Warning: Permanently added '10.128.1.148' (ED25519) to the list of known hosts.
2025/03/11 01:39:58 ignoring optional flag "sandboxArg"="0"
2025/03/11 01:39:59 parsed 1 programs
[   59.542637][   T23] kauditd_printk_skb: 29 callbacks suppressed
[   59.542646][   T23] audit: type=1400 audit(1741657199.680:105): avc:  denied  { unlink } for  pid=507 comm="syz-executor" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   59.634668][  T507] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   59.989836][   T23] audit: type=1400 audit(1741657200.130:106): avc:  denied  { mounton } for  pid=513 comm="syz-executor" path="/root/syzkaller.wpFOaJ/syz-tmp/newroot/dev" dev="tmpfs" ino=13506 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   60.273550][   T23] audit: type=1401 audit(1741657200.410:107): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
[   60.657957][  T556] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.666612][  T556] bridge0: port 1(bridge_slave_0) entered disabled state
[   60.674069][  T556] device bridge_slave_0 entered promiscuous mode
[   60.680828][  T556] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.687916][  T556] bridge0: port 2(bridge_slave_1) entered disabled state
[   60.696141][  T556] device bridge_slave_1 entered promiscuous mode
[   60.736956][  T556] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.743875][  T556] bridge0: port 2(bridge_slave_1) entered forwarding state
[   60.751061][  T556] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.757886][  T556] bridge0: port 1(bridge_slave_0) entered forwarding state
[   60.780053][  T401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   60.787749][  T401] bridge0: port 1(bridge_slave_0) entered disabled state
[   60.794882][  T401] bridge0: port 2(bridge_slave_1) entered disabled state
[   60.804020][  T401] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   60.812606][  T401] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.819455][  T401] bridge0: port 1(bridge_slave_0) entered forwarding state
[   60.828884][  T401] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   60.837142][  T401] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.844073][  T401] bridge0: port 2(bridge_slave_1) entered forwarding state
[   60.857066][  T401] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   60.866894][  T401] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   60.882786][  T401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   60.893880][  T401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   60.906647][  T401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   60.920088][  T401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   60.930832][  T401] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
2025/03/11 01:40:01 executed programs: 0
[   61.214558][  T568] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.221549][  T568] bridge0: port 1(bridge_slave_0) entered disabled state
[   61.229989][  T568] device bridge_slave_0 entered promiscuous mode
[   61.236844][  T568] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.243728][  T568] bridge0: port 2(bridge_slave_1) entered disabled state
[   61.250909][  T568] device bridge_slave_1 entered promiscuous mode
[   61.295624][  T568] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.302815][  T568] bridge0: port 2(bridge_slave_1) entered forwarding state
[   61.309976][  T568] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.317049][  T568] bridge0: port 1(bridge_slave_0) entered forwarding state
[   61.341400][  T401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   61.349317][  T401] bridge0: port 1(bridge_slave_0) entered disabled state
[   61.356297][  T401] bridge0: port 2(bridge_slave_1) entered disabled state
[   61.366551][  T401] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   61.374881][  T401] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.381733][  T401] bridge0: port 1(bridge_slave_0) entered forwarding state
[   61.394192][  T401] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   61.402386][  T401] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.409231][  T401] bridge0: port 2(bridge_slave_1) entered forwarding state
