Warning: Permanently added '10.128.1.183' (ED25519) to the list of known hosts. 2025/07/17 17:45:13 ignoring optional flag "sandboxArg"="0" 2025/07/17 17:45:14 parsed 1 programs [ 52.042802][ T30] kauditd_printk_skb: 30 callbacks suppressed [ 52.042820][ T30] audit: type=1400 audit(1752774315.877:104): avc: denied { unlink } for pid=393 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 52.082419][ T393] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 52.603898][ T30] audit: type=1401 audit(1752774316.437:105): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768" [ 52.689828][ T30] audit: type=1400 audit(1752774316.517:106): avc: denied { create } for pid=415 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 53.201773][ T443] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.209447][ T443] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.217052][ T443] device bridge_slave_0 entered promiscuous mode [ 53.224240][ T443] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.231306][ T443] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.238889][ T443] device bridge_slave_1 entered promiscuous mode [ 53.287452][ T443] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.294683][ T443] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.302238][ T443] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.309334][ T443] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.328404][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 53.336029][ T326] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.343427][ T326] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.353363][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 53.361831][ T326] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.369015][ T326] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.377722][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 53.386192][ T326] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.393354][ T326] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.405639][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 53.420215][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 53.435044][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 53.454088][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 53.462530][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 53.470051][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 53.478467][ T443] device veth0_vlan entered promiscuous mode [ 53.489001][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 53.505041][ T443] device veth1_macvtap entered promiscuous mode [ 53.514778][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 53.525455][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 2025/07/17 17:45:17 executed programs: 0 [ 53.726684][ T30] audit: type=1400 audit(1752774317.557:107): avc: denied { write } for pid=384 comm="syz-execprog" path="pipe:[15511]" dev="pipefs" ino=15511 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 53.780536][ T459] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.788054][ T459] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.795526][ T459] device bridge_slave_0 entered promiscuous mode [ 53.802619][ T459] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.810126][ T459] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.818215][ T459] device bridge_slave_1 entered promiscuous mode [ 53.874748][ T459] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.881809][ T459] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.889135][ T459] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.896383][ T459] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.916080][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 53.925011][ T326] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.932759][ T326] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.942837][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 53.951604][ T326] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.958805][ T326] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.967391][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 53.975735][ T326] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.982968][ T326] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.996648][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 54.005291][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 54.022171][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 54.030382][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 54.038631][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 54.047554][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 54.060362][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 