Warning: Permanently added '10.128.1.102' (ED25519) to the list of known hosts.
2025/02/20 07:05:43 ignoring optional flag "sandboxArg"="0"
2025/02/20 07:05:44 parsed 1 programs
[   48.102022][   T23] kauditd_printk_skb: 29 callbacks suppressed
[   48.102042][   T23] audit: type=1400 audit(1740035145.120:105): avc:  denied  { unlink } for  pid=493 comm="syz-executor" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   48.247954][  T493] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   48.709934][   T23] audit: type=1400 audit(1740035145.730:106): avc:  denied  { mounton } for  pid=498 comm="syz-executor" path="/root/syzkaller.kLJAKF/syz-tmp/newroot/dev" dev="tmpfs" ino=13062 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   48.950113][  T513] bridge0: port 1(bridge_slave_0) entered blocking state
[   48.956953][  T513] bridge0: port 1(bridge_slave_0) entered disabled state
[   48.964572][  T513] device bridge_slave_0 entered promiscuous mode
[   48.971630][  T513] bridge0: port 2(bridge_slave_1) entered blocking state
[   48.978526][  T513] bridge0: port 2(bridge_slave_1) entered disabled state
[   48.985874][  T513] device bridge_slave_1 entered promiscuous mode
[   49.038009][  T513] bridge0: port 2(bridge_slave_1) entered blocking state
[   49.044835][  T513] bridge0: port 2(bridge_slave_1) entered forwarding state
[   49.052012][  T513] bridge0: port 1(bridge_slave_0) entered blocking state
[   49.058842][  T513] bridge0: port 1(bridge_slave_0) entered forwarding state
[   49.085143][  T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   49.092632][  T103] bridge0: port 1(bridge_slave_0) entered disabled state
[   49.099734][  T103] bridge0: port 2(bridge_slave_1) entered disabled state
[   49.110021][  T103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   49.118121][  T103] bridge0: port 1(bridge_slave_0) entered blocking state
[   49.124929][  T103] bridge0: port 1(bridge_slave_0) entered forwarding state
[   49.134798][  T103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   49.142943][  T103] bridge0: port 2(bridge_slave_1) entered blocking state
[   49.149783][  T103] bridge0: port 2(bridge_slave_1) entered forwarding state
[   49.164985][  T103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   49.175444][  T103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   49.193367][  T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   49.206038][  T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   49.220543][  T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   49.234922][  T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   49.245241][  T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   49.517746][   T23] audit: type=1401 audit(1740035146.540:107): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
[   49.938026][  T379] device bridge_slave_1 left promiscuous mode
[   49.944074][  T379] bridge0: port 2(bridge_slave_1) entered disabled state
[   49.951785][  T379] device bridge_slave_0 left promiscuous mode
[   49.957852][  T379] bridge0: port 1(bridge_slave_0) entered disabled state
2025/02/20 07:05:47 executed programs: 0
[   50.091555][  T553] bridge0: port 1(bridge_slave_0) entered blocking state
[   50.098717][  T553] bridge0: port 1(bridge_slave_0) entered disabled state
[   50.105957][  T553] device bridge_slave_0 entered promiscuous mode
[   50.112775][  T553] bridge0: port 2(bridge_slave_1) entered blocking state
[   50.119609][  T553] bridge0: port 2(bridge_slave_1) entered disabled state
[   50.126904][  T553] device bridge_slave_1 entered promiscuous mode
[   50.178687][  T553] bridge0: port 2(bridge_slave_1) entered blocking state
[   50.185516][  T553] bridge0: port 2(bridge_slave_1) entered forwarding state
[   50.192705][  T553] bridge0: port 1(bridge_slave_0) entered blocking state
[   50.199537][  T553] bridge0: port 1(bridge_slave_0) entered forwarding state
[   50.224207][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   50.231870][    T7] bridge0: port 1(bridge_slave_0) entered disabled state
