[ 31.490320][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 31.498433][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 31.506858][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 31.571812][ T336] syz-executor.0 (336) used greatest stack depth: 20320 bytes left
[ 32.000824][ T10] device bridge_slave_1 left promiscuous mode
[ 32.007771][ T10] bridge0: port 2(bridge_slave_1) entered disabled state
[ 32.015599][ T10] device bridge_slave_0 left promiscuous mode
[ 32.022576][ T10] bridge0: port 1(bridge_slave_0) entered disabled state
[ 32.032496][ T10] device veth1_macvtap left promiscuous mode
[ 32.039654][ T10] device veth0_vlan left promiscuous mode
Warning: Permanently added '10.128.1.159' (ECDSA) to the list of known hosts.
2023/03/04 22:52:19 ignoring optional flag "sandboxArg"="0"
2023/03/04 22:52:19 parsed 1 programs
2023/03/04 22:52:19 executed programs: 0
[ 49.108701][ T30] kauditd_printk_skb: 65 callbacks suppressed
[ 49.108709][ T30] audit: type=1400 audit(1677970339.890:137): avc: denied { mounton } for pid=379 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 49.141060][ T30] audit: type=1400 audit(1677970339.890:138): avc: denied { mount } for pid=379 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[ 49.173655][ T383] bridge0: port 1(bridge_slave_0) entered blocking state
[ 49.180683][ T383] bridge0: port 1(bridge_slave_0) entered disabled state
[ 49.187877][ T383] device bridge_slave_0 entered promiscuous mode
[ 49.194633][ T383] bridge0: port 2(bridge_slave_1) entered blocking state
[ 49.201632][ T383] bridge0: port 2(bridge_slave_1) entered disabled state
[ 49.209270][ T383] device bridge_slave_1 entered promiscuous mode
[ 49.249921][ T383] bridge0: port 2(bridge_slave_1) entered blocking state
[ 49.257080][ T383] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 49.264463][ T383] bridge0: port 1(bridge_slave_0) entered blocking state
[ 49.271591][ T383] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 49.288808][ T337] bridge0: port 1(bridge_slave_0) entered disabled state
[ 49.296284][ T337] bridge0: port 2(bridge_slave_1) entered disabled state
[ 49.304200][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 49.311531][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 49.320892][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 49.329533][ T342] bridge0: port 1(bridge_slave_0) entered blocking state
[ 49.337034][ T342] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 49.351336][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 49.360011][ T337] bridge0: port 2(bridge_slave_1) entered blocking state
[ 49.367017][ T337] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 49.375138][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 49.383454][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 49.396684][ T383] device veth0_vlan entered promiscuous mode
[ 49.403543][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 49.412227][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 49.420671][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 49.428135][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 49.439063][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 49.448003][ T383] device veth1_macvtap entered promiscuous mode
