[   37.392885][  T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   37.403314][  T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   38.291421][    T7] device bridge_slave_1 left promiscuous mode
[   38.297755][    T7] bridge0: port 2(bridge_slave_1) entered disabled state
[   38.305257][    T7] device bridge_slave_0 left promiscuous mode
[   38.311618][    T7] bridge0: port 1(bridge_slave_0) entered disabled state
[   39.810979][    T7] device bridge_slave_1 left promiscuous mode
[   39.817136][    T7] bridge0: port 2(bridge_slave_1) entered disabled state
[   39.824723][    T7] device bridge_slave_0 left promiscuous mode
[   39.830948][    T7] bridge0: port 1(bridge_slave_0) entered disabled state
Warning: Permanently added '10.128.0.114' (ED25519) to the list of known hosts.
2025/05/04 17:03:39 ignoring optional flag "sandboxArg"="0"
[   65.330782][   T13] cfg80211: failed to load regulatory.db
2025/05/04 17:03:40 parsed 1 programs
[   66.361967][   T23] kauditd_printk_skb: 31 callbacks suppressed
[   66.361978][   T23] audit: type=1400 audit(1746378221.170:122): avc:  denied  { create } for  pid=457 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   66.388724][   T23] audit: type=1400 audit(1746378221.170:123): avc:  denied  { write } for  pid=457 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   66.409098][   T23] audit: type=1400 audit(1746378221.170:124): avc:  denied  { read } for  pid=457 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   66.429524][   T23] audit: type=1400 audit(1746378221.200:125): avc:  denied  { unlink } for  pid=457 comm="syz-executor" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   66.479268][  T457] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   66.851347][   T23] audit: type=1400 audit(1746378221.660:126): avc:  denied  { mounton } for  pid=461 comm="syz-executor" path="/root/syzkaller.PX3Qzo/syz-tmp/newroot/dev" dev="tmpfs" ino=13080 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   67.139695][   T23] audit: type=1401 audit(1746378221.940:127): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
[   67.521841][  T498] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.528894][  T498] bridge0: port 1(bridge_slave_0) entered disabled state
[   67.536536][  T498] device bridge_slave_0 entered promiscuous mode
[   67.543451][  T498] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.550476][  T498] bridge0: port 2(bridge_slave_1) entered disabled state
[   67.558091][  T498] device bridge_slave_1 entered promiscuous mode
[   67.597869][  T498] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.604937][  T498] bridge0: port 2(bridge_slave_1) entered forwarding state
[   67.612304][  T498] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.619414][  T498] bridge0: port 1(bridge_slave_0) entered forwarding state
[   67.641157][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   67.648971][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[   67.656431][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[   67.665739][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   67.674087][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.681244][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[   67.690482][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   67.698885][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.706245][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[   67.720329][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   67.730571][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   67.746536][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   67.758242][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   67.771237][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   67.787267][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   67.797640][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   67.839560][   T23] audit: type=1400 audit(1746378222.640:128): avc:  denied  { create } for  pid=505 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
2025/05/04 17:03:42 executed programs: 0
[   68.179503][  T516] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.186935][  T516] bridge0: port 1(bridge_slave_0) entered disabled state