[   50.238879][    T7] bridge0: port 2(bridge_slave_1) entered disabled state
[   50.248519][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   50.256697][    T7] bridge0: port 1(bridge_slave_0) entered blocking state
[   50.263543][    T7] bridge0: port 1(bridge_slave_0) entered forwarding state
[   50.272628][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   50.281090][    T7] bridge0: port 2(bridge_slave_1) entered blocking state
[   50.287934][    T7] bridge0: port 2(bridge_slave_1) entered forwarding state
[   50.308791][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   50.320762][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   50.341345][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   50.356012][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   50.372511][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   50.388138][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   50.399764][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   50.433940][   T23] audit: type=1400 audit(1740035147.450:108): avc:  denied  { create } for  pid=557 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   50.436256][  T558] ==================================================================
[   50.452891][   T23] audit: type=1400 audit(1740035147.450:109): avc:  denied  { setopt } for  pid=557 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   50.460670][  T558] BUG: KASAN: slab-out-of-bounds in xfrm_policy_inexact_list_reinsert+0x599/0x650
[   50.460678][  T558] Read of size 1 at addr ffff8881e30253d8 by task syz.2.16/558
[   50.460680][  T558] 
[   50.460691][  T558] CPU: 0 PID: 558 Comm: syz.2.16 Not tainted 5.4.289-syzkaller-05043-g39762b7a60e9 #0
[   50.460695][  T558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   50.460699][  T558] Call Trace:
[   50.460711][  T558]  dump_stack+0x1d8/0x241
[   50.460723][  T558]  ? nf_ct_l4proto_log_invalid+0x258/0x258
[   50.460732][  T558]  ? printk+0xd1/0x111
[   50.460741][  T558]  ? xfrm_policy_inexact_list_reinsert+0x599/0x650
[   50.460751][  T558]  ? wake_up_klogd+0xb2/0xf0
[   50.460761][  T558]  ? xfrm_policy_inexact_list_reinsert+0x599/0x650
[   50.460770][  T558]  print_address_description+0x8c/0x600
[   50.460784][  T558]  ? panic+0x89d/0x89d
[   50.483270][   T23] audit: type=1400 audit(1740035147.450:110): avc:  denied  { write } for  pid=557 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   50.488523][  T558]  ? xfrm_policy_inexact_list_reinsert+0x599/0x650
[   50.488534][  T558]  __kasan_report+0xf3/0x120
[   50.488551][  T558]  ? xfrm_policy_inexact_list_reinsert+0x599/0x650
[   50.496302][   T23] audit: type=1400 audit(1740035147.450:111): avc:  denied  { create } for  pid=557 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   50.498064][  T558]  kasan_report+0x30/0x60
[   50.498077][  T558]  xfrm_policy_inexact_list_reinsert+0x599/0x650
[   50.498093][  T558]  ? xfrm_policy_addr_delta+0x234/0x340
[   50.507928][   T23] audit: type=1400 audit(1740035147.450:112): avc:  denied  { write } for  pid=557 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   50.517338][  T558]  xfrm_policy_inexact_insert_node+0x8f3/0xb00
[   50.517359][  T558]  ? xfrm_policy_inexact_alloc_bin+0x5b2/0x1440
[   50.520751][   T23] audit: type=1400 audit(1740035147.450:113): avc:  denied  { nlmsg_write } for  pid=557 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   50.524636][  T558]  xfrm_policy_inexact_alloc_chain+0x4f9/0xb10
[   50.689539][  T558]  xfrm_policy_inexact_insert+0x69/0x10e0
[   50.695081][  T558]  ? _raw_spin_lock_bh+0xa4/0x1b0
[   50.700222][  T558]  ? _raw_spin_lock_irq+0x1b0/0x1b0
[   50.705335][  T558]  ? policy_hash_bysel+0x12c/0x6f0
[   50.710283][  T558]  ? memcpy+0x38/0x50
[   50.714103][  T558]  xfrm_policy_insert+0xe1/0x8a0
[   50.718875][  T558]  xfrm_add_policy+0x4f2/0x980
[   50.723474][  T558]  ? __nla_validate+0x50/0x50
[   50.727988][  T558]  ? xfrm_dump_sa_done+0xc0/0xc0
[   50.732761][  T558]  ? __nla_parse+0x3a/0x50
