:52:16 executed programs: 0 [ 55.698239][ T475] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.705676][ T475] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.713022][ T475] device bridge_slave_0 entered promiscuous mode [ 55.719860][ T475] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.726972][ T475] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.734114][ T475] device bridge_slave_1 entered promiscuous mode [ 55.788498][ T475] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.795506][ T475] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.802658][ T475] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.809429][ T475] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.828726][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.836662][ T332] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.843936][ T332] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.854942][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.863200][ T332] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.870043][ T332] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.877391][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.885661][ T332] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.893033][ T332] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.905368][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 55.914539][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 55.928145][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 55.939755][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 55.948075][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 55.955692][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 55.964233][ T475] device veth0_vlan entered promiscuous mode [ 55.974199][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 55.983112][ T475] device veth1_macvtap entered promiscuous mode [ 55.992388][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 56.002405][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 56.028193][ T30] audit: type=1400 audit(1739573537.097:110): avc: denied { create } for pid=479 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 56.043179][ T480] ================================================================== [ 56.055019][ T480] BUG: KASAN: slab-out-of-bounds in xfrm_policy_inexact_list_reinsert+0x5b0/0x660 [ 56.064044][ T480] Read of size 1 at addr ffff8881181803f8 by task syz.2.16/480 [ 56.071418][ T480] [ 56.073603][ T480] CPU: 0 PID: 480 Comm: syz.2.16 Not tainted 5.15.178-syzkaller-1079134-g058abb720bd1 #0 [ 56.083220][ T480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 56.093217][ T480] Call Trace: [ 56.096326][ T480] [ 56.099109][ T480] dump_stack_lvl+0x151/0x1c0 [ 56.103629][ T480] ? io_uring_drop_tctx_refs+0x190/0x190 [ 56.109085][ T480] ? panic+0x760/0x760 [ 56.112994][ T480] print_address_description+0x87/0x3b0 [ 56.118461][ T480] ? stack_trace_save+0x113/0x1c0 [ 56.123318][ T480] ? ___sys_sendmsg+0x252/0x2e0 [ 56.128034][ T480] kasan_report+0x179/0x1c0 [ 56.132457][ T480] ? xfrm_policy_inexact_list_reinsert+0x5b0/0x660 [ 56.138786][ T480] ? xfrm_policy_inexact_list_reinsert+0x5b0/0x660 [ 56.145121][ T480] __asan_report_load1_noabort+0x14/0x20 [ 56.150587][ T480] xfrm_policy_inexact_list_reinsert+0x5b0/0x660 [ 56.156752][ T480] ? ____kasan_kmalloc+0xed/0x110 [ 56.161609][ T480] ? ____kasan_kmalloc+0xdb/0x110 [ 56.166568][ T480] ? xfrm_policy_addr_delta+0x23b/0x370 [ 56.171946][ T480] xfrm_policy_inexact_insert_node+0x917/0xb00 [ 56.177933][ T480] ? entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 56.183935][ T480] ? xfrm_policy_inexact_alloc_bin+0x5ad/0x13f0 [ 56.190010][ T480] xfrm_policy_inexact_alloc_chain+0x4ec/0xaf0 [ 56.196002][ T480] xfrm_policy_inexact_insert+0x6a/0x1160 [ 56.201779][ T480] ? __kasan_check_write+0x14/0x20 [ 56.206729][ T480] ? _raw_spin_lock_bh+0xa4/0x1b0 [ 