54.068515][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 54.076984][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 54.085039][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 54.093876][ T459] device veth0_vlan entered promiscuous mode [ 54.105576][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 54.113896][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 54.123350][ T459] device veth1_macvtap entered promiscuous mode [ 54.132346][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 54.140552][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 54.149162][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 54.159218][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 54.167703][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 54.194017][ T471] ================================================================== [ 54.202234][ T30] audit: type=1400 audit(1752774318.027:108): avc: denied { create } for pid=470 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 54.202334][ T471] BUG: KASAN: slab-out-of-bounds in xfrm_policy_inexact_list_reinsert+0x620/0x6d0 [ 54.222314][ T30] audit: type=1400 audit(1752774318.027:109): avc: denied { setopt } for pid=470 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 54.230726][ T471] Read of size 1 at addr ffff888112f5fbf8 by task syz.2.16/471 [ 54.250232][ T30] audit: type=1400 audit(1752774318.027:110): avc: denied { write } for pid=470 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 54.257353][ T471] [ 54.257372][ T471] CPU: 1 PID: 471 Comm: syz.2.16 Not tainted 5.15.188-syzkaller-1081189-g6b619c45dff5 #0 [ 54.257393][ T471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 54.257412][ T471] Call Trace: [ 54.257418][ T471] [ 54.257425][ T471] __dump_stack+0x21/0x30 [ 54.278694][ T30] audit: type=1400 audit(1752774318.027:111): avc: denied { create } for pid=470 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 54.278763][ T471] dump_stack_lvl+0xee/0x150 [ 54.288786][ T30] audit: type=1400 audit(1752774318.027:112): avc: denied { write } for pid=470 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 54.298614][ T471] ? show_regs_print_info+0x20/0x20 [ 54.298638][ T471] ? load_image+0x3a0/0x3a0 [ 54.302238][ T30] audit: type=1400 audit(1752774318.027:113): avc: denied { nlmsg_write } for pid=470 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 54.304862][ T471] ? unwind_get_return_address+0x4d/0x90 [ 54.389133][ T471] print_address_description+0x7f/0x2c0 [ 54.394700][ T471] ? xfrm_policy_inexact_list_reinsert+0x620/0x6d0 [ 54.401377][ T471] kasan_report+0xf1/0x140 [ 54.405795][ T471] ? xfrm_policy_inexact_list_reinsert+0x620/0x6d0 [ 54.412300][ T471] __asan_report_load1_noabort+0x14/0x20 [ 54.417963][ T471] xfrm_policy_inexact_list_reinsert+0x620/0x6d0 [ 54.424313][ T471] xfrm_policy_inexact_insert_node+0x938/0xb50 [ 54.430562][ T471] ? xfrm_netlink_rcv+0x72/0x90 [ 54.435492][ T471] ? netlink_unicast+0x87c/0xa40 [ 54.440430][ T471] ? netlink_sendmsg+0x86a/0xb70 [ 54.445364][ T471] ? ____sys_sendmsg+0x5a2/0x8c0 [ 54.450304][ T471] ? ___sys_sendmsg+0x1f0/0x260 [ 54.455149][ T471] ? x64_sys_call+0x4b/0x9a0 [ 54.459757][ T471] ? entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 54.465826][ T471] xfrm_policy_inexact_alloc_chain+0x53a/0xb30 [ 54.472183][ T471] xfrm_policy_inexact_insert+0x70/0x1130 [ 54.477901][ T471] ? __get_hash_thresh+0x10c/0x420 [ 54.483009][ T471] ? policy_hash_bysel+0x110/0x4f0 [ 54.488211][ T471] xfrm_policy_insert+0x126/0x9a0 [ 54.493344][ T471] ? xfrm_policy_construct+0x54f/0x1f00 [ 54.498910][ T471] xfrm_add_policy+0x4d1/0x830 [ 54.503687][ T471] ? xfrm_dump_sa_done+0xc0/0xc0 [ 54.508642][ T471] xfrm_user_rcv_msg+0x45c/0x6e0 [ 54.513614][ T471] ? xfrm_netlink_rcv+0x90/0x90 [ 54.518485][ T471] ? avc_has_perm_noaudit+0x460/0x460 [ 54.523873][ T471] ? x64_sys_call+0x4b/0x9a0 [ 54.528476][ T471] ? selinux_nlmsg_lookup+0x237/0x4c0 [ 54.533853][ T471] netlink_rcv_skb+0x1e0/0x430 [ 54.538633][ T471] ? xfrm_netlink_rcv+0x90/0x90 [ 54.543495][ T471] ? netlink_ack+0xb60/0xb60 [ 54.548090][ T471] ? wait_for_completion_killable_timeout+0x10/0x10 [ 54.554790][ T471] ? __netlink_lookup+0x387/0x3b0 [ 54.559844][ T471] xfrm_netlink_rcv+0x72/0x90 [ 54.564712][ T471] netlink_unicast+0x87c/0xa40 [ 54.569697][ T471] netlink_sendmsg+0x86a/0xb70 [ 54.574488][ T471] ? netlink_getsockopt+0x530/0x530 [ 54.579703][ T471] ? sock_alloc_file+0xba/0x260 [ 54.584563][ T471] ? security_socket_sendmsg+0x82/0xa0 [ 54.590031][ T471] ? netlink_getsockopt+0x530/0x530 [ 54.595249][ T471] ____sys_sendmsg+0x5a2/0x8c0 [ 54.600032][ T471] ? __sys_sendmsg_sock+0x40/0x40 [ 54.605257][ T471] ? import_iovec+0x7c/0xb0 [ 54.609767][ T471] ___sys_sendmsg+0x1f0/0x260 [ 54.614571][ T471] ? __sys_sendmsg+0x250/0x250 [ 54.619352][ T471] ? __fdget+0x1a1/0x230 [ 54.623617][ T471] __x64_sys_sendmsg+0x1e2/0x2a0 [ 54.628688][ T471] ? ___sys_sendmsg+0x260/0x260 [ 54.633546][ T471] ? __kasan_check_write+0x14/0x20 [ 54.638670][ T471] ? switch_fpu_return+0x15d/0x2c0 [ 54.643797][ T471] x64_sys_call+0x4b/0x9a0 [ 54.648389][ T471] do_syscall_64+0x4c/0xa0 [ 54.652812][ T471] ? clear_bhb_loop+0x50/0xa0 [ 54.657588][ T471] ? clear_bhb_loop+0x50/0xa0 [ 54.662272][ T471] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 54.668344][ T471] RIP: 0033:0x7f53cadb4da9 [ 54.672769][ T471] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 54.692469][ T471] RSP: 002b:00007f53ca827038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 54.700998][ T471] RAX: ffffffffffffffda RBX: 00007f53cafcdfa0 RCX: 00007f53cadb4da9 [ 54.709077][ T471] RDX: 0000000000004000 RSI: 0000000020000580 RDI: 0000000000000005 [ 54.717054][ T471] RBP: 00007f53cae362a0 R08: 0000000000000000 R09: 0000000000000000 [ 54.725204][ T471] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 54.733176][ T471] R13: 0000000000000000 R14: 00007f53cafcdfa0 R15: 00007ffdd2fa9c18 [ 54.741328][ T471] [ 54.744439][ T471] [ 54.746892][ T471] Allocated by task 471: [ 54.751131][ T471] __kasan_kmalloc+0xda/0x110 [ 54.756009][ T471] __kmalloc+0x13d/0x2c0 [ 54.760278][ T471] sk_prot_alloc+0xed/0x320 [ 54.764790][ T471] sk_alloc+0x38/0x430 [ 54.768980][ T471] pfkey_create+0x12a/0x660 [ 54.773593][ T471] __sock_create+0x38d/0x7a0 [ 54.778193][ T471] __sys_socket+0xec/0x190 [ 54.782615][ T471] __x64_sys_socket+0x7a/0x90 [ 54.787309][ T471] x64_sys_call+0x8c5/0x9a0 [ 54.791814][ T471] do_syscall_64+0x4c/0xa0 [ 54.796264][ T471] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 54.802260][ T471] [ 54.804578][ T471] The buggy address belongs to the object at ffff888112f5f800 [ 54.804578][ T471] which belongs to the cache kmalloc-1k of size 1024 [ 54.818637][ T471] The buggy address is located 1016 bytes inside of [ 54.818637][ T471] 1024-byte region [ffff888112f5f800, ffff888112f5fc00) [ 54.832199][ T471] The buggy address belongs to the page: [ 54.837835][ T471] page:ffffea00044bd600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x112f58 [ 54.848074][ T471] head:ffffea00044bd600 order:3 compound_mapcount:0 compound_pincount:0 [ 54.856407][ T471] flags: 0x4000000000010200(slab|head|zone=1) [ 54.862503][ T471] raw: 4000000000010200 ffffea00044bb000 0000000300000003 ffff888100043080 [ 54.871191][ T471] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 54.879779][ T471] page dumped because: kasan: bad access detected [ 54.886211][ T471] page_owner tracks the page as allocated [ 54.891950][ T471] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 110, ts 5790942799, free_ts 0 [ 54.910016][ T471] post_alloc_hook+0x192/0x1b0 [ 54.914807][ T471] prep_new_page+0x1c/0x110 [ 54.919313][ T471] get_page_from_freelist+0x2cc5/0x2d50 [ 54.924862][ T471] __alloc_pages+0x18f/0x440 [ 54.929456][ T471] new_slab+0xa1/0x4d0 [ 54.933525][ T471] ___slab_alloc+0x381/0x810 [ 54.938116][ T471] __slab_alloc+0x49/0x90 [ 54.942469][ T471] __kmalloc_track_caller+0x169/0x2c0 [ 54.947842][ T471] __alloc_skb+0x21a/0x740 [ 54.952382][ T471] alloc_uevent_skb+0x85/0x240 [ 54.957160][ T471] kobject_uevent_net_broadcast+0x335/0x5a0 [ 54.963148][ T471] kobject_uevent_env+0x52e/0x700 [ 54.968245][ T471] kobject_synth_uevent+0x520/0xaf0 [ 54.973451][ T471] uevent_store+0x25/0x60 [ 54.977788][ T471] dev_attr_store+0x5e/0x80 [ 54.982291][ T471] sysfs_kf_write+0x129/0x150 [ 54.987059][ T471] page_owner free stack trace missing [ 54.992426][ T471] [ 54.994751][ T471] Memory state around the buggy address: [ 55.000379][ T471] ffff888112f5fa80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 55.008450][ T471] ffff888112f5fb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 55.016612][ T471] >ffff888112f5fb80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 55.024667][ T471] ^ [ 55.032659][ T471] ffff888112f5fc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.040817][ T471] ffff888112f5fc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.048987][ T471] ================================================================== [ 55.057248][ T471] Disabling lock debugging due to kernel taint [ 55.534778][ T8] device bridge_slave_1 left promiscuous mode [ 55.540982][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.548847][ T8] device bridge_slave_0 left promiscuous mode [ 55.555282][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.563250][ T8] device veth1_macvtap left promiscuous mode [ 55.569263][ T8] device veth0_vlan left promiscuous mode 2025/07/17 17:45:22 executed programs: 222 2025/07/17 17:45:27 executed programs: 522