./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2344543851

<...>
Warning: Permanently added '10.128.10.15' (ECDSA) to the list of known hosts.
execve("./syz-executor2344543851", ["./syz-executor2344543851"], 0x7ffe4150a630 /* 10 vars */) = 0
brk(NULL)                               = 0x5555562a1000
brk(0x5555562a1c40)                     = 0x5555562a1c40
arch_prctl(ARCH_SET_FS, 0x5555562a1300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor2344543851", 4096) = 28
brk(0x5555562c2c40)                     = 0x5555562c2c40
brk(0x5555562c3000)                     = 0x5555562c3000
mprotect(0x7f00dc24b000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3
sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x3c\x00\x00\x00\x10\x00\x01\x04\x00\xee\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\xff\xff\xff\xff\x01\x00\x00\x00\x01\x00\x00\x00\x1c\x00\x12\x00\x0c\x00\x01\x00\x62\x72\x69\x64\x67\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", iov_len=60}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 60
socket(AF_NETLINK, SOCK_RAW, NETLINK_XFRM) = 4
[   57.672820][ T5072] netlink: 12 bytes leftover after parsing attributes in process `syz-executor234'.
[   57.712164][    C1] ==================================================================
[   57.720263][    C1] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x5f79/0x6d80
[   57.728202][    C1] Read of size 4 at addr ffffc900001e0ad0 by task udevd/4433
[   57.735589][    C1] 
[   57.737923][    C1] CPU: 1 PID: 4433 Comm: udevd Not tainted 6.2.0-rc1-syzkaller-00095-ge4cf7c25bae5 #0
[   57.747489][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   57.757562][    C1] Call Trace:
[   57.760855][    C1]  <IRQ>
[   57.763721][    C1]  dump_stack_lvl+0xd1/0x138
[   57.768341][    C1]  print_report+0x15e/0x45d
[   57.772878][    C1]  ? xfrm_state_find+0x5f79/0x6d80
[   57.778025][    C1]  kasan_report+0xbf/0x1f0
[   57.782475][    C1]  ? xfrm_state_find+0x5f79/0x6d80
[   57.787623][    C1]  xfrm_state_find+0x5f79/0x6d80
[   57.792599][    C1]  ? xfrm_state_add+0xe30/0xe30
[   57.797480][    C1]  ? find_held_lock+0x2d/0x110
[   57.802278][    C1]  ? xfrm_tmpl_resolve+0x653/0xd40
[   57.807413][    C1]  ? lock_downgrade+0x6e0/0x6e0
[   57.812293][    C1]  xfrm_tmpl_resolve+0x2f3/0xd40
[   57.817263][    C1]  ? __xfrm_dst_lookup+0x130/0x130
[   57.822399][    C1]  ? xfrm_policy_find_inexact_candidates+0x13f/0x1d0
[   57.829104][    C1]  ? find_held_lock+0x2d/0x110
[   57.833902][    C1]  xfrm_resolve_and_create_bundle+0x123/0x2580
[   57.840089][    C1]  ? lock_downgrade+0x6e0/0x6e0
[   57.844969][    C1]  ? xfrm_tmpl_resolve+0xd40/0xd40
[   57.850105][    C1]  ? xfrm_policy_match+0x2e0/0x2e0
[   57.855248][    C1]  ? xfrm_expand_policies+0x25b/0x680
[   57.860649][    C1]  xfrm_lookup_with_ifid+0x449/0x20f0
[   57.866047][    C1]  ? xfrm_expand_policies+0x680/0x680
[   57.871446][    C1]  ? ip_route_output_key_hash+0x1c9/0x300
[   57.877193][    C1]  ? ip_route_output_key_hash_rcu+0x2bc0/0x2bc0
[   57.883469][    C1]  xfrm_lookup_route+0x3a/0x1e0
[   57.888347][    C1]  ip_route_output_flow+0x118/0x150
