Warning: Permanently added '10.128.10.40' (ED25519) to the list of known hosts.
2025/02/20 07:41:11 ignoring optional flag "sandboxArg"="0"
2025/02/20 07:41:12 parsed 1 programs
[   55.316587][   T23] kauditd_printk_skb: 29 callbacks suppressed
[   55.316600][   T23] audit: type=1400 audit(1740037273.090:105): avc:  denied  { unlink } for  pid=497 comm="syz-executor" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   55.443396][  T497] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   55.826792][   T23] audit: type=1400 audit(1740037273.600:106): avc:  denied  { mounton } for  pid=505 comm="syz-executor" path="/root/syzkaller.upIpWI/syz-tmp/newroot/dev" dev="tmpfs" ino=13345 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   56.035679][   T23] audit: type=1401 audit(1740037273.810:107): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
[   56.342375][  T529] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.349305][  T529] bridge0: port 1(bridge_slave_0) entered disabled state
[   56.356917][  T529] device bridge_slave_0 entered promiscuous mode
[   56.364168][  T529] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.371165][  T529] bridge0: port 2(bridge_slave_1) entered disabled state
[   56.378809][  T529] device bridge_slave_1 entered promiscuous mode
[   56.432235][  T529] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.439081][  T529] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.446277][  T529] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.453073][  T529] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.479502][  T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   56.487050][  T103] bridge0: port 1(bridge_slave_0) entered disabled state
[   56.494120][  T103] bridge0: port 2(bridge_slave_1) entered disabled state
[   56.504771][  T103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   56.512855][  T103] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.519672][  T103] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.529157][  T103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   56.537521][  T103] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.544374][  T103] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.561938][  T103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   56.574332][  T103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   56.593274][  T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   56.605874][  T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   56.619944][  T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   56.634279][  T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   56.644510][  T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
2025/02/20 07:41:15 executed programs: 0
[   57.419766][  T562] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.426746][  T562] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.434203][  T562] device bridge_slave_0 entered promiscuous mode
[   57.440921][  T562] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.447777][  T562] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.455077][  T562] device bridge_slave_1 entered promiscuous mode
[   57.509088][  T562] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.516082][  T562] bridge0: port 2(bridge_slave_1) entered forwarding state
[   57.523214][  T562] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.530037][  T562] bridge0: port 1(bridge_slave_0) entered forwarding state
[   57.555528][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   57.563342][    T7] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.570332][    T7] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.580444][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   57.589160][    T7] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.596080][    T7] bridge0: port 1(bridge_slave_0) entered forwarding state
[   57.605208][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   57.613635][    T7] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.620481][    T7] bridge0: port 2(bridge_slave_1) entered forwarding state
