./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2344543851
<...>
Warning: Permanently added '10.128.10.15' (ECDSA) to the list of known hosts.
execve("./syz-executor2344543851", ["./syz-executor2344543851"], 0x7ffe4150a630 /* 10 vars */) = 0
brk(NULL) = 0x5555562a1000
brk(0x5555562a1c40) = 0x5555562a1c40
arch_prctl(ARCH_SET_FS, 0x5555562a1300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor2344543851", 4096) = 28
brk(0x5555562c2c40) = 0x5555562c2c40
brk(0x5555562c3000) = 0x5555562c3000
mprotect(0x7f00dc24b000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3
sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x3c\x00\x00\x00\x10\x00\x01\x04\x00\xee\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\xff\xff\xff\xff\x01\x00\x00\x00\x01\x00\x00\x00\x1c\x00\x12\x00\x0c\x00\x01\x00\x62\x72\x69\x64\x67\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", iov_len=60}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 60
socket(AF_NETLINK, SOCK_RAW, NETLINK_XFRM) = 4
[ 57.672820][ T5072] netlink: 12 bytes leftover after parsing attributes in process `syz-executor234'.
[ 57.712164][ C1] ==================================================================
[ 57.720263][ C1] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x5f79/0x6d80
[ 57.728202][ C1] Read of size 4 at addr ffffc900001e0ad0 by task udevd/4433
[ 57.735589][ C1]
[ 57.737923][ C1] CPU: 1 PID: 4433 Comm: udevd Not tainted 6.2.0-rc1-syzkaller-00095-ge4cf7c25bae5 #0
[ 57.747489][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 57.757562][ C1] Call Trace:
[ 57.760855][ C1]
[ 57.763721][ C1] dump_stack_lvl+0xd1/0x138
[ 57.768341][ C1] print_report+0x15e/0x45d
[ 57.772878][ C1] ? xfrm_state_find+0x5f79/0x6d80
[ 57.778025][ C1] kasan_report+0xbf/0x1f0
[ 57.782475][ C1] ? xfrm_state_find+0x5f79/0x6d80
[ 57.787623][ C1] xfrm_state_find+0x5f79/0x6d80
[ 57.792599][ C1] ? xfrm_state_add+0xe30/0xe30
[ 57.797480][ C1] ? find_held_lock+0x2d/0x110
[ 57.802278][ C1] ? xfrm_tmpl_resolve+0x653/0xd40
[ 57.807413][ C1] ? lock_downgrade+0x6e0/0x6e0
[ 57.812293][ C1] xfrm_tmpl_resolve+0x2f3/0xd40
[ 57.817263][ C1] ? __xfrm_dst_lookup+0x130/0x130
[ 57.822399][ C1] ? xfrm_policy_find_inexact_candidates+0x13f/0x1d0
[ 57.829104][ C1] ? find_held_lock+0x2d/0x110
[ 57.833902][ C1] xfrm_resolve_and_create_bundle+0x123/0x2580
[ 57.840089][ C1] ? lock_downgrade+0x6e0/0x6e0
[ 57.844969][ C1] ? xfrm_tmpl_resolve+0xd40/0xd40
[ 57.850105][ C1] ? xfrm_policy_match+0x2e0/0x2e0
[ 57.855248][ C1] ? xfrm_expand_policies+0x25b/0x680
[ 57.860649][ C1] xfrm_lookup_with_ifid+0x449/0x20f0
[ 57.866047][ C1] ? xfrm_expand_policies+0x680/0x680
[ 57.871446][ C1] ? ip_route_output_key_hash+0x1c9/0x300
[ 57.877193][ C1] ? ip_route_output_key_hash_rcu+0x2bc0/0x2bc0
[ 57.883469][ C1] xfrm_lookup_route+0x3a/0x1e0
[ 57.888347][ C1] ip_route_output_flow+0x118/0x150