56.211675][ T480] ? policy_hash_bysel+0x137/0x700 [ 56.216707][ T480] xfrm_policy_insert+0xe7/0x940 [ 56.221490][ T480] xfrm_add_policy+0x4f2/0x980 [ 56.226081][ T480] ? cap_capable+0x1d2/0x270 [ 56.230508][ T480] ? xfrm_dump_sa_done+0xc0/0xc0 [ 56.235293][ T480] xfrm_user_rcv_msg+0x4f3/0x7d0 [ 56.240259][ T480] ? xfrm_netlink_rcv+0x90/0x90 [ 56.244942][ T480] ? avc_has_perm+0x16f/0x260 [ 56.249448][ T480] ? ____kasan_kmalloc+0xed/0x110 [ 56.254313][ T480] ? avc_has_perm_noaudit+0x430/0x430 [ 56.259522][ T480] ? x64_sys_call+0x16a/0x9a0 [ 56.264031][ T480] netlink_rcv_skb+0x1cf/0x410 [ 56.268639][ T480] ? xfrm_netlink_rcv+0x90/0x90 [ 56.273318][ T480] ? netlink_ack+0xb10/0xb10 [ 56.278181][ T480] ? mutex_lock+0xb6/0x1e0 [ 56.282431][ T480] ? wait_for_completion_killable_timeout+0x10/0x10 [ 56.288937][ T480] ? __netlink_lookup+0x37b/0x3a0 [ 56.293800][ T480] xfrm_netlink_rcv+0x72/0x90 [ 56.298313][ T480] netlink_unicast+0x8df/0xac0 [ 56.303003][ T480] ? netlink_detachskb+0x90/0x90 [ 56.307772][ T480] ? security_netlink_send+0x7b/0xa0 [ 56.312982][ T480] netlink_sendmsg+0xa0a/0xd20 [ 56.317579][ T480] ? netlink_getsockopt+0x560/0x560 [ 56.322704][ T480] ? x64_sys_call+0x147/0x9a0 [ 56.327214][ T480] ? security_socket_sendmsg+0x82/0xb0 [ 56.332505][ T480] ? netlink_getsockopt+0x560/0x560 [ 56.337540][ T480] ____sys_sendmsg+0x59e/0x8f0 [ 56.342151][ T480] ? __sys_sendmsg_sock+0x40/0x40 [ 56.347002][ T480] ? import_iovec+0xe5/0x120 [ 56.351430][ T480] ___sys_sendmsg+0x252/0x2e0 [ 56.355941][ T480] ? __sys_sendmsg+0x260/0x260 [ 56.360547][ T480] ? percpu_counter_add_batch+0x13d/0x160 [ 56.366211][ T480] ? __fdget+0x1bc/0x240 [ 56.370285][ T480] __se_sys_sendmsg+0x19a/0x260 [ 56.374975][ T480] ? __x64_sys_sendmsg+0x90/0x90 [ 56.379745][ T480] ? __kasan_check_write+0x14/0x20 [ 56.384687][ T480] ? switch_fpu_return+0x15f/0x2e0 [ 56.389639][ T480] __x64_sys_sendmsg+0x7b/0x90 [ 56.394235][ T480] x64_sys_call+0x16a/0x9a0 [ 56.398605][ T480] do_syscall_64+0x3b/0xb0 [ 56.402916][ T480] ? clear_bhb_loop+0x35/0x90 [ 56.407477][ T480] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 56.413262][ T480] RIP: 0033:0x7f06fd4fbda9 [ 56.417604][ T480] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 56.437616][ T480] RSP: 002b:00007f06fcf6e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 56.445920][ T480] RAX: ffffffffffffffda RBX: 00007f06fd714fa0 RCX: 00007f06fd4fbda9 [ 56.453701][ T480] RDX: 0000000000004000 RSI: 0000000020000580 RDI: 0000000000000005 [ 56.461687][ T480] RBP: 00007f06fd57d2a0 R08: 0000000000000000 R09: 0000000000000000 [ 56.469518][ T480] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 56.477325][ T480] R13: 0000000000000000 R14: 00007f06fd714fa0 R15: 00007ffe3a184e78 [ 56.485207][ T480] [ 56.488069][ T480] [ 56.490239][ T480] Allocated by task 480: [ 56.494316][ T480] ____kasan_kmalloc+0xdb/0x110 [ 56.499008][ T480] __kasan_kmalloc+0x9/0x10 [ 56.503342][ T480] __kmalloc+0x13f/0x2c0 [ 56.507429][ T480] sk_prot_alloc+0xf9/0x330 [ 56.511943][ T480] sk_alloc+0x38/0x430 [ 56.515852][ T480] pfkey_create+0x12c/0x620 [ 56.520197][ T480] __sock_create+0x3be/0x7e0 [ 56.524615][ T480] __sys_socket+0x132/0x370 [ 56.528984][ T480] __x64_sys_socket+0x7a/0x90 [ 56.533476][ T480] x64_sys_call+0x147/0x9a0 [ 56.537807][ T480] do_syscall_64+0x3b/0xb0 [ 56.542062][ T480] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 56.547792][ T480] [ 56.549962][ T480] The buggy address belongs to the object at ffff888118180000 [ 56.549962][ T480] which belongs to the cache kmalloc-1k of size 1024 [ 56.563845][ T480] The buggy address is located 1016 bytes inside of [ 56.563845][ T480] 1024-byte region [ffff888118180000, ffff888118180400) [ 56.577141][ T480] The buggy address belongs to the page: [ 56.582606][ T480] page:ffffea0004606000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x118180 [ 56.592677][ T480] head:ffffea0004606000 