Warning: Permanently added '10.128.1.161' (ED25519) to the list of known hosts.
2025/03/11 01:52:06 ignoring optional flag "sandboxArg"="0"
2025/03/11 01:52:07 parsed 1 programs
[   54.469209][   T23] kauditd_printk_skb: 29 callbacks suppressed
[   54.469235][   T23] audit: type=1400 audit(1741657928.230:105): avc:  denied  { unlink } for  pid=491 comm="syz-executor" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   54.573715][  T491] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   54.914017][   T23] audit: type=1400 audit(1741657928.670:106): avc:  denied  { mounton } for  pid=499 comm="syz-executor" path="/root/syzkaller.ryaVQx/syz-tmp/newroot/dev" dev="tmpfs" ino=13435 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   55.437320][  T518] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.444190][  T518] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.451947][  T518] device bridge_slave_0 entered promiscuous mode
[   55.459160][  T518] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.466285][  T518] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.473714][  T518] device bridge_slave_1 entered promiscuous mode
[   55.529656][  T518] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.536653][  T518] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.543751][  T518] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.550562][  T518] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.577561][  T374] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.585151][  T374] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.592455][  T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   55.600822][  T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   55.624630][  T374] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   55.632951][  T374] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.639831][  T374] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.647741][  T374] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   55.656125][  T374] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.663482][  T374] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.679198][  T374] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   55.688874][  T374] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   55.706976][  T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   55.720300][  T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   55.735536][  T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   55.749331][  T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   55.759849][  T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   55.930930][   T23] audit: type=1401 audit(1741657929.690:107): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
2025/03/11 01:52:10 executed programs: 0
[   56.518562][  T556] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.525654][  T556] bridge0: port 1(bridge_slave_0) entered disabled state
[   56.533219][  T556] device bridge_slave_0 entered promiscuous mode
[   56.540625][  T556] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.547601][  T556] bridge0: port 2(bridge_slave_1) entered disabled state
[   56.555059][  T556] device bridge_slave_1 entered promiscuous mode
[   56.608509][  T556] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.615501][  T556] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.622592][  T556] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.629504][  T556] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.656961][  T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   56.665103][  T374] bridge0: port 1(bridge_slave_0) entered disabled state
[   56.672266][  T374] bridge0: port 2(bridge_slave_1) entered disabled state
