Warning: Permanently added '10.128.0.188' (ED25519) to the list of known hosts.
2025/11/28 23:37:58 parsed 1 programs
[   43.998255][   T24] kauditd_printk_skb: 30 callbacks suppressed
[   43.998265][   T24] audit: type=1400 audit(1764373078.670:104): avc:  denied  { unlink } for  pid=405 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   44.049317][  T405] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   44.479151][  T415] bridge0: port 1(bridge_slave_0) entered blocking state
[   44.487273][  T415] bridge0: port 1(bridge_slave_0) entered disabled state
[   44.494797][  T415] device bridge_slave_0 entered promiscuous mode
[   44.503433][  T415] bridge0: port 2(bridge_slave_1) entered blocking state
[   44.510836][  T415] bridge0: port 2(bridge_slave_1) entered disabled state
[   44.518264][  T415] device bridge_slave_1 entered promiscuous mode
[   44.546249][  T415] bridge0: port 2(bridge_slave_1) entered blocking state
[   44.553788][  T415] bridge0: port 2(bridge_slave_1) entered forwarding state
[   44.561092][  T415] bridge0: port 1(bridge_slave_0) entered blocking state
[   44.568217][  T415] bridge0: port 1(bridge_slave_0) entered forwarding state
[   44.584294][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[   44.591749][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[   44.599205][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   44.607436][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   44.617160][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   44.625549][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[   44.632816][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[   44.641499][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   44.650258][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[   44.657685][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[   44.668703][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   44.679186][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   44.694623][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   44.705972][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   44.713893][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   44.721887][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   44.731328][  T415] device veth0_vlan entered promiscuous mode
[   44.741096][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   44.750112][  T415] device veth1_macvtap entered promiscuous mode
[   44.759123][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   44.770219][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   45.010421][   T24] audit: type=1401 audit(1764373079.680:105): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
[   45.028087][   T24] audit: type=1400 audit(1764373079.700:106): avc:  denied  { create } for  pid=443 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
2025/11/28 23:38:00 executed programs: 0
[   45.360922][   T24] audit: type=1400 audit(1764373080.030:107): avc:  denied  { write } for  pid=397 comm="syz-execprog" path="pipe:[15613]" dev="pipefs" ino=15613 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[   45.386440][    T7] device bridge_slave_1 left promiscuous mode
[   45.392535][    T7] bridge0: port 2(bridge_slave_1) entered disabled state
[   45.400037][    T7] device bridge_slave_0 left promiscuous mode
[   45.406609][    T7] bridge0: port 1(bridge_slave_0) entered disabled state
[   45.414915][    T7] device veth1_macvtap left promiscuous mode
[   45.421051][    T7] device veth0_vlan left promiscuous mode
[   45.515489][  T464] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.522830][  T464] bridge0: port 1(bridge_slave_0) entered disabled state
[   45.530268][  T464] device bridge_slave_0 entered promiscuous mode
[   45.538198][  T464] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.545728][  T464] bridge0: port 2(bridge_slave_1) entered disabled state
[   45.553166][  T464] device bridge_slave_1 entered promiscuous mode
[   45.590820][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   45.598878][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   45.609369][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   45.618072][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   45.626357][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.633505][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[   45.641172][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   45.650029][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   45.658858][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   45.667138][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.674162][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[   45.685074][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   45.694199][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   45.706486][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   45.717031][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   45.725291][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   45.732993][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   45.741834][  T464] device veth0_vlan entered promiscuous mode