[ 49.459979][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 49.468591][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 49.480239][ T30] audit: type=1400 audit(1677970340.270:139): avc: denied { mount } for pid=383 comm="syz-executor.0" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[ 49.508300][ T388] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 49.519810][ T30] audit: type=1400 audit(1677970340.310:140): avc: denied { write } for pid=387 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[ 49.527113][ T391] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 49.540550][ C1] ==================================================================
[ 49.540559][ C1] BUG: KASAN: stack-out-of-bounds in __xfrm_dst_hash+0x3dd/0x4d0
[ 49.540577][ C1] Read of size 4 at addr ffffc900001d0ab8 by task syz-executor.0/391
[ 49.540583][ C1]
[ 49.540588][ C1] CPU: 1 PID: 391 Comm: syz-executor.0 Not tainted 5.15.94-syzkaller #0
[ 49.540594][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 49.540598][ C1] Call Trace:
[ 49.540601][ C1]
[ 49.540604][ C1] dump_stack_lvl+0x105/0x148
[ 49.540612][ C1] ? io_uring_drop_tctx_refs+0x14e/0x14e
[ 49.540619][ C1] ? panic+0x4f8/0x4f8
[ 49.540626][ C1] ? __x64_sys_sendmsg+0x76/0x80
[ 49.540635][ C1] print_address_description+0x87/0x3b0
[ 49.540644][ C1] kasan_report+0x179/0x1c0
[ 49.540658][ C1] ? __xfrm_dst_hash+0x3dd/0x4d0
[ 49.540666][ C1] ? __xfrm_dst_hash+0x3dd/0x4d0
[ 49.540672][ C1] __asan_report_load4_noabort+0x14/0x20
[ 49.540680][ C1] __xfrm_dst_hash+0x3dd/0x4d0
[ 49.540687][ C1] xfrm_state_find+0x2fb/0x2c80
[ 49.540699][ C1] ? xfrm_sad_getinfo+0x170/0x170
[ 49.540705][ C1] ? dst_release+0x41/0x90
[ 49.540714][ C1] ? xfrm4_get_saddr+0x17c/0x290
[ 49.540721][ C1] ? rhashtable_lookup+0x240/0x460
[ 49.540727][ C1] ? stack_trace_snprint+0xf0/0xf0
[ 49.540737][ C1] xfrm_resolve_and_create_bundle+0x57c/0x28e0
[ 49.540746][ C1] ? xfrm_sk_policy_lookup+0x430/0x430
[ 49.540752][ C1] ? xfrm_policy_lookup+0xdea/0xe70
[ 49.540758][ C1] ? __nla_validate_parse+0x2234/0x27f0
[ 49.540768][ C1] ? __nla_parse+0x27/0x30
[ 49.540773][ C1] ? rtnl_newlink+0x54b/0x1b30
[ 49.540786][ C1] xfrm_lookup_with_ifid+0x7dd/0x1900
[ 49.540793][ C1] ? _raw_spin_unlock_bh+0x51/0x60
[ 49.540801][ C1] ? __xfrm_sk_clone_policy+0x8d0/0x8d0
[ 49.540808][ C1] ? ip_route_output_key_hash_rcu+0x10c0/0x1d40
[ 49.540816][ C1] xfrm_lookup_route+0x1d/0x120
[ 49.540823][ C1] ip_route_output_flow+0x1c3/0x2f0
[ 49.540830][ C1] ? ipv4_sk_update_pmtu+0x1fa0/0x1fa0
[ 49.540837][ C1] ? __put_user_ns+0x50/0x50
[ 49.540845][ C1] ? __alloc_skb+0x27c/0x490
[ 49.540852][ C1] igmpv3_newpack+0x40a/0xf70
[ 49.540860][ C1] ? call_timer_fn+0x28/0x1c0
[ 49.540868][ C1] ? __run_timers+0x69c/0x850
[ 49.540877][ C1] ? igmpv3_sendpack+0x190/0x190
[ 49.540884][ C1] ? __x64_sys_sendmsg+0x76/0x80
[ 49.540891][ C1] ? do_syscall_64+0x3d/0xb0
[ 49.540897][ C1] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 49.540904][ C1] add_grhead+0x70/0x310
[ 49.540912][ C1] add_grec+0x104b/0x1340
[ 49.540920][ C1] ? try_invoke_on_locked_down_task+0x2a0/0x2a0
[ 49.540931][ C1] ? _raw_spin_lock_bh+0xa4/0x1b0
[ 49.540938][ C1] ? igmpv3_send_report+0x380/0x380
[ 49.540946][ C1] ? __queue_work+0x732/0x990
[ 49.540956][ C1] igmp_ifc_timer_expire+0x735/0xd20
[ 49.540962][ C1] ? _raw_spin_lock+0xa4/0x1b0
[ 49.540968][ C1] ? _raw_spin_trylock_bh+0x190/0x190
[ 49.540976][ C1] ? igmp_gq_timer_expire+0x90/0x90
[ 49.540983][ C1] call_timer_fn+0x28/0x1c0
[ 49.540989][ C1] ? igmp_gq_timer_expire+0x90/0x90
[ 49.540997][ C1] __run_timers+0x675/0x850
[ 49.541005][ C1] ? calc_index+0x210/0x210
[ 49.541015][ C1] run_timer_softirq+0x4a/0xb0
[ 49.541022][ C1] __do_softirq+0x26d/0x5bf
[ 49.541031][ C1] __irq_exit_rcu+0x50/0xf0
[ 49.541040][ C1] irq_exit_rcu+0x9/0x10
[ 49.541047][ C1] sysvec_apic_timer_interrupt+0x9a/0xc0
