./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor987400733

<...>
Warning: Permanently added '10.128.10.44' (ED25519) to the list of known hosts.
execve("./syz-executor987400733", ["./syz-executor987400733"], 0x7ffd72933130 /* 10 vars */) = 0
brk(NULL)                               = 0x55557183a000
brk(0x55557183ad00)                     = 0x55557183ad00
arch_prctl(ARCH_SET_FS, 0x55557183a380) = 0
set_tid_address(0x55557183a650)         = 294
set_robust_list(0x55557183a660, 24)     = 0
rseq(0x55557183aca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented)
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor987400733", 4096) = 27
getrandom("\x29\xc6\x53\xea\xe6\x9e\x4b\xec", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x55557183ad00
brk(0x55557185bd00)                     = 0x55557185bd00
brk(0x55557185c000)                     = 0x55557185c000
mprotect(0x7ff3c6473000, 16384, PROT_READ) = 0
mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000
mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000
mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000
write(1, "executing program\n", 18executing program
)     = 18
socket(AF_INET6, SOCK_DGRAM, IPPROTO_IP) = 3
setsockopt(3, SOL_IPV6, IPV6_XFRM_POLICY, "\xac\x14\x14\xbb\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 232) = 0
socket(AF_KEY, SOCK_RAW, 2)             = 4
setsockopt(4, SOL_SOCKET, SO_RCVBUF, [0], 4) = 0
sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x02\x0b\x00\x01\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", iov_len=16}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 16
sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x02\x12\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", iov_len=16}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 16
socket(AF_NETLINK, SOCK_RAW, NETLINK_XFRM) = 5
socket(AF_NETLINK, SOCK_RAW, NETLINK_XFRM) = 6
sendmsg(6, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\xb8\x00\x00\x00\x13\x00\xe9\x99\x00\x00\x00\x00\x00\x00\x00\x00\xfc\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\xac\x1e\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0a\x00\x60\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=184}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 184
socket(AF_NETLINK, SOCK_RAW, NETLINK_XFRM) = 7
sendmsg(7, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\xb8\x00\x00\x00\x13\x00\xe9\x99\x00\x00\x00\x00\x00\x00\x00\x00\xfc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xac\x1e\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0a\x00\x60\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xee\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=184}], msg_iovlen=1, msg_controllen=0, msg_flags=MSG_EOR}, 0) = 184
[   27.293470][   T24] audit: type=1400 audit(1745202107.050:66): avc:  denied  { execmem } for  pid=294 comm="syz-executor987" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   27.309056][  T294] ==================================================================
[   27.313248][   T24] audit: type=1400 audit(1745202107.060:67): avc:  denied  { create } for  pid=294 comm="syz-executor987" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   27.321190][  T294] BUG: KASAN: slab-out-of-bounds in xfrm_policy_inexact_list_reinsert+0x5b0/0x660
[   27.341495][   T24] audit: type=1400 audit(1745202107.060:68): avc:  denied  { setopt } for  pid=294 comm="syz-executor987" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   27.350345][  T294] Read of size 1 at addr ffff88811a71cbd8 by task syz-executor987/294
[   27.350349][  T294] 
[   27.350361][  T294] CPU: 0 PID: 294 Comm: syz-executor987 Not tainted 5.10.236-syzkaller #0
[   27.350367][  T294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   27.350371][  T294] Call Trace:
[   27.350394][  T294]  dump_stack_lvl+0x1e2/0x24b
[   27.350417][  T294]  ? printk+0xd1/0x111
[   27.370486][   T24] audit: type=1400 audit(1745202107.060:69): avc:  denied  { write } for  pid=294 comm="syz-executor987" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   27.377953][  T294]  ? bfq_pos_tree_add_move+0x43b/0x43b
[   27.377964][  T294]  ? wake_up_klogd+0xb8/0xf0
[   27.377981][  T294]  ? panic+0x812/0x812