[   57.635857][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   57.645728][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   57.668852][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   57.680955][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   57.701701][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   57.720925][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   57.732655][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   57.770758][   T23] audit: type=1400 audit(1740037275.540:108): avc:  denied  { create } for  pid=566 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   57.779627][  T567] ==================================================================
[   57.789812][   T23] audit: type=1400 audit(1740037275.550:109): avc:  denied  { setopt } for  pid=566 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   57.797578][  T567] BUG: KASAN: slab-out-of-bounds in xfrm_policy_inexact_list_reinsert+0x599/0x650
[   57.797595][  T567] Read of size 1 at addr ffff8881e30053d8 by task syz.2.16/567
[   57.817113][   T23] audit: type=1400 audit(1740037275.550:110): avc:  denied  { write } for  pid=566 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   57.825413][  T567] 
[   57.825426][  T567] CPU: 1 PID: 567 Comm: syz.2.16 Not tainted 5.4.289-syzkaller-05043-g39762b7a60e9 #0
[   57.825432][  T567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   57.825445][  T567] Call Trace:
[   57.825463][  T567]  dump_stack+0x1d8/0x241
[   57.825476][  T567]  ? nf_ct_l4proto_log_invalid+0x258/0x258
[   57.825486][  T567]  ? printk+0xd1/0x111
[   57.825498][  T567]  ? xfrm_policy_inexact_list_reinsert+0x599/0x650
[   57.825509][  T567]  ? wake_up_klogd+0xb2/0xf0
[   57.825518][  T567]  ? xfrm_policy_inexact_list_reinsert+0x599/0x650
[   57.825536][  T567]  print_address_description+0x8c/0x600
[   57.833969][   T23] audit: type=1400 audit(1740037275.550:111): avc:  denied  { create } for  pid=566 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   57.851590][  T567]  ? panic+0x89d/0x89d
[   57.851605][  T567]  ? xfrm_policy_inexact_list_reinsert+0x599/0x650
[   57.851615][  T567]  __kasan_report+0xf3/0x120
[   57.851632][  T567]  ? xfrm_policy_inexact_list_reinsert+0x599/0x650
[   57.854249][   T23] audit: type=1400 audit(1740037275.550:112): avc:  denied  { write } for  pid=566 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   57.863092][  T567]  kasan_report+0x30/0x60
[   57.863106][  T567]  xfrm_policy_inexact_list_reinsert+0x599/0x650
[   57.863125][  T567]  ? xfrm_policy_addr_delta+0x234/0x340
[   57.873395][   T23] audit: type=1400 audit(1740037275.550:113): avc:  denied  { nlmsg_write } for  pid=566 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   57.876115][  T567]  xfrm_policy_inexact_insert_node+0x8f3/0xb00
[   58.014931][  T567]  ? xfrm_policy_inexact_alloc_bin+0x5b2/0x1440
[   58.020991][  T567]  xfrm_policy_inexact_alloc_chain+0x4f9/0xb10
[   58.027083][  T567]  xfrm_policy_inexact_insert+0x69/0x10e0
[   58.032629][  T567]  ? _raw_spin_lock_bh+0xa4/0x1b0
[   58.037479][  T567]  ? _raw_spin_lock_irq+0x1b0/0x1b0
[   58.042612][  T567]  ? policy_hash_bysel+0x12c/0x6f0
[   58.047551][  T567]  ? memcpy+0x38/0x50
[   58.051368][  T567]  xfrm_policy_insert+0xe1/0x8a0
[   58.056156][  T567]  xfrm_add_policy+0x4f2/0x980
[   58.060740][  T567]  ? __nla_validate+0x50/0x50
[   58.065254][  T567]  ? xfrm_dump_sa_done+0xc0/0xc0
[   58.070036][  T567]  ? __nla_parse+0x3a/0x50
[   58.074281][  T567]  xfrm_user_rcv_msg+0x689/0x9b0
[   58.079056][  T567]  ? xfrm_netlink_rcv+0x80/0x80
[   58.083748][  T567]  ? avc_has_perm+0xd2/0x260
[   58.088176][  T567]  ? avc_has_perm+0x16f/0x260
[   58.092683][  T567]  ? avc_has_perm_noaudit+0x3d0/0x3d0
[   58.097888][  T567]  netlink_rcv_skb+0x1d5/0x420
[   58.102579][  T567]  ? xfrm_netlink_rcv+0x80/0x80
[   58.107267][  T567]  ? nla_put_string+0x30/0x30
[   58.111774][  T567]  ? mutex_trylock+0xa0/0xa0
[   58.116205][  T567]  ? __netlink_lookup+0x369/0x390
[   58.121069][  T567]  xfrm_netlink_rcv+0x6e/0x80
