./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor89350949
<...>
Warning: Permanently added '10.128.0.225' (ED25519) to the list of known hosts.
execve("./syz-executor89350949", ["./syz-executor89350949"], 0x7ffd4b051950 /* 10 vars */) = 0
brk(NULL) = 0x55558ea71000
brk(0x55558ea71d00) = 0x55558ea71d00
arch_prctl(ARCH_SET_FS, 0x55558ea71380) = 0
set_tid_address(0x55558ea71650) = 5231
set_robust_list(0x55558ea71660, 24) = 0
rseq(0x55558ea71ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor89350949", 4096) = 26
getrandom("\xe8\xaa\x07\xc5\x60\x7c\x6c\x22", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x55558ea71d00
brk(0x55558ea92d00) = 0x55558ea92d00
brk(0x55558ea93000) = 0x55558ea93000
mprotect(0x7fb0cdc01000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
write(1, "executing program\n", 18executing program
) = 18
socket(AF_NETLINK, SOCK_RAW, NETLINK_XFRM) = 3
sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x5c\x01\x00\x00\x10\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbb\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xac\x14\x14\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x6c\x00\x00\x00\x00\x00\x00\x00"..., iov_len=348}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 348
socket(AF_INET6, SOCK_RAW, IPPROTO_UDPLITE) = 4
setsockopt(4, SOL_IPV6, IPV6_XFRM_POLICY, "\xac\x14\x14\xaa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 232) = 0
[ 76.270591][ T5231] ------------[ cut here ]------------
[ 76.276422][ T5231] UBSAN: shift-out-of-bounds in ./include/net/xfrm.h:900:23
[ 76.283711][ T5231] shift exponent -96 is negative
[ 76.289012][ T5231] CPU: 0 UID: 0 PID: 5231 Comm: syz-executor893 Not tainted 6.11.0-syzkaller-01459-g151ac45348af #0
[ 76.299807][ T5231] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 76.310048][ T5231] Call Trace:
[ 76.313325][ T5231]
[ 76.316259][ T5231] dump_stack_lvl+0x241/0x360
[ 76.321067][ T5231] ? __pfx_dump_stack_lvl+0x10/0x10
[ 76.326276][ T5231] ? __pfx__printk+0x10/0x10
[ 76.330880][ T5231] __ubsan_handle_shift_out_of_bounds+0x3c8/0x420
[ 76.337315][ T5231] xfrm_selector_match+0xe9b/0x1030
[ 76.342520][ T5231] xfrm_state_look_at+0xe8/0x480
[ 76.347461][ T5231] xfrm_state_find+0x199f/0x4d70
[ 76.352419][ T5231] ? xfrm_state_find+0x42f/0x4d70
[ 76.357447][ T5231] ? __pfx_xfrm_state_find+0x10/0x10
[ 76.362731][ T5231] ? mark_lock+0x9a/0x350
[ 76.367071][ T5231] ? kasan_save_track+0x3f/0x80
[ 76.371927][ T5231] ? __lock_acquire+0x137a/0x2040
[ 76.376965][ T5231] ? __lock_acquire+0x137a/0x2040
[ 76.382002][ T5231] xfrm_resolve_and_create_bundle+0x6d2/0x2c90
[ 76.388184][ T5231] ? __pfx_xfrm_resolve_and_create_bundle+0x10/0x10
[ 76.394799][ T5231] ? xfrm_sk_policy_lookup+0x7ef/0x840
[ 76.400279][ T5231] ? xfrm_sk_policy_lookup+0x93/0x840
[ 76.405676][ T5231] ? __pfx_lock_release+0x10/0x10
[ 76.410735][ T5231] ? xfrm_expand_policies+0x3fb/0x690
[ 76.416129][ T5231] xfrm_lookup_with_ifid+0x334/0x1ee0
