Warning: Permanently added '10.128.10.40' (ED25519) to the list of known hosts.
2025/05/08 02:30:41 ignoring optional flag "sandboxArg"="0"
2025/05/08 02:30:41 parsed 1 programs
[   50.452140][   T24] kauditd_printk_skb: 30 callbacks suppressed
[   50.452153][   T24] audit: type=1400 audit(1746671442.850:104): avc:  denied  { unlink } for  pid=411 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   50.493407][  T411] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   51.144893][   T24] audit: type=1400 audit(1746671443.550:105): avc:  denied  { create } for  pid=438 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   51.296815][   T24] audit: type=1401 audit(1746671443.700:106): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
[   51.548505][  T461] bridge0: port 1(bridge_slave_0) entered blocking state
[   51.556328][  T461] bridge0: port 1(bridge_slave_0) entered disabled state
[   51.563975][  T461] device bridge_slave_0 entered promiscuous mode
[   51.570909][  T461] bridge0: port 2(bridge_slave_1) entered blocking state
[   51.578011][  T461] bridge0: port 2(bridge_slave_1) entered disabled state
[   51.586074][  T461] device bridge_slave_1 entered promiscuous mode
[   51.624091][  T461] bridge0: port 2(bridge_slave_1) entered blocking state
[   51.631224][  T461] bridge0: port 2(bridge_slave_1) entered forwarding state
[   51.638544][  T461] bridge0: port 1(bridge_slave_0) entered blocking state
[   51.645638][  T461] bridge0: port 1(bridge_slave_0) entered forwarding state
[   51.663612][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   51.671272][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[   51.678523][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[   51.687405][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   51.695655][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[   51.702708][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[   51.711377][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   51.719828][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[   51.727038][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[   51.739920][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   51.749817][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   51.764260][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   51.775918][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   51.784149][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   51.791853][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   51.800829][  T461] device veth0_vlan entered promiscuous mode
[   51.811556][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   51.820927][  T461] device veth1_macvtap entered promiscuous mode
[   51.831208][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   51.847653][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
2025/05/08 02:30:44 executed programs: 0
[   52.062944][   T24] audit: type=1400 audit(1746671444.460:107): avc:  denied  { write } for  pid=402 comm="syz-execprog" path="pipe:[15434]" dev="pipefs" ino=15434 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[   52.111524][  T471] bridge0: port 1(bridge_slave_0) entered blocking state
[   52.118954][  T471] bridge0: port 1(bridge_slave_0) entered disabled state
[   52.126840][  T471] device bridge_slave_0 entered promiscuous mode
[   52.134218][  T471] bridge0: port 2(bridge_slave_1) entered blocking state
[   52.141246][  T471] bridge0: port 2(bridge_slave_1) entered disabled state
[   52.148697][  T471] device bridge_slave_1 entered promiscuous mode
[   52.189839][  T471] bridge0: port 2(bridge_slave_1) entered blocking state
[   52.196914][  T471] bridge0: port 2(bridge_slave_1) entered forwarding state
[   52.204191][  T471] bridge0: port 1(bridge_slave_0) entered blocking state
[   52.211220][  T471] bridge0: port 1(bridge_slave_0) entered forwarding state
[   52.228486][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   52.236451][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[   52.244134][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[   52.258350][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   52.266596][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[   52.273831][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[   52.282908][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   52.291161][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[   52.298301][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[   52.316952][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   52.326049][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   52.339835][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   52.351964][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   52.360450][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   52.367972][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   52.376821][  T471] device veth0_vlan entered promiscuous mode