[   61.422986][  T401] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   61.432747][  T401] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   61.451331][  T401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   61.462665][  T401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   61.478907][  T401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   61.496684][  T401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   61.510974][  T401] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   61.546589][   T23] audit: type=1400 audit(1741657201.680:108): avc:  denied  { create } for  pid=579 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   61.550185][  T580] ==================================================================
[   61.574115][  T580] BUG: KASAN: slab-out-of-bounds in xfrm_policy_inexact_list_reinsert+0x599/0x650
[   61.583384][  T580] Read of size 1 at addr ffff8881e3a793d8 by task syz.2.16/580
[   61.588373][   T23] audit: type=1400 audit(1741657201.680:109): avc:  denied  { write } for  pid=579 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   61.590894][  T580] 
[   61.612945][  T580] CPU: 0 PID: 580 Comm: syz.2.16 Not tainted 5.4.290-syzkaller-05051-g6b07fcd94a6a #0
[   61.622299][  T580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   61.628355][   T23] audit: type=1400 audit(1741657201.680:110): avc:  denied  { nlmsg_write } for  pid=579 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   61.632206][  T580] Call Trace:
[   61.655468][  T580]  dump_stack+0x1d8/0x241
[   61.659799][  T580]  ? nf_ct_l4proto_log_invalid+0x258/0x258
[   61.665525][  T580]  ? printk+0xd1/0x111
[   61.669434][  T580]  ? xfrm_policy_inexact_list_reinsert+0x599/0x650
[   61.672833][   T23] audit: type=1400 audit(1741657201.690:111): avc:  denied  { create } for  pid=579 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   61.675778][  T580]  ? wake_up_klogd+0xb2/0xf0
[   61.694657][   T23] audit: type=1400 audit(1741657201.690:112): avc:  denied  { setopt } for  pid=579 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   61.699028][  T580]  ? xfrm_policy_inexact_list_reinsert+0x599/0x650
[   61.699043][  T580]  print_address_description+0x8c/0x600
[   61.717900][   T23] audit: type=1400 audit(1741657201.690:113): avc:  denied  { write } for  pid=579 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   61.724242][  T580]  ? panic+0x89d/0x89d
[   61.724257][  T580]  ? xfrm_policy_inexact_list_reinsert+0x599/0x650
[   61.758851][  T580]  __kasan_report+0xf3/0x120
[   61.763255][  T580]  ? xfrm_policy_inexact_list_reinsert+0x599/0x650
[   61.769595][  T580]  kasan_report+0x30/0x60
[   61.773959][  T580]  xfrm_policy_inexact_list_reinsert+0x599/0x650
[   61.780447][  T580]  xfrm_policy_inexact_insert_node+0x8f3/0xb00
[   61.786416][  T580]  ? xfrm_policy_inexact_alloc_bin+0x5b2/0x1440
[   61.792491][  T580]  xfrm_policy_inexact_alloc_chain+0x4f9/0xb10
[   61.798480][  T580]  xfrm_policy_inexact_insert+0x69/0x10e0
[   61.804055][  T580]  ? _raw_spin_lock_bh+0xa4/0x1b0
[   61.808982][  T580]  ? _raw_spin_lock_irq+0x1b0/0x1b0
[   61.814020][  T580]  ? policy_hash_bysel+0x12c/0x6f0
[   61.818960][  T580]  ? memcpy+0x38/0x50
[   61.822792][  T580]  xfrm_policy_insert+0xe1/0x8a0
[   61.827660][  T580]  xfrm_add_policy+0x4f2/0x980
[   61.832290][  T580]  ? __nla_validate+0x50/0x50
[   61.836771][  T580]  ? xfrm_dump_sa_done+0xc0/0xc0
[   61.841546][  T580]  ? __nla_parse+0x3a/0x50
[   61.845917][  T580]  xfrm_user_rcv_msg+0x689/0x9b0
[   61.850662][  T580]  ? xfrm_netlink_rcv+0x80/0x80
[   61.855377][  T580]  ? avc_has_perm+0xd2/0x260
[   61.859771][  T580]  ? avc_has_perm+0x16f/0x260
[   61.864284][  T580]  ? avc_has_perm_noaudit+0x3d0/0x3d0
[   61.869492][  T580]  netlink_rcv_skb+0x1d5/0x420
[   61.874185][  T580]  ? xfrm_netlink_rcv+0x80/0x80
[   61.878866][  T580]  ? nla_put_string+0x30/0x30
[   61.883382][  T580]  ? mutex_trylock+0xa0/0xa0
[   61.887891][  T580]  ? __netlink_lookup+0x369/0x390
[   61.892808][  T580]  xfrm_netlink_rcv+0x6e/0x80
[   61.897355][  T580]  netlink_unicast+0x936/0xb20
[   61.902038][  T580]  ? netlink_detachskb+0x90/0x90