[ 57.893575][ C1] igmpv3_newpack+0x29d/0x1110
[ 57.898367][ C1] ? ip_mc_join_group+0x30/0x30
[ 57.903248][ C1] ? lock_chain_count+0x20/0x20
[ 57.908122][ C1] add_grhead+0x266/0x300
[ 57.912479][ C1] add_grec+0xea5/0x1100
[ 57.916757][ C1] ? add_grhead+0x300/0x300
[ 57.921294][ C1] ? rwlock_bug.part.0+0x90/0x90
[ 57.926256][ C1] igmp_ifc_timer_expire+0x636/0xf70
[ 57.931575][ C1] call_timer_fn+0x1da/0x7c0
[ 57.936192][ C1] ? add_grec+0x1100/0x1100
[ 57.940723][ C1] ? timer_fixup_activate+0x3e0/0x3e0
[ 57.946120][ C1] ? lock_downgrade+0x6e0/0x6e0
[ 57.950997][ C1] ? add_grec+0x1100/0x1100
[ 57.955531][ C1] ? _raw_spin_unlock_irq+0x23/0x50
[ 57.960754][ C1] ? add_grec+0x1100/0x1100
[ 57.965281][ C1] ? add_grec+0x1100/0x1100
[ 57.969811][ C1] expire_timers+0x2c6/0x5c0
[ 57.974435][ C1] run_timer_softirq+0x326/0x910
[ 57.979404][ C1] ? expire_timers+0x5c0/0x5c0
[ 57.984195][ C1] ? kvm_sched_clock_read+0x18/0x40
[ 57.989415][ C1] __do_softirq+0x1fb/0xadc
[ 57.993950][ C1] __irq_exit_rcu+0x123/0x180
[ 57.998653][ C1] irq_exit_rcu+0x9/0x20
[ 58.002920][ C1] sysvec_apic_timer_interrupt+0x97/0xc0
[ 58.008574][ C1]
[ 58.011515][ C1]
[ 58.014460][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 58.020469][ C1] RIP: 0010:unwind_get_return_address+0x46/0xa0
[ 58.026757][ C1] Code: 04 02 84 c0 74 04 3c 03 7e 51 8b 03 85 c0 75 05 5b 31 c0 5d c3 48 8d 6b 48 48 b8 00 00 00 00 00 fc ff df 48 89 ea 48 c1 ea 03 <80> 3c 02 00 75 32 48 8b 7b 48 e8 1b 23 1b 00 85 c0 74 d3 48 b8 00
[ 58.046392][ C1] RSP: 0018:ffffc9000318f970 EFLAGS: 00000a06
[ 58.052482][ C1] RAX: dffffc0000000000 RBX: ffffc9000318f988 RCX: 0000000000000000
[ 58.060470][ C1] RDX: 1ffff92000631f3a RSI: ffffc9000318fd20 RDI: ffffc9000318f988
[ 58.068458][ C1] RBP: ffffc9000318f9d0 R08: ffffffff8f02dd6a R09: ffffc9000318f9bc
[ 58.076447][ C1] R10: fffff52000631f3c R11: ffffc9000318fd48 R12: ffffc9000318fa40
[ 58.084433][ C1] R13: 0000000000000000 R14: ffff88807dbb3a80 R15: 0000000000001000
[ 58.092437][ C1] ? write_profile+0x410/0x410
[ 58.097240][ C1] arch_stack_walk+0x97/0xf0
[ 58.101860][ C1] ? getname_flags.part.0+0x50/0x4f0
[ 58.107183][ C1] stack_trace_save+0x90/0xc0
[ 58.111902][ C1] ? filter_irq_stacks+0x90/0x90
[ 58.116892][ C1] ? __lock_acquire+0x166e/0x56d0
[ 58.121951][ C1] kasan_save_stack+0x22/0x40
[ 58.126653][ C1] ? kasan_save_stack+0x22/0x40
[ 58.131529][ C1] ? kasan_set_track+0x25/0x30
[ 58.136317][ C1] ? __kasan_slab_alloc+0x82/0x90
[ 58.141364][ C1] ? kmem_cache_alloc+0x1e4/0x430
[ 58.146413][ C1] ? do_wp_page+0x12a3/0x3370
[ 58.151121][ C1] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 58.157223][ C1] ? find_held_lock+0x2d/0x110
[ 58.162021][ C1] ? kmem_cache_alloc+0x47/0x430
[ 58.166987][ C1] kasan_set_track+0x25/0x30
[ 58.171600][ C1] __kasan_slab_alloc+0x82/0x90
[ 58.176468][ C1] kmem_cache_alloc+0x1e4/0x430