[   52.389683][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   52.399396][  T471] device veth1_macvtap entered promiscuous mode
[   52.409910][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   52.420275][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   52.448528][   T24] audit: type=1400 audit(1746671444.850:108): avc:  denied  { create } for  pid=486 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   52.449991][  T487] ==================================================================
[   52.467668][   T24] audit: type=1400 audit(1746671444.850:109): avc:  denied  { setopt } for  pid=486 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   52.475638][  T487] BUG: KASAN: slab-out-of-bounds in xfrm_policy_inexact_list_reinsert+0x620/0x6d0
[   52.475658][  T487] Read of size 1 at addr ffff888117adebd8 by task syz.2.16/487
[   52.494749][   T24] audit: type=1400 audit(1746671444.850:110): avc:  denied  { write } for  pid=486 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   52.503858][  T487] 
[   52.503887][  T487] CPU: 0 PID: 487 Comm: syz.2.16 Not tainted 5.10.237-syzkaller-1007464-g7e2543346ff7 #0
[   52.503893][  T487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   52.503909][  T487] Call Trace:
[   52.511711][   T24] audit: type=1400 audit(1746671444.850:111): avc:  denied  { create } for  pid=486 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   52.530917][  T487]  __dump_stack+0x21/0x24
[   52.530929][  T487]  dump_stack_lvl+0x169/0x1d8
[   52.530948][  T487]  ? show_regs_print_info+0x18/0x18
[   52.534506][   T24] audit: type=1400 audit(1746671444.850:112): avc:  denied  { write } for  pid=486 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   52.543107][  T487]  ? thaw_kernel_threads+0x220/0x220
[   52.543130][  T487]  ? unwind_get_return_address+0x4d/0x90
[   52.553238][   T24] audit: type=1400 audit(1746671444.850:113): avc:  denied  { nlmsg_write } for  pid=486 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   52.556534][  T487]  print_address_description+0x7f/0x2c0
[   52.647146][  T487]  ? xfrm_policy_inexact_list_reinsert+0x620/0x6d0
[   52.653804][  T487]  kasan_report+0xe2/0x130
[   52.658203][  T487]  ? xfrm_policy_inexact_list_reinsert+0x620/0x6d0
[   52.665032][  T487]  __asan_report_load1_noabort+0x14/0x20
[   52.670666][  T487]  xfrm_policy_inexact_list_reinsert+0x620/0x6d0
[   52.677024][  T487]  xfrm_policy_inexact_insert_node+0x938/0xb50
[   52.683296][  T487]  ? netlink_unicast+0x87c/0xa40
[   52.688307][  T487]  ? netlink_sendmsg+0x88d/0xb30
[   52.693239][  T487]  ? ____sys_sendmsg+0x5a2/0x8c0
[   52.698172][  T487]  ? ___sys_sendmsg+0x1f0/0x260
[   52.703013][  T487]  ? __x64_sys_sendmsg+0x1e2/0x2a0
[   52.708197][  T487]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   52.714358][  T487]  xfrm_policy_inexact_alloc_chain+0x53a/0xb30
[   52.720491][  T487]  xfrm_policy_inexact_insert+0x70/0x1130
[   52.726205][  T487]  ? __get_hash_thresh+0x10c/0x420
[   52.731304][  T487]  ? policy_hash_bysel+0x110/0x4f0
[   52.736395][  T487]  xfrm_policy_insert+0xe0/0x930
[   52.741312][  T487]  xfrm_add_policy+0x4d1/0x830
[   52.746054][  T487]  ? xfrm_dump_sa_done+0xc0/0xc0
[   52.750971][  T487]  xfrm_user_rcv_msg+0x450/0x6d0
[   52.755903][  T487]  ? xfrm_netlink_rcv+0x90/0x90
[   52.760767][  T487]  ? selinux_nlmsg_lookup+0x219/0x4a0
[   52.766299][  T487]  netlink_rcv_skb+0x1e0/0x430
[   52.771072][  T487]  ? xfrm_netlink_rcv+0x90/0x90
[   52.775925][  T487]  ? netlink_ack+0xb80/0xb80
[   52.780495][  T487]  ? mutex_trylock+0xa0/0xa0
[   52.785065][  T487]  ? __netlink_lookup+0x387/0x3b0
[   52.790069][  T487]  xfrm_netlink_rcv+0x72/0x90
[   52.794721][  T487]  netlink_unicast+0x87c/0xa40
[   52.799467][  T487]  netlink_sendmsg+0x88d/0xb30
[   52.804210][  T487]  ? netlink_getsockopt+0x530/0x530
[   52.809416][  T487]  ? security_socket_sendmsg+0x82/0xa0
[   52.814907][  T487]  ? netlink_getsockopt+0x530/0x530
[   52.820126][  T487]  ____sys_sendmsg+0x5a2/0x8c0
[   52.825442][  T487]  ? __sys_sendmsg_sock+0x40/0x40
[   52.830483][  T487]  ? import_iovec+0x7c/0xb0
[   52.835268][  T487]  ___sys_sendmsg+0x1f0/0x260
[   52.840063][  T487]  ? __sys_sendmsg+0x250/0x250
[   52.844837][  T487]  ? __fdget+0x1a1/0x230
[   52.849181][  T487]  __x64_sys_sendmsg+0x1e2/0x2a0
[   52.854226][  T487]  ? ___sys_sendmsg+0x260/0x260
[   52.859066][  T487]  ? switch_fpu_return+0x197/0x340
[   52.864263][  T487]  do_syscall_64+0x31/0x40
[   52.868817][  T487]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   52.874798][  T487] RIP: 0033:0x7fa589d3b169
[   52.879195][  T487] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   52.899104][  T487] RSP: 002b:00007fa5897ac038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   52.907685][  T487] RAX: ffffffffffffffda RBX: 00007fa589f62fa0 RCX: 00007fa589d3b169