[   68.194926][  T516] device bridge_slave_0 entered promiscuous mode
[   68.202220][  T516] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.209258][  T516] bridge0: port 2(bridge_slave_1) entered disabled state
[   68.216890][  T516] device bridge_slave_1 entered promiscuous mode
[   68.269536][  T516] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.276673][  T516] bridge0: port 2(bridge_slave_1) entered forwarding state
[   68.284073][  T516] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.291119][  T516] bridge0: port 1(bridge_slave_0) entered forwarding state
[   68.319618][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   68.327364][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   68.336060][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[   68.352289][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   68.360724][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.367751][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[   68.385886][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   68.394585][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   68.410045][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   68.419395][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   68.437363][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   68.448210][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   68.459365][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   68.486993][   T23] audit: type=1400 audit(1746378223.290:129): avc:  denied  { read } for  pid=522 comm="syz.2.16" name="msr" dev="devtmpfs" ino=1137 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[   68.511216][   T23] audit: type=1400 audit(1746378223.290:130): avc:  denied  { open } for  pid=522 comm="syz.2.16" path="/dev/cpu/0/msr" dev="devtmpfs" ino=1137 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[   69.202240][    T7] device bridge_slave_1 left promiscuous mode
[   69.208694][    T7] bridge0: port 2(bridge_slave_1) entered disabled state
[   69.216727][    T7] device bridge_slave_0 left promiscuous mode
[   69.223328][    T7] bridge0: port 1(bridge_slave_0) entered disabled state
[   70.276958][  T556] ==================================================================
[   70.285387][  T556] BUG: KASAN: out-of-bounds in unwind_next_frame+0x3a4/0x760
[   70.293192][  T556] Read of size 8 at addr ffff8881e2367ad8 by task syz.2.27/556
[   70.300741][  T556] 
[   70.303111][  T556] CPU: 0 PID: 556 Comm: syz.2.27 Not tainted 5.4.292-syzkaller-05062-gcd8e74fa0fa3 #0
[   70.312628][  T556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   70.322680][  T556] Call Trace:
[   70.325977][  T556]  __dump_stack+0x1e/0x20
[   70.330293][  T556]  dump_stack+0x15b/0x1b8
[   70.334615][  T556]  ? show_regs_print_info+0x18/0x18
[   70.339904][  T556]  ? vprintk_func+0x19a/0x1e0
[   70.344564][  T556]  ? printk+0xcc/0x110
[   70.348825][  T556]  ? unwind_next_frame+0x3a4/0x760
[   70.353949][  T556]  print_address_description+0x8d/0x4c0
[   70.359526][  T556]  ? thaw_kernel_threads+0x220/0x220
[   70.365483][  T556]  ? unwind_next_frame+0x3a4/0x760
[   70.370592][  T556]  ? unwind_next_frame+0x3a4/0x760
[   70.375715][  T556]  __kasan_report+0xef/0x120
[   70.380457][  T556]  ? unwind_next_frame+0x3a4/0x760
[   70.385923][  T556]  kasan_report+0x30/0x60
[   70.390259][  T556]  __asan_report_load8_noabort+0x14/0x20
[   70.396157][  T556]  unwind_next_frame+0x3a4/0x760
[   70.401180][  T556]  ? __slab_alloc+0x6b/0xa0
[   70.405671][  T556]  ? stack_trace_save_tsk+0x2b0/0x2b0
[   70.411030][  T556]  arch_stack_walk+0x10c/0x140
[   70.415791][  T556]  ? __slab_alloc+0x6b/0xa0
[   70.420307][  T556]  stack_trace_save_tsk+0x1e8/0x2b0
[   70.425533][  T556]  ? stack_trace_consume_entry+0x250/0x250
[   70.431323][  T556]  ? _raw_spin_lock+0x8e/0xe0
[   70.436114][  T556]  ? __ptrace_may_access+0x2a4/0x570
[   70.441479][  T556]  ? _raw_spin_unlock+0x4d/0x70
[   70.446348][  T556]  proc_pid_stack+0x12e/0x200
[   70.451028][  T556]  proc_single_show+0xdc/0x170
[   70.455864][  T556]  seq_read+0x540/0xe50
[   70.460023][  T556]  do_iter_read+0x44b/0x5d0