[   57.893575][    C1]  igmpv3_newpack+0x29d/0x1110
[   57.898367][    C1]  ? ip_mc_join_group+0x30/0x30
[   57.903248][    C1]  ? lock_chain_count+0x20/0x20
[   57.908122][    C1]  add_grhead+0x266/0x300
[   57.912479][    C1]  add_grec+0xea5/0x1100
[   57.916757][    C1]  ? add_grhead+0x300/0x300
[   57.921294][    C1]  ? rwlock_bug.part.0+0x90/0x90
[   57.926256][    C1]  igmp_ifc_timer_expire+0x636/0xf70
[   57.931575][    C1]  call_timer_fn+0x1da/0x7c0
[   57.936192][    C1]  ? add_grec+0x1100/0x1100
[   57.940723][    C1]  ? timer_fixup_activate+0x3e0/0x3e0
[   57.946120][    C1]  ? lock_downgrade+0x6e0/0x6e0
[   57.950997][    C1]  ? add_grec+0x1100/0x1100
[   57.955531][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[   57.960754][    C1]  ? add_grec+0x1100/0x1100
[   57.965281][    C1]  ? add_grec+0x1100/0x1100
[   57.969811][    C1]  expire_timers+0x2c6/0x5c0
[   57.974435][    C1]  run_timer_softirq+0x326/0x910
[   57.979404][    C1]  ? expire_timers+0x5c0/0x5c0
[   57.984195][    C1]  ? kvm_sched_clock_read+0x18/0x40
[   57.989415][    C1]  __do_softirq+0x1fb/0xadc
[   57.993950][    C1]  __irq_exit_rcu+0x123/0x180
[   57.998653][    C1]  irq_exit_rcu+0x9/0x20
[   58.002920][    C1]  sysvec_apic_timer_interrupt+0x97/0xc0
[   58.008574][    C1]  </IRQ>
[   58.011515][    C1]  <TASK>
[   58.014460][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   58.020469][    C1] RIP: 0010:unwind_get_return_address+0x46/0xa0
[   58.026757][    C1] Code: 04 02 84 c0 74 04 3c 03 7e 51 8b 03 85 c0 75 05 5b 31 c0 5d c3 48 8d 6b 48 48 b8 00 00 00 00 00 fc ff df 48 89 ea 48 c1 ea 03 <80> 3c 02 00 75 32 48 8b 7b 48 e8 1b 23 1b 00 85 c0 74 d3 48 b8 00
[   58.046392][    C1] RSP: 0018:ffffc9000318f970 EFLAGS: 00000a06
[   58.052482][    C1] RAX: dffffc0000000000 RBX: ffffc9000318f988 RCX: 0000000000000000
[   58.060470][    C1] RDX: 1ffff92000631f3a RSI: ffffc9000318fd20 RDI: ffffc9000318f988
[   58.068458][    C1] RBP: ffffc9000318f9d0 R08: ffffffff8f02dd6a R09: ffffc9000318f9bc
[   58.076447][    C1] R10: fffff52000631f3c R11: ffffc9000318fd48 R12: ffffc9000318fa40
[   58.084433][    C1] R13: 0000000000000000 R14: ffff88807dbb3a80 R15: 0000000000001000
[   58.092437][    C1]  ? write_profile+0x410/0x410
[   58.097240][    C1]  arch_stack_walk+0x97/0xf0
[   58.101860][    C1]  ? getname_flags.part.0+0x50/0x4f0
[   58.107183][    C1]  stack_trace_save+0x90/0xc0
[   58.111902][    C1]  ? filter_irq_stacks+0x90/0x90
[   58.116892][    C1]  ? __lock_acquire+0x166e/0x56d0
[   58.121951][    C1]  kasan_save_stack+0x22/0x40
[   58.126653][    C1]  ? kasan_save_stack+0x22/0x40
[   58.131529][    C1]  ? kasan_set_track+0x25/0x30
[   58.136317][    C1]  ? __kasan_slab_alloc+0x82/0x90
[   58.141364][    C1]  ? kmem_cache_alloc+0x1e4/0x430
[   58.146413][    C1]  ? do_wp_page+0x12a3/0x3370
[   58.151121][    C1]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   58.157223][    C1]  ? find_held_lock+0x2d/0x110
[   58.162021][    C1]  ? kmem_cache_alloc+0x47/0x430
[   58.166987][    C1]  kasan_set_track+0x25/0x30
[   58.171600][    C1]  __kasan_slab_alloc+0x82/0x90
[   58.176468][    C1]  kmem_cache_alloc+0x1e4/0x430