[ 58.181345][ C1] getname_flags.part.0+0x50/0x4f0
[ 58.186491][ C1] getname+0x92/0xd0
[ 58.190415][ C1] do_sys_openat2+0xf5/0x4c0
[ 58.195027][ C1] ? build_open_flags+0x6f0/0x6f0
[ 58.200074][ C1] ? up_write+0x520/0x520
[ 58.204435][ C1] __x64_sys_openat+0x143/0x1f0
[ 58.209304][ C1] ? __ia32_sys_open+0x1c0/0x1c0
[ 58.214273][ C1] ? syscall_enter_from_user_mode+0x26/0xb0
[ 58.220199][ C1] do_syscall_64+0x39/0xb0
[ 58.224649][ C1] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 58.230565][ C1] RIP: 0033:0x7efc31325697
[ 58.234998][ C1] Code: 25 00 00 41 00 3d 00 00 41 00 74 37 64 8b 04 25 18 00 00 00 85 c0 75 5b 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 85 00 00 00 48 83 c4 68 5d 41 5c c3 0f 1f
[ 58.254632][ C1] RSP: 002b:00007fff1e502270 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 58.263069][ C1] RAX: ffffffffffffffda RBX: 000055f281ea3040 RCX: 00007efc31325697
[ 58.271060][ C1] RDX: 0000000000080141 RSI: 000055f281e860d8 RDI: 00000000ffffff9c
[ 58.279055][ C1] RBP: 000055f281e860d8 R08: 00000000ffffffff R09: 0000000000000000
[ 58.287046][ C1] R10: 00000000000001a4 R11: 0000000000000246 R12: 0000000000080141
[ 58.295038][ C1] R13: ffffffffffffffff R14: 00000000ffffffff R15: 00000000ffffffff
[ 58.303035][ C1]
[ 58.306070][ C1]
[ 58.308408][ C1] The buggy address belongs to the virtual mapping at
[ 58.308408][ C1] [ffffc900001d9000, ffffc900001e2000) created by:
[ 58.308408][ C1] irq_init_percpu_irqstack+0x1d0/0x320
[ 58.327019][ C1]
[ 58.329347][ C1] The buggy address belongs to the physical page:
[ 58.335765][ C1] page:ffffea0002e64240 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xb9909
[ 58.345933][ C1] flags: 0xfff00000001000(reserved|node=0|zone=1|lastcpupid=0x7ff)
[ 58.353940][ C1] raw: 00fff00000001000 ffffea0002e64248 ffffea0002e64248 0000000000000000
[ 58.362544][ C1] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 58.371135][ C1] page dumped because: kasan: bad access detected
[ 58.377554][ C1] page_owner info is not present (never set?)
[ 58.383621][ C1]
[ 58.385955][ C1] Memory state around the buggy address:
[ 58.391589][ C1] ffffc900001e0980: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 58.399668][ C1] ffffc900001e0a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1
[ 58.407747][ C1] >ffffc900001e0a80: f1 f1 00 00 00 00 00 00 00 00 f3 f3 f3 f3 00 00
[ 58.415818][ C1] ^
[ 58.422505][ C1] ffffc900001e0b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 58.430577][ C1] ffffc900001e0b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1
[ 58.438644][ C1] ==================================================================
[ 58.446809][ C1] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 58.454010][ C1] CPU: 1 PID: 4433 Comm: udevd Not tainted 6.2.0-rc1-syzkaller-00095-ge4cf7c25bae5 #0
[ 58.463561][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 58.473623][ C1] Call Trace:
[ 58.476916][ C1]
[ 58.479773][ C1] dump_stack_lvl+0xd1/0x138
[ 58.484393][ C1] panic+0x2cc/0x626
[ 58.488316][ C1] ? panic_print_sys_info.part.0+0x110/0x110
[ 58.494334][ C1] ? asm_common_interrupt+0x26/0x40
[ 58.499566][ C1] check_panic_on_warn.cold+0x19/0x35
[ 58.504967][ C1] end_report.part.0+0x36/0x73
[ 58.509765][ C1] ? xfrm_state_find+0x5f79/0x6d80
[ 58.514989][ C1] kasan_report.cold+0xa/0xf
[ 58.519614][ C1] ? xfrm_state_find+0x5f79/0x6d80
[ 58.524761][ C1] xfrm_state_find+0x5f79/0x6d80
[ 58.529739][ C1] ? xfrm_state_add+0xe30/0xe30
[ 58.534914][ C1] ? find_held_lock+0x2d/0x110
[ 58.540098][ C1] ? xfrm_tmpl_resolve+0x653/0xd40
[ 58.545233][ C1] ? lock_downgrade+0x6e0/0x6e0
[ 58.550103][ C1] xfrm_tmpl_resolve+0x2f3/0xd40
[ 58.555033][ C1] ? __xfrm_dst_lookup+0x130/0x130
[ 58.560132][ C1] ? xfrm_policy_find_inexact_candidates+0x13f/0x1d0
[ 58.566794][ C1] ? find_held_lock+0x2d/0x110
[ 58.571549][ C1] xfrm_resolve_and_create_bundle+0x123/0x2580
[ 58.577703][ C1] ? lock_downgrade+0x6e0/0x6e0
[ 58.582540][ C1] ? xfrm_tmpl_resolve+0xd40/0xd40
[ 58.587641][ C1] ? xfrm_policy_match+0x2e0/0x2e0
[ 58.592745][ C1] ? xfrm_expand_policies+0x25b/0x680
[ 58.598104][ C1] xfrm_lookup_with_ifid+0x449/0x20f0
[ 58.603465][ C1] ? xfrm_expand_policies+0x680/0x680
[ 58.608826][ C1] ? ip_route_output_key_hash+0x1c9/0x300
[ 58.614538][ C1] ? ip_route_output_key_hash_rcu+0x2bc0/0x2bc0
[ 58.620767][ C1] xfrm_lookup_route+0x3a/0x1e0
[ 58.625607][ C1] ip_route_output_flow+0x118/0x150
[ 58.630788][ C1] igmpv3_newpack+0x29d/0x1110
[ 58.635541][ C1] ? ip_mc_join_group+0x30/0x30
[ 58.640382][ C1] ? lock_chain_count+0x20/0x20
[ 58.645220][ C1] add_grhead+0x266/0x300
[ 58.649539][ C1] add_grec+0xea5/0x1100
[ 58.653773][ C1] ? add_grhead+0x300/0x300
[ 58.658263][ C1] ? rwlock_bug.part.0+0x90/0x90
[ 58.663186][ C1] igmp_ifc_timer_expire+0x636/0xf70
[ 58.668463][ C1] call_timer_fn+0x1da/0x7c0
[ 58.673057][ C1] ? add_grec+0x1100/0x1100
[ 58.677546][ C1] ? timer_fixup_activate+0x3e0/0x3e0
[ 58.682915][ C1] ? lock_downgrade+0x6e0/0x6e0
[ 58.687757][ C1] ? add_grec+0x1100/0x1100
[ 58.692250][ C1] ? _raw_spin_unlock_irq+0x23/0x50
[ 58.697439][ C1] ? add_grec+0x1100/0x1100
[ 58.701937][ C1] ? add_grec+0x1100/0x1100
[ 58.706431][ C1] expire_timers+0x2c6/0x5c0
[ 58.711016][ C1] run_timer_softirq+0x326/0x910
[ 58.715951][ C1] ? expire_timers+0x5c0/0x5c0
[ 58.720707][ C1] ? kvm_sched_clock_read+0x18/0x40
[ 58.725893][ C1] __do_softirq+0x1fb/0xadc
[ 58.730387][ C1] __irq_exit_rcu+0x123/0x180
[ 58.735050][ C1] irq_exit_rcu+0x9/0x20
[ 58.739278][ C1] sysvec_apic_timer_interrupt+0x97/0xc0
[ 58.744894][ C1]
[ 58.747809][ C1]
[ 58.750725][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 58.756700][ C1] RIP: 0010:unwind_get_return_address+0x46/0xa0