[   56.682010][  T374] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   56.690924][  T374] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.697918][  T374] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.712434][  T374] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   56.720534][  T374] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.727402][  T374] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.742075][  T374] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   56.752081][  T374] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   56.774227][  T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   56.788322][  T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   56.808470][  T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   56.822006][  T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   56.836923][  T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   56.869136][   T23] audit: type=1400 audit(1741657930.630:108): avc:  denied  { create } for  pid=561 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   56.888503][   T23] audit: type=1400 audit(1741657930.650:109): avc:  denied  { setopt } for  pid=561 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   56.890699][  T562] ==================================================================
[   56.908249][   T23] audit: type=1400 audit(1741657930.650:110): avc:  denied  { write } for  pid=561 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   56.915788][  T562] BUG: KASAN: slab-out-of-bounds in xfrm_policy_inexact_list_reinsert+0x599/0x650
[   56.915798][  T562] Read of size 1 at addr ffff8881e300bbd8 by task syz.2.16/562
[   56.915807][  T562] 
[   56.936531][   T23] audit: type=1400 audit(1741657930.650:111): avc:  denied  { create } for  pid=561 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   56.943826][  T562] CPU: 0 PID: 562 Comm: syz.2.16 Not tainted 5.4.290-syzkaller-05051-g6b07fcd94a6a #0
[   56.951524][   T23] audit: type=1400 audit(1741657930.650:112): avc:  denied  { write } for  pid=561 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   56.953364][  T562] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   56.973318][   T23] audit: type=1400 audit(1741657930.650:113): avc:  denied  { nlmsg_write } for  pid=561 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   56.982364][  T562] Call Trace:
[   56.982381][  T562]  dump_stack+0x1d8/0x241
[   56.982394][  T562]  ? nf_ct_l4proto_log_invalid+0x258/0x258
[   56.982403][  T562]  ? printk+0xd1/0x111
[   56.982421][  T562]  ? xfrm_policy_inexact_list_reinsert+0x599/0x650
[   57.055516][  T562]  ? wake_up_klogd+0xb2/0xf0
[   57.059992][  T562]  ? xfrm_policy_inexact_list_reinsert+0x599/0x650
[   57.066476][  T562]  print_address_description+0x8c/0x600
[   57.071879][  T562]  ? panic+0x89d/0x89d
[   57.075851][  T562]  ? xfrm_policy_inexact_list_reinsert+0x599/0x650
[   57.082185][  T562]  __kasan_report+0xf3/0x120
[   57.086616][  T562]  ? xfrm_policy_inexact_list_reinsert+0x599/0x650
[   57.092960][  T562]  kasan_report+0x30/0x60
[   57.097329][  T562]  xfrm_policy_inexact_list_reinsert+0x599/0x650
[   57.103533][  T562]  ? xfrm_policy_addr_delta+0x234/0x340
[   57.109052][  T562]  xfrm_policy_inexact_insert_node+0x8f3/0xb00
[   57.115030][  T562]  ? xfrm_policy_inexact_alloc_bin+0x5b2/0x1440
[   57.121269][  T562]  xfrm_policy_inexact_alloc_chain+0x4f9/0xb10
[   57.127354][  T562]  xfrm_policy_inexact_insert+0x69/0x10e0
[   57.132898][  T562]  ? _raw_spin_lock_bh+0xa4/0x1b0
[   57.137768][  T562]  ? _raw_spin_lock_irq+0x1b0/0x1b0
[   57.142792][  T562]  ? policy_hash_bysel+0x12c/0x6f0
[   57.147741][  T562]  ? memcpy+0x38/0x50
[   57.151559][  T562]  xfrm_policy_insert+0xe1/0x8a0
[   57.156339][  T562]  xfrm_add_policy+0x4f2/0x980
[   57.160929][  T562]  ? __nla_validate+0x50/0x50
[   57.165444][  T562]  ? xfrm_dump_sa_done+0xc0/0xc0
[   57.170217][  T562]  ? __nla_parse+0x3a/0x50
[   57.174479][  T562]  xfrm_user_rcv_msg+0x689/0x9b0
[   57.179246][  T562]  ? xfrm_netlink_rcv+0x80/0x80
[   57.183948][  T562]  ? avc_has_perm+0xd2/0x260
[   57.188356][  T562]  ? avc_has_perm+0x16f/0x260
[   57.192880][  T562]  ? avc_has_perm_noaudit+0x3d0/0x3d0
[   57.198169][  T562]  netlink_rcv_skb+0x1d5/0x420
[   57.202770][  T562]  ? xfrm_netlink_rcv+0x80/0x80
[   57.207459][  T562]  ? nla_put_string+0x30/0x30
[   57.211968][  T562]  ? mutex_trylock+0xa0/0xa0
[   57.216427][  T562]  ? __netlink_lookup+0x369/0x390
[   57.221375][  T562]  xfrm_netlink_rcv+0x6e/0x80
[   57.225866][  T562]  netlink_unicast+0x936/0xb20