[   58.181345][    C1]  getname_flags.part.0+0x50/0x4f0
[   58.186491][    C1]  getname+0x92/0xd0
[   58.190415][    C1]  do_sys_openat2+0xf5/0x4c0
[   58.195027][    C1]  ? build_open_flags+0x6f0/0x6f0
[   58.200074][    C1]  ? up_write+0x520/0x520
[   58.204435][    C1]  __x64_sys_openat+0x143/0x1f0
[   58.209304][    C1]  ? __ia32_sys_open+0x1c0/0x1c0
[   58.214273][    C1]  ? syscall_enter_from_user_mode+0x26/0xb0
[   58.220199][    C1]  do_syscall_64+0x39/0xb0
[   58.224649][    C1]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   58.230565][    C1] RIP: 0033:0x7efc31325697
[   58.234998][    C1] Code: 25 00 00 41 00 3d 00 00 41 00 74 37 64 8b 04 25 18 00 00 00 85 c0 75 5b 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 85 00 00 00 48 83 c4 68 5d 41 5c c3 0f 1f
[   58.254632][    C1] RSP: 002b:00007fff1e502270 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   58.263069][    C1] RAX: ffffffffffffffda RBX: 000055f281ea3040 RCX: 00007efc31325697
[   58.271060][    C1] RDX: 0000000000080141 RSI: 000055f281e860d8 RDI: 00000000ffffff9c
[   58.279055][    C1] RBP: 000055f281e860d8 R08: 00000000ffffffff R09: 0000000000000000
[   58.287046][    C1] R10: 00000000000001a4 R11: 0000000000000246 R12: 0000000000080141
[   58.295038][    C1] R13: ffffffffffffffff R14: 00000000ffffffff R15: 00000000ffffffff
[   58.303035][    C1]  </TASK>
[   58.306070][    C1] 
[   58.308408][    C1] The buggy address belongs to the virtual mapping at
[   58.308408][    C1]  [ffffc900001d9000, ffffc900001e2000) created by:
[   58.308408][    C1]  irq_init_percpu_irqstack+0x1d0/0x320
[   58.327019][    C1] 
[   58.329347][    C1] The buggy address belongs to the physical page:
[   58.335765][    C1] page:ffffea0002e64240 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xb9909
[   58.345933][    C1] flags: 0xfff00000001000(reserved|node=0|zone=1|lastcpupid=0x7ff)
[   58.353940][    C1] raw: 00fff00000001000 ffffea0002e64248 ffffea0002e64248 0000000000000000
[   58.362544][    C1] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   58.371135][    C1] page dumped because: kasan: bad access detected
[   58.377554][    C1] page_owner info is not present (never set?)
[   58.383621][    C1] 
[   58.385955][    C1] Memory state around the buggy address:
[   58.391589][    C1]  ffffc900001e0980: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00
[   58.399668][    C1]  ffffc900001e0a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1
[   58.407747][    C1] >ffffc900001e0a80: f1 f1 00 00 00 00 00 00 00 00 f3 f3 f3 f3 00 00
[   58.415818][    C1]                                                  ^
[   58.422505][    C1]  ffffc900001e0b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   58.430577][    C1]  ffffc900001e0b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1
[   58.438644][    C1] ==================================================================
[   58.446809][    C1] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   58.454010][    C1] CPU: 1 PID: 4433 Comm: udevd Not tainted 6.2.0-rc1-syzkaller-00095-ge4cf7c25bae5 #0
[   58.463561][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   58.473623][    C1] Call Trace:
[   58.476916][    C1]  <IRQ>
[   58.479773][    C1]  dump_stack_lvl+0xd1/0x138
[   58.484393][    C1]  panic+0x2cc/0x626
[   58.488316][    C1]  ? panic_print_sys_info.part.0+0x110/0x110
[   58.494334][    C1]  ? asm_common_interrupt+0x26/0x40
[   58.499566][    C1]  check_panic_on_warn.cold+0x19/0x35
[   58.504967][    C1]  end_report.part.0+0x36/0x73
[   58.509765][    C1]  ? xfrm_state_find+0x5f79/0x6d80
[   58.514989][    C1]  kasan_report.cold+0xa/0xf
[   58.519614][    C1]  ? xfrm_state_find+0x5f79/0x6d80
[   58.524761][    C1]  xfrm_state_find+0x5f79/0x6d80
[   58.529739][    C1]  ? xfrm_state_add+0xe30/0xe30
[   58.534914][    C1]  ? find_held_lock+0x2d/0x110
[   58.540098][    C1]  ? xfrm_tmpl_resolve+0x653/0xd40
[   58.545233][    C1]  ? lock_downgrade+0x6e0/0x6e0
[   58.550103][    C1]  xfrm_tmpl_resolve+0x2f3/0xd40
[   58.555033][    C1]  ? __xfrm_dst_lookup+0x130/0x130
[   58.560132][    C1]  ? xfrm_policy_find_inexact_candidates+0x13f/0x1d0
[   58.566794][    C1]  ? find_held_lock+0x2d/0x110
[   58.571549][    C1]  xfrm_resolve_and_create_bundle+0x123/0x2580
[   58.577703][    C1]  ? lock_downgrade+0x6e0/0x6e0
[   58.582540][    C1]  ? xfrm_tmpl_resolve+0xd40/0xd40
[   58.587641][    C1]  ? xfrm_policy_match+0x2e0/0x2e0
[   58.592745][    C1]  ? xfrm_expand_policies+0x25b/0x680
[   58.598104][    C1]  xfrm_lookup_with_ifid+0x449/0x20f0
[   58.603465][    C1]  ? xfrm_expand_policies+0x680/0x680
[   58.608826][    C1]  ? ip_route_output_key_hash+0x1c9/0x300
[   58.614538][    C1]  ? ip_route_output_key_hash_rcu+0x2bc0/0x2bc0
[   58.620767][    C1]  xfrm_lookup_route+0x3a/0x1e0
[   58.625607][    C1]  ip_route_output_flow+0x118/0x150
[   58.630788][    C1]  igmpv3_newpack+0x29d/0x1110
[   58.635541][    C1]  ? ip_mc_join_group+0x30/0x30
[   58.640382][    C1]  ? lock_chain_count+0x20/0x20
[   58.645220][    C1]  add_grhead+0x266/0x300
[   58.649539][    C1]  add_grec+0xea5/0x1100
[   58.653773][    C1]  ? add_grhead+0x300/0x300
[   58.658263][    C1]  ? rwlock_bug.part.0+0x90/0x90
[   58.663186][    C1]  igmp_ifc_timer_expire+0x636/0xf70
[   58.668463][    C1]  call_timer_fn+0x1da/0x7c0
[   58.673057][    C1]  ? add_grec+0x1100/0x1100
[   58.677546][    C1]  ? timer_fixup_activate+0x3e0/0x3e0
[   58.682915][    C1]  ? lock_downgrade+0x6e0/0x6e0
[   58.687757][    C1]  ? add_grec+0x1100/0x1100
[   58.692250][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[   58.697439][    C1]  ? add_grec+0x1100/0x1100
[   58.701937][    C1]  ? add_grec+0x1100/0x1100
[   58.706431][    C1]  expire_timers+0x2c6/0x5c0
[   58.711016][    C1]  run_timer_softirq+0x326/0x910
[   58.715951][    C1]  ? expire_timers+0x5c0/0x5c0
[   58.720707][    C1]  ? kvm_sched_clock_read+0x18/0x40
[   58.725893][    C1]  __do_softirq+0x1fb/0xadc
[   58.730387][    C1]  __irq_exit_rcu+0x123/0x180
[   58.735050][    C1]  irq_exit_rcu+0x9/0x20
[   58.739278][    C1]  sysvec_apic_timer_interrupt+0x97/0xc0
[   58.744894][    C1]  </IRQ>
[   58.747809][    C1]  <TASK>
[   58.750725][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   58.756700][    C1] RIP: 0010:unwind_get_return_address+0x46/0xa0