[   58.125584][  T567]  netlink_unicast+0x936/0xb20
[   58.130263][  T567]  ? netlink_detachskb+0x90/0x90
[   58.135036][  T567]  ? __virt_addr_valid+0x20e/0x2a0
[   58.139984][  T567]  netlink_sendmsg+0xa18/0xcf0
[   58.144582][  T567]  ? netlink_getsockopt+0x550/0x550
[   58.149615][  T567]  ? import_iovec+0x1bb/0x380
[   58.154131][  T567]  ? security_socket_sendmsg+0x7d/0xa0
[   58.159512][  T567]  ? netlink_getsockopt+0x550/0x550
[   58.164547][  T567]  ____sys_sendmsg+0x5ac/0x8f0
[   58.169150][  T567]  ? __sys_sendmsg_sock+0x2b0/0x2b0
[   58.174181][  T567]  ? percpu_counter_add_batch+0x14d/0x170
[   58.179754][  T567]  __sys_sendmsg+0x28b/0x380
[   58.184161][  T567]  ? ____sys_sendmsg+0x8f0/0x8f0
[   58.188960][  T567]  ? security_socket_post_create+0x96/0xc0
[   58.194582][  T567]  ? __do_page_fault+0x725/0xbb0
[   58.199349][  T567]  do_syscall_64+0xca/0x1c0
[   58.203704][  T567]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   58.209520][  T567] RIP: 0033:0x7f3314edade9
[   58.213760][  T567] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   58.233197][  T567] RSP: 002b:00007f331494d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   58.241441][  T567] RAX: ffffffffffffffda RBX: 00007f33150f3fa0 RCX: 00007f3314edade9
[   58.249346][  T567] RDX: 0000000000004000 RSI: 0000200000000580 RDI: 0000000000000005
[   58.257249][  T567] RBP: 00007f3314f5c2a0 R08: 0000000000000000 R09: 0000000000000000
[   58.265047][  T567] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   58.272862][  T567] R13: 0000000000000000 R14: 00007f33150f3fa0 R15: 00007ffe8d835b18
[   58.280675][  T567] 
[   58.282866][  T567] Allocated by task 567:
[   58.286925][  T567]  __kasan_kmalloc+0x171/0x210
[   58.291522][  T567]  sk_prot_alloc+0xbd/0x3e0
[   58.295868][  T567]  sk_alloc+0x35/0x2f0
[   58.299768][  T567]  pfkey_create+0x122/0x670
[   58.304108][  T567]  __sock_create+0x3cb/0x7a0
[   58.308534][  T567]  __sys_socket+0x132/0x370
[   58.312878][  T567]  __x64_sys_socket+0x76/0x80
[   58.317398][  T567]  do_syscall_64+0xca/0x1c0
[   58.321726][  T567]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   58.327446][  T567] 
[   58.329620][  T567] Freed by task 0:
[   58.333177][  T567] (stack is not available)
[   58.337428][  T567] 
[   58.339606][  T567] The buggy address belongs to the object at ffff8881e3005000
[   58.339606][  T567]  which belongs to the cache kmalloc-1k of size 1024
[   58.353496][  T567] The buggy address is located 984 bytes inside of
[   58.353496][  T567]  1024-byte region [ffff8881e3005000, ffff8881e3005400)
[   58.366682][  T567] The buggy address belongs to the page:
[   58.372166][  T567] page:ffffea00078c0000 refcount:1 mapcount:0 mapping:ffff8881f5c02280 index:0x0 compound_mapcount: 0
[   58.382916][  T567] flags: 0x8000000000010200(slab|head)
[   58.388214][  T567] raw: 8000000000010200 dead000000000100 dead000000000122 ffff8881f5c02280
[   58.396746][  T567] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[   58.405155][  T567] page dumped because: kasan: bad access detected
[   58.411430][  T567] page_owner tracks the page as allocated
[   58.417062][  T567] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d2a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL)
[   58.432696][  T567]  prep_new_page+0x18f/0x370
[   58.437164][  T567]  get_page_from_freelist+0x2d13/0x2d90
[   58.442694][  T567]  __alloc_pages_nodemask+0x393/0x840
[   58.447875][  T567]  alloc_slab_page+0x39/0x3c0
[   58.452405][  T567]  new_slab+0x97/0x440
[   58.456289][  T567]  ___slab_alloc+0x2fe/0x490
[   58.460725][  T567]  __slab_alloc+0x62/0xa0
[   58.464883][  T567]  __kmalloc_track_caller+0x16d/0x2b0
[   58.470100][  T567]  __alloc_skb+0xb4/0x4d0
[   58.474257][  T567]  inet6_rt_notify+0x2db/0x550
[   58.478854][  T567]  fib6_del+0x9a3/0xc20
[   58.482845][  T567]  fib6_clean_node+0x2ed/0x550
[   58.487706][  T567]  fib6_walk_continue+0x4c7/0x6e0
[   58.492566][  T567]  fib6_walk+0x164/0x2b0
[   58.496648][  T567]  fib6_clean_all+0x20c/0x2d0
[   58.501161][  T567]  rt6_disable_ip+0x160/0x730