[ 76.421531][ T5231] ? ip_route_output_key_hash+0x226/0x2b0
[ 76.427353][ T5231] ? __pfx_xfrm_lookup_with_ifid+0x10/0x10
[ 76.433168][ T5231] ? ip_route_output_key_hash+0xdf/0x2b0
[ 76.438809][ T5231] ? __pfx_ip_route_output_key_hash+0x10/0x10
[ 76.444891][ T5231] ? rcuref_put+0x1e3/0x240
[ 76.449428][ T5231] xfrm_lookup_route+0x3c/0x1c0
[ 76.454299][ T5231] __ip4_datagram_connect+0x96c/0x1260
[ 76.459792][ T5231] __ip6_datagram_connect+0x194/0x1230
[ 76.465283][ T5231] ? __pfx___ip6_datagram_connect+0x10/0x10
[ 76.471186][ T5231] ? ip6_datagram_connect_v6_only+0x55/0xa0
[ 76.477091][ T5231] ? __pfx___local_bh_enable_ip+0x10/0x10
[ 76.482819][ T5231] ? do_raw_spin_unlock+0x13c/0x8b0
[ 76.488030][ T5231] ip6_datagram_connect_v6_only+0x63/0xa0
[ 76.493761][ T5231] __sys_connect+0x2df/0x310
[ 76.498367][ T5231] ? lockdep_hardirqs_on+0x99/0x150
[ 76.503582][ T5231] ? __pfx___sys_connect+0x10/0x10
[ 76.508705][ T5231] ? ptrace_notify+0x279/0x380
[ 76.513485][ T5231] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 76.519826][ T5231] ? do_syscall_64+0x100/0x230
[ 76.524678][ T5231] __x64_sys_connect+0x7a/0x90
[ 76.529457][ T5231] do_syscall_64+0xf3/0x230
[ 76.533976][ T5231] ? clear_bhb_loop+0x35/0x90
[ 76.538668][ T5231] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 76.544574][ T5231] RIP: 0033:0x7fb0cdb8e8a9
[ 76.548999][ T5231] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 76.568630][ T5231] RSP: 002b:00007ffdce8cd648 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[ 76.577059][ T5231] RAX: ffffffffffffffda RBX: 00007ffdce8cd818 RCX: 00007fb0cdb8e8a9
[ 76.585140][ T5231] RDX: 000000000000001c RSI: 0000000020000000 RDI: 0000000000000004
[ 76.593113][ T5231] RBP: 00007fb0cdc01610 R08: 000000000000000a R09: 00007ffdce8cd818
[ 76.601175][ T5231] R10: 00000000000000e8 R11: 0000000000000246 R12: 0000000000000001
[ 76.609146][ T5231] R13: 00007ffdce8cd808 R14: 0000000000000001 R15: 0000000000000001
[ 76.617138][ T5231]
[ 76.620658][ T5231] ---[ end trace ]---
[ 76.624707][ T5231] Kernel panic - not syncing: UBSAN: panic_on_warn set ...
[ 76.631909][ T5231] CPU: 0 UID: 0 PID: 5231 Comm: syz-executor893 Not tainted 6.11.0-syzkaller-01459-g151ac45348af #0
[ 76.642670][ T5231] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 76.653073][ T5231] Call Trace:
[ 76.656356][ T5231]
[ 76.659287][ T5231] dump_stack_lvl+0x241/0x360
[ 76.663986][ T5231] ? __pfx_dump_stack_lvl+0x10/0x10
[ 76.669284][ T5231] ? __pfx__printk+0x10/0x10
[ 76.673886][ T5231] ? vprintk_emit+0x667/0x7c0
[ 76.678576][ T5231] ? vscnprintf+0x5d/0x90
[ 76.682912][ T5231] panic+0x349/0x860
[ 76.686823][ T5231] ? check_panic_on_warn+0x21/0xb0
[ 76.691936][ T5231] ? __pfx_panic+0x10/0x10
[ 76.696358][ T5231] ? _printk+0xd5/0x120
[ 76.700529][ T5231] ? __pfx__printk+0x10/0x10
[ 76.705138][ T5231] check_panic_on_warn+0x86/0xb0
[ 76.710078][ T5231] __ubsan_handle_shift_out_of_bounds+0x3e7/0x420