[   58.762928][    C1] Code: 04 02 84 c0 74 04 3c 03 7e 51 8b 03 85 c0 75 05 5b 31 c0 5d c3 48 8d 6b 48 48 b8 00 00 00 00 00 fc ff df 48 89 ea 48 c1 ea 03 <80> 3c 02 00 75 32 48 8b 7b 48 e8 1b 23 1b 00 85 c0 74 d3 48 b8 00
[   58.782520][    C1] RSP: 0018:ffffc9000318f970 EFLAGS: 00000a06
[   58.788569][    C1] RAX: dffffc0000000000 RBX: ffffc9000318f988 RCX: 0000000000000000
[   58.796532][    C1] RDX: 1ffff92000631f3a RSI: ffffc9000318fd20 RDI: ffffc9000318f988
[   58.804492][    C1] RBP: ffffc9000318f9d0 R08: ffffffff8f02dd6a R09: ffffc9000318f9bc
[   58.812447][    C1] R10: fffff52000631f3c R11: ffffc9000318fd48 R12: ffffc9000318fa40
[   58.820408][    C1] R13: 0000000000000000 R14: ffff88807dbb3a80 R15: 0000000000001000
[   58.828377][    C1]  ? write_profile+0x410/0x410
[   58.833142][    C1]  arch_stack_walk+0x97/0xf0
[   58.837727][    C1]  ? getname_flags.part.0+0x50/0x4f0
[   58.843007][    C1]  stack_trace_save+0x90/0xc0
[   58.847679][    C1]  ? filter_irq_stacks+0x90/0x90
[   58.852615][    C1]  ? __lock_acquire+0x166e/0x56d0
[   58.857625][    C1]  kasan_save_stack+0x22/0x40
[   58.862287][    C1]  ? kasan_save_stack+0x22/0x40
[   58.867121][    C1]  ? kasan_set_track+0x25/0x30
[   58.871867][    C1]  ? __kasan_slab_alloc+0x82/0x90
[   58.876894][    C1]  ? kmem_cache_alloc+0x1e4/0x430
[   58.881904][    C1]  ? do_wp_page+0x12a3/0x3370
[   58.886568][    C1]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   58.892541][    C1]  ? find_held_lock+0x2d/0x110
[   58.897310][    C1]  ? kmem_cache_alloc+0x47/0x430
[   58.902233][    C1]  kasan_set_track+0x25/0x30
[   58.906807][    C1]  __kasan_slab_alloc+0x82/0x90
[   58.911654][    C1]  kmem_cache_alloc+0x1e4/0x430
[   58.916488][    C1]  getname_flags.part.0+0x50/0x4f0
[   58.921601][    C1]  getname+0x92/0xd0
[   58.925492][    C1]  do_sys_openat2+0xf5/0x4c0
[   58.930066][    C1]  ? build_open_flags+0x6f0/0x6f0
[   58.935073][    C1]  ? up_write+0x520/0x520
[   58.939392][    C1]  __x64_sys_openat+0x143/0x1f0
[   58.944227][    C1]  ? __ia32_sys_open+0x1c0/0x1c0
[   58.949232][    C1]  ? syscall_enter_from_user_mode+0x26/0xb0
[   58.955112][    C1]  do_syscall_64+0x39/0xb0
[   58.959519][    C1]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   58.965401][    C1] RIP: 0033:0x7efc31325697
[   58.969800][    C1] Code: 25 00 00 41 00 3d 00 00 41 00 74 37 64 8b 04 25 18 00 00 00 85 c0 75 5b 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 85 00 00 00 48 83 c4 68 5d 41 5c c3 0f 1f
[   58.989389][    C1] RSP: 002b:00007fff1e502270 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   58.997801][    C1] RAX: ffffffffffffffda RBX: 000055f281ea3040 RCX: 00007efc31325697
[   59.005754][    C1] RDX: 0000000000080141 RSI: 000055f281e860d8 RDI: 00000000ffffff9c
[   59.013707][    C1] RBP: 000055f281e860d8 R08: 00000000ffffffff R09: 0000000000000000
[   59.021663][    C1] R10: 00000000000001a4 R11: 0000000000000246 R12: 0000000000080141
[   59.029614][    C1] R13: ffffffffffffffff R14: 00000000ffffffff R15: 00000000ffffffff
[   59.037571][    C1]  </TASK>
[   59.040728][    C1] Kernel Offset: disabled
[   59.045045][    C1] Rebooting in 86400 seconds..