[   61.906812][  T580]  ? __virt_addr_valid+0x20e/0x2a0
[   61.911761][  T580]  netlink_sendmsg+0xa18/0xcf0
[   61.916358][  T580]  ? netlink_getsockopt+0x550/0x550
[   61.921406][  T580]  ? import_iovec+0x1bb/0x380
[   61.925922][  T580]  ? security_socket_sendmsg+0x7d/0xa0
[   61.931299][  T580]  ? netlink_getsockopt+0x550/0x550
[   61.936328][  T580]  ____sys_sendmsg+0x5ac/0x8f0
[   61.940935][  T580]  ? __sys_sendmsg_sock+0x2b0/0x2b0
[   61.946024][  T580]  ? sock_setsockopt+0x1bcf/0x2340
[   61.951354][  T580]  __sys_sendmsg+0x28b/0x380
[   61.955765][  T580]  ? ____sys_sendmsg+0x8f0/0x8f0
[   61.960540][  T580]  ? fput_many+0x15e/0x1b0
[   61.964817][  T580]  ? sockfs_listxattr+0xe0/0xe0
[   61.969504][  T580]  ? __do_page_fault+0x725/0xbb0
[   61.974285][  T580]  do_syscall_64+0xca/0x1c0
[   61.978691][  T580]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   61.984450][  T580] RIP: 0033:0x7f55a979fda9
[   61.988768][  T580] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   62.008192][  T580] RSP: 002b:00007f55a9212038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   62.016526][  T580] RAX: ffffffffffffffda RBX: 00007f55a99b8fa0 RCX: 00007f55a979fda9
[   62.024335][  T580] RDX: 0000000000000000 RSI: 0000000020000580 RDI: 0000000000000003
[   62.032143][  T580] RBP: 00007f55a98212a0 R08: 0000000000000000 R09: 0000000000000000
[   62.039965][  T580] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   62.048275][  T580] R13: 0000000000000000 R14: 00007f55a99b8fa0 R15: 00007ffe79a8f418
[   62.056259][  T580] 
[   62.058416][  T580] Allocated by task 580:
[   62.062594][  T580]  __kasan_kmalloc+0x171/0x210
[   62.067189][  T580]  sk_prot_alloc+0xbd/0x3e0
[   62.071550][  T580]  sk_alloc+0x35/0x2f0
[   62.075429][  T580]  pfkey_create+0x122/0x670
[   62.079769][  T580]  __sock_create+0x3cb/0x7a0
[   62.084290][  T580]  __sys_socket+0x132/0x370
[   62.088696][  T580]  __x64_sys_socket+0x76/0x80
[   62.093134][  T580]  do_syscall_64+0xca/0x1c0
[   62.097552][  T580]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   62.103314][  T580] 
[   62.105485][  T580] Freed by task 0:
[   62.109041][  T580] (stack is not available)
[   62.113288][  T580] 
[   62.115462][  T580] The buggy address belongs to the object at ffff8881e3a79000
[   62.115462][  T580]  which belongs to the cache kmalloc-1k of size 1024
[   62.129353][  T580] The buggy address is located 984 bytes inside of
[   62.129353][  T580]  1024-byte region [ffff8881e3a79000, ffff8881e3a79400)
[   62.142540][  T580] The buggy address belongs to the page:
[   62.148023][  T580] page:ffffea00078e9e00 refcount:1 mapcount:0 mapping:ffff8881f5c02280 index:0x0 compound_mapcount: 0
[   62.158781][  T580] flags: 0x8000000000010200(slab|head)
[   62.164180][  T580] raw: 8000000000010200 dead000000000100 dead000000000122 ffff8881f5c02280
[   62.172601][  T580] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   62.181102][  T580] page dumped because: kasan: bad access detected
[   62.187450][  T580] page_owner tracks the page as allocated
[   62.192998][  T580] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d2a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL)
[   62.208639][  T580]  prep_new_page+0x18f/0x370
[   62.213130][  T580]  get_page_from_freelist+0x2d13/0x2d90
[   62.218503][  T580]  __alloc_pages_nodemask+0x393/0x840
[   62.223705][  T580]  alloc_slab_page+0x39/0x3c0
[   62.228240][  T580]  new_slab+0x97/0x440
[   62.232138][  T580]  ___slab_alloc+0x2fe/0x490
[   62.236553][  T580]  __slab_alloc+0x62/0xa0
[   62.240718][  T580]  __kmalloc_track_caller+0x16d/0x2b0
[   62.246068][  T580]  __alloc_skb+0xb4/0x4d0
[   62.250233][  T580]  pfkey_send_policy_notify+0xec/0x8f0
[   62.255521][  T580]  km_policy_notify+0x6c/0xc0
[   62.260045][  T580]  xfrm_add_policy+0x653/0x980
[   62.264843][  T580]  xfrm_user_rcv_msg+0x689/0x9b0
[   62.269580][  T580]  netlink_rcv_skb+0x1d5/0x420
[   62.274179][  T580]  xfrm_netlink_rcv+0x6e/0x80
[   62.278875][  T580]  netlink_unicast+0x936/0xb20
[   62.283461][  T580] page last free stack trace:
[   62.288085][  T580]  __free_pages_ok+0x847/0x950
[   62.292806][  T580]  __free_pages+0x91/0x140