[   45.753359][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   45.762621][  T464] device veth1_macvtap entered promiscuous mode
[   45.772484][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   45.783273][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   45.943178][  T474] device veth0_vlan left promiscuous mode
[   45.950286][  T474] device veth0_vlan entered promiscuous mode
[   47.324736][    T7] ==================================================================
[   47.332960][    T7] BUG: KASAN: use-after-free in vlan_dev_get_iflink+0x6d/0x70
[   47.340604][    T7] Read of size 4 at addr ffff888129922100 by task kworker/u4:0/7
[   47.348306][    T7] 
[   47.350630][    T7] CPU: 1 PID: 7 Comm: kworker/u4:0 Not tainted syzkaller #0
[   47.358093][    T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   47.368136][    T7] Workqueue: netns cleanup_net
[   47.373031][    T7] Call Trace:
[   47.376379][    T7]  __dump_stack+0x21/0x24
[   47.380774][    T7]  dump_stack_lvl+0x169/0x1d8
[   47.385546][    T7]  ? show_regs_print_info+0x18/0x18
[   47.390724][    T7]  ? thaw_kernel_threads+0x220/0x220
[   47.396068][    T7]  print_address_description+0x7f/0x2c0
[   47.402047][    T7]  ? vlan_dev_get_iflink+0x6d/0x70
[   47.407139][    T7]  kasan_report+0xe2/0x130
[   47.411700][    T7]  ? vlan_dev_get_iflink+0x6d/0x70
[   47.416785][    T7]  __asan_report_load4_noabort+0x14/0x20
[   47.422381][    T7]  vlan_dev_get_iflink+0x6d/0x70
[   47.427380][    T7]  ? vlan_dev_fix_features+0x180/0x180
[   47.433020][    T7]  dev_get_iflink+0x70/0xc0
[   47.437499][    T7]  rfc2863_policy+0x124/0x2b0
[   47.442237][    T7]  ? linkwatch_forget_dev+0x111/0x180
[   47.447669][    T7]  linkwatch_do_dev+0x3b/0x140
[   47.452513][    T7]  linkwatch_forget_dev+0x170/0x180
[   47.457986][    T7]  netdev_run_todo+0x2bb/0xd20
[   47.462918][    T7]  ? netdev_refcnt_read+0x1d0/0x1d0
[   47.468310][    T7]  ? unregister_netdevice_queue+0x1aa/0x360
[   47.474184][    T7]  ? list_netdevice+0x4c0/0x4c0
[   47.479016][    T7]  ? unregister_vlan_dev+0x248/0x320
[   47.484454][    T7]  rtnl_unlock+0xe/0x10
[   47.488598][    T7]  default_device_exit_batch+0x335/0x390
[   47.494600][    T7]  ? default_device_exit+0x390/0x390
[   47.499964][    T7]  ? wait_woken+0x180/0x180
[   47.504457][    T7]  ? rtnl_unlock+0xe/0x10
[   47.508773][    T7]  ? default_device_exit+0x390/0x390
[   47.514190][    T7]  cleanup_net+0x5fb/0xb70
[   47.518807][    T7]  ? __kasan_check_write+0x14/0x20
[   47.523916][    T7]  ? ops_init+0x4a0/0x4a0
[   47.528245][    T7]  ? read_word_at_a_time+0x12/0x20
[   47.533517][    T7]  ? strscpy+0x9b/0x290
[   47.537815][    T7]  process_one_work+0x6e1/0xba0
[   47.542813][    T7]  worker_thread+0xa6a/0x13b0
[   47.548145][    T7]  kthread+0x346/0x3d0
[   47.552668][    T7]  ? worker_clr_flags+0x190/0x190
[   47.558023][    T7]  ? kthread_blkcg+0xd0/0xd0
[   47.562763][    T7]  ret_from_fork+0x1f/0x30
[   47.567144][    T7] 
[   47.569537][    T7] Allocated by task 464:
[   47.573899][    T7]  __kasan_kmalloc+0xda/0x110
[   47.578563][    T7]  __kmalloc+0x1a7/0x330
[   47.582971][    T7]  kvmalloc_node+0x88/0x130
[   47.587577][    T7]  alloc_netdev_mqs+0x88/0xc80
[   47.592490][    T7]  rtnl_create_link+0x242/0x930
[   47.597795][    T7]  rtnl_newlink+0x105e/0x1640
[   47.602677][    T7]  rtnetlink_rcv_msg+0x9db/0xb90
[   47.607679][    T7]  netlink_rcv_skb+0x1e0/0x430
[   47.612503][    T7]  rtnetlink_rcv+0x1c/0x20
[   47.616987][    T7]  netlink_unicast+0x876/0xa40
[   47.621821][    T7]  netlink_sendmsg+0x88d/0xb30
[   47.626760][    T7]  __sys_sendto+0x41d/0x580
[   47.631245][    T7]  __x64_sys_sendto+0xe5/0x100
[   47.636070][    T7]  do_syscall_64+0x31/0x40
[   47.640575][    T7]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   47.646693][    T7] 
[   47.649091][    T7] Freed by task 7:
[   47.652789][    T7]  kasan_set_track+0x4a/0x70
[   47.657874][    T7]  kasan_set_free_info+0x23/0x40
[   47.662791][    T7]  ____kasan_slab_free+0x125/0x160
[   47.667886][    T7]  __kasan_slab_free+0x11/0x20
[   47.672926][    T7]  slab_free_freelist_hook+0xc5/0x190
[   47.678278][    T7]  kfree+0xc0/0x270
[   47.682057][    T7]  kvfree+0x35/0x40
[   47.686072][    T7]  netdev_freemem+0x3f/0x60
[   47.690706][    T7]  netdev_release+0x7f/0xb0
[   47.695184][    T7]  device_release+0x96/0x1c0
[   47.700018][    T7]  kobject_put+0x18a/0x270
[   47.704498][    T7]  netdev_run_todo+0xb99/0xd20
[   47.709336][    T7]  rtnl_unlock+0xe/0x10
