./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2893009602
<...>
[ 2.911006][ T30] audit: type=1400 audit(1672533220.309:8): avc: denied { create } for pid=164 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 2.913981][ T30] audit: type=1400 audit(1672533220.309:9): avc: denied { append open } for pid=164 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 2.917224][ T30] audit: type=1400 audit(1672533220.339:10): avc: denied { getattr } for pid=164 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 3.133205][ T181] udevd[181]: starting version 3.2.10
[ 3.215935][ T182] udevd[182]: starting eudev-3.2.10
[ 3.217901][ T181] udevd (181) used greatest stack depth: 22976 bytes left
[ 11.170954][ T30] kauditd_printk_skb: 49 callbacks suppressed
[ 11.170964][ T30] audit: type=1400 audit(1672533228.579:60): avc: denied { transition } for pid=317 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 11.175631][ T30] audit: type=1400 audit(1672533228.589:61): avc: denied { write } for pid=317 comm="sh" path="pipe:[299]" dev="pipefs" ino=299 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1
[ 12.183681][ T318] sshd (318) used greatest stack depth: 22544 bytes left
Warning: Permanently added '10.128.0.136' (ECDSA) to the list of known hosts.
execve("./syz-executor2893009602", ["./syz-executor2893009602"], 0x7ffe6fcb21a0 /* 10 vars */) = 0
brk(NULL) = 0x555556cef000
brk(0x555556cefc40) = 0x555556cefc40
arch_prctl(ARCH_SET_FS, 0x555556cef300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor2893009602", 4096) = 28
brk(0x555556d10c40) = 0x555556d10c40
brk(0x555556d11000) = 0x555556d11000
mprotect(0x7f8b4960a000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3
sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x3c\x00\x00\x00\x10\x00\x01\x04\x00\xee\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\xff\xff\xff\xff\x01\x00\x00\x00\x01\x00\x00\x00\x1c\x00\x12\x00\x0c\x00\x01\x00\x62\x72\x69\x64\x67\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", iov_len=60}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 60
socket(AF_NETLINK, SOCK_RAW, NETLINK_XFRM) = 4
[ 18.445848][ T30] audit: type=1400 audit(1672533235.859:62): avc: denied { execmem } for pid=406 comm="syz-executor289" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 18.450103][ T406] netlink: 12 bytes leftover after parsing attributes in process `syz-executor289'.
[ 18.455624][ T30] audit: type=1400 audit(1672533235.869:63): avc: denied { read } for pid=219 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1
[ 18.458662][ T30] audit: type=1400 audit(1672533235.869:64): avc: denied { create } for pid=406 comm="syz-executor289" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[ 18.461478][ T30] audit: type=1400 audit(1672533235.869:65): avc: denied { write } for pid=406 comm="syz-executor289" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[ 18.464593][ T30] audit: type=1400 audit(1672533235.869:66): avc: denied { nlmsg_write } for pid=406 comm="syz-executor289" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[ 18.476482][ T30] audit: type=1400 audit(1672533235.869:67): avc: denied { prog_load } for pid=406 comm="syz-executor289" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 18.501966][ C1] ==================================================================
[ 18.509835][ C1] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x2f9a/0x3510
[ 18.517557][ C1] Read of size 4 at addr ffffc900001d0a38 by task swapper/1/0
[ 18.524861][ C1]
[ 18.527018][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.15.78-syzkaller-00911-gc73b4619ad86 #0
[ 18.536305][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 18.546640][ C1] Call Trace:
[ 18.549762][ C1]
[ 18.552455][ C1] dump_stack_lvl+0x151/0x1b7
[ 18.557059][ C1] ? bfq_pos_tree_add_move+0x43e/0x43e
[ 18.562352][ C1] ? panic+0x727/0x727
[ 18.566250][ C1] print_address_description+0x87/0x3d0
[ 18.571627][ C1] kasan_report+0x1a6/0x1f0
[ 18.575991][ C1] ? xfrm_state_find+0x2f9a/0x3510
[ 18.580922][ C1] ? xfrm_state_find+0x2f9a/0x3510
[ 18.585875][ C1] __asan_report_load4_noabort+0x14/0x20
[ 18.591332][ C1] xfrm_state_find+0x2f9a/0x3510
[ 18.596106][ C1] ? ip_route_output_key_hash+0x145/0x200
[ 18.601661][ C1] ? xfrm_sad_getinfo+0x170/0x170