[   50.737011][  T558]  xfrm_user_rcv_msg+0x689/0x9b0
[   50.741789][  T558]  ? xfrm_netlink_rcv+0x80/0x80
[   50.746482][  T558]  ? avc_has_perm+0xd2/0x260
[   50.750904][  T558]  ? avc_has_perm+0x16f/0x260
[   50.755412][  T558]  ? avc_has_perm_noaudit+0x3d0/0x3d0
[   50.760662][  T558]  netlink_rcv_skb+0x1d5/0x420
[   50.765221][  T558]  ? xfrm_netlink_rcv+0x80/0x80
[   50.769912][  T558]  ? nla_put_string+0x30/0x30
[   50.774421][  T558]  ? mutex_trylock+0xa0/0xa0
[   50.778850][  T558]  ? __netlink_lookup+0x369/0x390
[   50.783710][  T558]  xfrm_netlink_rcv+0x6e/0x80
[   50.788223][  T558]  netlink_unicast+0x936/0xb20
[   50.792822][  T558]  ? netlink_detachskb+0x90/0x90
[   50.797597][  T558]  ? __virt_addr_valid+0x20e/0x2a0
[   50.802608][  T558]  netlink_sendmsg+0xa18/0xcf0
[   50.807146][  T558]  ? netlink_getsockopt+0x550/0x550
[   50.812195][  T558]  ? import_iovec+0x1bb/0x380
[   50.816688][  T558]  ? security_socket_sendmsg+0x7d/0xa0
[   50.821983][  T558]  ? netlink_getsockopt+0x550/0x550
[   50.827018][  T558]  ____sys_sendmsg+0x5ac/0x8f0
[   50.831621][  T558]  ? __sys_sendmsg_sock+0x2b0/0x2b0
[   50.836698][  T558]  ? percpu_counter_add_batch+0x14d/0x170
[   50.842215][  T558]  __sys_sendmsg+0x28b/0x380
[   50.846632][  T558]  ? ____sys_sendmsg+0x8f0/0x8f0
[   50.851409][  T558]  ? security_socket_post_create+0x96/0xc0
[   50.857050][  T558]  ? __do_page_fault+0x725/0xbb0
[   50.861820][  T558]  do_syscall_64+0xca/0x1c0
[   50.866159][  T558]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   50.871905][  T558] RIP: 0033:0x7fbe2d4b3de9
[   50.876139][  T558] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   50.895583][  T558] RSP: 002b:00007fbe2cf26038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   50.903826][  T558] RAX: ffffffffffffffda RBX: 00007fbe2d6ccfa0 RCX: 00007fbe2d4b3de9
[   50.911637][  T558] RDX: 0000000000004000 RSI: 0000200000000580 RDI: 0000000000000005
[   50.919443][  T558] RBP: 00007fbe2d5352a0 R08: 0000000000000000 R09: 0000000000000000
[   50.927263][  T558] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   50.935068][  T558] R13: 0000000000000000 R14: 00007fbe2d6ccfa0 R15: 00007fffb4d400f8
[   50.942890][  T558] 
[   50.945055][  T558] Allocated by task 558:
[   50.949135][  T558]  __kasan_kmalloc+0x171/0x210
[   50.953731][  T558]  sk_prot_alloc+0xbd/0x3e0
[   50.958221][  T558]  sk_alloc+0x35/0x2f0
[   50.962137][  T558]  pfkey_create+0x122/0x670
[   50.966471][  T558]  __sock_create+0x3cb/0x7a0
[   50.970891][  T558]  __sys_socket+0x132/0x370
[   50.975228][  T558]  __x64_sys_socket+0x76/0x80
[   50.979748][  T558]  do_syscall_64+0xca/0x1c0
[   50.984092][  T558]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   50.989806][  T558] 
[   50.991975][  T558] Freed by task 168:
[   50.995713][  T558]  __kasan_slab_free+0x1b5/0x270
[   51.000485][  T558]  kfree+0x123/0x370
[   51.004216][  T558]  consume_skb+0xa5/0x2a0
[   51.008382][  T558]  netlink_unicast+0x93e/0xb20
[   51.012982][  T558]  netlink_sendmsg+0xa18/0xcf0
[   51.017586][  T558]  ____sys_sendmsg+0x5ac/0x8f0
[   51.022183][  T558]  __sys_sendmsg+0x28b/0x380
[   51.026610][  T558]  do_syscall_64+0xca/0x1c0
[   51.030951][  T558]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   51.036672][  T558] 
[   51.038846][  T558] The buggy address belongs to the object at ffff8881e3025000
[   51.038846][  T558]  which belongs to the cache kmalloc-1k of size 1024
[   51.052739][  T558] The buggy address is located 984 bytes inside of
[   51.052739][  T558]  1024-byte region [ffff8881e3025000, ffff8881e3025400)
[   51.065922][  T558] The buggy address belongs to the page:
[   51.071404][  T558] page:ffffea00078c0800 refcount:1 mapcount:0 mapping:ffff8881f5c02280 index:0x0 compound_mapcount: 0
[   51.082158][  T558] flags: 0x8000000000010200(slab|head)
[   51.087460][  T558] raw: 8000000000010200 ffffea00078d9000 0000000200000002 ffff8881f5c02280
[   51.095871][  T558] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[   51.104285][  T558] page dumped because: kasan: bad access detected