[   47.713480][    T7]  default_device_exit_batch+0x335/0x390
[   47.719089][    T7]  cleanup_net+0x5fb/0xb70
[   47.723570][    T7]  process_one_work+0x6e1/0xba0
[   47.728654][    T7]  worker_thread+0xa6a/0x13b0
[   47.733306][    T7]  kthread+0x346/0x3d0
[   47.737435][    T7]  ret_from_fork+0x1f/0x30
[   47.741829][    T7] 
[   47.744344][    T7] The buggy address belongs to the object at ffff888129922000
[   47.744344][    T7]  which belongs to the cache kmalloc-4k of size 4096
[   47.758978][    T7] The buggy address is located 256 bytes inside of
[   47.758978][    T7]  4096-byte region [ffff888129922000, ffff888129923000)
[   47.772312][    T7] The buggy address belongs to the page:
[   47.778019][    T7] page:ffffea0004a64800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x129920
[   47.788337][    T7] head:ffffea0004a64800 order:3 compound_mapcount:0 compound_pincount:0
[   47.796644][    T7] flags: 0x4000000000010200(slab|head)
[   47.802162][    T7] raw: 4000000000010200 dead000000000100 dead000000000122 ffff888100042c00
[   47.810737][    T7] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000
[   47.819475][    T7] page dumped because: kasan: bad access detected
[   47.826038][    T7] page_owner tracks the page as allocated
[   47.831737][    T7] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 464, ts 45576082412, free_ts 45160659955
[   47.852215][    T7]  prep_new_page+0x179/0x180
[   47.856778][    T7]  get_page_from_freelist+0x2235/0x23d0
[   47.862353][    T7]  __alloc_pages_nodemask+0x268/0x5f0
[   47.868042][    T7]  new_slab+0x84/0x3f0
[   47.872518][    T7]  ___slab_alloc+0x2a6/0x450
[   47.877161][    T7]  __slab_alloc+0x63/0xa0
[   47.881711][    T7]  kmem_cache_alloc_trace+0x1b3/0x2e0
[   47.887247][    T7]  ipv6_add_dev+0x59b/0x10a0
[   47.892107][    T7]  addrconf_notify+0x582/0xe90
[   47.897062][    T7]  raw_notifier_call_chain+0x90/0x100
[   47.902825][    T7]  call_netdevice_notifiers+0x111/0x190
[   47.908470][    T7]  register_netdevice+0x1043/0x13c0
[   47.913774][    T7]  veth_newlink+0x853/0xbb0
[   47.918338][    T7]  rtnl_newlink+0x11bd/0x1640
[   47.923132][    T7]  rtnetlink_rcv_msg+0x9db/0xb90
[   47.928484][    T7]  netlink_rcv_skb+0x1e0/0x430
[   47.933465][    T7] page last free stack trace:
[   47.938851][    T7]  free_unref_page_prepare+0x2b7/0x2d0
[   47.944556][    T7]  __free_pages+0x14b/0x380
[   47.949127][    T7]  __vunmap+0x84d/0x9d0
[   47.953613][    T7]  vfree+0x61/0x90
[   47.957497][    T7]  kcov_close+0x2b/0x50
[   47.961822][    T7]  __fput+0x2fb/0x770
[   47.965893][    T7]  ____fput+0x15/0x20
[   47.970022][    T7]  task_work_run+0x127/0x190
[   47.974685][    T7]  do_exit+0xa4f/0x2480
[   47.979021][    T7]  do_group_exit+0x141/0x310
[   47.984055][    T7]  get_signal+0xf7d/0x12e0
[   47.988865][    T7]  arch_do_signal_or_restart+0xbf/0x10f0
[   47.994662][    T7]  exit_to_user_mode_loop+0xa2/0xe0
[   48.000066][    T7]  exit_to_user_mode_prepare+0x76/0xa0
[   48.006198][    T7]  syscall_exit_to_user_mode+0x1d/0x40
[   48.011723][    T7]  do_syscall_64+0x3d/0x40
[   48.016491][    T7] 
[   48.018930][    T7] Memory state around the buggy address:
[   48.024666][    T7]  ffff888129922000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   48.032963][    T7]  ffff888129922080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   48.041261][    T7] >ffff888129922100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   48.049595][    T7]                    ^
[   48.053651][    T7]  ffff888129922180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   48.061884][    T7]  ffff888129922200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   48.070699][    T7] ==================================================================
[   48.078840][    T7] Disabling lock debugging due to kernel taint
[   48.089247][   T24] audit: type=1400 audit(1764373082.760:108): avc:  denied  { read } for  pid=77 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[   48.126229][   T24] audit: type=1400 audit(1764373082.760:109): avc:  denied  { search } for  pid=77 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   48.148298][   T24] audit: type=1400 audit(1764373082.760:110): avc:  denied  { write } for  pid=77 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   48.170764][   T24] audit: type=1400 audit(1764373082.760:111): avc:  denied  { add_name } for  pid=77 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   48.192387][   T24] audit: type=1400 audit(1764373082.760:112): avc:  denied  { create } for  pid=77 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   48.213107][   T24] audit: type=1400 audit(1764373082.760:113): avc:  denied  { append open } for  pid=77 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
2025/11/28 23:38:05 executed programs: 178
2025/11/28 23:38:10 executed programs: 409