[ 49.541055][ C1]
[ 49.541059][ C1]
[ 49.541062][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 49.541070][ C1] RIP: 0010:vprintk_emit+0xcc/0x250
[ 49.541080][ C1] Code: e8 99 ec ff ff 41 89 c6 83 fb fe 49 bc 00 00 00 00 00 fc ff df 74 31 bf 01 00 00 00 e8 0d 3b f6 ff e8 58 15 00 00 85 c0 74 64 7f 01 00 00 bf 01 00 00 00 e8 95 3c f6 ff 65 8b 05 66 07 b5 7e
[ 49.541085][ C1] RSP: 0018:ffffc900006c69c0 EFLAGS: 00000206
[ 49.541094][ C1] RAX: 0000000080000001 RBX: 0000000000000246 RCX: 0000000000000002
[ 49.541099][ C1] RDX: 0000000000000001 RSI: 0000000000000004 RDI: 0000000000000001
[ 49.541103][ C1] RBP: ffffc900006c6a68 R08: dffffc0000000000 R09: 0000000000000003
[ 49.541108][ C1] R10: fffff520000d8d28 R11: dffffc0000000001 R12: dffffc0000000000
[ 49.541112][ C1] R13: 0000000000000000 R14: 0000000000000050 R15: ffffc900006c6a00
[ 49.541120][ C1] ? vprintk_store+0x12c0/0x12c0
[ 49.541128][ C1] ? __kasan_check_write+0x14/0x20
[ 49.541137][ C1] ? _raw_spin_trylock+0xcd/0x1a0
[ 49.541144][ C1] ? __cpuidle_text_end+0x5/0x5
[ 49.541151][ C1] vprintk_default+0x18/0x20
[ 49.541158][ C1] vprintk+0x49/0x50
[ 49.541164][ C1] _printk+0xca/0x10a
[ 49.541173][ C1] ? panic+0x4f8/0x4f8
[ 49.541181][ C1] ? netlink_unicast+0x6eb/0x930
[ 49.541189][ C1] ? ____sys_sendmsg+0x492/0x790
[ 49.541195][ C1] ? ___sys_sendmsg+0x215/0x2a0
[ 49.541201][ C1] ? __se_sys_sendmsg+0x162/0x1f0
[ 49.541209][ C1] __nla_validate_parse+0x2234/0x27f0
[ 49.541220][ C1] ? __nla_validate+0x20/0x20
[ 49.541230][ C1] ? __kasan_kmalloc+0x9/0x10
[ 49.541237][ C1] __nla_parse+0x27/0x30
[ 49.541244][ C1] rtnl_newlink+0x54b/0x1b30
[ 49.541254][ C1] ? rtnl_setlink+0x460/0x460
[ 49.541267][ C1] ? memcpy+0x56/0x70
[ 49.541283][ C1] ? sched_clock+0x9/0x10
[ 49.541291][ C1] ? __kasan_check_write+0x14/0x20
[ 49.541298][ C1] ? mutex_lock+0xb6/0x1e0
[ 49.541305][ C1] ? security_capable+0x3c/0x90
[ 49.541313][ C1] ? wait_for_completion_killable_timeout+0x10/0x10
[ 49.541321][ C1] ? ns_capable+0x5b/0xc0
[ 49.541328][ C1] ? netlink_net_capable+0x105/0x140
[ 49.541336][ C1] rtnetlink_rcv_msg+0x5e8/0xa70
[ 49.541345][ C1] ? rtnetlink_bind+0x50/0x50
[ 49.541351][ C1] ? stack_trace_save+0x1c0/0x1c0
[ 49.541359][ C1] ? __kernel_text_address+0x9b/0x110
[ 49.541368][ C1] ? unwind_get_return_address+0x4d/0x90
[ 49.541378][ C1] ? avc_has_perm_noaudit+0x2a2/0x370
[ 49.541385][ C1] ? memcpy+0x56/0x70
[ 49.541393][ C1] ? avc_has_perm_noaudit+0x23e/0x370
[ 49.541402][ C1] ? avc_denied+0x1c0/0x1c0
[ 49.541411][ C1] ? avc_has_perm+0xcb/0x210
[ 49.541417][ C1] ? ____kasan_kmalloc+0xed/0x110
[ 49.541424][ C1] ? ____kasan_kmalloc+0xdb/0x110
[ 49.541432][ C1] ? avc_has_perm_noaudit+0x370/0x370
[ 49.541438][ C1] ? do_syscall_64+0x3d/0xb0
[ 49.541446][ C1] netlink_rcv_skb+0x1c7/0x3c0
[ 49.541453][ C1] ? rtnetlink_bind+0x50/0x50
[ 49.541460][ C1] ? netlink_ack+0xa20/0xa20
[ 49.541469][ C1] ? __netlink_lookup+0x2d5/0x2f0
[ 49.541479][ C1] rtnetlink_rcv+0x10/0x20
[ 49.541486][ C1] netlink_unicast+0x6eb/0x930
[ 49.541495][ C1] ? netlink_detachskb+0x60/0x60
[ 49.541503][ C1] ? security_netlink_send+0x30/0x80
[ 49.541511][ C1] netlink_sendmsg+0x7a2/0xba0
[ 49.541520][ C1] ? __sys_socket+0x158/0x300
[ 49.541527][ C1] ? netlink_getsockopt+0x590/0x590
[ 49.541534][ C1] ? security_socket_sendmsg+0x37/0x90
[ 49.541540][ C1] ? netlink_getsockopt+0x590/0x590
[ 49.541546][ C1] ____sys_sendmsg+0x492/0x790
[ 49.541551][ C1] ? iovec_from_user+0x191/0x230
[ 49.541558][ C1] ? __sys_sendmsg_sock+0x20/0x20
[ 49.541566][ C1] ___sys_sendmsg+0x215/0x2a0