order:3 compound_mapcount:0 compound_pincount:0 [ 56.601516][ T480] flags: 0x4000000000010200(slab|head|zone=1) [ 56.607423][ T480] raw: 4000000000010200 0000000000000000 dead000000000122 ffff888100043080 [ 56.615840][ T480] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 56.624253][ T480] page dumped because: kasan: bad access detected [ 56.630512][ T480] page_owner tracks the page as allocated [ 56.636059][ T480] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 480, ts 56041239543, free_ts 55937497385 [ 56.656368][ T480] post_alloc_hook+0x1a3/0x1b0 [ 56.661063][ T480] prep_new_page+0x1b/0x110 [ 56.665396][ T480] get_page_from_freelist+0x3550/0x35d0 [ 56.671022][ T480] __alloc_pages+0x27e/0x8f0 [ 56.675477][ T480] new_slab+0x9a/0x4e0 [ 56.679351][ T480] ___slab_alloc+0x39e/0x830 [ 56.683778][ T480] __slab_alloc+0x4a/0x90 [ 56.687942][ T480] __kmalloc+0x172/0x2c0 [ 56.692026][ T480] sk_prot_alloc+0xf9/0x330 [ 56.696535][ T480] sk_alloc+0x38/0x430 [ 56.700443][ T480] pfkey_create+0x12c/0x620 [ 56.704785][ T480] __sock_create+0x3be/0x7e0 [ 56.709210][ T480] __sys_socket+0x132/0x370 [ 56.713546][ T480] __x64_sys_socket+0x7a/0x90 [ 56.718151][ T480] x64_sys_call+0x147/0x9a0 [ 56.722492][ T480] do_syscall_64+0x3b/0xb0 [ 56.726742][ T480] page last free stack trace: [ 56.731253][ T480] free_unref_page_prepare+0x7c8/0x7d0 [ 56.736548][ T480] free_unref_page+0xe8/0x750 [ 56.741059][ T480] __free_pages+0x61/0xf0 [ 56.745407][ T480] __free_slab+0xec/0x1d0 [ 56.749565][ T480] __unfreeze_partials+0x165/0x1a0 [ 56.754518][ T480] put_cpu_partial+0xc4/0x120 [ 56.759027][ T480] __slab_free+0x1c8/0x290 [ 56.763364][ T480] ___cache_free+0x109/0x120 [ 56.767799][ T480] qlink_free+0x4d/0x90 [ 56.771782][ T480] qlist_free_all+0x44/0xb0 [ 56.776210][ T480] kasan_quarantine_reduce+0x15a/0x180 [ 56.781705][ T480] __kasan_slab_alloc+0x2f/0xe0 [ 56.786363][ T480] slab_post_alloc_hook+0x53/0x2c0 [ 56.791423][ T480] kmem_cache_alloc+0xf5/0x250 [ 56.796169][ T480] __alloc_skb+0xbe/0x550 [ 56.800520][ T480] netlink_ack+0x33c/0xb10 [ 56.804775][ T480] [ 56.806941][ T480] Memory state around the buggy address: [ 56.812612][ T480] ffff888118180280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 56.820702][ T480] ffff888118180300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 56.828591][ T480] >ffff888118180380: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 56.836564][ T480] ^ [ 56.844387][ T480] ffff888118180400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 56.852276][ T480] ffff888118180480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 56.860255][ T480] ================================================================== [ 56.868160][ T480] Disabling lock debugging due to kernel taint [ 56.882286][ T30] audit: type=1400 audit(1739573537.117:111): avc: denied { setopt } for pid=479 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 56.901675][ T30] audit: type=1400 audit(1739573537.117:112): avc: denied { write } for pid=479 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 56.920985][ T30] audit: type=1400 audit(1739573537.117:113): avc: denied { create } for pid=479 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 56.941786][ T30] audit: type=1400 audit(1739573537.117:114): avc: denied { write } for pid=479 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 56.961532][ T30] audit: type=1400 audit(1739573537.117:115): avc: denied { nlmsg_write } for pid=479 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 56.982124][ T30] audit: type=1400 audit(1739573538.037:116): avc: denied { append } for pid=83 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 57.004553][ T30] audit: type=1400 audit(1739573538.037:117): avc: denied { open } for pid=83 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 2025/02/14 22:52:21 executed programs: 223 2025/02/14 22:52:26 executed programs: 522