[ 76.716518][ T5231] xfrm_selector_match+0xe9b/0x1030
[ 76.721742][ T5231] xfrm_state_look_at+0xe8/0x480
[ 76.726713][ T5231] xfrm_state_find+0x199f/0x4d70
[ 76.731676][ T5231] ? xfrm_state_find+0x42f/0x4d70
[ 76.736710][ T5231] ? __pfx_xfrm_state_find+0x10/0x10
[ 76.741999][ T5231] ? mark_lock+0x9a/0x350
[ 76.746341][ T5231] ? kasan_save_track+0x3f/0x80
[ 76.751203][ T5231] ? __lock_acquire+0x137a/0x2040
[ 76.756258][ T5231] ? __lock_acquire+0x137a/0x2040
[ 76.761305][ T5231] xfrm_resolve_and_create_bundle+0x6d2/0x2c90
[ 76.767585][ T5231] ? __pfx_xfrm_resolve_and_create_bundle+0x10/0x10
[ 76.774198][ T5231] ? xfrm_sk_policy_lookup+0x7ef/0x840
[ 76.779674][ T5231] ? xfrm_sk_policy_lookup+0x93/0x840
[ 76.785061][ T5231] ? __pfx_lock_release+0x10/0x10
[ 76.790094][ T5231] ? xfrm_expand_policies+0x3fb/0x690
[ 76.795505][ T5231] xfrm_lookup_with_ifid+0x334/0x1ee0
[ 76.800928][ T5231] ? ip_route_output_key_hash+0x226/0x2b0
[ 76.806666][ T5231] ? __pfx_xfrm_lookup_with_ifid+0x10/0x10
[ 76.812481][ T5231] ? ip_route_output_key_hash+0xdf/0x2b0
[ 76.818126][ T5231] ? __pfx_ip_route_output_key_hash+0x10/0x10
[ 76.824222][ T5231] ? rcuref_put+0x1e3/0x240
[ 76.828768][ T5231] xfrm_lookup_route+0x3c/0x1c0
[ 76.833639][ T5231] __ip4_datagram_connect+0x96c/0x1260
[ 76.839128][ T5231] __ip6_datagram_connect+0x194/0x1230
[ 76.844610][ T5231] ? __pfx___ip6_datagram_connect+0x10/0x10
[ 76.850510][ T5231] ? ip6_datagram_connect_v6_only+0x55/0xa0
[ 76.856413][ T5231] ? __pfx___local_bh_enable_ip+0x10/0x10
[ 76.862162][ T5231] ? do_raw_spin_unlock+0x13c/0x8b0
[ 76.867380][ T5231] ip6_datagram_connect_v6_only+0x63/0xa0
[ 76.873110][ T5231] __sys_connect+0x2df/0x310
[ 76.877712][ T5231] ? lockdep_hardirqs_on+0x99/0x150
[ 76.882922][ T5231] ? __pfx___sys_connect+0x10/0x10
[ 76.888042][ T5231] ? ptrace_notify+0x279/0x380
[ 76.892823][ T5231] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 76.899164][ T5231] ? do_syscall_64+0x100/0x230
[ 76.903953][ T5231] __x64_sys_connect+0x7a/0x90
[ 76.908741][ T5231] do_syscall_64+0xf3/0x230
[ 76.913254][ T5231] ? clear_bhb_loop+0x35/0x90
[ 76.917940][ T5231] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 76.923834][ T5231] RIP: 0033:0x7fb0cdb8e8a9
[ 76.928250][ T5231] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 76.947942][ T5231] RSP: 002b:00007ffdce8cd648 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[ 76.956357][ T5231] RAX: ffffffffffffffda RBX: 00007ffdce8cd818 RCX: 00007fb0cdb8e8a9
[ 76.964329][ T5231] RDX: 000000000000001c RSI: 0000000020000000 RDI: 0000000000000004
[ 76.972297][ T5231] RBP: 00007fb0cdc01610 R08: 000000000000000a R09: 00007ffdce8cd818
[ 76.980269][ T5231] R10: 00000000000000e8 R11: 0000000000000246 R12: 0000000000000001
[ 76.988243][ T5231] R13: 00007ffdce8cd808 R14: 0000000000000001 R15: 0000000000000001
[ 76.996227][ T5231]
[ 76.999356][ T5231] Kernel Offset: disabled
[ 77.003719][ T5231] Rebooting in 86400 seconds..