[   51.110540][  T558] page_owner tracks the page as allocated
[   51.116096][  T558] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC)
[   51.130943][  T558]  prep_new_page+0x18f/0x370
[   51.135363][  T558]  get_page_from_freelist+0x2d13/0x2d90
[   51.140940][  T558]  __alloc_pages_nodemask+0x393/0x840
[   51.146146][  T558]  alloc_slab_page+0x39/0x3c0
[   51.150663][  T558]  new_slab+0x97/0x440
[   51.154563][  T558]  ___slab_alloc+0x2fe/0x490
[   51.158992][  T558]  __slab_alloc+0x62/0xa0
[   51.163158][  T558]  __kmalloc_track_caller+0x16d/0x2b0
[   51.168366][  T558]  __alloc_skb+0xb4/0x4d0
[   51.172530][  T558]  netlink_sendmsg+0x797/0xcf0
[   51.177134][  T558]  ____sys_sendmsg+0x5ac/0x8f0
[   51.181732][  T558]  __sys_sendmsg+0x28b/0x380
[   51.186170][  T558]  do_syscall_64+0xca/0x1c0
[   51.190662][  T558]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   51.196376][  T558] page_owner free stack trace missing
[   51.201585][  T558] 
[   51.203754][  T558] Memory state around the buggy address:
[   51.209235][  T558]  ffff8881e3025280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   51.217127][  T558]  ffff8881e3025300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   51.225024][  T558] >ffff8881e3025380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[   51.232917][  T558]                                                     ^
[   51.239689][  T558]  ffff8881e3025400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   51.247761][  T558]  ffff8881e3025480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   51.255802][  T558] ==================================================================
[   51.263696][  T558] Disabling lock debugging due to kernel taint
2025/02/20 07:05:52 executed programs: 274
[   59.425753][ T1767] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.433322][ T1767] bridge0: port 1(bridge_slave_0) entered disabled state
[   59.440720][ T1767] device bridge_slave_0 entered promiscuous mode
[   59.450438][ T1767] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.457261][ T1767] bridge0: port 2(bridge_slave_1) entered disabled state
[   59.464706][ T1767] device bridge_slave_1 entered promiscuous mode
[   59.516397][ T1767] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.523454][ T1767] bridge0: port 2(bridge_slave_1) entered forwarding state
[   59.530592][ T1767] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.537355][ T1767] bridge0: port 1(bridge_slave_0) entered forwarding state
[   59.562385][  T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   59.569821][  T379] bridge0: port 1(bridge_slave_0) entered disabled state
[   59.576753][  T379] bridge0: port 2(bridge_slave_1) entered disabled state
[   59.586759][  T379] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   59.595186][  T379] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.602026][  T379] bridge0: port 1(bridge_slave_0) entered forwarding state
[   59.613280][  T379] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   59.621299][  T379] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.628131][  T379] bridge0: port 2(bridge_slave_1) entered forwarding state
[   59.642498][  T379] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   59.653097][  T379] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   59.669920][  T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   59.681520][  T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   59.696383][  T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   59.709610][  T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   59.719816][  T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   59.887529][  T560] device bridge_slave_1 left promiscuous mode
[   59.893481][  T560] bridge0: port 2(bridge_slave_1) entered disabled state
[   59.902485][  T560] device bridge_slave_0 left promiscuous mode
[   59.908487][  T560] bridge0: port 1(bridge_slave_0) entered disabled state
2025/02/20 07:05:57 executed programs: 622