[   58.505679][  T567] page last free stack trace:
[   58.510186][  T567]  __free_pages_ok+0x847/0x950
[   58.514873][  T567]  __free_pages+0x91/0x140
[   58.519127][  T567]  __free_slab+0x221/0x2e0
[   58.523386][  T567]  unfreeze_partials+0x14e/0x180
[   58.528263][  T567]  put_cpu_partial+0x44/0x180
[   58.532948][  T567]  __slab_free+0x297/0x360
[   58.537204][  T567]  qlist_free_all+0x43/0xb0
[   58.541552][  T567]  quarantine_reduce+0x1d9/0x210
[   58.546332][  T567]  __kasan_kmalloc+0x41/0x210
[   58.550829][  T567]  kmem_cache_alloc+0xd9/0x250
[   58.555457][  T567]  getname_flags+0xb8/0x4e0
[   58.559765][  T567]  do_sys_open+0x357/0x810
[   58.564022][  T567]  do_syscall_64+0xca/0x1c0
[   58.568505][  T567]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   58.574200][  T567] 
[   58.576399][  T567] Memory state around the buggy address:
[   58.581846][  T567]  ffff8881e3005280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   58.589743][  T567]  ffff8881e3005300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   58.597641][  T567] >ffff8881e3005380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[   58.605621][  T567]                                                     ^
[   58.612405][  T567]  ffff8881e3005400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   58.620294][  T567]  ffff8881e3005480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   58.628443][  T567] ==================================================================
[   58.636586][  T567] Disabling lock debugging due to kernel taint
[   58.793008][    T9] device bridge_slave_1 left promiscuous mode
[   58.799085][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.810706][    T9] device bridge_slave_0 left promiscuous mode
[   58.816805][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
2025/02/20 07:41:20 executed programs: 269
[   66.442187][   T13] cfg80211: failed to load regulatory.db
[   66.931295][ T1777] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.938169][ T1777] bridge0: port 1(bridge_slave_0) entered disabled state
[   66.945778][ T1777] device bridge_slave_0 entered promiscuous mode
[   66.955329][ T1777] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.962196][ T1777] bridge0: port 2(bridge_slave_1) entered disabled state
[   66.969483][ T1777] device bridge_slave_1 entered promiscuous mode
[   67.021957][ T1777] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.028828][ T1777] bridge0: port 2(bridge_slave_1) entered forwarding state
[   67.036158][ T1777] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.043021][ T1777] bridge0: port 1(bridge_slave_0) entered forwarding state
[   67.070604][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   67.078627][    T7] bridge0: port 1(bridge_slave_0) entered disabled state
[   67.086172][    T7] bridge0: port 2(bridge_slave_1) entered disabled state
[   67.097495][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   67.105537][    T7] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.112417][    T7] bridge0: port 1(bridge_slave_0) entered forwarding state
[   67.121399][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   67.129641][    T7] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.136595][    T7] bridge0: port 2(bridge_slave_1) entered forwarding state
[   67.153012][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   67.162949][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   67.180279][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   67.193989][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   67.208398][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   67.221727][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   67.233834][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
2025/02/20 07:41:25 executed programs: 610
[   67.372092][    T9] device bridge_slave_1 left promiscuous mode
[   67.382350][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[   67.389950][    T9] device bridge_slave_0 left promiscuous mode
[   67.396446][    T9] bridge0: port 1(bridge_slave_0) entered disabled state