[   27.380448][   T24] audit: type=1400 audit(1745202107.060:70): avc:  denied  { create } for  pid=294 comm="syz-executor987" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   27.389817][  T294]  print_address_description+0x81/0x3b0
[   27.389828][  T294]  ? stack_trace_save+0x113/0x1c0
[   27.389837][  T294]  kasan_report+0x179/0x1c0
[   27.389851][  T294]  ? xfrm_policy_inexact_list_reinsert+0x5b0/0x660
[   27.389862][  T294]  ? xfrm_policy_inexact_list_reinsert+0x5b0/0x660
[   27.389880][  T294]  __asan_report_load1_noabort+0x14/0x20
[   27.400525][   T24] audit: type=1400 audit(1745202107.060:71): avc:  denied  { write } for  pid=294 comm="syz-executor987" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   27.403175][  T294]  xfrm_policy_inexact_list_reinsert+0x5b0/0x660
[   27.403186][  T294]  ? ____kasan_kmalloc+0xed/0x110
[   27.403211][  T294]  ? ____kasan_kmalloc+0xdb/0x110
[   27.408019][   T24] audit: type=1400 audit(1745202107.060:72): avc:  denied  { nlmsg_write } for  pid=294 comm="syz-executor987" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   27.411779][  T294]  ? xfrm_policy_addr_delta+0x20b/0x330
[   27.566177][  T294]  xfrm_policy_inexact_insert_node+0x917/0xb00
[   27.572149][  T294]  ? xfrm_policy_inexact_alloc_bin+0x651/0x1520
[   27.578347][  T294]  xfrm_policy_inexact_alloc_chain+0x4ec/0xaf0
[   27.584314][  T294]  xfrm_policy_inexact_insert+0x6a/0x1160
[   27.589893][  T294]  ? __kasan_check_write+0x14/0x20
[   27.594902][  T294]  ? _raw_spin_lock_bh+0xa4/0x1b0
[   27.599884][  T294]  ? policy_hash_bysel+0x137/0x700
[   27.605259][  T294]  xfrm_policy_insert+0xe7/0x940
[   27.610232][  T294]  xfrm_add_policy+0x4f2/0x980
[   27.615101][  T294]  ? cap_capable+0x1ce/0x270
[   27.619576][  T294]  ? xfrm_dump_sa_done+0xc0/0xc0
[   27.624347][  T294]  xfrm_user_rcv_msg+0x4e7/0x7c0
[   27.629116][  T294]  ? xfrm_netlink_rcv+0x90/0x90
[   27.633910][  T294]  ? stack_trace_save+0x113/0x1c0
[   27.638773][  T294]  ? avc_has_perm_noaudit+0x240/0x240
[   27.644240][  T294]  ? iov_iter_advance+0x258/0xb20
[   27.649213][  T294]  netlink_rcv_skb+0x1cf/0x410
[   27.653933][  T294]  ? xfrm_netlink_rcv+0x90/0x90
[   27.658945][  T294]  ? netlink_ack+0xb30/0xb30
[   27.663627][  T294]  ? mutex_trylock+0xa0/0xa0
[   27.668105][  T294]  ? netlink_autobind+0x190/0x190
[   27.674051][  T294]  ? selinux_vm_enough_memory+0x170/0x170
[   27.679630][  T294]  xfrm_netlink_rcv+0x72/0x90
[   27.684309][  T294]  netlink_unicast+0x8df/0xac0
[   27.689316][  T294]  ? netlink_detachskb+0x90/0x90
[   27.694090][  T294]  ? security_netlink_send+0x7b/0xa0
[   27.699188][  T294]  netlink_sendmsg+0xa46/0xd00
[   27.703790][  T294]  ? netlink_getsockopt+0x5c0/0x5c0
[   27.708855][  T294]  ? check_stack_object+0x114/0x130
[   27.713941][  T294]  ? security_socket_sendmsg+0x82/0xb0
[   27.719156][  T294]  ? netlink_getsockopt+0x5c0/0x5c0
[   27.724276][  T294]  ____sys_sendmsg+0x59e/0x8f0
[   27.729243][  T294]  ? iovec_from_user+0x2d9/0x330
[   27.734083][  T294]  ? __import_iovec+0x253/0x3b0
[   27.739433][  T294]  ? __sys_sendmsg_sock+0x40/0x40
[   27.744399][  T294]  ___sys_sendmsg+0x252/0x2e0
[   27.748895][  T294]  ? __sys_sendmsg+0x280/0x280
[   27.753496][  T294]  ? finish_task_switch+0x130/0x5a0
[   27.758989][  T294]  ? __schedule+0xbee/0x1330
[   27.763396][  T294]  ? __kasan_check_write+0x14/0x20
[   27.768739][  T294]  ? _raw_spin_lock_irq+0xa5/0x1b0
[   27.773821][  T294]  ? __kasan_check_read+0x11/0x20
[   27.778778][  T294]  ? __fdget+0x179/0x240
[   27.783022][  T294]  __se_sys_sendmsg+0x1b1/0x280
[   27.787690][  T294]  ? _raw_spin_unlock_irq+0x4e/0x70
[   27.793145][  T294]  ? __x64_sys_sendmsg+0x90/0x90
[   27.798082][  T294]  ? fpu__clear_all+0x20/0x20
[   27.802867][  T294]  __x64_sys_sendmsg+0x7b/0x90
[   27.807458][  T294]  do_syscall_64+0x31/0x40
[   27.811777][  T294]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   27.817617][  T294] RIP: 0033:0x7ff3c63ffae9
[   27.821861][  T294] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   27.841851][  T294] RSP: 002b:00007ffcc9a31628 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   27.850309][  T294] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ff3c63ffae9