[   57.230454][  T562]  ? netlink_detachskb+0x90/0x90
[   57.235228][  T562]  ? __virt_addr_valid+0x20e/0x2a0
[   57.240180][  T562]  netlink_sendmsg+0xa18/0xcf0
[   57.244775][  T562]  ? netlink_getsockopt+0x550/0x550
[   57.249806][  T562]  ? import_iovec+0x1bb/0x380
[   57.254321][  T562]  ? security_socket_sendmsg+0x7d/0xa0
[   57.259619][  T562]  ? netlink_getsockopt+0x550/0x550
[   57.264654][  T562]  ____sys_sendmsg+0x5ac/0x8f0
[   57.269337][  T562]  ? __sys_sendmsg_sock+0x2b0/0x2b0
[   57.274374][  T562]  ? percpu_counter_add_batch+0x14d/0x170
[   57.279952][  T562]  __sys_sendmsg+0x28b/0x380
[   57.284368][  T562]  ? ____sys_sendmsg+0x8f0/0x8f0
[   57.289135][  T562]  ? security_socket_post_create+0x96/0xc0
[   57.294776][  T562]  ? __do_page_fault+0x725/0xbb0
[   57.299639][  T562]  do_syscall_64+0xca/0x1c0
[   57.303985][  T562]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   57.309718][  T562] RIP: 0033:0x7f8eeefc2de9
[   57.313957][  T562] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   57.333480][  T562] RSP: 002b:00007f8eeea35038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   57.341777][  T562] RAX: ffffffffffffffda RBX: 00007f8eef1dbfa0 RCX: 00007f8eeefc2de9
[   57.349536][  T562] RDX: 0000000000004000 RSI: 0000200000000580 RDI: 0000000000000005
[   57.357359][  T562] RBP: 00007f8eef0442a0 R08: 0000000000000000 R09: 0000000000000000
[   57.365167][  T562] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   57.372992][  T562] R13: 0000000000000000 R14: 00007f8eef1dbfa0 R15: 00007ffed78fcf38
[   57.380790][  T562] 
[   57.382952][  T562] Allocated by task 562:
[   57.387038][  T562]  __kasan_kmalloc+0x171/0x210
[   57.391638][  T562]  sk_prot_alloc+0xbd/0x3e0
[   57.395973][  T562]  sk_alloc+0x35/0x2f0
[   57.399879][  T562]  pfkey_create+0x122/0x670
[   57.404231][  T562]  __sock_create+0x3cb/0x7a0
[   57.408672][  T562]  __sys_socket+0x132/0x370
[   57.412997][  T562]  __x64_sys_socket+0x76/0x80
[   57.417513][  T562]  do_syscall_64+0xca/0x1c0
[   57.421842][  T562]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   57.427568][  T562] 
[   57.429752][  T562] Freed by task 0:
[   57.433289][  T562] (stack is not available)
[   57.437555][  T562] 
[   57.439723][  T562] The buggy address belongs to the object at ffff8881e300b800
[   57.439723][  T562]  which belongs to the cache kmalloc-1k of size 1024
[   57.453812][  T562] The buggy address is located 984 bytes inside of
[   57.453812][  T562]  1024-byte region [ffff8881e300b800, ffff8881e300bc00)
[   57.467000][  T562] The buggy address belongs to the page:
[   57.472479][  T562] page:ffffea00078c0200 refcount:1 mapcount:0 mapping:ffff8881f5c02280 index:0x0 compound_mapcount: 0
[   57.483232][  T562] flags: 0x8000000000010200(slab|head)
[   57.488540][  T562] raw: 8000000000010200 dead000000000100 dead000000000122 ffff8881f5c02280
[   57.496951][  T562] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[   57.505472][  T562] page dumped because: kasan: bad access detected
[   57.511736][  T562] page_owner tracks the page as allocated
[   57.517286][  T562] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL)
[   57.533903][  T562]  prep_new_page+0x18f/0x370
[   57.538324][  T562]  get_page_from_freelist+0x2d13/0x2d90
[   57.543695][  T562]  __alloc_pages_nodemask+0x393/0x840
[   57.548907][  T562]  alloc_slab_page+0x39/0x3c0
[   57.553510][  T562]  new_slab+0x97/0x440
[   57.557421][  T562]  ___slab_alloc+0x2fe/0x490
[   57.561849][  T562]  __slab_alloc+0x62/0xa0
[   57.566097][  T562]  __kmalloc_track_caller+0x16d/0x2b0
[   57.571309][  T562]  __alloc_skb+0xb4/0x4d0
[   57.575475][  T562]  rtmsg_fib+0x54c/0x970
[   57.579550][  T562]  fib_table_insert+0xb61/0x19b0
[   57.584325][  T562]  fib_add_ifaddr+0xb5a/0x1a40
[   57.588925][  T562]  fib_netdev_event+0x1f0/0x550
[   57.593612][  T562]  raw_notifier_call_chain+0x95/0x110
[   57.598829][  T562]  __dev_notify_flags+0x26e/0x510
[   57.603697][  T562]  dev_change_flags+0xe7/0x190
[   57.608299][  T562] page last free stack trace:
[   57.612793][  T562]  __free_pages_ok+0x847/0x950
[   57.617394][  T562]  __free_pages+0x91/0x140