[   62.297039][  T580]  __free_slab+0x221/0x2e0
[   62.301291][  T580]  unfreeze_partials+0x14e/0x180
[   62.306080][  T580]  put_cpu_partial+0x44/0x180
[   62.310591][  T580]  __slab_free+0x297/0x360
[   62.314930][  T580]  qlist_free_all+0x43/0xb0
[   62.319260][  T580]  quarantine_reduce+0x1d9/0x210
[   62.324044][  T580]  __kasan_kmalloc+0x41/0x210
[   62.328549][  T580]  __kmalloc+0x105/0x2e0
[   62.332635][  T580]  fib6_info_alloc+0x2c/0xd0
[   62.337051][  T580]  ip6_route_info_create+0x459/0x1420
[   62.342363][  T580]  ip6_route_add+0x22/0x120
[   62.346703][  T580]  addrconf_add_dev+0x41f/0x610
[   62.351389][  T580]  addrconf_dev_config+0x1a7/0x320
[   62.356335][  T580]  addrconf_notify+0x9d2/0xe50
[   62.360934][  T580] 
[   62.363099][  T580] Memory state around the buggy address:
[   62.368602][  T580]  ffff8881e3a79280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   62.376476][  T580]  ffff8881e3a79300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   62.384639][  T580] >ffff8881e3a79380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[   62.392702][  T580]                                                     ^
[   62.399577][  T580]  ffff8881e3a79400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   62.407573][  T580]  ffff8881e3a79480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   62.415458][  T580] ==================================================================
[   62.423441][  T580] Disabling lock debugging due to kernel taint
[   62.901406][  T419] device bridge_slave_1 left promiscuous mode
[   62.907459][  T419] bridge0: port 2(bridge_slave_1) entered disabled state
[   62.915738][  T419] device bridge_slave_0 left promiscuous mode
[   62.921898][  T419] bridge0: port 1(bridge_slave_0) entered disabled state
2025/03/11 01:40:06 executed programs: 286
[   66.548556][   T74] cfg80211: failed to load regulatory.db
[   70.369628][ T1788] bridge0: port 1(bridge_slave_0) entered blocking state
[   70.376471][ T1788] bridge0: port 1(bridge_slave_0) entered disabled state
[   70.384154][ T1788] device bridge_slave_0 entered promiscuous mode
[   70.391521][ T1788] bridge0: port 2(bridge_slave_1) entered blocking state
[   70.398517][ T1788] bridge0: port 2(bridge_slave_1) entered disabled state
[   70.405912][ T1788] device bridge_slave_1 entered promiscuous mode
[   70.445426][ T1788] bridge0: port 2(bridge_slave_1) entered blocking state
[   70.452288][ T1788] bridge0: port 2(bridge_slave_1) entered forwarding state
[   70.459509][ T1788] bridge0: port 1(bridge_slave_0) entered blocking state
[   70.466272][ T1788] bridge0: port 1(bridge_slave_0) entered forwarding state
[   70.486626][  T401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   70.494219][  T401] bridge0: port 1(bridge_slave_0) entered disabled state
[   70.501500][  T401] bridge0: port 2(bridge_slave_1) entered disabled state
[   70.513672][  T401] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   70.521794][  T401] bridge0: port 1(bridge_slave_0) entered blocking state
[   70.528639][  T401] bridge0: port 1(bridge_slave_0) entered forwarding state
[   70.537441][  T401] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   70.545629][  T401] bridge0: port 2(bridge_slave_1) entered blocking state
[   70.552483][  T401] bridge0: port 2(bridge_slave_1) entered forwarding state
[   70.566930][  T401] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   70.576185][  T401] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   70.591736][  T401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   70.604653][  T401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   70.617330][  T401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   70.629763][  T401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   70.641276][  T401] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   70.918642][    T7] device bridge_slave_1 left promiscuous mode
[   70.924591][    T7] bridge0: port 2(bridge_slave_1) entered disabled state
[   70.933798][    T7] device bridge_slave_0 left promiscuous mode
[   70.939849][    T7] bridge0: port 1(bridge_slave_0) entered disabled state
2025/03/11 01:40:11 executed programs: 638