[   52.915662][  T487] RDX: 0000000000004000 RSI: 0000200000000580 RDI: 0000000000000005
[   52.923633][  T487] RBP: 00007fa589dbda68 R08: 0000000000000000 R09: 0000000000000000
[   52.931956][  T487] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   52.939938][  T487] R13: 0000000000000000 R14: 00007fa589f62fa0 R15: 00007ffd9d608e38
[   52.948268][  T487] 
[   52.950581][  T487] Allocated by task 487:
[   52.954819][  T487]  __kasan_kmalloc+0xda/0x110
[   52.959633][  T487]  __kmalloc+0x1a7/0x330
[   52.963870][  T487]  sk_prot_alloc+0xb2/0x340
[   52.968452][  T487]  sk_alloc+0x38/0x4e0
[   52.972522][  T487]  pfkey_create+0x12a/0x660
[   52.977033][  T487]  __sock_create+0x38d/0x770
[   52.981695][  T487]  __sys_socket+0xec/0x190
[   52.986186][  T487]  __x64_sys_socket+0x7a/0x90
[   52.990846][  T487]  do_syscall_64+0x31/0x40
[   52.995368][  T487]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   53.001342][  T487] 
[   53.003670][  T487] The buggy address belongs to the object at ffff888117ade800
[   53.003670][  T487]  which belongs to the cache kmalloc-1k of size 1024
[   53.017946][  T487] The buggy address is located 984 bytes inside of
[   53.017946][  T487]  1024-byte region [ffff888117ade800, ffff888117adec00)
[   53.031375][  T487] The buggy address belongs to the page:
[   53.037021][  T487] page:ffffea00045eb600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x117ad8
[   53.047238][  T487] head:ffffea00045eb600 order:3 compound_mapcount:0 compound_pincount:0
[   53.055565][  T487] flags: 0x4000000000010200(slab|head)
[   53.061076][  T487] raw: 4000000000010200 dead000000000100 dead000000000122 ffff888100042f00
[   53.069764][  T487] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   53.078667][  T487] page dumped because: kasan: bad access detected
[   53.085092][  T487] page_owner tracks the page as allocated
[   53.090918][  T487] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 487, ts 52448521597, free_ts 52435725418
[   53.111857][  T487]  prep_new_page+0x179/0x180
[   53.116496][  T487]  get_page_from_freelist+0x2235/0x23d0
[   53.122058][  T487]  __alloc_pages_nodemask+0x268/0x5f0
[   53.127432][  T487]  new_slab+0x84/0x3f0
[   53.131612][  T487]  ___slab_alloc+0x2a6/0x450
[   53.136212][  T487]  __slab_alloc+0x63/0xa0
[   53.140668][  T487]  __kmalloc+0x201/0x330
[   53.144938][  T487]  sk_prot_alloc+0xb2/0x340
[   53.149451][  T487]  sk_alloc+0x38/0x4e0
[   53.153524][  T487]  pfkey_create+0x12a/0x660
[   53.158113][  T487]  __sock_create+0x38d/0x770
[   53.162699][  T487]  __sys_socket+0xec/0x190
[   53.167308][  T487]  __x64_sys_socket+0x7a/0x90
[   53.171977][  T487]  do_syscall_64+0x31/0x40
[   53.176406][  T487]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   53.182277][  T487] page last free stack trace:
[   53.187000][  T487]  __free_pages_ok+0x7fc/0x820
[   53.191744][  T487]  __free_pages+0xdd/0x380
[   53.196142][  T487]  __free_slab+0xcf/0x190
[   53.200469][  T487]  unfreeze_partials+0x15f/0x190
[   53.205388][  T487]  put_cpu_partial+0xc1/0x180
[   53.210050][  T487]  __slab_free+0x2c9/0x3a0
[   53.214457][  T487]  ___cache_free+0x111/0x130
[   53.219119][  T487]  qlink_free+0x50/0x90
[   53.223412][  T487]  qlist_free_all+0x5f/0xb0
[   53.227897][  T487]  kasan_quarantine_reduce+0x14a/0x160
[   53.233334][  T487]  __kasan_slab_alloc+0x2f/0xf0
[   53.238177][  T487]  slab_post_alloc_hook+0x5d/0x2f0
[   53.243279][  T487]  __kmalloc+0x183/0x330
[   53.247504][  T487]  kvmalloc_node+0x88/0x130
[   53.252282][  T487]  rhashtable_rehash_alloc+0x36/0x2f0
[   53.257660][  T487]  rht_deferred_worker+0x2b1/0x10a0
[   53.262851][  T487] 
[   53.265204][  T487] Memory state around the buggy address:
[   53.270839][  T487]  ffff888117adea80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   53.278902][  T487]  ffff888117adeb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   53.287225][  T487] >ffff888117adeb80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   53.295392][  T487]                                                     ^
[   53.302330][  T487]  ffff888117adec00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   53.310541][  T487]  ffff888117adec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   53.318678][  T487] ==================================================================
[   53.326732][  T487] Disabling lock debugging due to kernel taint
[   53.834416][    T7] device bridge_slave_1 left promiscuous mode
[   53.840616][    T7] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.848865][    T7] device bridge_slave_0 left promiscuous mode
[   53.855613][    T7] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.863806][    T7] device veth1_macvtap left promiscuous mode
[   53.869846][    T7] device veth0_vlan left promiscuous mode
2025/05/08 02:30:49 executed programs: 225
2025/05/08 02:30:54 executed programs: 525