[ 58.762928][ C1] Code: 04 02 84 c0 74 04 3c 03 7e 51 8b 03 85 c0 75 05 5b 31 c0 5d c3 48 8d 6b 48 48 b8 00 00 00 00 00 fc ff df 48 89 ea 48 c1 ea 03 <80> 3c 02 00 75 32 48 8b 7b 48 e8 1b 23 1b 00 85 c0 74 d3 48 b8 00
[ 58.782520][ C1] RSP: 0018:ffffc9000318f970 EFLAGS: 00000a06
[ 58.788569][ C1] RAX: dffffc0000000000 RBX: ffffc9000318f988 RCX: 0000000000000000
[ 58.796532][ C1] RDX: 1ffff92000631f3a RSI: ffffc9000318fd20 RDI: ffffc9000318f988
[ 58.804492][ C1] RBP: ffffc9000318f9d0 R08: ffffffff8f02dd6a R09: ffffc9000318f9bc
[ 58.812447][ C1] R10: fffff52000631f3c R11: ffffc9000318fd48 R12: ffffc9000318fa40
[ 58.820408][ C1] R13: 0000000000000000 R14: ffff88807dbb3a80 R15: 0000000000001000
[ 58.828377][ C1] ? write_profile+0x410/0x410
[ 58.833142][ C1] arch_stack_walk+0x97/0xf0
[ 58.837727][ C1] ? getname_flags.part.0+0x50/0x4f0
[ 58.843007][ C1] stack_trace_save+0x90/0xc0
[ 58.847679][ C1] ? filter_irq_stacks+0x90/0x90
[ 58.852615][ C1] ? __lock_acquire+0x166e/0x56d0
[ 58.857625][ C1] kasan_save_stack+0x22/0x40
[ 58.862287][ C1] ? kasan_save_stack+0x22/0x40
[ 58.867121][ C1] ? kasan_set_track+0x25/0x30
[ 58.871867][ C1] ? __kasan_slab_alloc+0x82/0x90
[ 58.876894][ C1] ? kmem_cache_alloc+0x1e4/0x430
[ 58.881904][ C1] ? do_wp_page+0x12a3/0x3370
[ 58.886568][ C1] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 58.892541][ C1] ? find_held_lock+0x2d/0x110
[ 58.897310][ C1] ? kmem_cache_alloc+0x47/0x430
[ 58.902233][ C1] kasan_set_track+0x25/0x30
[ 58.906807][ C1] __kasan_slab_alloc+0x82/0x90
[ 58.911654][ C1] kmem_cache_alloc+0x1e4/0x430
[ 58.916488][ C1] getname_flags.part.0+0x50/0x4f0
[ 58.921601][ C1] getname+0x92/0xd0
[ 58.925492][ C1] do_sys_openat2+0xf5/0x4c0
[ 58.930066][ C1] ? build_open_flags+0x6f0/0x6f0
[ 58.935073][ C1] ? up_write+0x520/0x520
[ 58.939392][ C1] __x64_sys_openat+0x143/0x1f0
[ 58.944227][ C1] ? __ia32_sys_open+0x1c0/0x1c0
[ 58.949232][ C1] ? syscall_enter_from_user_mode+0x26/0xb0
[ 58.955112][ C1] do_syscall_64+0x39/0xb0
[ 58.959519][ C1] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 58.965401][ C1] RIP: 0033:0x7efc31325697
[ 58.969800][ C1] Code: 25 00 00 41 00 3d 00 00 41 00 74 37 64 8b 04 25 18 00 00 00 85 c0 75 5b 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 85 00 00 00 48 83 c4 68 5d 41 5c c3 0f 1f
[ 58.989389][ C1] RSP: 002b:00007fff1e502270 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 58.997801][ C1] RAX: ffffffffffffffda RBX: 000055f281ea3040 RCX: 00007efc31325697
[ 59.005754][ C1] RDX: 0000000000080141 RSI: 000055f281e860d8 RDI: 00000000ffffff9c
[ 59.013707][ C1] RBP: 000055f281e860d8 R08: 00000000ffffffff R09: 0000000000000000
[ 59.021663][ C1] R10: 00000000000001a4 R11: 0000000000000246 R12: 0000000000080141
[ 59.029614][ C1] R13: ffffffffffffffff R14: 00000000ffffffff R15: 00000000ffffffff
[ 59.037571][ C1]
[ 59.040728][ C1] Kernel Offset: disabled
[ 59.045045][ C1] Rebooting in 86400 seconds..