[   70.464654][  T556]  do_preadv+0x1f6/0x330
[   70.469143][  T556]  ? putname+0xfe/0x150
[   70.473289][  T556]  ? vfs_writev+0x340/0x340
[   70.477782][  T556]  ? check_preemption_disabled+0x118/0x300
[   70.483974][  T556]  ? __se_sys_futex+0x2b4/0x360
[   70.488845][  T556]  ? __x64_sys_futex+0x100/0x100
[   70.493797][  T556]  ? switch_fpu_return+0x197/0x3b0
[   70.499104][  T556]  ? __kasan_check_read+0x11/0x20
[   70.504150][  T556]  ? schedule+0x144/0x1c0
[   70.508465][  T556]  ? __kasan_check_read+0x11/0x20
[   70.513472][  T556]  __x64_sys_preadv+0x9e/0xb0
[   70.518139][  T556]  do_syscall_64+0xcf/0x170
[   70.522627][  T556]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   70.528534][  T556] RIP: 0033:0x7ff480bfdde9
[   70.532946][  T556] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   70.552558][  T556] RSP: 002b:00007ff48064f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[   70.560954][  T556] RAX: ffffffffffffffda RBX: 00007ff480e17080 RCX: 00007ff480bfdde9
[   70.569434][  T556] RDX: 0000000000000332 RSI: 00004000000017c0 RDI: 0000000000000004
[   70.577394][  T556] RBP: 00007ff480c7f2a0 R08: 0000000000000000 R09: 0000000000000000
[   70.585354][  T556] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   70.593466][  T556] R13: 0000000000000000 R14: 00007ff480e17080 R15: 00007ffeb9b43778
[   70.601431][  T556] 
[   70.603827][  T556] The buggy address belongs to the page:
[   70.609563][  T556] page:ffffea000788d9c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0
[   70.618727][  T556] flags: 0x8000000000000000()
[   70.623426][  T556] raw: 8000000000000000 0000000000000000 ffffea000788d9c8 0000000000000000
[   70.632033][  T556] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   70.640686][  T556] page dumped because: kasan: bad access detected
[   70.647166][  T556] page_owner tracks the page as allocated
[   70.652873][  T556] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT)
[   70.664691][  T556]  prep_new_page+0x35e/0x370
[   70.669590][  T556]  get_page_from_freelist+0x1296/0x1310
[   70.675179][  T556]  __alloc_pages_nodemask+0x202/0x4b0
[   70.680541][  T556]  dup_task_struct+0x91/0x640
[   70.685211][  T556]  copy_process+0x503/0x2cf0
[   70.689781][  T556]  _do_fork+0x190/0x860
[   70.693920][  T556]  __x64_sys_clone+0x12e/0x160
[   70.698683][  T556]  do_syscall_64+0xcf/0x170
[   70.703174][  T556]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   70.709056][  T556] page last free stack trace:
[   70.713737][  T556]  __free_pages_ok+0x7e4/0x910
[   70.718709][  T556]  __free_pages+0x8c/0x110
[   70.723381][  T556]  __free_slab+0x218/0x2d0
[   70.728085][  T556]  unfreeze_partials+0x165/0x1a0
[   70.733006][  T556]  put_cpu_partial+0xc1/0x180
[   70.737690][  T556]  __slab_free+0x2be/0x380
[   70.742110][  T556]  ___cache_free+0xbb/0xd0
[   70.746524][  T556]  qlink_free+0x23/0x30
[   70.750672][  T556]  qlist_free_all+0x5f/0xb0
[   70.755172][  T556]  quarantine_reduce+0x1a8/0x200
[   70.760105][  T556]  __kasan_kmalloc+0x42/0x200
[   70.764772][  T556]  kasan_slab_alloc+0x12/0x20
[   70.769454][  T556]  kmem_cache_alloc+0xe2/0x270
[   70.774215][  T556]  __alloc_skb+0x9e/0x500
[   70.778540][  T556]  inet6_netconf_notify_devconf+0xd6/0x190
[   70.784339][  T556]  addrconf_exit_net+0xd6/0x200
[   70.789457][  T556] 
[   70.791767][  T556] Memory state around the buggy address:
[   70.797391][  T556]  ffff8881e2367980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   70.805471][  T556]  ffff8881e2367a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   70.813606][  T556] >ffff8881e2367a80: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
[   70.821924][  T556]                                                     ^
[   70.829137][  T556]  ffff8881e2367b00: 00 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
[   70.837273][  T556]  ffff8881e2367b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   70.845334][  T556] ==================================================================
[   70.853384][  T556] Disabling lock debugging due to kernel taint
2025/05/04 17:03:48 executed programs: 25
2025/05/04 17:03:53 executed programs: 58