[   57.621648][  T562]  __free_slab+0x221/0x2e0
[   57.625901][  T562]  unfreeze_partials+0x14e/0x180
[   57.630674][  T562]  put_cpu_partial+0x44/0x180
[   57.635187][  T562]  __slab_free+0x297/0x360
[   57.639440][  T562]  qlist_free_all+0x43/0xb0
[   57.643779][  T562]  quarantine_reduce+0x1d9/0x210
[   57.648552][  T562]  __kasan_kmalloc+0x41/0x210
[   57.653328][  T562]  kmem_cache_alloc+0xd9/0x250
[   57.658019][  T562]  __alloc_skb+0x7a/0x4d0
[   57.662185][  T562]  inet_netconf_notify_devconf+0x156/0x210
[   57.667825][  T562]  inetdev_event+0x798/0x1040
[   57.672336][  T562]  raw_notifier_call_chain+0x95/0x110
[   57.677545][  T562]  rollback_registered_many+0xce5/0x1330
[   57.683013][  T562]  unregister_netdevice_many+0x46/0x250
[   57.688387][  T562] 
[   57.690559][  T562] Memory state around the buggy address:
[   57.696040][  T562]  ffff8881e300ba80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   57.703930][  T562]  ffff8881e300bb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   57.711862][  T562] >ffff8881e300bb80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[   57.719814][  T562]                                                     ^
[   57.726580][  T562]  ffff8881e300bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   57.734491][  T562]  ffff8881e300bc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   57.742382][  T562] ==================================================================
[   57.750271][  T562] Disabling lock debugging due to kernel taint
[   57.965435][  T180] device bridge_slave_1 left promiscuous mode
[   57.971442][  T180] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.978877][  T180] device bridge_slave_0 left promiscuous mode
[   57.988017][  T180] bridge0: port 1(bridge_slave_0) entered disabled state
2025/03/11 01:52:15 executed programs: 266
[   66.028628][ T1771] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.035596][ T1771] bridge0: port 1(bridge_slave_0) entered disabled state
[   66.042762][ T1771] device bridge_slave_0 entered promiscuous mode
[   66.052284][ T1771] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.059967][ T1771] bridge0: port 2(bridge_slave_1) entered disabled state
[   66.067414][ T1771] device bridge_slave_1 entered promiscuous mode
[   66.121209][ T1771] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.128063][ T1771] bridge0: port 2(bridge_slave_1) entered forwarding state
[   66.135261][ T1771] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.142096][ T1771] bridge0: port 1(bridge_slave_0) entered forwarding state
[   66.168486][  T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   66.177164][  T374] bridge0: port 1(bridge_slave_0) entered disabled state
[   66.184381][  T374] bridge0: port 2(bridge_slave_1) entered disabled state
[   66.194382][  T374] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   66.202708][  T374] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.209870][  T374] bridge0: port 1(bridge_slave_0) entered forwarding state
[   66.221107][  T374] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   66.229344][  T374] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.236197][  T374] bridge0: port 2(bridge_slave_1) entered forwarding state
[   66.251323][  T374] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   66.261024][  T374] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   66.280940][  T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   66.292781][  T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   66.307420][  T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   66.322839][  T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   66.333532][  T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   66.374738][   T13] cfg80211: failed to load regulatory.db
2025/03/11 01:52:20 executed programs: 609
[   66.487115][    T9] device bridge_slave_1 left promiscuous mode
[   66.493058][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[   66.501175][    T9] device bridge_slave_0 left promiscuous mode
[   66.507275][    T9] bridge0: port 1(bridge_slave_0) entered disabled state