[ 49.541572][ C1] ? __sys_sendmsg+0x1e0/0x1e0
[ 49.541577][ C1] ? security_file_alloc+0x24/0x100
[ 49.541586][ C1] ? alloc_file+0x1c4/0x4b0
[ 49.541596][ C1] ? __fdget+0x144/0x1c0
[ 49.541602][ C1] __se_sys_sendmsg+0x162/0x1f0
[ 49.541609][ C1] ? __x64_sys_sendmsg+0x80/0x80
[ 49.541614][ C1] ? switch_fpu_return+0x1b7/0x320
[ 49.541623][ C1] __x64_sys_sendmsg+0x76/0x80
[ 49.541630][ C1] do_syscall_64+0x3d/0xb0
[ 49.541636][ C1] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 49.541643][ C1] RIP: 0033:0x7fde261c90a9
[ 49.541658][ C1] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 49.541663][ C1] RSP: 002b:00007fde25d3c168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 49.541671][ C1] RAX: ffffffffffffffda RBX: 00007fde262e8f80 RCX: 00007fde261c90a9
[ 49.541676][ C1] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
[ 49.541681][ C1] RBP: 00007fde26224ae9 R08: 0000000000000000 R09: 0000000000000000
[ 49.541685][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 49.541688][ C1] R13: 00007ffc15d6b4ef R14: 00007fde25d3c300 R15: 0000000000022000
[ 49.541695][ C1]
[ 49.541698][ C1]
[ 49.541700][ C1]
[ 49.541702][ C1] Memory state around the buggy address:
[ 49.541706][ C1] ffffc900001d0980: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
[ 49.541711][ C1] ffffc900001d0a00: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
[ 49.541714][ C1] >ffffc900001d0a80: 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 00 00 00 00
[ 49.541716][ C1] ^
[ 49.541720][ C1] ffffc900001d0b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 49.541723][ C1] ffffc900001d0b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 49.541726][ C1] ==================================================================
[ 49.541729][ C1] Disabling lock debugging due to kernel taint
[ 49.545142][ T30] audit: type=1400 audit(1677970340.310:141): avc: denied { nlmsg_write } for pid=387 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[ 50.492437][ T30] audit: type=1400 audit(1677970340.310:142): avc: denied { prog_load } for pid=387 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 50.527137][ T395] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 50.583908][ T398] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 50.628008][ T401] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 50.692286][ T404] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 50.732308][ T407] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 50.766158][ T409] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 50.859717][ T412] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 50.928513][ T415] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
2023/03/04 22:52:24 executed programs: 69
[ 54.566270][ T583] __nla_validate_parse: 67 callbacks suppressed
[ 54.566281][ T583] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 54.626967][ T587] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 54.675399][ T589] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 54.731878][ T592] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 54.792318][ T594] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 54.848550][ T597] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 54.897941][ T599] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 54.935269][ T601] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 54.966041][ T603] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 55.016473][ T605] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
2023/03/04 22:52:29 executed programs: 166