[ 18.606517][ C1] ? xfrm4_get_saddr+0x1a1/0x2d0
[ 18.611292][ C1] ? __xfrm_policy_inexact_prune_bin+0x970/0x970
[ 18.617578][ C1] xfrm_resolve_and_create_bundle+0x66d/0x2c80
[ 18.623567][ C1] ? xfrm_lookup_with_ifid+0x2640/0x2640
[ 18.629034][ C1] ? _raw_spin_unlock_bh+0x51/0x60
[ 18.633980][ C1] xfrm_lookup_with_ifid+0xa1c/0x2640
[ 18.639183][ C1] ? __do_softirq+0x27e/0x5dc
[ 18.643696][ C1] ? invoke_softirq+0xb/0x50
[ 18.648120][ C1] ? cpu_startup_entry+0x25/0x30
[ 18.652897][ C1] ? __xfrm_sk_clone_policy+0xa90/0xa90
[ 18.658277][ C1] ? ip_route_output_key_hash_rcu+0x832/0xe10
[ 18.664179][ C1] xfrm_lookup_route+0x3b/0x160
[ 18.668865][ C1] ip_route_output_flow+0x1e7/0x310
[ 18.673899][ C1] ? ipv4_sk_update_pmtu+0x1e00/0x1e00
[ 18.679190][ C1] ? make_kuid+0x20a/0x700
[ 18.683446][ C1] ? __put_user_ns+0x60/0x60
[ 18.687871][ C1] ? __kasan_check_write+0x14/0x20
[ 18.692832][ C1] ? __alloc_skb+0x353/0x550
[ 18.697245][ C1] igmpv3_newpack+0x413/0x1080
[ 18.701846][ C1] ? igmpv3_sendpack+0x190/0x190
[ 18.706619][ C1] add_grhead+0x84/0x320
[ 18.710707][ C1] add_grec+0x12f8/0x1600
[ 18.714953][ C1] ? try_invoke_on_locked_down_task+0x2a0/0x2a0
[ 18.721026][ C1] ? _raw_spin_lock_bh+0xa3/0x1b0
[ 18.725889][ C1] ? igmpv3_send_report+0x460/0x460
[ 18.730919][ C1] ? insert_work+0x2a9/0x340
[ 18.735354][ C1] igmp_ifc_timer_expire+0x8b0/0xf90
[ 18.740469][ C1] ? _raw_spin_lock+0xa3/0x1b0
[ 18.745070][ C1] ? igmp_gq_timer_expire+0xe0/0xe0
[ 18.750538][ C1] call_timer_fn+0x35/0x270
[ 18.754876][ C1] ? igmp_gq_timer_expire+0xe0/0xe0
[ 18.759907][ C1] expire_timers+0x21b/0x3a0
[ 18.764427][ C1] __run_timers+0x598/0x6f0
[ 18.768850][ C1] ? calc_index+0x240/0x240
[ 18.773187][ C1] ? sched_clock_cpu+0x18/0x3b0
[ 18.777875][ C1] run_timer_softirq+0x69/0xf0
[ 18.782478][ C1] __do_softirq+0x27e/0x5dc
[ 18.786814][ C1] invoke_softirq+0xb/0x50
[ 18.791067][ C1] __irq_exit_rcu+0x4f/0xb0
[ 18.795410][ C1] irq_exit_rcu+0x9/0x10
[ 18.799487][ C1] sysvec_apic_timer_interrupt+0x9a/0xc0
[ 18.805391][ C1]
[ 18.808167][ C1]
[ 18.810942][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 18.816847][ C1] RIP: 0010:acpi_idle_enter+0x411/0x6d0
[ 18.822228][ C1] Code: 8b 1b 48 89 de 48 83 e6 08 31 ff e8 19 c2 a8 fc 48 83 e3 08 0f 85 a2 00 00 00 66 90 e8 e8 bc a8 fc 0f 00 2d 11 d5 c5 00 fb f4 e9 98 00 00 00 49 83 c7 04 4c 89 f8 48 c1 e8 03 42 8a 04 30 84
[ 18.841759][ C1] RSP: 0018:ffffc90000157c70 EFLAGS: 000002d3
[ 18.847656][ C1] RAX: ffffffff84c8e2a8 RBX: 0000000000000000 RCX: ffff888100372780
[ 18.856249][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 18.864058][ C1] RBP: ffffc90000157cb0 R08: ffffffff84c8e297 R09: ffffed102006e4f1
[ 18.871870][ C1] R10: ffffed102006e4f1 R11: 1ffff1102006e4f0 R12: 0000000000000001
[ 18.879680][ C1] R13: ffff888103bbd804 R14: dffffc0000000000 R15: ffff888105db5064
[ 18.887495][ C1] ? acpi_idle_enter+0x3f7/0x6d0
[ 18.893047][ C1] ? acpi_idle_enter+0x408/0x6d0
[ 18.897825][ C1] ? intel_idle_ibrs+0x130/0x130
[ 18.902594][ C1] cpuidle_enter_state+0x5d0/0x14a0
[ 18.907634][ C1] ? cpuidle_enter_s2idle+0x610/0x610
[ 18.912850][ C1] ? menu_enable_device+0x370/0x370
[ 18.917881][ C1] ? debug_smp_processor_id+0x17/0x20
[ 18.923090][ C1] cpuidle_enter+0x5f/0xa0
[ 18.927333][ C1] do_idle+0x379/0x5e0
[ 18.931237][ C1] ? idle_inject_timer_fn+0x60/0x60
[ 18.936270][ C1] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 18.941913][ C1] ? complete+0x65/0xb0
[ 18.945906][ C1] cpu_startup_entry+0x25/0x30
[ 18.950503][ C1] start_secondary+0xde/0xf0
[ 18.954933][ C1] secondary_startup_64_no_verify+0xb1/0xbb
[ 18.960660][ C1]
[ 18.963523][ C1]
[ 18.965694][ C1]
[ 18.967863][ C1] Memory state around the buggy address:
[ 18.973335][ C1] ffffc900001d0900: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
[ 18.981232][ C1] ffffc900001d0980: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
[ 18.989132][ C1] >ffffc900001d0a00: 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 00 00 00 00
[ 18.997027][ C1] ^
[ 19.002755][ C1] ffffc900001d0a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 19.010655][ C1] ffffc900001d0b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 19.018547][ C1] ==================================================================
[ 19.026448][ C1] Disabling lock debugging due to kernel taint