[   27.858137][  T294] RDX: 0000000000004000 RSI: 0000200000000580 RDI: 0000000000000005
[   27.866475][  T294] RBP: 0000200000000580 R08: 0000200000000017 R09: 0000000000000000
[   27.874445][  T294] R10: 0000200000000012 R11: 0000000000000246 R12: 0000000000000000
[   27.882279][  T294] R13: 0000000000000000 R14: 0000000000000000 R15: 000000000000000a
[   27.890175][  T294] 
[   27.892693][  T294] Allocated by task 294:
[   27.896771][  T294]  ____kasan_kmalloc+0xdb/0x110
[   27.901543][  T294]  __kasan_kmalloc+0x9/0x10
[   27.906006][  T294]  __kmalloc+0x1aa/0x330
[   27.910140][  T294]  sk_prot_alloc+0xbe/0x370
[   27.914591][  T294]  sk_alloc+0x38/0x4d0
[   27.918452][  T294]  pfkey_create+0x12c/0x620
[   27.922791][  T294]  __sock_create+0x3a6/0x760
[   27.927305][  T294]  __sys_socket+0x132/0x370
[   27.931642][  T294]  __x64_sys_socket+0x7a/0x90
[   27.936160][  T294]  do_syscall_64+0x31/0x40
[   27.940412][  T294]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   27.946139][  T294] 
[   27.948310][  T294] The buggy address belongs to the object at ffff88811a71c800
[   27.948310][  T294]  which belongs to the cache kmalloc-1k of size 1024
[   27.962199][  T294] The buggy address is located 984 bytes inside of
[   27.962199][  T294]  1024-byte region [ffff88811a71c800, ffff88811a71cc00)
[   27.975499][  T294] The buggy address belongs to the page:
[   27.980971][  T294] page:ffffea000469c600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11a718
[   27.991039][  T294] head:ffffea000469c600 order:3 compound_mapcount:0 compound_pincount:0
[   27.999307][  T294] flags: 0x4000000000010200(slab|head)
[   28.004782][  T294] raw: 4000000000010200 dead000000000100 dead000000000122 ffff888100042f00
[   28.013215][  T294] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[   28.021697][  T294] page dumped because: kasan: bad access detected
[   28.027947][  T294] page_owner tracks the page as allocated
[   28.033603][  T294] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 288, ts 27302891131, free_ts 27302617546
[   28.052671][  T294]  prep_new_page+0x166/0x180
[   28.057067][  T294]  get_page_from_freelist+0x2d8c/0x2f30
[   28.062528][  T294]  __alloc_pages_nodemask+0x435/0xaf0
[   28.067729][  T294]  new_slab+0x80/0x400
[   28.071651][  T294]  ___slab_alloc+0x302/0x4b0
[   28.076055][  T294]  __slab_alloc+0x63/0xa0
[   28.080316][  T294]  __kmalloc_track_caller+0x1f8/0x320
[   28.085518][  T294]  __alloc_skb+0xbc/0x510
[   28.089708][  T294]  sk_stream_alloc_skb+0x1f8/0xae0
[   28.094692][  T294]  tcp_sendmsg_locked+0xce3/0x3ae0
[   28.099664][  T294]  tcp_sendmsg+0x2f/0x50
[   28.103987][  T294]  inet_sendmsg+0xa1/0xc0
[   28.108085][  T294]  sock_write_iter+0x39b/0x530
[   28.112688][  T294]  vfs_write+0xb4c/0xe70
[   28.116766][  T294]  ksys_write+0x199/0x2c0
[   28.120929][  T294]  __x64_sys_write+0x7b/0x90
[   28.125365][  T294] page last free stack trace:
[   28.129889][  T294]  __free_pages_ok+0x82c/0x850
[   28.134680][  T294]  free_compound_page+0x73/0x90
[   28.139332][  T294]  __put_compound_page+0x73/0xb0
[   28.144112][  T294]  __put_page+0xc0/0xe0
[   28.148188][  T294]  page_to_skb+0x3f6/0x900
[   28.152440][  T294]  receive_buf+0xe79/0x53d0
[   28.156781][  T294]  virtnet_poll+0x5df/0x1240
[   28.161569][  T294]  net_rx_action+0x516/0x10d0
[   28.166069][  T294]  __do_softirq+0x268/0x5bb
[   28.170929][  T294] 
[   28.173095][  T294] Memory state around the buggy address:
[   28.178568][  T294]  ffff88811a71ca80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   28.186468][  T294]  ffff88811a71cb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
sendmsg(5, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\xb8\x00\x00\x00\x13\x00\xe9\x99\x00\x00\x00\x00\x00\x00\x00\x00\xfc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xac\x1e\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0a\x00\x40\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xee\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=184}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_NOSIGNAL) = 184
exit_group(0)                           = ?
+++ exited with 0 +++
[   28.194473][  T294] >ffff8881